Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Being blocked when trying to access Coinbase account [Closed]

Started by Piratacobra , Jul 19 2021 03:19 PM

  • This topic is locked This topic is locked

#1
Piratacobra
Posted 19 July 2021 - 03:19 PM

Piratacobra

    Member

  • Member
  • PipPip
  • 83 posts

Good day, my problem is kind of complicated, so i will to be as specific as possible.

I have Windows 7 ultimate 64 using Chrome Version 91.0.4472.124 (Official Build) (64-bit)

After much effort, i finally managed to verify a fully funtional Coinbase account. Then when i started to do the 'Earn' option', things started to get weird. Coinbase has a failsafe option when one logins into the account, and the system registers each time a device tries to access with a different IP address. I live in Budapest, Hungary, and i know my PC IP and Smatrphone IP, as such are dully registered in the activity registry of the account.

Now comes the "but" part. For the last two days, i have been blocked to access my account because the system detects another attempt to login from a different IP. At first, i believed that somebody gained access to my email and password, so, as required for the Coinbase help staff, i installed an antivirus (Kaspersky Cloud) , made a full scan, and a firewall (ZoneAlarm), at maximum settings, and changed my password

The blocking develops like this. i try to login, and the system warns me that another device with another IP (always located in a town OUTSIDE Budapest), is trying to login, and the CB system sends me a confirmation email asking me to authorize that access, which of course I don't. After being blocked twice, and going again to an additional ID verification, they restored my access; but when I tried to login today.... BUM, the system again blocks me with yet another notification of a different IP trying to access my account. 

So that me got thinking that the Coinbase system gets the third-party access attemtp AT THE SAME TIME (excuse me the capital letters) when i try to login, and the CB system sends the warning email within seconds of me trying to login. I am no expert, but i must assume that some kind of malware is still lurking inside my OS, and that is beyond the scope of the Coinbase team. So i am including the FRST logs and hope that any of you can help me solve this issue.

Thank you very much for your patience.

 

frst

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01
Ran by Dell (administrator) on DELL-PC (Dell Inc.                 OptiPlex GX280               ) (19-07-2021 22:32:22)
Running from C:\Users\Dell\Downloads
Loaded Profiles: Dell
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Hungarian (Hungary) -> English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Dell\AppData\Roaming\uTorrent\helper\helper.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Dell\AppData\Roaming\uTorrent\updates\3.5.5_46038\utorrentie.exe <2>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Globalhop Ltd TOO -> ) C:\Users\Dell\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
(Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\plugins_nms.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
(Realtek Semiconductor Corp -> Realtek) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Total AV Setup] => schtasks /run /tn "Total AV Setup"
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4231392 2021-04-19] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [326152 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\Run: [Taskbar system] => C:\Users\Dell\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe [918040 2021-01-13] (Globalhop Ltd TOO -> )
HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\Run: [uTorrent] => C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe [2133544 2021-06-30] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\Run: [ut] => C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe [2133544 2021-06-30] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\MountPoints2: {b2dced8a-a9a1-11eb-ba99-200db021f138} - E:\AutoRun.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-02] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {038BA870-5404-43B3-829D-CA117FBD34BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {047AD7F2-C35B-4949-87DD-9B02D05C958C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-26] (Adobe Inc. -> Adobe Inc.)
Task: {0781F839-2FE5-4BA1-9AD5-6E4D7AC6859F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {08ABA226-8856-4002-AA3C-FC9D603DAD21} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Dell => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5658384 2019-07-10] (Janos Mathe -> H.D.S. Hungary)
Task: {13F78D59-932B-407D-9692-1CCBA88DA046} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-29] (Google LLC -> Google LLC)
Task: {20E04A27-9ED4-46D0-97FE-7F310F5FF1BD} - System32\Tasks\{65A94DB3-A5D8-468B-A281-A247495B24E7} => C:\Windows\system32\pcalua.exe -a C:\Users\Dell\Downloads\winxp64_1425.exe -d C:\Users\Dell\Downloads
Task: {5C95F53F-B42C-45DF-9093-C110E79006F8} - System32\Tasks\Total AV Setup => C:\Program Files (x86)\TotalAV\TotalAV.exe
Task: {8881B6DB-E97E-441A-A301-D12887BE2CBE} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {8CE00C33-7F06-4288-8BBA-758528315328} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {8CE00C33-7F06-4288-8BBA-758528315328} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {8CE00C33-7F06-4288-8BBA-758528315328} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {8CE00C33-7F06-4288-8BBA-758528315328} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {8CE00C33-7F06-4288-8BBA-758528315328} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {8CE00C33-7F06-4288-8BBA-758528315328} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\Total AV Setup" /ENABLE
Task: {8CE00C33-7F06-4288-8BBA-758528315328} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\{65A94DB3-A5D8-468B-A281-A247495B24E7}" /ENABLE
Task: {8CE00C33-7F06-4288-8BBA-758528315328} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {8DC647DE-06B1-4FAC-9756-E34347733171} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {8EC5C474-138F-4357-B0C2-9FC8247B7E04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-29] (Google LLC -> Google LLC)
Task: {8EEC1B9D-3B55-43B4-8DC4-53E0A277EA61} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{7926EA7B-4FAA-4A4A-B40A-86940A485A74}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{E2C8A242-6BE4-473E-A0E0-B3B67E77C54C}: [DhcpNameServer] 192.168.1.254
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
 
