I do not know how this Malware got downloaded. On Edge and Bing, there were redirects to many obscure sites and then it redirects to only a darkened Google results page. It had collected some information. My email has gotten more spam. The redirect seems infect any browser I use. I have never seen anything like this or had one so hard to remove. It is apparently a Browser HiJacker with a redirect and it collects search information, email locations, and so on to get clicks and collect data to sell about my browsing habits. This Hijacker seems to watch everything and then spreads to other browsers in addition to Edge, Bing, and IE. I would be most grateful for a review of my logs. I have been able to use Edge by switching to InPrivate setting. The setting allows me to search without being redirected.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2021
Ran by M. Evans (administrator) on DESKTOP-R18IJEH (Hewlett-Packard HP EliteBook 8470p) (06-11-2021 10:36:17)
Running from C:UsersMarkDownloads
Loaded Profiles: M. Evans
: Microsoft Windows 10 Pro Version 21H1 19043.1320 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Giorgio Tani) [File not signed] C:Program FilesPeaZippeazip.exe
(IObit CO., LTD -> IObit) C:Program Files (x86)IObitAdvanced SystemCareASCService.exe
(IObit CO., LTD -> IObit) C:Program Files (x86)IObitAdvanced SystemCareMonitor.exe
(IObit CO., LTD -> IObit) C:Program Files (x86)IObitSmart DefragSmartDefrag.exe
(IObit Information Technology -> IObit) C:Program Files (x86)IObitIObit Malware FighterIMFsrv.exe
(IObit Information Technology -> IObit) C:Program Files (x86)IObitIObit Malware FighterIMFSrvWsc.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)Microsoft OfficerootOffice16SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe <23>
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbweWinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:Program FilesCCleanerCCleaner64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe
(Stanislav Polshyn -> Stanislav Polshyn & Trend Micro Inc.) C:UsersMarkDownloads.ptmpEDB8D7HiJackThis.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:Program FilesSUPERAntiSpywareSASCore64.exe
(SurfRight B.V. -> SurfRight B.V.) C:Program Files (x86)HitmanPro.Alerthmpalert.exe <2>
(Tweaking LLC -> Tweaking.com) C:Program Files (x86)Tweaking.comWindows Repair (All in One)WR_Tray_Icon.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Run: [Apoint] => C:Program FilesDellTPadApoint.exe [727896 2015-07-10] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM…Run: [SysTrayApp] => C:Program FilesIDTWDMsttray64.exe [1703424 2021-04-26] (IDT, Inc.) [File not signed]
HKLM-x32…Run: [SDTray] => C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKUS-1-5-21-2857988568-3911692386-136112497-1003…Run: [CCleaner Smart Cleaning] => C:Program FilesCCleanerCCleaner64.exe [35116160 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKUS-1-5-21-2857988568-3911692386-136112497-1003…PoliciesExplorer: [NoLowDiskSpaceChecks] 1
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:Program FilesBraveSoftwareBrave-BrowserApplication95.1.31.88Installerchrmstp.exe [2021-10-29] (Brave Software, Inc. -> Brave Software, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUser: Restriction ? <==== ATTENTION
HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0387033D-7E59-4390-A73F-FDC0234F6EA7} – System32TasksAvast SoftwareAvast Cleanup Update => C:Program FilesCommon FilesAvast SoftwareIcarusavast-tuicarus.exe
Task: {0399466B-BCD2-4A6C-96DA-766EC854B960} – System32TasksAvast SecureLine VPN Update => C:Program FilesAvast SoftwareSecureLine VPNVpnUpdate.exe
Task: {051DE322-727E-4DD3-A1A5-DBC16067B9A4} – System32TasksIMF_SkipUAC_M. Evans => C:Program Files (x86)IObitIObit Malware FighterIMF.exe [6932176 2021-08-27] (IObit CO., LTD -> IObit)
Task: {061E1CFC-2BC8-4F08-9393-1093CECE29CA} – System32TasksBraveSoftwareUpdateTaskMachineCore => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-04-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {087C64F3-ED24-490A-BABA-CFE7B405BF35} – System32TasksSmartDefrag_Update => C:Program Files (x86)IObitSmart DefragAutoUpdate.exe [3477528 2021-05-26] (IObit CO., LTD -> IObit)
Task: {093E63C0-8F53-441A-B88A-4815FF76AB58} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [680888 2021-10-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {0BC03053-D42E-43BD-9516-E0BCB869646C} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {1335F08C-28C9-42C5-8AC4-DE52B0473FC5} – System32TasksOneDrive Standalone Update Task-S-1-5-21-2857988568-3911692386-136112497-1002 => C:UsersMarkAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe
Task: {1A556B68-64AF-4B07-89DF-7F6662F13ADC} – System32TasksCCleaner Update => C:Program FilesCCleanerCCUpdate.exe [684976 2021-10-19] (Piriform Software Ltd -> Piriform)
Task: {22F97091-5CD7-4826-8497-59A5C81FB3D3} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [108928 2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2508FB9D-CABB-4111-96D8-A8F82CFFC4E4} – System32TasksG2MUploadTask-S-1-5-21-2857988568-3911692386-136112497-1003 => C:UsersMarkAppDataLocalGoToMeeting19796g2mupload.exe [31176 2021-06-28] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {26BC961B-352B-4D48-A4FB-004B71F87571} – System32TasksSU_AutoUpdate => C:Program Files (x86)IObitSoftware UpdaterSoftwareUpdater.exe [4532248 2021-07-28] (IObit CO., LTD -> IObit)
Task: {282F86F6-9613-4B3B-B468-CEA664EC1E33} – System32TasksSoftware Updater Scheduler => C:Program Files (x86)IObitSoftware UpdaterSUInit.exe [1794584 2021-04-14] (IObit CO., LTD -> IObit) <==== ATTENTION
Task: {341BC431-09D6-497E-9BD6-31AD64523874} – MozillaFirefox Background Update 308046B0AF4A39CB -> No File <==== ATTENTION
Task: {367311A6-EE9A-4CBC-8E0F-A521ECA1FB4E} – System32TasksAvast SoftwareAvast Cleanup BugReport => C:Program FilesAvast SoftwareCleanupAvBugReport.exe -> –send “dumps|report” –silent –product 62 –programpath “C:Program FilesAvast SoftwareCleanupSetup..” –configpath “C:Program FilesAvast SoftwareCleanupSetup” –path “C:ProgramDataAvast SoftwareCleanuplog” –path “C:ProgramDataAvast SoftwareIcarusLogs” –guid dd47593e-33cc-4cbf-81d6-913ea918748c
Task: {377F0E08-9162-4943-A542-775F23E0B117} – System32TasksVLCStreamerUpdateTaskMachineUA => C:Program Files (x86)VLCStreamerUpdateVLCStreamerUpdate.exe [108696 2019-08-11] (Google Inc (TEST) -> VLCStreamer LTD.) [File not signed] <==== ATTENTION
Task: {393C8144-96E3-435C-8257-C4D1473270E8} – System32TasksElcomsoftElcomsoft Updater Autostart => C:Program Files (x86)Elcomsoft Password RecoveryElcomsoft Updaterupdater-launcher.exe [372320 2018-09-05] (Elcomsoft s.r.o. -> Elcomsoft)
Task: {45FA6287-64DA-48A7-9846-6B5E2F6809BD} – System32TasksHewlett-PackardHP Support AssistantHP Support Solutions Framework Report => C:Program Files (x86)Hewlett-PackardHP Support SolutionsModulesHPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {4C5B99B1-6B34-4D76-B3AD-17852AAFC761} – System32TasksOneDrive Standalone Update Task-S-1-5-21-2857988568-3911692386-136112497-500 => C:UsersMarkAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe
Task: {559F46B6-888D-46B6-A3D3-173F0D2F5176} – System32TasksVLCStreamerUpdateTaskMachineCore => C:Program Files (x86)VLCStreamerUpdateVLCStreamerUpdate.exe [108696 2019-08-11] (Google Inc (TEST) -> VLCStreamer LTD.) [File not signed] <==== ATTENTION
Task: {5781A31B-FB41-4797-A502-A8FCB2724D41} – System32TasksOpera scheduled Autoupdate 1532261855 => C:UsersMarkAppDataLocalProgramsOperalauncher.exe [46227664 2021-10-27] (Opera Software AS -> Opera Software)
Task: {59D52D5E-EBAD-4620-A39D-A81F2C30433C} – System32TasksBraveSoftwareUpdateTaskMachineUA => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-04-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {5A14C9F7-5EE3-4F02-B46E-04350DF36A3E} – System32TasksAvast SoftwareAvast Driver Updater Update => C:Program FilesCommon FilesAvast SoftwareIcarusavast-duicarus.exe
Task: {6144774A-DA47-4DB2-AEF3-AA6A27A224AC} – System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {64087247-FE4A-4DD2-A804-B2E4D13CFB3C} – System32TasksAvast Emergency Update => C:Program FilesAvast SoftwareAvastAvEmUpdate.exe
Task: {651EF6A2-5ECD-47A0-BA9E-02EC61F0D921} – System32TasksASC_SkipUac_M. Evans => C:Program Files (x86)IObitAdvanced SystemCareASC.exe [10686032 2021-10-13] (IObit CO., LTD -> IObit)
Task: {709222FF-B332-4F93-B831-E2E965952770} – System32TasksAvast SoftwareAvast SecureLine VPN Bug Report => C:Program FilesAvast SoftwareSecureLine VPNAvBugReport.exe -> –send “dumps|report” –silent –product 11 –programpath “C:Program FilesAvast SoftwareSecureLine VPN” –configpath “C:ProgramDataAvast SoftwareSecureLine VPN” –path “C:ProgramDataAvast SoftwareSecureLine VPNlog” –path “C:ProgramDataAvast SoftwareIcarusLogs” –guid 8c9a141a-411e-4be9-a966-ed4f70e4d143
Task: {7A759F4B-4D92-4C49-B4AB-F7371A9F9C3B} – System32TasksASC_PerformanceMonitor => C:Program Files (x86)IObitAdvanced SystemCareMonitor.exe [4577360 2021-09-13] (IObit CO., LTD -> IObit)
Task: {83325C0A-2414-4C48-950E-60B339DC0942} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [108928 2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8F22AA3C-2AC5-483F-A06D-05BD346C1EFE} – System32TasksG2MUpdateTask-S-1-5-21-2857988568-3911692386-136112497-1003 => C:UsersMarkAppDataLocalGoToMeeting19796g2mupdate.exe [31176 2021-06-28] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {96107EB1-CAA4-4544-A920-31CC00FE2436} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C46FCC9-D5DB-4006-8F8C-EE18EF9C533A} – System32TasksElcomsoftElcomsoft Updater Terminate => C:Program Files (x86)Elcomsoft Password RecoveryElcomsoft Updaterupdater-launcher.exe [372320 2018-09-05] (Elcomsoft s.r.o. -> Elcomsoft)
Task: {9EDADD37-CC0E-4709-A93C-E69031EDF08F} – System32TasksAvast SoftwareAvast Driver Updater BugReport => C:Program FilesAvast SoftwareDriver UpdaterAvBugReport.exe -> –send “dumps|report” –silent –product 148 –programpath “C:Program FilesAvast SoftwareDriver UpdaterSetup..” –configpath “C:Program FilesAvast SoftwareDriver UpdaterSetup” –path “C:ProgramDataAvast SoftwareDriver Updaterlog” –path “C:ProgramDataAvast SoftwareIcarusLogs” –guid d37fe01e-0e59-437d-b9f9-8c9bf11c55ff
Task: {A15AF987-EF4C-4590-9952-5275A0F66263} – System32TasksSmartDefrag_Startup => C:Program Files (x86)IObitSmart DefragSmartDefrag.exe [5969432 2021-10-20] (IObit CO., LTD -> IObit)
Task: {A4E43F04-40AD-487E-8935-24EF8F67829F} – System32TasksAMHelper => C:Program Files (x86)ZemanaAntiMalwareAntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {A8227A72-2E74-4765-A9A4-F81875655A61} – System32TasksHewlett-PackardHP Support AssistantHP Support Solutions Framework Updater => C:Program Files (x86)Hewlett-PackardHP Support SolutionsModulesHPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {AF094479-4ABC-4759-ABEF-69F16DB6556B} – System32TasksOpera scheduled assistant Autoupdate 1555120143 => C:UsersMarkAppDataLocalProgramsOperalauncher.exe [46227664 2021-10-27] (Opera Software AS -> Opera Software) -> –scheduledautoupdate –component-name=assistant –component-path=”C:UsersMarkAppDataLocalProgramsOperaassistant” $(Arg0)
Task: {BB7CED28-199F-475C-8BA2-672FF42ECCFF} – System32TasksCCleanerSkipUAC – M. Evans => C:Program FilesCCleanerCCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BF02D0B6-5070-463F-AF43-7AAB7D3A71F0} – System32TasksElcomsoftElcomsoft Updater Show => C:Program Files (x86)Elcomsoft Password RecoveryElcomsoft Updaterupdater-launcher.exe [372320 2018-09-05] (Elcomsoft s.r.o. -> Elcomsoft)
Task: {BFCB6D8A-D020-4038-96C5-7C2CDE937EA1} – System32TasksTweaking.com – Windows Repair Tray Icon => C:Program Files (x86)Tweaking.comWindows Repair (All in One)WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {C318DEA5-2654-4101-9F35-6A3B2E92BB73} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {E50C3C09-C529-4917-AC26-9CE9243B4F20} – System32TasksIObitSelfCheckTask => C:Program Files (x86)IObitSmart DefragIObitSelfCheck.exe
