Solved Rat remain after format

milan23

Posts: 10   +0
My pc is infected with RAT (remote administration tool) that remain after low level format.
I've tryed also to :
-flash my BIOS
-delete MBR and GPT structures
-scan with few boot av's
And it seems is undetectable from all antivirus/antimalware programs that I used to scan.
Plus that I think the virus is active before Windows start.
What to do?
 
Last edited:

Broni

Posts: 55,930   +506
It's extremely unlikely that after all those steps you took, there is still some infection there.
How does this "infection" manifest itself?
 

milan23

Posts: 10   +0
Someone is just controling my pc :
-open random browser pages
-restart my pc
-eject my dvd writer
-pc is so slower at moments
-sometimes just close my games when I play
-someone installs programs without I even notice
-stop my internet (so I have to re-install my Windows.
 

Broni

Posts: 55,930   +506
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 

milan23

Posts: 10   +0
FRST log :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-01-2022 01
Ran by zumaha (administrator) on DESKTOP-LSU3JTI (Gigabyte Technology Co., Ltd. GA-MA770T-UD3) (12-01-2022 21:50:10)
Running from C:\Users\zumaha\Downloads
Loaded Profiles: zumaha
Platform: Microsoft Windows 10 Home Version 1709 16299.1087 (X64) Language: Български (България)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.961_none_16d289e0322664ce\TiWorker.exe
(Mozilla Corporation) [File not signed] C:\Program Files\LibreWolf\librewolf.exe <10>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [190904 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [227648 2019-08-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoThumbnailCache] 1
HKLM\...\Policies\Explorer: [DisableThumbnailCache] 1
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2093924780-1149955631-761437044-1001\...\Policies\Explorer: [NoRecentDocsHood] 1
HKU\S-1-5-21-2093924780-1149955631-761437044-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-2093924780-1149955631-761437044-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKLM\...\Print\Monitors\IppMon: C:\Windows\system32\IPPMon.dll [226816 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21D983D4-1B8E-431F-A638-B9838D59ED7C} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File)
Task: {33FCD608-0F83-4AA5-8B87-E77101EDE295} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5002680 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {6B09E6AB-BEC7-4079-B11F-049BB0865A01} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [477512 2021-05-10] (Microsoft Windows -> Microsoft Corporation)
Task: {8EE5414D-6A24-403B-9584-F1F0BF23F6C2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1815352 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {E6AEB0CC-1511-4288-8A9F-A466E524E08B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync => C:\Program Files\ruxim\ruximics.exe [477512 2021-05-10] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9b1928e-fd9e-4ffb-a421-021416036387}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