FireFox:
========
FF DefaultProfile: 0rz17jbd.default
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\0rz17jbd.default [2021-06-23]
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\k73cqp1l.default-release [2021-07-19]
FF Extension: (English United States Dictionary) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\k73cqp1l.default-release\Extensions\@unitedstatesenglishdictionary.xpi [2021-04-29]
FF Extension: (English (US) Language Pack) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\k73cqp1l.default-release\Extensions\[email protected] [2021-06-04]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-06-27] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-07-19] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-07-19] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default [2021-07-19]
CHR Notifications: Default -> hxxps://en.softonic.com; hxxps://featurepoints.com; hxxps://web.whatsapp.com; hxxps://www.europelanguagejobs.com; hxxps://zc.eemel.xyz
CHR Extension: (Slides) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-29]
CHR Extension: (Safe Torrent Scanner) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-06-30]
CHR Extension: (Kaspersky Protection) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-07-18]
CHR Extension: (Docs) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-29]
CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-29]
CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-29]
CHR Extension: (Sheets) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-29]
CHR Extension: (Binance Chain Wallet) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbohimaelbohpjbbldcngcnapndodjp [2021-07-18]
CHR Extension: (Google Docs Offline) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-23]
CHR Extension: (Quick translator) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmgfjbnbdobnciflclaceibkcailcac [2021-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-29]
CHR Extension: (View Chrome History) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiginoblioefjckppeefcofmkkhgbdfc [2021-05-09]
CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-26]
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\System Profile [2021-07-19]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [184768 2021-07-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [368360 2021-06-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [447104 2021-07-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [48856 2014-10-09] (Realtek Semiconductor Corp -> Realtek)
S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-10-09] (Realtek Semiconductor Corp -> Realtek)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2021-04-29] (Realtek Semiconductor Corp -> )
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4575688 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [42208 2020-03-13] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [51936 2021-04-19] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [129216 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [31576 2020-04-24] (DEV47 APPS -> Dev47Apps)
R1 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klflt; C:\Windows\System32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [657176 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1400584 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [245752 2021-07-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [283144 2021-07-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [108576 2021-07-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [216576 2021-07-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\System32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [6607208 2017-08-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 smwdm; C:\Windows\System32\drivers\smwdm.sys [348032 2005-11-29] (Analog Devices Incorporated -> Analog Devices, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