Task: {EAD9AC88-0A60-44CC-A67F-7C0CB3769A6B} – System32TasksAvast SoftwareOverseer => C:Program FilesCommon FilesAvast SoftwareOverseeroverseer.exe
Task: {EE9DAAE3-90F3-41FE-A12B-C49CD78108B8} – System32TasksSmartDefrag_AutoAnalyze => C:Program Files (x86)IObitSmart DefragAutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit)
Task: {EFDC4F0E-77CB-4CFA-A4D0-9E3C718240DD} – System32TasksHosts Block run at startup => C:Program Files (x86)Hosts BlockHosts BlockHosts Block.exe
Task: {F2F5A5DB-8D91-42C4-9409-85ADB91869FD} – System32TasksAvast SoftwareAvast SecureLine VPN Update => C:Program FilesCommon FilesAvast SoftwareIcarusavast-vpnicarus.exe
Task: {FFB5646F-DF53-46A1-97EA-BB8E2FFA24BF} – System32TasksSoftware Updater SkipUAC(M. Evans) => C:Program Files (x86)IObitSoftware UpdaterSoftwareUpdater.exe [4532248 2021-07-28] (IObit CO., LTD -> IObit) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:WINDOWSTasksCheck for updates (Spybot – Search & Destroy).job => C:Program Files (x86)Spybot – Search & Destroy 2SDUpdate.exe
Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:WINDOWSexplorer.exe
Task: C:WINDOWSTasksFreeFixer background scan.job => C:Program FilesFreeFixerfreefixer.exe
Task: C:WINDOWSTasksG2MUpdateTask-S-1-5-21-2857988568-3911692386-136112497-1003.job => C:UsersMarkAppDataLocalGoToMeeting19796g2mupdate.exe
Task: C:WINDOWSTasksG2MUploadTask-S-1-5-21-2857988568-3911692386-136112497-1003.job => C:UsersMarkAppDataLocalGoToMeeting19796g2mupload.exe
Task: C:WINDOWSTasksRefresh immunization (Spybot – Search & Destroy).job => C:Program Files (x86)Spybot – Search & Destroy 2SDImmunize.exe
Task: C:WINDOWSTasksScan the system (Spybot – Search & Destroy).job => C:Program Files (x86)Spybot – Search & Destroy 2SDScan.exe
Task: C:WINDOWSTasksSUPERAntiSpyware Scheduled Task 10d2c300-70d1-476b-b86e-2ccf84eef6f2.job => C:Program FilesSUPERAntiSpywareSASTask.exe C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
Task: C:WINDOWSTasksSUPERAntiSpyware Scheduled Task 5cff9418-652c-42ab-8ced-114dc9da722c.job => C:Program FilesSUPERAntiSpywareSASTask.exe C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
TcpipParameters: [DhcpNameServer] 192.168.1.1
Tcpip..Interfaces{22c9cacc-5411-4d29-82ce-80d19038aca5}: [DhcpNameServer] 192.168.1.1
HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <==== ATTENTION
Edge:
=======
DownloadDir: C:UsersMarkDownloads
Edge Notifications: HKUS-1-5-21-2857988568-3911692386-136112497-1003 -> hxxps://www.swingtowns.com
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:Program FilesWindowsAppsEyeoGmbH.AdblockPlus_0.9.18.0_neutral__d55gg7py3s0m0 [not found]
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]
Edge Extension: (No Name) -> EdgeExtension_EbatesEbatesCashBack_qvn24pjydtpgr => C:Program FilesWindowsAppsEbates.EbatesCashBack_4.36.0.0_neutral__qvn24pjydtpgr [not found]
Edge Extension: (Honey) -> EdgeExtension_HoneyScienceCorporationHoney_cbe4c63gm1mzr => C:Program FilesWindowsAppsHoneyScienceCorporation.Honey_11.4.2.0_neutral__cbe4c63gm1mzr [2019-06-20]
Edge Extension: (Video Downloader professional) -> EdgeExtension_Link64GmbHVideoDownloaderProfessionalforEdge_r8gm29f18mcyc => C:Program FilesWindowsAppsLink64GmbH.VideoDownloaderProfessionalforEdge_1.0.12.0_neutral__r8gm29f18mcyc [2019-04-15]
Edge Extension: (Video Downloader GetThemAll) -> EdgeExtension_NimbusWebGetThemAllVideoDownlaoder_p5fjnfwkc9ns0 => C:Program FilesWindowsAppsNimbusWeb.GetThemAll-VideoDownlaoder_2.3.2.0_x64__p5fjnfwkc9ns0 [2019-01-11]
Edge Extension: (Wikibuy) -> EdgeExtension_WikibuyWikibuy_aa6dh46kc11ry => C:Program FilesWindowsAppsWikibuy.Wikibuy_0.1.389.0_neutral__aa6dh46kc11ry [2019-02-23]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:UsersMarkAppDataLocalMicrosoftEdgeUser DataDefault [2021-11-06]
Edge DownloadDir: Default -> C:UsersMarkDownloads
Edge HomePage: Default -> hxxps://www.bing.com/?toWww=1&redig=35FAE3673BEA45C29CC654574BD297DC
Edge StartupUrls: Default -> “edge://newtab/”
Edge DefaultSearchURL: Default -> hxxps://y2mate.guru/favicon.ico
Edge Extension: (Honey) – C:UsersMarkAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsamnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-08-24]
Edge Extension: (YouTube MP4 Converter. Free YouTube Downloader mp4) – C:UsersMarkAppDataLocalMicrosoftEdgeUser DataDefaultExtensionscmjceimgphbhdbollklgajdhlanfaden [2021-01-08]
Edge Extension: (Adblock Plus – free ad blocker) – C:UsersMarkAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsgmgoamodcdcjnbaobigkjelfplakmdhh [2021-09-03]
Edge Extension: (Rakuten: Get Cash Back For Shopping) – C:UsersMarkAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsgmmlpenookphoknnpfilofakghemolmg [2021-10-26]
Edge Extension: (Emoji toolbar) – C:UsersMarkAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsieklikemgdlgopolnmchemopnhjpcnkm [2021-01-08]
Edge Extension: (Capital One Shopping: Add to Edge for Free) – C:UsersMarkAppDataLocalMicrosoftEdgeUser DataDefaultExtensionskiiaghlmeikbpmeabhilfphikfcefljn [2021-11-01]
Edge Extension: (All Video Downloader professional) – C:UsersMarkAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsmbpnbnogejaolbhfpfgagldkeahefbhd [2020-08-14]
Edge Extension: (AdBlock — best ad blocker) – C:UsersMarkAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsndcileolkflehcjpmjnfbnaibdcgglog [2021-10-27]
Edge HKLM-x32…EdgeExtension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF ProfilePath: C:UsersMarkAppDataRoamingMozillaFirefoxProfiles6k5ij9zb.Default User [2021-11-06]
FF user.js: detected! => C:UsersMarkAppDataRoamingMozillaFirefoxProfiles6k5ij9zb.Default Useruser.js [2021-10-31]
FF Homepage: MozillaFirefoxProfiles6k5ij9zb.Default User -> hxxps://www.bing.com/?pc=U159
FF Notifications: MozillaFirefoxProfiles6k5ij9zb.Default User -> hxxps://www.wpri.com
FF Extension: (IObit Surfing Protection & Ads Removal) – C:UsersMarkAppDataRoamingMozillaFirefoxProfiles6k5ij9zb.Default [email protected] [2021-01-12]
FF Extension: (Malwarebytes Browser Guard) – C:UsersMarkAppDataRoamingMozillaFirefoxProfiles6k5ij9zb.Default UserExtensions{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-10-30]
FF Extension: (Video DownloadHelper) – C:UsersMarkAppDataRoamingMozillaFirefoxProfiles6k5ij9zb.Default UserExtensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-06]
FF HKUS-1-5-21-2857988568-3911692386-136112497-1003…FirefoxExtensions: [[email protected]] – C:Program Files (x86)Internet Download Manageridmmzcc3.xpi => not found
FF HKUS-1-5-21-2857988568-3911692386-136112497-1003…SeaMonkeyExtensions: [[email protected]] – C:UsersMarkAppDataRoamingIDMidmmzcc5
FF Extension: (IDM CC) – C:UsersMarkAppDataRoamingIDMidmmzcc5 [2019-10-12] [Legacy] [not signed]
FF HKUS-1-5-21-2857988568-3911692386-136112497-1003…SeaMonkeyExtensions: [[email protected]] – C:Program Files (x86)Internet Download Manageridmmzcc2.xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:Program FilesJavajre1.8.0_311bindtpluginnpDeployJava1.dll [2021-10-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:Program FilesJavajre1.8.0_311binplugin2npjp2.dll [2021-10-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:Program FilesVideoLANVLCnpvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:Program FilesVideoLANVLCnpvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:Program FilesVideoLANVLCnpvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:Program FilesVideoLANVLCnpvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:Program Files (x86)Javajre1.8.0_261bindtpluginnpDeployJava1.dll [2020-09-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:Program Files (x86)Javajre1.8.0_261binplugin2npjp2.dll [2020-09-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program Files (x86)Microsoft OfficerootOffice16NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKUS-1-5-21-2857988568-3911692386-136112497-1003: tdameritrade.com/thinkorswim -> C:Program Filesthinkorswimnpthinkorswim.dll [2021-08-16] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKUS-1-5-21-2857988568-3911692386-136112497-1003: tdameritrade.com/tossc -> C:Program Filesthinkorswimnptossc.dll [2021-08-16] (TD Ameritrade -> TD Ameritrade)
Chrome:
=======
CHR HKLM…ChromeExtension: [ngpampappnmepgilojfohadhhmbhlaek] – C:Program Files (x86)Internet Download ManagerIDMGCExt.crx <not found>
CHR HKLM-x32…ChromeExtension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32…ChromeExtension: [ngpampappnmepgilojfohadhhmbhlaek] – C:Program Files (x86)Internet Download ManagerIDMGCExt.crx <not found>
Opera:
=======
OPR Profile: C:UsersMarkAppDataRoamingOpera SoftwareOpera Stable [2021-11-06]
OPR StartupUrls: Opera Stable -> “hxxp://www.yahoo.com/”
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Session Restore: Opera Stable -> is enabled.
OPR Extension: (Rich Hints Agent) – C:UsersMarkAppDataRoamingOpera SoftwareOpera StableExtensionsenegjkbbakeegngfapepobipndnebkdk [2021-10-31]
OPR Extension: (Amazon Assistant Promotion) – C:UsersMarkAppDataRoamingOpera SoftwareOpera StableExtensionskbmoiomgmchbpihhdpabemajcbjpcijk [2021-09-04]
StartMenuInternet: (HKUS-1-5-21-2857988568-3911692386-136112497-1003) OperaStable – “C:UsersMarkAppDataLocalProgramsOperaLauncher.exe”
Brave:
=======
BRA Profile: C:UsersMarkAppDataLocalBraveSoftwareBrave-BrowserUser DataDefault [2021-11-06]
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (Brave Local Data Files Updater) – C:UsersMarkAppDataLocalBraveSoftwareBrave-BrowserUser Dataafalakplffnnnlkncjhbmahjfjhmlkal [2021-10-01]
BRA Extension: (Brave Ad Block Updater (Default)) – C:UsersMarkAppDataLocalBraveSoftwareBrave-BrowserUser Datacffkpbalmllkdoenhmdmpbkajipdjfam [2021-10-30]
BRA Extension: (Brave NTP sponsored images) – C:UsersMarkAppDataLocalBraveSoftwareBrave-BrowserUser Datagccbbckogglekeggclmmekihdgdpdgoe [2021-10-30]
BRA Extension: (Brave Ads Resources) – C:UsersMarkAppDataLocalBraveSoftwareBrave-BrowserUser Dataiblokdlgekdjophgeonmanpnjihcjkjj [2021-10-28]
BRA Extension: (Brave SpeedReader Updater) – C:UsersMarkAppDataLocalBraveSoftwareBrave-BrowserUser Datajicbkmdloagakknpihibphagfckhjdih [2021-09-14]
BRA Extension: (Brave Ads Resources) – C:UsersMarkAppDataLocalBraveSoftwareBrave-BrowserUser Dataocilmpijebaopmdifcomolmpigakocmo [2021-10-28]
BRA Extension: (Brave HTTPS Everywhere Updater) – C:UsersMarkAppDataLocalBraveSoftwareBrave-BrowserUser Dataoofiananboodjbbmdelgdommihjbkfag [2021-10-28]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:Program FilesSUPERAntiSpywareSASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S4 AdobeARMservice; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AdvancedSystemCareService15; C:Program Files (x86)IObitAdvanced SystemCareASCService.exe [1873488 2021-08-21] (IObit CO., LTD -> IObit)
S4 ApHidMonitorService; C:Program FilesDellTPadHidMonitorSvc.exe [87384 2015-07-10] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S4 bdredline_agent; C:Program FilesBitdefender Agentredlinebdredline.exe [0 2021-10-29] () <==== ATTENTION [zero byte File/Folder]
S4 brave; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-04-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 bravem; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-04-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 CdRomArbiterService; C:Program FilesCommon Filescdarbsvccdarbsvc_v1.0.0_x64.exe [8704 2019-08-25] (GuinpinSoft inc) [File not signed]
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [12034464 2021-10-12] (Microsoft Corporation -> Microsoft Corporation)
S4 FoxitReaderUpdateService; C:Program Files (x86)Foxit SoftwareFoxit ReaderFoxitReaderUpdateService.exe [1995184 2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S4 fpCsEvtSvc; C:Windowssystem32fpCSEvtSvc.exe [22528 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 hmpalertsvc; C:Program Files (x86)HitmanPro.Alerthmpalert.exe [5117648 2021-10-31] (SurfRight B.V. -> SurfRight B.V.)