FireFox:
========
FF DefaultProfile: jko349qn.default
FF ProfilePath: C:\Users\zumaha\AppData\Roaming\librewolf\Profiles\jko349qn.default [2022-01-12]
FF ProfilePath: C:\Users\zumaha\AppData\Roaming\librewolf\Profiles\fskabzce.default-default [2022-01-12]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\zumaha\AppData\Roaming\librewolf\Profiles\fskabzce.default-default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-01-12]
FF Extension: (uBlock Origin) - C:\Users\zumaha\AppData\Roaming\librewolf\Profiles\fskabzce.default-default\Extensions\uBlock0@raymondhill.net.xpi [2022-01-12]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [485816 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [1789880 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [485816 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8517744 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [582016 2019-08-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988816 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107312 2019-02-17] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [222248 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [369288 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [253064 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [100488 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\Windows\System32\drivers\avgElam.sys [21960 2022-01-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42552 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [186424 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [540192 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [109056 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [84120 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [853944 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [545312 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [215576 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [318904 2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 RTL8023x64; C:\Windows\System32\drivers\Rtnic64.sys [51712 2017-09-29] (Microsoft Windows -> Realtek Semiconductor Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
U1 avgbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-12 21:50 - 2022-01-12 21:51 - 000010839 _____ C:\Users\zumaha\Downloads\FRST.txt
2022-01-12 21:46 - 2022-01-12 21:50 - 000000000 ____D C:\FRST
2022-01-12 21:46 - 2022-01-12 21:46 - 000002134 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2022-01-12 21:46 - 2022-01-12 21:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2022-01-12 21:19 - 2022-01-12 21:19 - 002311680 _____ (Farbar) C:\Users\zumaha\Downloads\FRST64.exe
2022-01-12 20:48 - 2018-09-20 07:00 - 004876800 _____ (Gracenote, Inc.) C:\Windows\system32\gnsdk_fp.dll
2022-01-12 20:48 - 2018-09-20 04:13 - 004171264 _____ (Gracenote, Inc.) C:\Windows\SysWOW64\gnsdk_fp.dll
2022-01-12 20:47 - 2019-02-17 07:24 - 003331120 _____ C:\Windows\system32\Windows.Mirage.dll
2022-01-12 20:47 - 2018-02-09 05:35 - 004959688 _____ (Microsoft Corporation) C:\Windows\system32\rtmpltfm.dll
2022-01-12 20:47 - 2018-02-02 05:36 - 003903944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmpltfm.dll
2022-01-12 20:46 - 2019-02-17 05:33 - 002491232 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2022-01-12 20:46 - 2019-02-17 04:59 - 000382264 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2022-01-12 20:46 - 2019-02-17 03:28 - 000975360 _____ C:\Windows\system32\FaceProcessor.dll
2022-01-12 20:46 - 2019-02-17 03:23 - 001341440 ____R (The ICU Project) C:\Windows\system32\icuuc.dll
2022-01-12 20:46 - 2019-02-17 03:22 - 001900544 ____R (The ICU Project) C:\Windows\system32\icuin.dll
2022-01-12 20:46 - 2019-02-17 01:51 - 001640960 ____R (The ICU Project) C:\Windows\SysWOW64\icuin.dll
2022-01-12 20:46 - 2019-02-17 01:51 - 001158656 ____R (The ICU Project) C:\Windows\SysWOW64\icuuc.dll
2022-01-12 20:46 - 2019-02-17 01:38 - 000804120 _____ C:\Windows\SysWOW64\locale.nls
2022-01-12 20:46 - 2019-02-17 01:38 - 000804120 _____ C:\Windows\system32\locale.nls
2022-01-12 20:46 - 2018-02-09 05:35 - 001234888 _____ (Microsoft Corporation) C:\Windows\system32\rtmpal.dll
2022-01-12 20:46 - 2018-02-09 05:35 - 001002952 _____ (Microsoft Corporation) C:\Windows\system32\rtmcodecs.dll
2022-01-12 20:46 - 2018-02-02 05:36 - 000921032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmpal.dll
2022-01-12 20:45 - 2019-02-17 04:59 - 000269600 _____ C:\Windows\system32\FaceProcessorCore.dll
2022-01-12 20:45 - 2019-02-17 04:51 - 000184336 _____ C:\Windows\system32\InputHost.dll
2022-01-12 20:45 - 2019-02-17 02:39 - 000311096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2022-01-12 20:45 - 2019-02-17 02:22 - 000149960 _____ C:\Windows\SysWOW64\InputHost.dll
2022-01-12 20:45 - 2019-01-08 05:04 - 000000072 _____ C:\Windows\system32\edgehtmlpluginpolicy.bin
2022-01-12 20:45 - 2018-12-04 07:41 - 000097792 _____ C:\Windows\system32\runexehelper.exe
2022-01-12 20:45 - 2018-03-30 05:31 - 000416768 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2022-01-12 20:45 - 2018-02-09 05:35 - 000892872 _____ (Microsoft Corporation) C:\Windows\system32\ortcengine.dll
2022-01-12 20:45 - 2018-02-09 05:35 - 000065992 _____ (Microsoft Corporation) C:\Windows\system32\rtmmvrortc.dll