U3 iswSvc; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-07-19 22:32 - 2021-07-19 22:34 - 000021423 _____ C:\Users\Dell\Downloads\FRST.txt
2021-07-19 22:30 - 2021-07-19 22:30 - 000000000 ____D C:\Users\Dell\Downloads\FRST-OlderVersion
2021-07-19 22:29 - 2021-07-19 22:33 - 000000000 ____D C:\FRST
2021-07-19 22:24 - 2021-07-19 22:30 - 002300416 _____ (Farbar) C:\Users\Dell\Downloads\FRST64.exe
2021-07-18 21:27 - 2021-07-18 21:27 - 000000024 _____ C:\Users\Dell\Downloads\caso coinbase.txt
2021-07-18 10:20 - 2021-07-18 10:20 - 000441240 _____ C:\Windows\system32\Drivers\vsconfig.xml
2021-07-18 10:19 - 2021-07-18 10:19 - 000000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2021-07-18 10:19 - 2021-07-18 10:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2021-07-18 08:56 - 2021-07-18 08:56 - 000283144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2021-07-18 08:55 - 2021-07-18 08:55 - 000001154 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2021-07-18 08:50 - 2021-07-18 08:50 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab
2021-07-18 08:50 - 2021-07-18 08:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2021-07-18 08:48 - 2021-07-18 08:48 - 000245752 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2021-07-18 08:48 - 2021-07-18 08:48 - 000216576 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2021-07-18 08:48 - 2021-07-18 08:48 - 000108576 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2021-07-18 08:48 - 2021-07-18 08:48 - 000001082 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2021-07-18 08:48 - 2021-07-18 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-07-18 08:48 - 2021-07-18 08:48 - 000000000 ____D C:\Program Files\Common Files\AV
2021-07-18 08:46 - 2021-07-18 08:46 - 000002097 _____ C:\Users\Public\Desktop\Kaspersky Security Cloud.lnk
2021-07-18 08:46 - 2021-07-18 08:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Cloud
2021-07-18 08:45 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2021-07-18 08:44 - 2021-07-18 08:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-07-18 08:44 - 2021-07-18 08:49 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-07-18 08:44 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2021-07-18 08:44 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2021-07-18 08:34 - 2021-07-18 08:34 - 000000000 ____D C:\Users\Dell\Downloads\RevoUninstaller_Portable
2021-07-18 08:33 - 2021-07-18 08:34 - 009675290 _____ C:\Users\Dell\Downloads\RevoUninstaller_Portable.zip
2021-07-18 08:24 - 2021-07-18 08:24 - 000088012 _____ C:\ProgramData\agent.update.1626589413.bdinstall.v2.bin
2021-07-18 07:56 - 2021-07-18 07:56 - 000000000 _____ C:\Windows\cpepmon.mlf
2021-07-18 07:18 - 2021-07-18 07:19 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2021-07-18 07:16 - 2021-07-19 10:39 - 000003648 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-07-18 07:14 - 2021-07-18 07:14 - 000116240 _____ C:\ProgramData\agent.1626585223.bdinstall.v2.bin
2021-07-18 07:13 - 2021-07-18 08:24 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-07-18 07:13 - 2021-07-18 07:13 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-07-18 07:12 - 2021-07-18 07:13 - 013543384 _____ C:\Users\Dell\Downloads\bitdefender_online.exe
2021-07-18 06:54 - 2021-07-18 06:54 - 000000000 _____ C:\Windows\system32\Drivers\OLD3E9.tmp
2021-07-18 06:54 - 2021-07-18 06:54 - 000000000 _____ C:\Windows\system32\Drivers\OLD3D9.tmp
2021-07-18 06:39 - 2021-07-18 06:39 - 002760536 _____ (Kaspersky) C:\Users\Dell\Downloads\ks4.021.3.10.391en_25092.exe
2021-07-17 22:13 - 2021-07-17 22:13 - 000000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2021-07-17 21:54 - 2021-07-18 10:37 - 000000000 ____D C:\ProgramData\CheckPoint
2021-07-17 21:54 - 2021-07-18 10:37 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2021-07-17 21:54 - 2021-07-18 10:20 - 000002262 _____ C:\Users\Dell\Desktop\Resume ZoneAlarm Security Install.lnk