S4 hpqcaslwmiex; C:Program Files (x86)HPSharedhpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
S4 HPSupportSolutionsFrameworkService; C:Program Files (x86)Hewlett-PackardHP Support SolutionsHPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 IMFservice; C:Program Files (x86)IObitIObit Malware FighterIMFsrv.exe [2405136 2021-08-31] (IObit Information Technology -> IObit)
S2 IObitUnSvr; C:Program Files (x86)IObitIObit UninstallerIUService.exe [158232 2021-08-04] (IObit CO., LTD -> IObit)
R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7848632 2021-11-06] (Malwarebytes Inc -> Malwarebytes)
S4 SandraAgentSrv; C:Program FilesSiSoftwareSiSoftware Sandra Lite 2020RpcAgentSrv.exe [135176 2020-06-25] (SiSoftware SPC -> SiSoftware) [File not signed]
R2 SDScannerService; C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 SecurityService; C:Program Files (x86)TotalAVSecurityService.exe [263976 2021-05-14] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
S2 SecurityServiceMonitor; C:Program Files (x86)TotalAVSecurityService.exe [263976 2021-05-14] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [6103496 2021-10-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 STacSV; C:Program FilesIDTWDMSTacSV64.exe [340480 2021-04-26] (IDT, Inc.) [File not signed]
S4 valWBFPolicyService; C:Windowssystem32valWBFPolicyService.exe [53248 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
S4 vs; C:Program Files (x86)VLCStreamerUpdateVLCStreamerUpdate.exe [108696 2019-08-11] (Google Inc (TEST) -> VLCStreamer LTD.) [File not signed]
S4 vsm; C:Program Files (x86)VLCStreamerUpdateVLCStreamerUpdate.exe [108696 2019-08-11] (Google Inc (TEST) -> VLCStreamer LTD.) [File not signed]
S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2109.6-0NisSrv.exe [2855512 2021-10-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2109.6-0MsMpEng.exe [128392 2021-10-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%System32browser.dll [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 amsdk; C:WINDOWSsystem32driversamsdk.sys [232792 2021-11-02] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R3 AscFileFilter; C:Program Files (x86)IObitAdvanced SystemCaredriverswin10_amd64AscFileFilter.sys [46552 2021-07-07] (IObit CO., LTD -> IObit)
R3 AscRegistryFilter; C:Program Files (x86)IObitAdvanced SystemCaredriverswin10_amd64AscRegistryFilter.sys [46552 2021-07-07] (IObit CO., LTD -> IObit)
R3 cpuz150; C:WINDOWStempcpuz150cpuz150_x64.sys [44832 2021-11-02] (CPUID S.A.R.L.U. -> CPUID)
S3 efavdrv; C:WINDOWSsystem32driversefavdrv.sys [139704 2020-09-06] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [160176 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 GridinSoftInetSecurityDriver; C:WINDOWSsystem32DRIVERSgsInetSecurity.sys [102728 2018-05-05] (GridinSoft, LLC -> GridinSoft LLC)
R1 hmpalert; C:WINDOWSsystem32drivershmpalert.sys [410640 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> SurfRight B.V.)
R1 HWiNFO32; C:WindowsSysWOW64driversHWiNFO64A.SYS [27552 2017-12-16] (Martin Malik – REALiX -> REALiX)
R3 Imf8HpRegFilter; C:Program Files (x86)IObitIObit Malware Fighterdriverswin10_amd64ImfHpRegFilter.sys [41848 2019-12-17] (IObit Information Technology -> IObit)
R3 IMFDownProtect; C:Program Files (x86)IObitIObit Malware Fighterdriverswin10_amd64IMFDownProtect.sys [40920 2021-07-30] (IObit CO., LTD -> IObit)
R3 IMFForceDelete; C:Program Files (x86)IObitIObit Malware Fighterdriverswin10_amd64IMFForceDelete.sys [34192 2019-06-11] (IObit Information Technology -> IObit)
R3 ImfHpFileFilter; C:Program Files (x86)IObitIObit Malware Fighterdriverswin10_amd64ImfHpFileFilter.sys [45432 2019-12-17] (IObit Information Technology -> IObit)
S3 ImfObCallback; C:Program Files (x86)IObitIObit Malware Fighterdriverswin10_amd64ImfObCallback.sys [33984 2020-03-12] (IObit Information Technology -> IObit)
S3 ImfRealScanner; C:Program Files (x86)IObitIObit Malware Fighterdriverswin10_amd64ImfRealScanner.sys [53720 2021-08-13] (IObit CO., LTD -> IObit)
S3 ImfRegistryFilter; C:Program Files (x86)IObitIObit Malware Fighterdriverswin10_amd64ImfRegistryFilter.sys [42360 2019-12-17] (IObit Information Technology -> IObit)
R3 iobit_monitor_server2021; C:Program Files (x86)IObitAdvanced SystemCaredriversMonitor_win10_x64.sys [33256 2021-08-11] (IObit CO., LTD -> IObit)
R3 IUFileFilter; C:Program Files (x86)IObitIObit Uninstallerdriverswin10_amd64IUFileFilter.sys [43896 2020-07-31] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:Program Files (x86)IObitIObit Uninstallerdriverswin10_amd64IUProcessFilter.sys [37112 2020-07-31] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:Program Files (x86)IObitIObit Uninstallerdriverswin10_amd64IURegistryFilter.sys [51128 2020-07-31] (IObit Information Technology -> IObit)
S0 johci; C:WINDOWSSystem32driversjohci.sys [20392 2021-06-28] (JMicron Technology Corp. -> JMicron)
R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [210352 2021-11-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [193448 2021-11-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [69040 2021-11-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-11-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [149424 2021-11-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MpKslf2669cb6; C:ProgramDataMicrosoftWindows DefenderDefinition Updates{5C542474-B611-4F22-BFA2-9803C3322726}MpKslDrv.sys [130296 2021-11-01] (Microsoft Windows -> Microsoft Corporation)
R2 npf; C:WINDOWSsystem32driversnpf.sys [36600 2020-05-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R1 SASDIFSV; C:Program FilesSUPERAntiSpywareSASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:Program FilesSUPERAntiSpywareSASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:WINDOWSSystem32DriversSmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
S3 SNP2UVC; C:WINDOWSsystem32DRIVERSsnp2uvc.sys [1866080 2012-11-20] (Sonix Technology CO., LTD -> )
S3 SNP2UVCW10; C:WINDOWSsystem32DRIVERSsnp2uvcW10.sys [2530920 2015-12-20] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
S0 Spybot3ELAM; C:WINDOWSSystem32driversSpybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
R3 STHDA; C:WINDOWSsystem32DRIVERSstwrt64.sys [551936 2021-04-26] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 tap0901; C:WINDOWSSystem32driverstap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
S3 TrojanKillerDriver; C:WINDOWSSystem32DRIVERSgtkdrv.sys [29456 2018-05-05] (GridinSoft, LLC -> Windows ® Win 7 DDK provider)
U3 TrueSight; C:WindowsSystem32driverstruesight.sys [28272 2020-09-12] (Adlice -> )
U5 UnlockerDriver5; C:Program FilesUnlockerUnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [48520 2021-10-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [434424 2021-10-26] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [86264 2021-10-26] (Microsoft Windows -> Microsoft Corporation)
R1 webshieldfilter; C:WINDOWSSystem32driverswebshieldfilter.sys [96264 2020-12-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) <==== ATTENTION
R3 WirelessButtonDriver64; C:WINDOWSSystem32driversWirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
S3 cpuz145; ??C:WINDOWStempcpuz145cpuz145_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-06 10:36 – 2021-11-06 10:37 – 000040145 _____ C:UsersMarkDownloadsFRST.txt
2021-11-06 10:30 – 2021-11-06 10:36 – 000000000 ____D C:FRST
2021-11-06 10:27 – 2021-11-06 10:30 – 002312192 _____ (Farbar) C:UsersMarkDownloadsFRST64.exe
2021-11-06 08:47 – 2021-11-06 08:47 – 002208569 _____ C:UsersMarkDownloadsHiJackThis.zip
2021-11-06 08:47 – 2021-11-06 08:47 – 000000000 ___HD C:UsersMarkDownloads.ptmpEDB8D7
2021-11-06 08:45 – 2021-11-06 08:46 – 001469608 _____ (Alex Dragokas) C:UsersMarkDownloadscheck-browsers-lnk_2.2.0.27 (1).exe
2021-11-06 08:39 – 2021-11-06 08:39 – 000000000 ____D C:UsersMarkDownloadsLOG
2021-11-06 08:36 – 2021-11-06 08:36 – 001469608 _____ (Alex Dragokas) C:UsersMarkDownloadscheck-browsers-lnk_2.2.0.27.exe
2021-11-06 08:17 – 2021-11-06 08:17 – 000003936 _____ C:WINDOWSsystem32TasksCCleaner Update
2021-11-06 08:17 – 2021-11-06 08:17 – 000002916 _____ C:WINDOWSsystem32TasksCCleanerSkipUAC – M. Evans
2021-11-06 07:38 – 2021-11-06 07:38 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2021-11-06 07:38 – 2021-11-06 07:38 – 000210352 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys
2021-11-06 07:38 – 2021-11-06 07:38 – 000193448 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys
2021-11-06 07:38 – 2021-11-06 07:38 – 000149424 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys
2021-11-06 07:38 – 2021-11-06 07:38 – 000069040 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2021-11-03 18:02 – 2021-11-03 18:03 – 065464936 _____ (IObit ) C:UsersMarkDownloadsIObit-Malware-Fighter-Setup (1).exe
2021-11-02 10:03 – 2021-11-06 10:37 – 001558732 _____ C:WINDOWSZAM.krnl.trace
2021-11-02 09:40 – 2021-11-02 09:40 – 000001146 _____ C:UsersMarkAppDataRoamingMicrosoftWindowsStart MenuProgramsTotalAV.lnk
2021-11-02 09:02 – 2021-10-31 11:48 – 000000852 _____ C:WINDOWSsystem32Driversetchosts.20211102-090220.backup
2021-11-02 08:57 – 2021-11-02 08:57 – 000001478 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot-S&D Start Center.lnk
2021-11-02 08:57 – 2021-11-02 08:57 – 000001466 _____ C:UsersPublicDesktopSpybot-S&D Start Center.lnk
2021-11-02 08:57 – 2021-11-02 08:57 – 000000656 _____ C:WINDOWSTasksCheck for updates (Spybot – Search & Destroy).job
2021-11-02 08:57 – 2021-11-02 08:57 – 000000628 _____ C:WINDOWSTasksRefresh immunization (Spybot – Search & Destroy).job
2021-11-02 08:57 – 2021-11-02 08:57 – 000000458 _____ C:WINDOWSTasksScan the system (Spybot – Search & Destroy).job
2021-11-02 08:57 – 2021-11-02 08:57 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot – Search & Destroy 2
2021-11-02 08:57 – 2019-06-21 08:34 – 000019904 _____ (Windows ® Win 7 DDK provider) C:WINDOWSsystem32DriversSpybot3ELAM.sys
2021-11-02 08:57 – 2018-02-06 19:04 – 000032168 _____ (Safer-Networking Ltd.) C:WINDOWSsystem32sdnclean64.exe
2021-11-02 02:44 – 2021-11-02 02:44 – 000001333 _____ C:UsersPublicDesktopZemana AntiMalware.lnk
2021-11-02 01:36 – 2021-11-02 01:36 – 000000214 _____ C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job