2022-01-12 20:45 - 2018-02-02 05:36 - 000854976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmcodecs.dll
2022-01-12 20:45 - 2018-02-02 05:36 - 000649672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ortcengine.dll
2022-01-12 20:45 - 2018-02-02 05:36 - 000054720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmmvrortc.dll
2022-01-12 20:44 - 2019-02-17 03:28 - 000047104 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2022-01-12 20:44 - 2019-02-17 03:27 - 000084992 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-01-12 20:44 - 2019-02-17 01:57 - 000038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2022-01-12 20:44 - 2018-03-30 05:42 - 000253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2022-01-12 20:44 - 2018-03-30 05:41 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2022-01-12 20:44 - 2018-03-30 05:31 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2022-01-12 20:44 - 2018-03-02 05:02 - 000037888 _____ C:\Windows\system32\SpectrumSyncClient.dll
2022-01-12 20:15 - 2022-01-12 20:15 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2022-01-12 20:15 - 2017-10-27 18:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2022-01-12 20:15 - 2017-10-27 18:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2022-01-12 20:15 - 2017-10-27 18:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2022-01-12 20:15 - 2017-10-27 18:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2022-01-12 20:15 - 2017-10-27 18:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2022-01-12 20:15 - 2017-10-27 18:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2022-01-12 20:15 - 2017-10-27 18:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2022-01-12 20:15 - 2017-10-27 18:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2022-01-12 20:15 - 2017-10-25 12:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin
2022-01-12 20:15 - 2017-09-14 01:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2022-01-12 20:15 - 2017-09-14 01:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2022-01-12 20:15 - 2017-09-14 01:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2022-01-12 20:15 - 2017-09-14 01:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2022-01-12 20:14 - 2022-01-12 21:42 - 000000000 ____D C:\ProgramData\NVIDIA
2022-01-12 20:14 - 2017-11-09 04:43 - 000540784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2022-01-12 20:14 - 2017-11-09 04:43 - 000446392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2022-01-12 20:14 - 2017-10-27 18:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2022-01-12 20:13 - 2022-01-12 20:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-01-12 20:13 - 2022-01-12 20:15 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-01-12 18:36 - 2022-01-12 18:36 - 334399468 _____ C:\Users\zumaha\Downloads\fishing.mp4
2022-01-12 18:16 - 2022-01-12 18:18 - 000000000 ____D C:\Windows\system32\MRT
2022-01-12 18:15 - 2022-01-12 18:26 - 000000000 ____D C:\Program Files\ruxim
2022-01-12 18:15 - 2022-01-12 18:15 - 000000000 ____D C:\Program Files\rempl
2022-01-12 18:11 - 2022-01-12 18:11 - 000000000 ____D C:\Users\zumaha\AppData\Local\AVG
2022-01-12 18:10 - 2022-01-12 18:10 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Internet Security.lnk
2022-01-12 18:10 - 2022-01-12 18:10 - 000002059 _____ C:\Users\Public\Desktop\AVG Internet Security.lnk
2022-01-12 18:10 - 2022-01-12 18:10 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\AVG
2022-01-12 18:10 - 2022-01-12 18:10 - 000000000 ____D C:\Users\zumaha\AppData\Local\CEF
2022-01-12 18:06 - 2022-01-12 18:27 - 000000000 ____D C:\Program Files\CUAssistant
2022-01-12 18:05 - 2022-01-12 21:44 - 000004266 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2022-01-12 18:05 - 2022-01-12 18:05 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2022-01-12 18:04 - 2022-01-12 18:04 - 000545312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2022-01-12 18:04 - 2022-01-12 18:04 - 000540192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2022-01-12 18:04 - 2022-01-12 18:04 - 000336824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2022-01-12 18:04 - 2022-01-12 18:04 - 000318904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2022-01-12 18:04 - 2022-01-12 18:04 - 000253064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2022-01-12 18:04 - 2022-01-12 18:04 - 000215576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2022-01-12 18:04 - 2022-01-12 18:04 - 000186424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2022-01-12 18:04 - 2022-01-12 18:04 - 000109056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2022-01-12 18:04 - 2022-01-12 18:04 - 000100488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2022-01-12 18:04 - 2022-01-12 18:04 - 000084120 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2022-01-12 18:04 - 2022-01-12 18:04 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2022-01-12 18:04 - 2022-01-12 18:04 - 000021960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgElam.sys
2022-01-12 18:04 - 2022-01-12 18:04 - 000000000 ____D C:\ProgramData\Mozilla
2022-01-12 18:04 - 2022-01-12 18:04 - 000000000 ____D C:\Program Files\Common Files\AVG