2021-11-02 01:21 – 2021-11-02 08:54 – 000000000 ____D C:UsersMarkAppDataLocalAMSDK
2021-11-02 01:21 – 2021-11-02 02:44 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsZemana AntiMalware
2021-11-02 01:21 – 2021-11-02 01:27 – 000003564 _____ C:WINDOWSsystem32TasksAMHelper
2021-11-02 01:21 – 2021-11-02 01:21 – 000232792 _____ (Copyright 2018.) C:WINDOWSsystem32Driversamsdk.sys
2021-11-02 01:21 – 2021-11-02 01:21 – 000000000 ____D C:UsersMarkAppDataLocalZemana
2021-11-02 01:21 – 2021-11-02 01:21 – 000000000 ____D C:Program Files (x86)Zemana
2021-11-02 01:20 – 2021-11-02 01:20 – 013922376 _____ (Zemana Ltd. ) C:UsersMarkDownloadsAntiMalware_Setup.exe
2021-11-01 21:01 – 2021-11-01 21:02 – 041372992 _____ C:UsersMarkDownloadsvlc-3.0.16-win32 (1).exe
2021-11-01 20:10 – 2021-11-01 20:10 – 000003110 _____ C:WINDOWSsystem32TasksASC_SkipUac_M. Evans
2021-11-01 20:09 – 2021-11-01 20:09 – 000001308 _____ C:UsersPublicDesktopAdvanced SystemCare.lnk
2021-11-01 19:41 – 2021-11-01 19:41 – 056193976 _____ (IObit ) C:UsersMarkDownloadsadvanced-systemcare-setup.exe
2021-11-01 19:34 – 2021-11-01 19:34 – 000046968 _____ (IObit) C:WINDOWSsystem32REGISTRYDEFRAGBOOTTIME.EXE
2021-11-01 13:41 – 2021-11-01 13:41 – 000000000 ____D C:ProgramDataSecuritySuite
2021-11-01 13:41 – 2020-12-09 13:37 – 000096264 _____ (Windows ® Win 7 DDK provider) C:WINDOWSsystem32Driverswebshieldfilter.sys
2021-11-01 13:35 – 2021-11-01 13:35 – 000000000 ____D C:UsersMarkOneDriveDocumentsTotalAV
2021-11-01 12:33 – 2021-11-01 12:33 – 000388608 _____ (Trend Micro Inc.) C:UsersMarkDownloadsHijackThis.exe
2021-11-01 11:25 – 2021-11-01 11:55 – 000001060 _____ C:UsersPublicDesktopTotalAV.lnk
2021-11-01 11:25 – 2021-11-01 11:25 – 000000000 ____D C:UsersMarkAppDataLocalGUI
2021-11-01 11:25 – 2021-11-01 11:25 – 000000000 ____D C:ProgramDataTotalAV
2021-11-01 11:24 – 2021-11-01 20:21 – 000000000 ____D C:Program Files (x86)TotalAV
2021-11-01 11:24 – 2021-11-01 11:24 – 056445176 _____ C:UsersMarkDownloadsTotalAV_Setup.exe
2021-11-01 01:34 – 2021-11-02 09:38 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSpyware Terminator 2015
2021-11-01 01:34 – 2021-11-01 01:34 – 000000000 ____D C:UsersMarkAppDataLocalLowSpyware Terminator
2021-11-01 01:05 – 2021-11-01 01:05 – 000000000 ____D C:UsersMarkAppDataLocalGlarysoft
2021-10-31 22:39 – 2021-11-02 08:47 – 000000000 ____D C:ProgramDataGlarysoft
2021-10-31 22:39 – 2021-11-02 08:47 – 000000000 ____D C:Program Files (x86)Glarysoft
2021-10-31 22:39 – 2021-10-31 22:43 – 000000000 ____D C:UsersMarkAppDataRoamingGlarySoft
2021-10-31 20:00 – 2021-11-01 13:39 – 000000346 _____ C:WINDOWSTasksFreeFixer background scan.job
2021-10-31 17:26 – 2021-10-31 17:26 – 000012872 _____ (SurfRight B.V.) C:WINDOWSsystem32bootdelete.exe
2021-10-31 17:15 – 2021-11-01 20:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAdvanced SystemCare
2021-10-31 16:18 – 2021-10-31 16:18 – 000000000 ____D C:WINDOWSCryptoGuard
2021-10-31 16:17 – 2021-10-31 16:17 – 000004028 _____ C:WINDOWSsystem32TasksAvast SecureLine VPN Update
2021-10-31 16:14 – 2021-10-31 16:14 – 000003990 _____ C:WINDOWSsystem32TasksAvast Emergency Update
2021-10-31 15:57 – 2021-11-02 01:32 – 000000000 ____D C:ProgramDataHitmanPro
2021-10-31 15:47 – 2021-10-31 15:47 – 000988112 _____ (Bleeping Computer, LLC) C:UsersMarkDownloadsrkill64.exe
2021-10-31 15:42 – 2021-11-02 10:03 – 000000000 ____D C:ProgramDataHitmanPro.Alert
2021-10-31 15:42 – 2021-10-31 15:42 – 001054224 _____ (SurfRight B.V.) C:WINDOWSsystem32hmpalert.dll
2021-10-31 15:42 – 2021-10-31 15:42 – 001044472 _____ (SurfRight B.V.) C:WINDOWSSysWOW64hmpalert.dll
2021-10-31 15:42 – 2021-10-31 15:42 – 000410640 _____ (SurfRight B.V.) C:WINDOWSsystem32Drivershmpalert.sys
2021-10-31 15:42 – 2021-10-31 15:42 – 000171728 _____ (SurfRight B.V.) C:WINDOWSsystem32hmpshell.dll
2021-10-31 15:42 – 2021-10-31 15:42 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHitmanPro.Alert
2021-10-31 15:42 – 2021-10-31 15:42 – 000000000 ____D C:Program Files (x86)HitmanPro.Alert
2021-10-31 13:40 – 2021-10-31 13:40 – 000001825 _____ C:UsersPublicDesktopSUPERAntiSpyware Free Edition.lnk
2021-10-31 13:40 – 2021-10-31 13:40 – 000000548 _____ C:WINDOWSTasksSUPERAntiSpyware Scheduled Task 5cff9418-652c-42ab-8ced-114dc9da722c.job
2021-10-31 13:40 – 2021-10-31 13:40 – 000000548 _____ C:WINDOWSTasksSUPERAntiSpyware Scheduled Task 10d2c300-70d1-476b-b86e-2ccf84eef6f2.job
2021-10-31 13:40 – 2021-10-31 13:40 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSUPERAntiSpyware
2021-10-31 12:08 – 2021-10-31 12:08 – 000000000 ____D C:UsersMarkAppDataLocalmbam
2021-10-31 12:03 – 2021-10-31 13:08 – 000002001 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2021-10-31 12:03 – 2021-10-31 13:08 – 000001989 _____ C:UsersPublicDesktopMalwarebytes.lnk
2021-10-31 12:03 – 2021-10-31 12:02 – 000160176 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys
2021-10-31 12:03 – 2021-10-31 12:02 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys
2021-10-31 12:02 – 2021-10-31 13:07 – 000000000 ____D C:ProgramDataMalwarebytes
2021-10-31 12:01 – 2021-10-31 12:01 – 002101944 _____ (Malwarebytes) C:UsersMarkDownloadsMBSetup-119967.119967-consumer.exe
2021-10-31 10:04 – 2021-10-31 10:04 – 101203968 _____ C:WINDOWSsystem32configSOFTWARE.iobit
2021-10-31 10:04 – 2021-10-31 10:04 – 002867200 _____ C:WINDOWSsystem32configDEFAULT.iobit
2021-10-31 10:04 – 2021-10-31 10:04 – 000090112 _____ C:WINDOWSsystem32configSAM.iobit
2021-10-31 10:04 – 2021-10-31 10:04 – 000040960 _____ C:WINDOWSsystem32configSECURITY.iobit
2021-10-31 10:00 – 2021-10-31 10:00 – 000191832 _____ (Oracle Corporation) C:WINDOWSsystem32WindowsAccessBridge-64.dll
2021-10-31 10:00 – 2020-09-24 08:29 – 000166056 _____ (Oracle Corporation) C:WINDOWSSysWOW64WindowsAccessBridge-32.dll
2021-10-31 09:56 – 2021-10-31 10:00 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsJava Development Kit
2021-10-31 09:56 – 2021-10-31 09:59 – 000000000 ____D C:Program FilesJava
2021-10-31 09:19 – 2021-10-31 09:19 – 000000000 ____D C:UsersMarkAppDataLocalLowOracle
2021-10-31 09:18 – 2021-10-31 09:18 – 178858304 _____ (Oracle Corporation) C:UsersMarkDownloadsjdk-8u311-windows-x64.exe
2021-10-31 08:45 – 2021-10-31 08:45 – 000000000 ____D C:Program Files (x86)VideoLAN
2021-10-31 08:43 – 2021-10-31 08:43 – 000002926 _____ C:WINDOWSsystem32TasksIMF_SkipUAC_M. Evans
2021-10-31 08:42 – 2021-10-31 08:42 – 000001258 _____ C:UsersPublicDesktopIObit Malware Fighter.lnk
2021-10-31 08:42 – 2021-10-31 08:42 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsIObit Malware Fighter
2021-10-31 08:39 – 2021-10-31 08:39 – 000000000 ____D C:UsersMarkAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom
2021-10-31 08:33 – 2021-10-31 08:33 – 000001396 _____ C:UsersMarkAppDataRoamingMicrosoftWindowsStart MenuProgramsOpera Browser.lnk
2021-10-31 08:18 – 2021-10-31 08:18 – 010473612 _____ C:UsersMarkDownloadsjavafx-8u311-apidocs.zip
2021-10-31 08:17 – 2021-10-31 08:17 – 125171464 _____ C:UsersMarkDownloadsjdk-8u311-docs-all.zip
2021-10-31 08:14 – 2021-10-31 08:14 – 041372992 _____ C:UsersMarkDownloadsvlc-3.0.16-win32.exe
2021-10-31 08:14 – 2021-10-31 08:14 – 017027656 _____ (Zoom Video Communications, Inc.) C:UsersMarkDownloadsZoomInstaller.exe
2021-10-31 08:13 – 2021-10-31 08:13 – 002610368 _____ (Opera Software) C:UsersMarkDownloadsOperaSetup.exe
2021-10-31 07:58 – 2021-10-31 07:58 – 005054464 _____ C:WINDOWSsystem32configDRIVERS.iobit
2021-10-31 05:08 – 2021-10-31 05:08 – 005117648 _____ (SurfRight B.V.) C:UsersMarkDownloadshmpalert3.exe
2021-10-30 23:50 – 2021-10-30 23:50 – 000000000 ____D C:UsersMarkAppDataLocalAshampoo
2021-10-30 22:47 – 2021-10-30 22:48 – 000000000 ____D C:WINDOWSsystem32TasksAvast Software
2021-10-30 22:47 – 2021-10-30 22:47 – 000000000 ____D C:WINDOWSsystem32gf2engine
2021-10-30 22:45 – 2021-10-31 18:58 – 000000000 ____D C:ProgramDataAvast Software
2021-10-30 22:45 – 2021-10-31 18:12 – 000000000 ____D C:Program FilesAvast Software
2021-10-30 22:25 – 2021-10-30 22:25 – 000001438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsIObit Uninstaller.lnk
2021-10-30 22:25 – 2021-10-30 22:25 – 000001426 _____ C:UsersPublicDesktopIObit Uninstaller.lnk
2021-10-30 22:23 – 2021-10-30 22:24 – 026869616 _____ (IObit ) C:UsersMarkDownloadsiobituninstaller (2).exe
2021-10-30 22:22 – 2021-10-31 13:40 – 000000000 ____D C:Program FilesSUPERAntiSpyware
2021-10-30 19:02 – 2021-11-05 21:57 – 000002440 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-10-30 19:02 – 2021-11-05 21:57 – 000002278 _____ C:UsersPublicDesktopMicrosoft Edge.lnk
2021-10-30 10:27 – 2021-10-30 17:53 – 000000000 ____D C:UsersMarkAppDataLocalFreeFixer
2021-10-30 10:27 – 2021-10-30 15:45 – 000000000 ____D C:UsersMarkAppDataRoamingFreeFixer
2021-10-30 10:26 – 2021-10-30 10:26 – 000000000 ____D C:UsersMarkAppDataRoamingMicrosoftWindowsStart MenuProgramsFreeFixer
2021-10-30 10:26 – 2021-10-30 10:26 – 000000000 ____D C:Program FilesFreeFixer
2021-10-30 10:25 – 2021-10-30 10:25 – 002748061 _____ (Kephyr) C:UsersMarkDownloadsfreefixersetup.exe
2021-10-30 09:25 – 2021-03-23 22:53 – 000003240 _____ C:WINDOWSsystem32TasksVLCSTREAMERUPDATETASKMACHINECORE
2021-10-30 09:25 – 2020-09-06 23:35 – 000003404 _____ C:WINDOWSsystem32TasksVLCSTREAMERUPDATETASKMACHINEUA
2021-10-30 08:41 – 2021-10-30 08:43 – 000128082 _____ C:TDSSKiller.3.1.0.28_30.10.2021_08.41.56_log.txt
2021-10-30 03:28 – 2021-10-30 03:28 – 000003314 _____ C:WINDOWSsystem32TasksASC_PerformanceMonitor
2021-10-29 15:16 – 2021-10-29 15:16 – 001138856 _____ C:UsersMarkDownloadsbrowserplus_2.9.8.exe
2021-10-29 13:14 – 2021-10-29 13:14 – 000058096 _____ C:ProgramDataagent.uninstall.1635527298.bdinstall.v2.bin
2021-10-29 05:03 – 2021-11-02 11:41 – 000000000 ____D C:UsersMarkDownloadsbackups
2021-10-28 05:33 – 2021-10-28 05:33 – 000093656 _____ C:ProgramDataagent.update.1635413605.bdinstall.v2.bin
2021-10-28 01:45 – 2021-10-28 01:45 – 008553680 _____ (Malwarebytes) C:UsersMarkDownloadsadwcleaner_8.3.0.exe
2021-10-28 00:54 – 2021-10-30 10:05 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBrowser Hijack Blaster
2021-10-28 00:52 – 2021-10-28 00:52 – 000402564 _____ C:UsersMarkDownloadsbhblastersetup.exe