2022-01-12 18:04 - 2022-01-12 18:03 - 000853944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2022-01-12 18:04 - 2022-01-12 18:03 - 000369288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2022-01-12 18:04 - 2022-01-12 18:03 - 000222248 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2022-01-12 18:01 - 2022-01-12 18:01 - 000000000 ____D C:\Program Files\AVG
2022-01-12 18:00 - 2022-01-12 21:39 - 000000000 ____D C:\ProgramData\AVG
2022-01-12 17:55 - 2022-01-12 18:38 - 000055248 ____N (AVG Technologies) C:\Windows\system32\Drivers\rm.sys
2022-01-12 17:42 - 2022-01-12 17:42 - 000000000 ____D C:\Users\zumaha\Documents\TotalAV
2022-01-12 17:40 - 2022-01-12 17:40 - 000000000 ____D C:\Users\zumaha\AppData\Local\GUI
2022-01-12 17:40 - 2022-01-12 17:40 - 000000000 ____D C:\Users\zumaha\AppData\Local\DBG
2022-01-12 17:40 - 2022-01-12 17:40 - 000000000 ____D C:\ProgramData\TotalAV
2022-01-12 17:40 - 2022-01-12 17:40 - 000000000 ____D C:\ProgramData\SecuritySuite
2022-01-12 17:25 - 2022-01-12 20:16 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-01-12 17:20 - 2022-01-12 17:20 - 000000000 ____D C:\Users\Public\Speedup Sessions
2022-01-12 17:19 - 2022-01-12 17:19 - 000001753 _____ C:\Users\zumaha\Desktop\LibreWolf.lnk
2022-01-12 17:17 - 2022-01-12 21:48 - 000000000 ____D C:\Users\zumaha\AppData\LocalLow\Mozilla
2022-01-12 17:17 - 2022-01-12 17:17 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\librewolf
2022-01-12 17:17 - 2022-01-12 17:17 - 000000000 ____D C:\Users\zumaha\AppData\Local\librewolf
2022-01-12 17:17 - 2022-01-12 17:17 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions
2022-01-12 17:15 - 2022-01-12 17:18 - 000000000 ____D C:\Program Files (x86)\Avira
2022-01-12 17:15 - 2022-01-12 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2022-01-12 17:15 - 2022-01-12 17:15 - 000001261 _____ C:\Users\Public\Desktop\Avira.lnk
2022-01-12 17:14 - 2022-01-12 17:18 - 000000000 ____D C:\ProgramData\Avira
2022-01-12 17:14 - 2022-01-12 17:16 - 000000000 ____D C:\ProgramData\Package Cache
2022-01-12 17:13 - 2022-01-12 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreWolf
2022-01-12 17:12 - 2022-01-12 17:13 - 000000000 ____D C:\Program Files\LibreWolf
2022-01-12 17:10 - 2022-01-12 17:11 - 000000000 ____D C:\Users\zumaha\AppData\Local\MicrosoftEdge
2022-01-12 17:10 - 2022-01-12 17:10 - 000000000 ___HD C:\Users\zumaha\MicrosoftEdgeBackups
2022-01-12 15:07 - 2022-01-12 15:07 - 000003292 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task v2
2022-01-12 15:07 - 2022-01-12 15:07 - 000002394 _____ C:\Users\zumaha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-12 15:07 - 2022-01-12 15:07 - 000000000 ___RD C:\Users\zumaha\OneDrive
2022-01-12 15:06 - 2022-01-12 15:06 - 000000000 ____D C:\Users\zumaha\AppData\Local\Comms
2022-01-12 15:04 - 2022-01-12 15:04 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-01-12 15:01 - 2022-01-12 21:46 - 000866142 _____ C:\Windows\system32\PerfStringBackup.INI
2022-01-12 15:01 - 2022-01-12 15:01 - 000000000 ____D C:\Users\zumaha\AppData\Local\Publishers
2022-01-12 15:00 - 2022-01-12 21:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-01-12 15:00 - 2022-01-12 21:44 - 000000000 ___RD C:\Users\zumaha\3D Objects
2022-01-12 15:00 - 2022-01-12 18:40 - 000000000 ____D C:\Users\zumaha\AppData\Local\Packages
2022-01-12 15:00 - 2022-01-12 17:10 - 000000000 ____D C:\Users\zumaha
2022-01-12 15:00 - 2022-01-12 15:00 - 000000020 ___SH C:\Users\zumaha\ntuser.ini
2022-01-12 15:00 - 2022-01-12 15:00 - 000000000 ____D C:\Users\zumaha\AppData\Roaming\Adobe
2022-01-12 15:00 - 2022-01-12 15:00 - 000000000 ____D C:\Users\zumaha\AppData\Local\VirtualStore
2022-01-12 15:00 - 2022-01-12 15:00 - 000000000 ____D C:\Users\zumaha\AppData\Local\ConnectedDevicesPlatform
2022-01-12 14:49 - 2022-01-12 14:49 - 000000000 ____D C:\ProgramData\USOShared
2022-01-12 14:39 - 2022-01-12 21:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-01-12 14:35 - 2022-01-12 21:38 - 000221968 _____ C:\Windows\system32\FNTCACHE.DAT
2022-01-12 14:35 - 2022-01-12 19:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-01-12 14:35 - 2022-01-12 14:49 - 000000000 ____D C:\Windows\Panther
2022-01-12 14:35 - 2022-01-12 14:35 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-12 21:55 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2022-01-12 21:47 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\AppReadiness
2022-01-12 21:44 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF
2022-01-12 21:36 - 2017-09-29 10:45 - 000262144 _____ C:\Windows\system32\config\BBI
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\te-IN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\si-LK
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\or-IN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\km-KH
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\is-IS
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\be-BY
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\as-IN
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\am-ET
2022-01-12 21:32 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
2022-01-12 21:32 - 2017-09-29 15:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2022-01-12 21:32 - 2017-09-29 15:46 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2022-01-12 21:32 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\TextInput
2022-01-12 21:32 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-01-12 21:32 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\vi-VN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\ur-PK
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\ug-CN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\tt-RU
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\tk-TM
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\te-IN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\ta-IN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\sw-KE
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\sq-AL
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\si-LK
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\quz-PE
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\prs-AF
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\pa-IN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\or-IN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\nn-NO
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\ne-NP
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\mt-MT
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\mr-IN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\mn-MN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\ml-IN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\mk-MK
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\mi-NZ
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\lo-LA
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\lb-LU
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\ky-KG
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\kok-IN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\kn-IN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\km-KH
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\kk-KZ
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\ka-GE
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\is-IS
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\id-ID
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\hy-AM
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\gu-IN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\gd-GB
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\ga-IE
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\fil-PH
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\fa-IR
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\cy-GB
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\bn-IN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\bn-BD
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\be-BY
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\as-IN
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\am-ET
2022-01-12 21:31 - 2017-09-30 16:35 - 000000000 ____D C:\Windows\system32\af-ZA
2022-01-12 21:31 - 2017-09-29 15:46 - 000000000 ___SD C:\Windows\system32\UNP
2022-01-12 21:31 - 2017-09-29 15:46 - 000000000 ___SD C:\Windows\system32\F12
2022-01-12 21:31 - 2017-09-29 15:46 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-01-12 21:31 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-01-12 21:31 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-01-12 21:31 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\oobe
2022-01-12 21:31 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\migwiz
2022-01-12 21:31 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\appraiser
2022-01-12 21:31 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\ShellExperiences
2022-01-12 21:31 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\Provisioning
2022-01-12 21:31 - 2017-09-29 10:45 - 000000000 ____D C:\Windows\system32\Dism
2022-01-12 21:31 - 2017-09-29 10:45 - 000000000 ____D C:\Windows\servicing
2022-01-12 21:30 - 2017-09-29 15:46 - 000000000 ___RD C:\Windows\PrintDialog
2022-01-12 21:30 - 2017-09-29 15:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-01-12 21:30 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\bcastdvr
2022-01-12 21:30 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-01-12 21:30 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Windows Defender
2022-01-12 21:30 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-01-12 21:30 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-01-12 21:30 - 2017-09-29 15:46 - 000000000 ____D C:\PerfLogs
2022-01-12 21:20 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-12 20:59 - 2017-09-29 15:37 - 000000000 ____D C:\Windows\CbsTemp
2022-01-12 20:14 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\Help
2022-01-12 19:41 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\LiveKernelReports
2022-01-12 18:17 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2022-01-12 18:16 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\appcompat
2022-01-12 18:14 - 2017-09-29 15:46 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-01-12 14:59 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\spool
2022-01-12 14:59 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\FxsTmp
2022-01-12 14:49 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\USOPrivate
2022-01-12 14:43 - 2017-09-29 10:45 - 000000000 ____D C:\Windows\system32\Sysprep
2022-01-12 14:40 - 2017-09-29 10:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-01-12 14:34 - 2017-09-29 15:46 - 000028672 _____ C:\Windows\system32\config\BCD-Template