2021-10-28 00:41 – 2021-10-28 00:41 – 000251392 _____ C:UsersMarkDownloadshijackthis_sfx.exe
2021-10-27 10:38 – 2021-10-27 10:38 – 000011361 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2021-10-27 09:46 – 2021-10-27 09:46 – 000000000 ___HD C:$WinREAgent
2021-10-27 09:43 – 2021-10-27 09:43 – 000004562 _____ C:WINDOWSsystem32TasksAdobe Acrobat Update Task
2021-10-27 09:32 – 2021-10-27 09:32 – 000003356 _____ C:WINDOWSsystem32TasksHosts Block run at startup
2021-10-27 09:32 – 2021-10-27 09:32 – 000000000 ____D C:UsersMarkAppDataLocalHosts_Block
2021-10-27 09:32 – 2021-10-27 09:32 – 000000000 ____D C:Hosts Block Backup
2021-10-27 00:38 – 2021-10-31 19:59 – 000002259 _____ C:WINDOWSepplauncher.mif
2021-10-26 21:10 – 2021-10-26 21:10 – 000003788 _____ C:WINDOWSsystem32TasksTweaking.com – Windows Repair Tray Icon
2021-10-26 20:57 – 2021-10-26 20:57 – 048001584 _____ (Tweaking.com) C:UsersMarkDownloadstweaking.com_windows_repair_aio_setup (2).exe
2021-10-26 20:52 – 2021-10-30 00:46 – 000181064 _____ (Sysinternals) C:WINDOWSPSEXESVC.EXE
2021-10-26 20:52 – 2021-10-26 20:52 – 000000000 ____D C:Tweaking.com_Windows_Repair_Logs
2021-10-26 20:51 – 2021-10-26 20:51 – 000980315 _____ C:UsersMarkDownloadsTweaking.com-RepairHostsFile.exe
2021-10-26 20:51 – 2021-10-26 20:51 – 000000000 ____D C:UsersMarkDownloadsTweaking.com – Repair Hosts File
2021-10-26 14:16 – 2021-10-26 14:16 – 004778360 _____ (Bitdefender ) C:UsersMarkDownloadsBDAntiRansomwareSetup.exe
2021-10-26 14:03 – 2021-10-26 14:03 – 000038484 _____ C:ProgramDataagent.1635271405.13988.v2.bin
2021-10-26 14:01 – 2021-10-29 13:26 – 000000000 ____D C:Program FilesBitdefender Agent
2021-10-26 14:01 – 2021-10-26 14:01 – 000122404 _____ C:ProgramDataagent.1635271289.bdinstall.v2.bin
2021-10-26 13:59 – 2021-10-26 13:59 – 013543384 _____ C:UsersMarkDownloadsbitdefender_online.exe
2021-10-24 22:14 – 2021-10-24 22:14 – 000000000 ____D C:SUPERDelete
2021-10-24 21:55 – 2021-10-24 21:56 – 202419304 _____ (SUPERAntiSpyware) C:UsersMarkDownloadsSUPERAntiSpyware.exe
2021-10-22 09:50 – 2021-10-22 09:50 – 000004226 _____ C:WINDOWSsystem32TasksOpera scheduled Autoupdate 1532261855
2021-10-22 01:45 – 2021-10-22 01:45 – 000003276 _____ C:WINDOWSsystem32TasksSmartDefrag_AutoAnalyze
2021-10-22 01:45 – 2021-10-22 01:45 – 000003116 _____ C:WINDOWSsystem32TasksSmartDefrag_Startup
2021-10-22 01:45 – 2021-10-22 01:45 – 000003116 _____ C:WINDOWSsystem32TasksIObitSelfCheckTask
2021-10-22 01:45 – 2021-10-22 01:45 – 000003112 _____ C:WINDOWSsystem32TasksSmartDefrag_Update
2021-10-22 01:45 – 2021-10-22 01:45 – 000001235 _____ C:UsersPublicDesktopSmart Defrag 7.lnk
2021-10-22 01:45 – 2021-10-22 01:45 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSmart Defrag
2021-10-22 01:45 – 2019-09-12 09:59 – 000178960 _____ (IObit) C:WINDOWSsystem32IObitSmartDefragExtension.dll
2021-10-22 01:45 – 2017-03-09 13:53 – 000030744 _____ (IObit) C:WINDOWSsystem32DriversSmartDefragDriver.sys
2021-10-20 21:56 – 2021-10-20 21:56 – 000000043 _____ C:UsersMarkDownloadsATT78920.bin
2021-10-14 17:01 – 2021-10-14 17:01 – 000002136 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk
2021-10-14 11:20 – 2021-10-14 11:20 – 000004478 _____ C:WINDOWSsystem32TasksOpera scheduled assistant Autoupdate 1555120143
2021-10-13 09:21 – 2021-10-13 09:21 – 000203264 _____ C:WINDOWSsystem32uwfcfgmgmt.dll
2021-10-13 09:21 – 2021-10-13 09:21 – 000158208 _____ C:WINDOWSsystem32uwfcsp.dll
2021-10-13 09:21 – 2021-10-13 09:21 – 000040960 _____ C:WINDOWSsystem32uwfservicingapi.dll
2021-10-13 09:19 – 2021-10-13 09:19 – 000611960 _____ C:WINDOWSSysWOW64TextShaping.dll
2021-10-13 09:18 – 2021-10-13 09:18 – 000098304 _____ C:WINDOWSsystem32Driverscimfs.sys
2021-10-13 09:17 – 2021-10-13 09:17 – 000706536 _____ C:WINDOWSsystem32TextShaping.dll
2021-10-13 09:16 – 2021-10-13 09:16 – 000288768 _____ C:WINDOWSsystem32Windows.Management.InprocObjects.dll
2021-10-12 07:21 – 2021-10-26 14:39 – 000000000 ____D C:storage
2021-10-08 07:07 – 2021-10-08 07:07 – 000000027 _____ C:WINDOWSsystem32ctc.json
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-06 08:18 – 2018-02-28 12:09 – 000000000 ____D C:UsersMarkAppDataLocalCrashDumps
2021-11-06 08:17 – 2020-06-01 23:40 – 000000000 ____D C:Program FilesCCleaner
2021-11-06 08:15 – 2020-09-06 22:54 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2021-11-06 07:26 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-11-06 05:56 – 2018-02-19 15:05 – 000000000 ____D C:UsersMarkAppDataLocalLowMozilla
2021-11-05 21:57 – 2019-12-07 05:14 – 000000000 ___HD C:Program FilesWindowsApps
2021-11-05 21:57 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSAppReadiness
2021-11-02 10:04 – 2021-09-04 10:12 – 000000000 ____D C:Program Files (x86)Spybot – Search & Destroy 2
2021-11-02 10:03 – 2020-09-06 23:34 – 000000006 ____H C:WINDOWSTasksSA.DAT
2021-11-02 10:03 – 2020-09-06 22:54 – 000008192 ___SH C:DumpStack.log.tmp
2021-11-02 10:03 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSServiceState
2021-11-02 10:02 – 2019-12-07 05:03 – 001310720 _____ C:WINDOWSsystem32configBBI
2021-11-02 09:00 – 2021-09-04 10:12 – 000000000 ____D C:ProgramDataSpybot – Search & Destroy
2021-11-02 08:54 – 2021-08-25 01:19 – 000000000 ____D C:WINDOWSsystem32TasksMozilla
2021-11-02 08:54 – 2021-08-14 06:28 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsToolRocket PDF Converter
2021-11-02 08:54 – 2021-08-14 06:27 – 000000000 ____D C:UsersMarkAppDataLocalpdfconverter
2021-11-02 01:31 – 2020-09-06 22:14 – 000000000 ____D C:UsersMark
2021-11-02 01:28 – 2020-09-06 23:34 – 000003162 _____ C:WINDOWSsystem32TasksUninstaller_SkipUac_M._Evans
2021-11-01 21:05 – 2018-07-30 11:10 – 000000000 ____D C:UsersMarkAppDataRoamingvlc
2021-11-01 21:05 – 2017-11-14 11:37 – 000001139 _____ C:UsersPublicDesktopVLC media player.lnk
2021-11-01 21:00 – 2017-12-16 11:10 – 000000000 ____D C:ProgramDataIObit
2021-11-01 20:47 – 2019-12-07 05:13 – 000000000 ____D C:WINDOWSINF
2021-11-01 14:27 – 2018-06-04 00:53 – 000000000 ____D C:UsersMarkAppDataLocalD3DSCache
2021-10-31 16:57 – 2017-11-14 11:08 – 000000000 ____D C:Program Files (x86)Microsoft Office
2021-10-31 16:09 – 2019-12-07 05:14 – 000000000 ___HD C:WINDOWSELAMBKUP
2021-10-31 13:40 – 2018-03-18 09:57 – 000000000 ____D C:UsersMarkAppDataRoamingSUPERAntiSpyware.com
2021-10-31 13:39 – 2018-03-18 09:56 – 000000000 ____D C:ProgramDataSUPERAntiSpyware.com
2021-10-31 13:23 – 2019-03-04 14:20 – 000000000 ____D C:Program FilesMalwarebytes
2021-10-31 11:50 – 2019-08-11 15:09 – 000000000 ____D C:UsersMarkAppDataRoamingTorrent Streamer Plugin
2021-10-31 11:50 – 2017-12-27 12:35 – 000000000 ____D C:UsersMarkAppDataLocalLowIObit
2021-10-31 11:50 – 2017-12-27 12:23 – 000000000 ____D C:UsersMarkAppDataRoamingIObit
2021-10-31 11:50 – 2017-12-16 11:10 – 000000000 ____D C:Program Files (x86)IObit
2021-10-31 11:38 – 2018-02-19 15:05 – 000000000 ____D C:Program FilesMozilla Firefox
2021-10-31 11:38 – 2018-02-19 15:05 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2021-10-31 10:00 – 2020-03-22 18:13 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsJava
2021-10-31 09:19 – 2018-03-20 21:44 – 000000000 ____D C:ProgramDataOracle
2021-10-31 08:39 – 2018-12-20 21:41 – 000000000 ____D C:UsersMarkAppDataRoamingZoom
2021-10-31 00:26 – 2017-12-27 12:23 – 000000000 ____D C:UsersMarkAppDataLocalPackages
2021-10-31 00:11 – 2018-07-10 01:29 – 000000000 ____D C:ProgramDataPackages
2021-10-31 00:11 – 2018-04-11 16:15 – 000000000 ____D C:UsersMarkAppDataLocalPlaceholderTileLogoFolder
2021-10-30 22:25 – 2017-12-16 11:35 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsIObit Uninstaller
2021-10-30 18:42 – 2017-12-27 12:24 – 000000000 ____D C:UsersMarkAppDataLocalMicrosoftEdge
2021-10-30 10:06 – 2017-12-16 11:11 – 000000000 ____D C:ProgramDataProductData
2021-10-30 09:11 – 2019-02-10 17:04 – 000000000 ____D C:ProgramDataMozilla
2021-10-30 09:08 – 2018-02-19 15:05 – 000000971 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk
2021-10-30 03:19 – 2020-09-06 22:54 – 000437864 _____ C:WINDOWSsystem32FNTCACHE.DAT
2021-10-30 03:18 – 2017-11-14 11:03 – 000000000 ____D C:WINDOWSCSC
2021-10-30 00:46 – 2020-03-30 16:13 – 000000855 _____ C:WINDOWSsystem32Driversetchosts_bak_25
2021-10-29 23:46 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32NDF
2021-10-29 23:31 – 2017-12-27 14:34 – 000000000 ____D C:UsersMarkAppDataLocalElevatedDiagnostics
2021-10-29 20:32 – 2021-04-02 01:26 – 000002334 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBrave.lnk
2021-10-29 20:32 – 2021-04-02 01:26 – 000002293 _____ C:UsersPublicDesktopBrave.lnk
2021-10-29 16:39 – 2020-09-06 23:06 – 000005768 _____ C:WINDOWSsystem32PerfStringBackup.INI
2021-10-29 16:19 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2021-10-29 16:12 – 2017-12-27 12:23 – 000000000 ____D C:UsersMarkAppDataLocalConnectedDevicesPlatform
2021-10-29 13:11 – 2020-09-10 02:30 – 000000000 ____D C:ProgramDataBitdefender
2021-10-29 04:26 – 2017-11-14 11:40 – 139806512 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2021-10-28 23:52 – 2019-12-07 05:03 – 000131072 _____ C:WINDOWSsystem32configELAM
2021-10-28 23:38 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSCbsTemp
2021-10-27 11:02 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64setup
2021-10-27 11:02 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64Dism
2021-10-27 11:01 – 2019-12-07 05:54 – 000000000 ___SD C:WINDOWSsystem32AppV
2021-10-27 11:01 – 2019-12-07 05:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2021-10-27 11:01 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSystemResources
2021-10-27 11:01 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32setup
2021-10-27 11:01 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32oobe
2021-10-27 11:01 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32Dism
2021-10-27 11:01 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSShellExperiences
2021-10-27 11:01 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSPolicyDefinitions
2021-10-27 11:01 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSbcastdvr
2021-10-27 11:01 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSservicing
2021-10-26 14:22 – 2018-02-18 14:57 – 000000000 ____D C:WINDOWSsystem32Driverswd