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

milan23

Posts: 10   +0
ADDITION Log :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2022 01
Ran by zumaha (12-01-2022 21:56:51)
Running from C:\Users\zumaha\Downloads
Microsoft Windows 10 Home Version 1709 16299.1087 (X64) (2022-01-12 12:57:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2093924780-1149955631-761437044-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2093924780-1149955631-761437044-503 - Limited - Disabled)
Guest (S-1-5-21-2093924780-1149955631-761437044-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2093924780-1149955631-761437044-504 - Limited - Disabled)
zumaha (S-1-5-21-2093924780-1149955631-761437044-1001 - Administrator - Enabled) => C:\Users\zumaha

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG Internet Security (HKLM\...\AVG Antivirus) (Version: 21.11.3215 - AVG Technologies)
Avira (HKLM-x32\...\{1db45392-716a-490d-9b3e-2d96adbb5ab0}) (Version: 1.2.136.25116 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{CC898F82-66EF-4083-947F-5C69703DDBAF}) (Version: 1.2.136.25116 - Avira Operations GmbH & Co. KG) Hidden
Avira Privacy Pal (HKLM-x32\...\{F2BC8305-DFBE-4C02-A906-9BBD8EE299A3}_is1) (Version: 2.5.0.1973 - Avira Operations GmbH & Co. KG)
LibreWolf (HKLM-x32\...\LibreWolf LibreWolf) (Version: 96.0 - LibreWolf)
Microsoft OneDrive (HKU\S-1-5-21-2093924780-1149955631-761437044-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8F2D6CEB-BC98-4B69-A5C1-78BED238FE77}) (Version: 2.71.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1705.4.0_x64__8wekyb3d8bbwe [2022-01-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1705.4.0_x86__8wekyb3d8bbwe [2022-01-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.17.8162.0_x64__8wekyb3d8bbwe [2022-01-12] (Microsoft Studios) [MS Ad]
MSN Време -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.21.2492.0_x64__8wekyb3d8bbwe [2022-01-12] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.596.0_x64__kzf8qxf38zg5c [2022-01-12] (Skype)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\zumaha\AppData\Roaming\Microsoft\Windows\SendTo\Прехвърляне на файлове с Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

2022-01-11 15:14 - 2022-01-11 15:14 - 000751104 _____ (Mozilla Foundation) [File not signed] C:\Program Files\LibreWolf\freebl3.dll
2022-01-11 15:11 - 2022-01-11 15:11 - 000035328 _____ (Mozilla Foundation) [File not signed] C:\Program Files\LibreWolf\lgpllibs.dll
2022-01-11 15:14 - 2022-01-11 15:14 - 002118144 _____ (Mozilla Foundation) [File not signed] C:\Program Files\LibreWolf\mozavcodec.dll
2022-01-11 15:14 - 2022-01-11 15:14 - 000195584 _____ (Mozilla Foundation) [File not signed] C:\Program Files\LibreWolf\mozavutil.dll
2022-01-11 15:11 - 2022-01-11 15:11 - 000651264 _____ (Mozilla Foundation) [File not signed] C:\Program Files\LibreWolf\mozglue.dll
2022-01-11 15:11 - 2022-01-11 15:11 - 002368512 _____ (Mozilla Foundation) [File not signed] C:\Program Files\LibreWolf\nss3.dll
2022-01-11 15:14 - 2022-01-11 15:14 - 000409600 _____ (Mozilla Foundation) [File not signed] C:\Program Files\LibreWolf\nssckbi.dll
2022-01-11 15:14 - 2022-01-11 15:14 - 000373248 _____ (Mozilla Foundation) [File not signed] C:\Program Files\LibreWolf\osclientcerts.dll
2022-01-11 15:14 - 2022-01-11 15:14 - 000267776 _____ (Mozilla Foundation) [File not signed] C:\Program Files\LibreWolf\softokn3.dll
2022-01-11 15:15 - 2022-01-11 15:15 - 120538624 _____ (Mozilla Foundation) [File not signed] C:\Program Files\LibreWolf\xul.dll
2022-01-12 20:15 - 2017-10-27 18:06 - 000874368 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2022-01-12 20:15 - 2017-10-27 18:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2022-01-12 18:14 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2093924780-1149955631-761437044-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2093924780-1149955631-761437044-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{19155FF5-C514-4006-999E-CCF2CC345C0C}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{B8560F4C-8AF9-4F25-B9AD-B9011C9C8829}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