2021-10-26 13:53 – 2019-11-13 12:55 – 000803176 _____ (Microsoft Corporation) C:WINDOWSsystem32MpSigStub.exe
2021-10-21 23:27 – 2018-09-15 12:53 – 000000000 ____D C:UsersMarkAppDataLocalGoogle
2021-10-21 22:32 – 2019-07-12 13:23 – 000000000 ____D C:Program Files (x86)Google
2021-10-15 01:56 – 2019-12-07 05:14 – 000000000 ___SD C:WINDOWSsystem32UNP
2021-10-15 01:56 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64oobe
2021-10-15 01:56 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns
2021-10-15 01:56 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSDiagTrack
2021-10-15 01:04 – 2020-03-20 02:36 – 000000000 ____D C:UsersMarkAppDataLocalLowTemp
2021-10-13 07:53 – 2017-11-14 11:40 – 000000000 ____D C:WINDOWSsystem32MRT
2021-10-09 19:50 – 2021-08-02 07:47 – 000003386 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore1d7740dcb845e33
2021-10-09 19:50 – 2020-09-06 23:34 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
==================== Files in the root of some directories ========
2018-01-23 14:46 – 2018-01-23 14:46 – 000000703 _____ () C:Program Files (x86)LMIR0002.tmp.bat
2018-01-23 14:46 – 2018-01-23 14:46 – 000000512 _____ () C:Program Files (x86)LMIR0002.tmp_r.bat
2018-08-03 10:54 – 2018-08-03 10:54 – 000000703 _____ () C:Program Files (x86)LMIR0003.tmp.bat
2018-08-03 10:54 – 2018-08-03 10:54 – 000000512 _____ () C:Program Files (x86)LMIR0003.tmp_r.bat
2019-08-25 13:20 – 2019-08-25 13:20 – 000000171 _____ () C:UsersMarkAppDataRoaming822f02e4-9e9a-4077-a765-71edfca16ad0
2021-05-25 17:42 – 2020-06-25 18:27 – 018178048 _____ () C:UsersMarkAppDataRoamingSandra.mdb
2020-05-25 23:32 – 2020-05-25 23:40 – 050123776 _____ () C:UsersMarkAppDataLocalffmpeg.exe
2020-05-25 23:32 – 2020-05-25 23:40 – 050029056 _____ () C:UsersMarkAppDataLocalffprobe.exe
2020-05-25 23:32 – 2020-05-25 23:40 – 008031644 _____ () C:UsersMarkAppDataLocalui.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2021
Ran by M. Evans (06-11-2021 10:38:29)
Running from C:UsersMarkDownloads
Microsoft Windows 10 Pro Version 21H1 19043.1320 (X64) (2020-09-07 03:35:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2857988568-3911692386-136112497-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-2857988568-3911692386-136112497-503 – Limited – Disabled)
Guest (S-1-5-21-2857988568-3911692386-136112497-501 – Limited – Disabled)
M. Evans (S-1-5-21-2857988568-3911692386-136112497-1003 – Administrator – Enabled) => C:UsersMark
WDAGUtilityAccount (S-1-5-21-2857988568-3911692386-136112497-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot – Search and Destroy (Enabled – Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Bitdefender Antivirus Free Antimalware (Enabled – Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32…{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 – Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKLM-x32…{FE241076-B49A-4129-9DFD-08394BE497D7}) (Version: 4.54.110.4540 – Elcomsoft Co. Ltd.)
Advanced SystemCare (HKLM-x32…Advanced SystemCare_is1) (Version: 15.0.1 – IObit)
AtomTech Soft For 7z Password Recovery version 5.0 (HKLM-x32…{C9B7481A-8F19-47CD-AA9A-E8462E568E9D}_is1) (Version: 5.0 – AtomTech Soft)
Belarc Advisor 9.6 (HKLM-x32…Belarc Advisor) (Version: 9.6.0.0 – Belarc Inc.)
Brave (HKLM-x32…BraveSoftware Brave-Browser) (Version: 95.1.31.88 – Brave Software Inc)
Bulk Image Downloader v4.95.0.0 (HKLM-x32…Bulk Image Downloader_is1) (Version: – Antibody Software)
CCleaner (HKLM…CCleaner) (Version: 5.86 – Piriform)
CleanUp! (HKLM-x32…CleanUp!) (Version: – )
Cocoon (HKLM-x32…Cocoon) (Version: – Virtual World Computing)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM…Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 – CCCP Project)
Daossoft ZIP Password Rescuer 7.0.1.1 (HKLM-x32…Daossoft ZIP Password Rescuer) (Version: 7.0.1.1 – Daossoft)
Dell Touchpad (HKLM…{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 – ALPS ELECTRIC CO., LTD.)
DrTuber Video Downloader 3.28 (HKLM-x32…DrTuber Video Downloader_is1) (Version: – DownloadToolz, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32…DVD Decrypter) (Version: – )
eSoftTools 7z Password Recovery v2.5 (HKLM…{9331BD2D-8088-4EC6-A49B-85D0400C5050}_is1) (Version: 2.5.0.0 – eSoftTools Software)
Foxit Reader (HKLM-x32…Foxit Reader_is1) (Version: 10.0.1.35811 – Foxit Software Inc.)
Free RAR Password Recovery (HKLM-x32…{F773F8DA-B4A9-40C4-B422-A352A1BD728F}) (Version: 3.70.69 – KRyLack Software)
FreeFixer (HKLM-x32…FreeFixer1.19) (Version: 1.19 – Kephyr)
Google Update Helper (HKLM-x32…{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 – Google LLC) Hidden
GoTo Opener (HKLM-x32…{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 – LogMeIn, Inc.)
GoToMeeting 10.17.0.19796 (HKUS-1-5-21-2857988568-3911692386-136112497-1003…GoToMeeting) (Version: 10.17.0.19796 – LogMeIn, Inc.)
GsTech Software For 7z Password Recovery version 1.0 (HKLM-x32…{FC9DA252-87FA-4A07-855A-D7BFCF68D22F}_is1) (Version: 1.0 – GsTech Software)
HandBrake 1.2.2 (HKLM-x32…HandBrake) (Version: 1.2.2 – )
HD Video Converter Factory 20.0 (HKLM-x32…HD Video Converter Factory) (Version: 20.0 – WonderFox Soft, Inc.)
HitmanPro.Alert 3 (CryptoGuard) (HKLM…HitmanPro.Alert) (Version: 3.8.14.907 – SurfRight B.V.)
HP HD Webcam Driver (HKLM-x32…{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL – Sonix)
HP PC Hardware Diagnostics Windows (HKLM-x32…{0F1A940B-4C7C-4658-BF30-15157462E347}) (Version: 1.5.4.0 – HP Inc.)
IDT Audio (HKLM-x32…{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 – IDT)
Intel® Processor Graphics (HKLM-x32…{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 – Intel Corporation)
IObit Malware Fighter 8 (HKLM-x32…IObit Malware Fighter_is1) (Version: 8.9.0.875 – IObit)
IObit Software Updater (HKLM-x32…IObit Software Updater_is1) (Version: 4.2.0.157 – IObit)
IObit Uninstaller 11 (HKLM-x32…IObitUninstall) (Version: 11.1.0.18 – IObit)
Java 8 Update 261 (HKLM-x32…{26A24AE4-039D-4CA4-87B4-2F32180261F0}) (Version: 8.0.2610.12 – Oracle Corporation)
Java 8 Update 311 (64-bit) (HKLM…{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 – Oracle Corporation)
Java SE Development Kit 8 Update 311 (64-bit) (HKLM…{64A3A4F4-B792-11D6-A78A-00B0D0180311}) (Version: 8.0.3110.11 – Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32…{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 – JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32…{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 – JMicron Technology Corp.)
Malwarebytes version 4.4.10.144 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 – Malwarebytes)
Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.14527.20234 – Microsoft Corporation)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 95.0.1020.44 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable – 10.0.30319 (HKLM-x32…{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.26.28720 (HKLM-x32…{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.26.28720 (HKLM-x32…{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 – Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM…Mozilla Firefox 93.0 (x64 en-US)) (Version: 93.0 – Mozilla)
Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 81.0 – Mozilla)
Nullsoft Install System (HKLM-x32…NSIS) (Version: 3.06.1 – Nullsoft and Contributors)
Office 16 Click-to-Run Extensibility Component (HKLM-x32…{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20234 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32…{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 – Microsoft Corporation) Hidden
Opera Stable 80.0.4170.72 (HKUS-1-5-21-2857988568-3911692386-136112497-1003…Opera 80.0.4170.72) (Version: 80.0.4170.72 – Opera Software)
PeaZip 7.2.0 (WIN64) (HKLM…{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 7.2.0 – Giorgio Tani)
qBittorrent 4.3.3 (HKLM-x32…qBittorrent) (Version: 4.3.3 – The qBittorrent project)
RAR Password Finder (HKLM-x32…RAR Password Finder) (Version: – )
Revo Uninstaller 2.1.7 (HKLM…{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.7 – VS Revo Group, Ltd.)
SiSoftware Sandra Lite 2020 (HKLM…{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}_is1) (Version: 30.49.2020.7 – SiSoftware)
Smart Defrag 7 (HKLM-x32…Smart Defrag_is1) (Version: 7.2.0.91 – IObit)
Spybot – Search & Destroy (HKLM-x32…{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 – Safer-Networking Ltd.)
Stella Data Recovery 7Z Password Recovery version 6.2 (HKLM-x32…{6E669AB3-4BAD-429C-B5AC-1148687EE986}_is1) (Version: 6.2 – Stella Data Recovery)
SUPERAntiSpyware (HKLM…{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 – SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM…SynTPDeinstKey) (Version: 19.0.19.69 – Synaptics Incorporated)
thinkorswim (HKLM…9968-4488-2169-7623) (Version: desktop – thinkorswim, Inc)
ToolRocket PDF Converter 8.6.9.0 (HKLM-x32…ToolRocket PDF Converter) (Version: 8.6.9.0 – huduntech)
Torrent Streamer Plugin (HKUS-1-5-21-2857988568-3911692386-136112497-1003…Torrent Streamer Plugin) (Version: 1.0 – ) <==== ATTENTION
TotalAV (HKLM-x32…TotalAV) (Version: 5.15.69 – TotalAV) <==== ATTENTION
Tweaking.com – Windows Repair (HKLM-x32…Tweaking.com – Windows Repair) (Version: 4.11.7 – Tweaking.com)
Ultimate ZIP Cracker II, evaluation version (HKLM-x32…{B2CB0545-B638-4D0B-8B48-275450D82CE1}) (Version: – )
Unlocker 1.9.2 (HKLM…Unlocker) (Version: 1.9.2 – Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM…{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 – Microsoft Corporation)
VLC media player (HKLM…VLC media player) (Version: 3.0.11 – VideoLAN)
VLC media player (HKLM-x32…VLC media player) (Version: 3.0.16 – VideoLAN)
YouTube MP4 Converter. Free YouTube Downloader mp4 (HKUS-1-5-21-2857988568-3911692386-136112497-1003…b4ba4349e318959295ce9598f5af2714) (Version: 1.0 – YouTube MP4 Converter. Free YouTube Downloader mp4)
Zemana AntiMalware version 3.2.28 (HKLM-x32…{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 – Zemana)
Zip Password Tool v. 2.3 (HKLM-x32…Zip Password Tool_is1) (Version: – FDRLab Data Recovery Centre)
Zoom (HKUS-1-5-21-2857988568-3911692386-136112497-1003…ZoomUMX) (Version: 5.8.3 (1581) – Zoom Video Communications, Inc.)
Packages:
=========
7z Password Recovery -> C:Program FilesWindowsAppsWuhanBamiTechnologyCo.Ltd.7zPasswordRecovery_2.0.29.0_x64__ffvv9wsshj32c [2021-05-23] (Wuhan Bami Technology Co., Ltd.)
Adblock Plus -> C:Program FilesWindowsAppsEyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-13] (eyeo GmbH)
Autodesk SketchBook -> C:Program FilesWindowsApps89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
AV1 Video Extension -> C:Program FilesWindowsAppsMicrosoft.AV1VideoExtension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-07-08] (Microsoft Corporation)
Facebook -> C:Program FilesWindowsAppsFACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-09-29] (Facebook Inc)
Fitbit -> C:Program FilesWindowsAppsFitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2020-08-31] (Fitbit)
GetThemAll – Video Downlaoder -> C:Program FilesWindowsAppsNimbusWeb.GetThemAll-VideoDownlaoder_2.3.2.0_x64__p5fjnfwkc9ns0 [2019-01-11] (FVD Media)
Honey -> C:Program FilesWindowsAppsHoneyScienceCorporation.Honey_11.4.2.0_neutral__cbe4c63gm1mzr [2019-06-20] (Honey Science Corporation)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-18] (Microsoft Corporation)
My Photos -> C:Program FilesWindowsApps4846UtilitiesTools.MyPhotos_1.1.3.0_x64__b17t1j31etq18 [2020-05-29] (Utilities Tools) [MS Ad]
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-07] (Microsoft Corporation)
Rakuten: Get Cash Back For Shopping -> C:Program FilesWindowsAppsEbates.EbatesCashBack_5.0.0.0_neutral__qvn24pjydtpgr [2021-04-28] (Rakuten)
Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0 [2021-10-30] (Spotify AB) [Startup Task]
Video Downloader Professional for Edge -> C:Program FilesWindowsAppsLink64GmbH.VideoDownloaderProfessionalforEdge_1.0.12.0_neutral__r8gm29f18mcyc [2019-04-15] (Link64 GmbH)
VLC -> C:Program FilesWindowsAppsVideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2019-08-11] (VideoLAN)
Wikibuy -> C:Program FilesWindowsAppsWikibuy.Wikibuy_0.1.389.0_neutral__aa6dh46kc11ry [2019-02-23] (Wikibuy)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-2857988568-3911692386-136112497-1003_ClassesCLSID{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}localserver32 -> C:WINDOWSsystem32igfxEM.exe (Intel Corporation – pGFX -> Intel Corporation)
CustomCLSID: HKUS-1-5-21-2857988568-3911692386-136112497-1003_ClassesCLSID{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}InprocServer32 -> C:UsersMarkAppDataLocalGoToMeeting19228G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => -> No File
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:Program Files (x86)IObitIObit Malware FighterIMFShellExt.dll [2020-07-22] (IObit Information Technology -> IObit)
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:WINDOWSsystem32hmpshell.dll [2021-10-31] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:Program Files (x86)ZemanaAntiMalwareAM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:Program Files (x86)IObitAdvanced SystemCareASCExtMenu_64.dll [2021-07-31] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => -> No File
ContextMenuHandlers1: [hPdfConvertMenuExt] -> {6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5} => C:UsersMarkAppDataLocalpdfconverterpdfconvertmenu64.dll [2020-11-16] (上海互盾信息科技有限公司) [File not signed]
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:Program Files (x86)IObitIObit Malware FighterIMFShellExt.dll [2020-07-22] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:Program Files (x86)IObitIObit UninstallerIUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:Program Files (x86)Spybot – Search & Destroy 2SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:Program Files (x86)Spybot – Search & Destroy 2SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:WINDOWSSystem32IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:Program Files (x86)IObitAdvanced SystemCareASCExtMenu_64.dll [2021-07-31] (IObit CO., LTD -> IObit)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:Program Files (x86)IObitAdvanced SystemCareASCExtMenu_64.dll [2021-07-31] (IObit CO., LTD -> IObit)
ContextMenuHandlers3: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:Program FilesUnlockerUnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:Program Files (x86)IObitAdvanced SystemCareASCExtMenu_64.dll [2021-07-31] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:Program Files (x86)IObitIObit Malware FighterIMFShellExt.dll [2020-07-22] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:Program Files (x86)IObitIObit UninstallerIUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:WINDOWSsystem32igfxDTCM.dll [2018-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:Program Files (x86)ZemanaAntiMalwareAM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:Program Files (x86)IObitIObit Malware FighterIMFShellExt.dll [2020-07-22] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:Program Files (x86)IObitIObit UninstallerIUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:Program Files (x86)Spybot – Search & Destroy 2SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:Program Files (x86)Spybot – Search & Destroy 2SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:WINDOWSSystem32IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:Program FilesUnlockerUnlockerCOM.dll [2010-07-15] (Empty Loop -> )
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-05-16 00:46 – 2019-11-24 18:12 – 002693632 _____ () [File not signed] C:Program FilesPeaZipdragdropfilesdll.dll
2020-04-19 17:47 – 2020-04-19 17:47 – 000000000 ____L (Microsoft Corporation) [simlink -> C:Program FilesCommon FilesMicrosoft SharedClickToRunAppvIsvSubsystems32.dll] C:Program Files (x86)Microsoft OfficeRootOffice16AppVIsvSubsystems32.dll
2020-04-19 17:47 – 2020-04-19 17:47 – 000000000 ____L (Microsoft Corporation) [simlink -> C:Program FilesCommon FilesMicrosoft SharedClickToRunC2R32.dll] C:Program Files (x86)Microsoft OfficeRootOffice16c2r32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalamsdk.sys => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalAppXSvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalBFE => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalBITS => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalcamsvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalClipSvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimaldps => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalIMFservice => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimallfsvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMpsSvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalmsiserver => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalsemgrsvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalSharedAccess => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalshellhwdetection => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTokenBroker => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRemoveSafeBoot => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalvss => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalWSService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkamsdk.sys => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkAppXSvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkBITS => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkcamsvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkClipSvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkdps => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkIMFservice => “@”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworklfsvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkmsiserver => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkSamSs => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworksemgrsvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkshellhwdetection => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworksrv => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworksrv2 => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworksrvnet => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTokenBroker => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRemoveSafeBoot => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkvss => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkWSService => “”=”Service”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Search Page =
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL =
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL =
HKUS-1-5-21-2857988568-3911692386-136112497-1003SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://www.msn.com/
SearchScopes: HKUS-1-5-21-2857988568-3911692386-136112497-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKUS-1-5-21-2857988568-3911692386-136112497-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:Program Files (x86)IObitIObit UninstallerUninstallExplorer.dll [2020-01-31] (IObit Information Technology -> IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program Files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16OCHelper.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program FilesJavajre1.8.0_311binssv.dll [2021-10-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program FilesJavajre1.8.0_311binjp2ssv.dll [2021-10-31] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: belarc – {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} – C:Program Files (x86)BelarcBelarcAdvisorSystemBAVoilaX.dll [2020-07-01] (Belarc, Inc. -> Belarc, Inc.)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU.DEFAULT…07guard.com -> install.007guard.com
IE restricted site: HKU.DEFAULT…08i.com -> 008i.com
IE restricted site: HKU.DEFAULT…08k.com -> www.008k.com
IE restricted site: HKU.DEFAULT…0hq.com -> www.00hq.com
IE restricted site: HKU.DEFAULT…10402.com -> 010402.com
IE restricted site: HKU.DEFAULT…32439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU.DEFAULT…scan.com -> www.0scan.com
IE restricted site: HKU.DEFAULT…1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU.DEFAULT…1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU.DEFAULT…1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU.DEFAULT…1001namen.com -> www.1001namen.com
IE restricted site: HKU.DEFAULT…100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU.DEFAULT…100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU.DEFAULT…10sek.com -> www.10sek.com
IE restricted site: HKU.DEFAULT…12-26.net -> user1.12-26.net
IE restricted site: HKU.DEFAULT…12-27.net -> user1.12-27.net
IE restricted site: HKU.DEFAULT…123fporn.info -> www.123fporn.info
IE restricted site: HKU.DEFAULT…123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU.DEFAULT…123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU.DEFAULT…123simsen.com -> www.123simsen.com
There are 7942 more sites.
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…07guard.com -> install.007guard.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…08i.com -> 008i.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…08k.com -> www.008k.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…0hq.com -> www.00hq.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…10402.com -> 010402.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…32439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…scan.com -> www.0scan.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…1001namen.com -> www.1001namen.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…100888290cs.com -> mir.100888290cs.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…10sek.com -> www.10sek.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…12-26.net -> user1.12-26.net
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…12-27.net -> user1.12-27.net
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…123fporn.info -> www.123fporn.info
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKUS-1-5-21-2857988568-3911692386-136112497-1003…123simsen.com -> www.123simsen.com
There are 7942 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-10-30 03:11 – 2021-11-02 09:02 – 000454756 ____R C:WINDOWSsystem32driversetchosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15607 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;C:ProgramDataOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH;C:Program FilesRogueKiller;
HKUS-1-5-21-2857988568-3911692386-136112497-1003Control PanelDesktop\Wallpaper ->
DNS Servers: 192.168.1.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIGServices: !SASCORE => 2
MSCONFIGServices: AdobeARMservice => 2
MSCONFIGServices: ApHidMonitorService => 3
MSCONFIGServices: BcmBtRSupport => 3
MSCONFIGServices: bdredline_agent => 2
MSCONFIGServices: brave => 3
MSCONFIGServices: bravem => 3
MSCONFIGServices: CdRomArbiterService => 3
MSCONFIGServices: cphs => 3
MSCONFIGServices: FoxitReaderUpdateService => 3
MSCONFIGServices: fpCsEvtSvc => 3
MSCONFIGServices: hpqcaslwmiex => 3
MSCONFIGServices: hpsrv => 3
MSCONFIGServices: HPSupportSolutionsFrameworkService => 3
MSCONFIGServices: igfxCUIService1.0.0.0 => 2
MSCONFIGServices: IObitUnSvr => 2
MSCONFIGServices: SandraAgentSrv => 3
MSCONFIGServices: STacSV => 2
MSCONFIGServices: SynTPEnhService => 2
MSCONFIGServices: valWBFPolicyService => 3
MSCONFIGServices: vs => 3
MSCONFIGServices: vsm => 3
HKLM…StartupApprovedRun: => “SecurityHealth”
HKLM…StartupApprovedRun: => “Apoint”
HKLM…StartupApprovedRun: => “SysTrayApp”
HKLM…StartupApprovedRun32: => “SunJavaUpdateSched”
HKUS-1-5-21-2857988568-3911692386-136112497-1003…StartupApprovedRun: => “Google Update”
HKUS-1-5-21-2857988568-3911692386-136112497-1003…StartupApprovedRun: => “CCleaner Smart Cleaning”
HKUS-1-5-21-2857988568-3911692386-136112497-1003…StartupApprovedRun: => “Opera Browser Assistant”
HKUS-1-5-21-2857988568-3911692386-136112497-1003…StartupApprovedRun: => “Advanced SystemCare”
HKUS-1-5-21-2857988568-3911692386-136112497-1003…StartupApprovedRun: => “MicrosoftEdgeAutoLaunch_00FBE9EA64CA1F098ACA76542FBE45C3”
HKUS-1-5-21-2857988568-3911692386-136112497-1003…StartupApprovedRun: => “SUPERAntiSpyware”
HKUS-1-5-21-2857988568-3911692386-136112497-1003…StartupApprovedRun: => “Advanced SystemCare 12”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{846DA79E-554C-4D3D-90D5-F875E9A77093}] => (Allow) C:Program FilesSiSoftwareSiSoftware Sandra Lite 2020RpcAgentSrv.exe (SiSoftware SPC -> SiSoftware) [File not signed]
FirewallRules: [{85EE2A0E-2028-4ACB-963D-9FAF3394F14D}] => (Allow) C:UsersMarkAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3575EF6D-ACFF-4E22-BDDF-74CD77F437F9}] => (Allow) C:UsersMarkAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1DCFD250-6CE0-4543-9C76-F4C5BF8B553F}] => (Allow) C:UsersMarkAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{5E504ED1-DBFD-43A4-B885-48D87344147F}C:program filesmozilla firefoxfirefox.exe] => (Block) C:program filesmozilla firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{5E8353E6-A43C-4B94-B82C-FFE57D2F31DE}C:program filesmozilla firefoxfirefox.exe] => (Block) C:program filesmozilla firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E1E98CED-1F59-488D-8E93-1F3C69F401AC}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{42239067-8FAC-4D9A-8B02-0A448B3EF83F}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6D590565-4C43-4AB5-AE60-94269721FA04}] => (Allow) C:UsersMarkAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{CFF8A539-88B0-4E74-86F7-2946C825AE3E}] => (Allow) C:Program Files (x86)qBittorrentqbittorrent.exe () [File not signed]
FirewallRules: [{B8212300-ACF6-431E-B81D-AF3EF6B6C9C9}] => (Allow) C:Program Files (x86)qBittorrentqbittorrent.exe () [File not signed]
FirewallRules: [{ACB4D564-08ED-411E-AAD7-6A2D4712D5AC}] => (Allow) C:UsersMarkAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AFEDB5EE-7419-4741-AFE9-C9AD228EB2FB}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{25845049-76AC-45B2-A496-76D4BE7ACB32}] => (Allow) C:UsersMarkAppDataLocalProgramsOpera80.0.4170.63opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5528CEBC-23BF-4AF6-9089-D83D4B75E769}] => (Allow) C:Program FilesBraveSoftwareBrave-BrowserApplicationbrave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{F9EFBB30-587F-46A1-B1F5-78A4BB0506B8}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{44CEE3B4-3011-4FB6-83F7-FA960BBDBA93}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{93804977-0183-444E-AAE2-7672A28EFA3A}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5EA96F3F-6431-47DE-B373-EB7B91D63D8A}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE5900AD-82A3-46EF-A599-921319E49FA5}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5496D521-6711-4CA9-80C2-0FB8B23B1F4A}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2550D431-8605-4448-A3BB-CC8045C1EAF6}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{14725F07-D563-48A6-8C4D-810A0AEC2290}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BACDD0B7-113E-4A26-BF41-BC24B7B6347B}] => (Allow) C:Program Files (x86)Spyware TerminatorSpywareTerminator.exe => No File
FirewallRules: [{10755EAC-F866-4FBA-8446-B25A40E031D3}] => (Allow) C:Program Files (x86)Spyware TerminatorSpywareTerminator.exe => No File
FirewallRules: [{7E7258A9-31FA-453F-B3DB-88FB2927A702}] => (Allow) C:Program Files (x86)Spyware TerminatorSpywareTerminatorUpdate.exe => No File
FirewallRules: [{A75722F4-884A-4B2C-91BF-6C21B546F8D0}] => (Allow) C:Program Files (x86)Spyware TerminatorSpywareTerminatorUpdate.exe => No File
FirewallRules: [{D510C005-38AC-41B6-A0CE-51FCDF925E08}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{55188732-F1C7-47AF-AD3D-253B51C9FE4B}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2B7DCC5-81C1-4142-8502-CA0644BD9D97}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{860B65E9-50E5-4C13-A5ED-EDD3BBB18DB5}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
StandardProfileAuthorizedApplications: [C:Program Files (x86)Spybot – Search & Destroy 2SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfileAuthorizedApplications: [C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfileAuthorizedApplications: [C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe] => Enabled:Spybot – Search & Destroy tray access
StandardProfileAuthorizedApplications: [C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
==================== Restore Points =========================
04-11-2021 09:52:32 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: HP Mobile Data Protection Sensor
Description: HP Mobile Data Protection Sensor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: Accelerometer
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.