==================== Restore Points =========================

12-01-2022 17:24:20 Windows Update

==================== Faulty Device Manager Devices ============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/12/2022 09:48:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/12/2022 09:48:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/12/2022 09:44:08 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8024402C
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/12/2022 08:17:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/12/2022 08:12:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe".
Dependent Assembly avg.local_vc142.crt,processorArchitecture="amd64",publicKeyToken="129215daab62721f",type="win32",version="14.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2022 08:12:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe".
Dependent Assembly avg.local_vc142.crt,processorArchitecture="amd64",publicKeyToken="129215daab62721f",type="win32",version="14.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2022 08:12:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe".
Dependent Assembly avg.local_vc142.crt,processorArchitecture="amd64",publicKeyToken="129215daab62721f",type="win32",version="14.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2022 08:10:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (01/12/2022 10:00:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-LSU3JTI)
Description: The server {4BD3E4E1-7BD4-4A2B-9964-496400DE5193} did not register with DCOM within the required timeout.

Error: (01/12/2022 09:41:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Услуга Connected Devices Platform Service прекъсна със следната грешка:
Unspecified error

Error: (01/12/2022 09:41:11 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (01/12/2022 09:39:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Avira.ServiceHost да се свърже.

Error: (01/12/2022 09:20:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Услуга Windows Store Install Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).

Error: (01/12/2022 09:20:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Услуга Update Orchestrator Service прекъсна със следната грешка:
This operation returned because the timeout period expired.

Error: (01/12/2022 08:18:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Услуга Connected Devices Platform Service прекъсна със следната грешка:
Unspecified error

Error: (01/12/2022 08:17:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Услуга Connected Devices Platform Service прекъсна със следната грешка:
Unspecified error


==================== Memory info ===========================

BIOS: Award Software International, Inc. F10 03/22/2011
Motherboard: Gigabyte Technology Co., Ltd. GA-MA770T-UD3
Processor: AMD Athlon(tm) II X4 645 Processor
Percentage of memory in use: 27%
Total physical RAM: 12285.55 MB
Available physical RAM: 8876.39 MB
Total Virtual: 14717.55 MB
Available Virtual: 11347.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.51 GB) (Free:117.74 GB) NTFS

\\?\Volume{faf839c6-0000-0000-0000-100000000000}\ (Резервирана за системата) (Fixed) (Total:0.54 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: FAF839C6)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,930   +506
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

milan23

Posts: 10   +0
RogueKiller Log :

Program : RogueKiller Anti-Malware
Version : 15.1.5.0
x64 : Yes
Program Date : Dec 15 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : zumaha
User is Admin : Yes
Date : 2022/01/13 11:50:05
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 958
Found items : 2
Total scanned : 43193
Signatures Version : 20220110_103811
Truesight Driver : Yes
Updates Count : 1

************************* Warnings *************************

************************* Removal *************************
[PUP.PCProtect (Potentially Malicious)] TotalAV -- %programdata%\TotalAV -> Deleted
[+] scan_what : 1
[+] vendors : PUP.PCProtect
[+] Name : TotalAV
[+] value : %programdata%\TotalAV
[+] Type : File/Folder
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

It detected my previous av,which I uninstalled.
Also detected registry key,who I don't remove because I think it's false positive.
Here is screenshot on the ''infected registry key'' from RogueKiller :
Анотиране 2022-01-13 134920.jpg
 

milan23

Posts: 10   +0
MBAM Log :
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/13/22
Scan Time: 2:30 PM
Log File: 94b5a73a-746c-11ec-892d-00e04cc80563.json

-Software Information-
Version: 4.5.0.152
Components Version: 1.0.1538
Update Package Version: 1.0.49741
License: Trial

-System Information-
OS: Windows 10 (Build 19042.1466)
CPU: x64
File System: NTFS
User: DESKTOP-LSU3JTI\zumaha

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 269527
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 4 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6689, 676881, 1.0.49741, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6689, 676881, 1.0.49741, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Now im sure that the founded infected registry keys are 100 % clean.Im sure because I used an program to disable the telemetry and the other services that send any information to Microsoft.
 

milan23

Posts: 10   +0
AdwCleaner Log :
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-13-2022
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 8
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\zumaha\Documents\TotalAV

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


AdwCleaner[S00].txt - [2043 octets] - [13/01/2022 14:40:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

milan23

Posts: 10   +0
I know that,but it's a virus.
Is there someother way to remove except to flash my BIOS and detele the MBR ?
 

milan23

Posts: 10   +0
I really don't know what to do.
Im fighting with this virus more than year.
Anyway thanks for your time and patience.