Name: JMicron OHCI Compliant IEEE 1394 Host Controller
Description: JMicron OHCI Compliant IEEE 1394 Host Controller
Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Manufacturer: JMicron Technology Corp.
Service: ohci1394
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.
Click “Uninstall”, and then click “Scan for hardware changes” to load a usable driver.
==================== Event log errors: ========================
Application errors:
==================
Error: (11/06/2021 07:38:41 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (11/03/2021 07:02:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msedge.exe version 95.0.1020.40 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 4b80
Start Time: 01d7d0c8903b3077
Termination Time: 5
Application Path: C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe
Report Id: ae29e53f-b492-49b3-b2ac-876d8632bf66
Faulting package full name:
Faulting package-relative application ID:
Hang type: Unknown
Error: (11/02/2021 12:10:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn’t complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (11/02/2021 11:52:32 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn’t complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (11/02/2021 11:37:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.1320, time stamp: 0x15a9c290
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000005
Fault offset: 0x000000000002426b
Faulting process id: 0x1ccc
Faulting application start time: 0x01d7cff281a9112e
Faulting application path: C:WINDOWSExplorer.EXE
Faulting module path: C:WINDOWSSYSTEM32ntdll.dll
Report Id: 911d043c-c5bc-4e2a-bd44-c3999ed605b8
Faulting package full name:
Faulting package-relative application ID:
Error: (11/02/2021 01:37:13 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (3772,R,98) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:UsersMarkAppDataLocalMicrosoftWindowsWebCacheV0100018.log.
Error: (11/02/2021 01:32:33 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (11/02/2021 01:25:58 AM) (Source: AntiMalware) (EventID: 0) (User: )
Description: Application has encountered a problem and needs to be closed. Please contact the adminstrator with the following information:
System.NullReferenceException: Object reference not set to an instance of an object.
at Zemana.AntiMalware.UI.Dialogs.dlgList.btnSend_Click(Object sender, EventArgs e) in Z:ProjectsZemana AntiMalware StagingZemana.AntiMalware.UIDialogsdlgList.cs:line 72
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)Object reference not set to an instance of an object.
Stack Trace:
at Zemana.AntiMalware.UI.Dialogs.dlgList.btnSend_Click(Object sender, EventArgs e) in Z:ProjectsZemana AntiMalware StagingZemana.AntiMalware.UIDialogsdlgList.cs:line 72
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
System errors:
=============
Error: (11/06/2021 08:22:00 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-R18IJEH)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
“2147942767”
Happened while starting this command:
C:WINDOWSsystem32DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (11/02/2021 10:04:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecurityService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/02/2021 10:04:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecurityServiceMonitor service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/02/2021 10:04:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the SecurityServiceMonitor service to connect.
Error: (11/02/2021 10:04:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the SecurityService service to connect.
Error: (11/02/2021 10:04:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMPNetworkSvc service terminated with the following error:
An attempt was made to reference a token that does not exist.
Error: (11/02/2021 10:03:28 AM) (Source: Application Popup) (EventID: 876) (User: )
Description: Accelerometer.sys
Error: (11/02/2021 10:00:22 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-R18IJEH)
Description: DCOM got error “1084” attempting to start the service WSearch with arguments “Unavailable” in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Windows Defender:
================
Date: 2021-11-02 02:22:00
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/CrawlerToolbar
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:Program Files (x86)Spyware TerminatorSpywareTerminatorShield.exe; file:_C:Program Files (x86)Spyware TerminatorSTInternetGuard.exe; file:_C:Program Files (x86)Spyware TerminatorSTShell.dll; file:_C:Program Files (x86)Spyware TerminatorSTShell64.dll; file:_C:Program Files (x86)Spyware Terminatorst_rsser64.exe; file:_C:Program Files (x86)Spyware TerminatorToolsanalyzefile.exe; file:_C:Program Files (x86)Spyware TerminatorToolsAVServer.exe; file:_C:Program Files (x86)Spyware TerminatorToolsdefsyssettings.exe; file:_C:Program Files (x86)Spyware TerminatorToolshardfileremover.exe; file:_C:Program Files (x86)Spyware TerminatorToolssystemrestore.exe; regkey:_HKLMSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN\SpywareTerminatorShield; runkey:_HKLMSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN\SpywareTerminatorShield
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:UsersMarkAppDataLocalTempHitmanPro_x64.exe
Security intelligence Version: AV: 1.353.219.0, AS: 1.353.219.0, NIS: 1.353.219.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-02 02:22:00
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Misleading:Win32/Lodi
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:Program Files (x86)GlarysoftMalware HunterMalwareHunter.exe; file:_C:ProgramDataMicrosoftWindowsStart MenuProgramsGlarysoftMalware HunterMalware Hunter.lnk; file:_C:ProgramDataMicrosoftWindowsStart MenuProgramsMalware Hunter.lnk; file:_C:UsersMarkAppDataRoamingMicrosoftInternet ExplorerQuick LaunchMalware Hunter.lnk; file:_C:UsersPublicDesktopMalware Hunter.lnk; regkey:_HKLMSOFTWAREWow6432NodeMICROSOFTWINDOWSCURRENTVERSIONUNINSTALLMalware Hunter; startup:_C:ProgramDataMicrosoftWindowsStart MenuProgramsGlarysoftMalware HunterMalware Hunter.lnk; startup:_C:ProgramDataMicrosoftWindowsStart MenuProgramsMalware Hunter.lnk; uninstall:_HKLMSOFTWAREWow6432NodeMICROSOFTWINDOWSCURRENTVERSIONUNINSTALLMalware Hunter
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.353.219.0, AS: 1.353.219.0, NIS: 1.353.219.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-01 19:20:37
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/CrawlerToolbar
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:Program Files (x86)Spyware TerminatorSTInternetGuard.exe; file:_C:Program Files (x86)Spyware TerminatorSTShell.dll; file:_C:Program Files (x86)Spyware TerminatorSTShell64.dll; file:_C:Program Files (x86)Spyware Terminatorst_rsser64.exe; file:_C:Program Files (x86)Spyware TerminatorToolsanalyzefile.exe; file:_C:Program Files (x86)Spyware TerminatorToolsAVServer.exe; file:_C:Program Files (x86)Spyware TerminatorToolsdefsyssettings.exe; file:_C:Program Files (x86)Spyware TerminatorToolshardfileremover.exe; file:_C:Program Files (x86)Spyware TerminatorToolssystemrestore.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:UsersMarkAppDataLocalTempHitmanPro_x64.exe
Security intelligence Version: AV: 1.353.219.0, AS: 1.353.219.0, NIS: 1.353.219.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-01 19:20:37
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/CrawlerToolbar
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:Program Files (x86)Spyware TerminatorSTShell.dll; file:_C:Program Files (x86)Spyware TerminatorSTShell64.dll; file:_C:Program Files (x86)Spyware Terminatorst_rsser64.exe; file:_C:Program Files (x86)Spyware TerminatorToolsanalyzefile.exe; file:_C:Program Files (x86)Spyware TerminatorToolsAVServer.exe; file:_C:Program Files (x86)Spyware TerminatorToolsdefsyssettings.exe; file:_C:Program Files (x86)Spyware TerminatorToolshardfileremover.exe; file:_C:Program Files (x86)Spyware TerminatorToolssystemrestore.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:UsersMarkAppDataLocalTempHitmanPro_x64.exe
Security intelligence Version: AV: 1.353.219.0, AS: 1.353.219.0, NIS: 1.353.219.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-01 19:20:37
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/CrawlerToolbar
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:Program Files (x86)Spyware TerminatorSTShell.dll; file:_C:Program Files (x86)Spyware TerminatorSTShell64.dll; file:_C:Program Files (x86)Spyware Terminatorst_rsser64.exe; file:_C:Program Files (x86)Spyware TerminatorToolsanalyzefile.exe; file:_C:Program Files (x86)Spyware TerminatorToolsAVServer.exe; file:_C:Program Files (x86)Spyware TerminatorToolshardfileremover.exe; file:_C:Program Files (x86)Spyware TerminatorToolssystemrestore.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:UsersMarkAppDataLocalTempHitmanPro_x64.exe
Security intelligence Version: AV: 1.353.219.0, AS: 1.353.219.0, NIS: 1.353.219.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Event[0]:
Date: 2021-11-02 01:47:06
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.219.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Date: 2021-11-02 01:36:49
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-10-31 20:06:08
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.137.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Date: 2021-10-31 19:55:17
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-10-30 01:41:52
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.72.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
CodeIntegrity:
===============
Date: 2021-11-02 10:04:22
Description:
Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2Program FilesMalwarebytesAnti-MalwareMBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-11-02 10:03:59
Description:
Code Integrity determined that a process (DeviceHarddiskVolume2Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe) attempted to load DeviceHarddiskVolume2Program Files (x86)Spybot – Search & Destroy 2SDLicense.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-10-31 17:34:18
Description:
Code Integrity determined that a process (DeviceHarddiskVolume2WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume2Program FilesAvast SoftwareAvastaswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Hewlett-Packard 68ICF Ver. F.45 10/07/2013
Motherboard: Hewlett-Packard 179B
Processor: Intel® Core i7-3720QM CPU @ 2.60GHz
Percentage of memory in use: 32%
Total physical RAM: 16247.48 MB
Available physical RAM: 10887.38 MB
Total Virtual: 17271.48 MB
Available Virtual: 11438.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:296.6 GB) (Free:27.4 GB) NTFS
\?Volume{2540a3ee-0000-0000-0000-100000000000} (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\?Volume{2540a3ee-0000-0000-0000-c0484a000000} () (Fixed) (Total:0.95 GB) (Free:0.43 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2540A3EE)
Partition 1: (Active) – (Size=549 MB) – (Type=07 NTFS)
Partition 2: (Not Active) – (Size=296.6 GB) – (Type=07 NTFS)
Partition 3: (Not Active) – (Size=976 MB) – (Type=27)
==================== End of Addition.txt =======================
Edited by hamluis, Yesterday, 12:07 PM.
Dupe, delete – Hamluis.