2021-07-17 21:53 - 2021-07-17 21:53 - 005957064 _____ (Check Point Software Technologies Ltd.) C:\Users\Dell\Downloads\zafwSetupWeb_158_169_18768.exe
2021-07-17 18:22 - 2021-07-17 18:22 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Rovio
2021-07-17 18:15 - 2021-07-17 18:19 - 000000000 ____D C:\Program Files (x86)\Rovio Entertainment Ltd
2021-07-17 18:15 - 2021-07-17 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio Entertainment Ltd
2021-07-17 17:55 - 2021-07-17 17:55 - 000013267 _____ C:\Users\Dell\Downloads\angry-birds-6756.torrent
2021-07-17 17:52 - 2021-07-17 17:52 - 000000000 ____D C:\Users\Dell\AppData\Local\Adaware
2021-07-17 17:46 - 2021-07-17 17:46 - 000000000 ____D C:\Users\Dell\AppData\Local\MobiGame
2021-07-17 17:41 - 2021-07-17 17:42 - 077902368 _____ (Rovio Entertainment Ltd.) C:\Users\Dell\Downloads\file
2021-07-17 06:13 - 2021-07-17 06:13 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Rovio Entertainment Ltd
2021-07-16 17:36 - 2021-07-16 17:36 - 000000964 _____ C:\Users\Public\Desktop\Bandicut.lnk
2021-07-16 17:36 - 2021-07-16 17:36 - 000000000 ____D C:\Users\Dell\Documents\Bandicut
2021-07-16 17:36 - 2021-07-16 17:36 - 000000000 ____D C:\Users\Dell\AppData\Roaming\BANDISOFT
2021-07-16 17:36 - 2021-07-16 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicut
2021-07-16 17:36 - 2021-07-16 17:36 - 000000000 ____D C:\ProgramData\BANDISOFT
2021-07-16 17:19 - 2021-07-17 10:08 - 000000000 ____D C:\Users\Dell\Documents\Bandicam
2021-07-16 17:19 - 2021-07-16 17:19 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Bandicam Company
2021-07-16 17:15 - 2021-07-16 17:15 - 000000833 _____ C:\Users\Public\Desktop\Bandicam.lnk
2021-07-16 17:15 - 2021-07-16 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2021-07-16 17:13 - 2021-07-16 17:13 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1
2021-07-16 17:11 - 2021-07-16 17:12 - 022451488 _____ (Bandicam Company) C:\Users\Dell\Downloads\BDCAMSETUP_ENG_5_1_1_1837.EXE
2021-07-16 15:43 - 2021-07-16 15:43 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZumaLuxor Mod by Bobik
2021-07-15 14:19 - 2021-07-15 14:40 - 000000000 ____D C:\Users\Dell\AppData\Local\MumboJumbo
2021-07-15 14:19 - 2021-07-15 14:19 - 000000000 ____D C:\Users\Dell\AppData\Roaming\MumboJumbo
2021-07-15 14:17 - 2021-07-15 14:17 - 011739308 _____ C:\Users\Dell\Downloads\Luxor Angry Birds Alpha v1.2 Data Files.zip
2021-07-15 13:48 - 2021-07-15 14:41 - 000000000 ____D C:\ProgramData\MumboJumbo
2021-07-15 13:48 - 2021-07-15 14:40 - 000000000 ____D C:\Users\Dell\Documents\MumboJumbo
2021-07-15 13:47 - 2021-07-15 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luxor Super Pack
2021-07-14 22:10 - 2021-07-14 22:10 - 000001026 _____ C:\Users\Dell\Desktop\DroidCamApp.lnk
2021-07-14 22:10 - 2021-07-14 22:10 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam
2021-07-14 22:08 - 2021-07-14 22:10 - 000000000 ____D C:\Program Files (x86)\DroidCam
2021-07-14 21:47 - 2021-07-14 21:47 - 000000000 ____D C:\Users\Dell\.android
2021-07-14 21:46 - 2021-07-16 09:33 - 000001608 _____ C:\ProgramData\droidcam-client-options-v2
2021-07-14 21:46 - 2021-07-16 09:33 - 000000369 _____ C:\ProgramData\droidcam-settings
2021-07-14 21:40 - 2021-07-14 21:40 - 016409736 _____ C:\Users\Dell\Downloads\DroidCam.Setup.6.4.3.exe
2021-07-11 10:56 - 2021-07-11 10:56 - 000159737 _____ C:\Users\Dell\Downloads\01N00537113_202107 Budapest bank.pdf
2021-07-11 10:54 - 2021-07-11 10:54 - 000159737 _____ C:\Users\Dell\Downloads\01N00537113_202107 Budapest Bank (2).pdf
2021-07-11 10:44 - 2021-07-11 10:45 - 000178334 _____ C:\Users\Dell\Downloads\WhatsApp Image 2021-07-11 at 10.42.44 AM.jpeg
2021-07-11 09:47 - 2021-07-11 09:48 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Telegram Desktop
2021-07-11 09:44 - 2021-07-11 09:45 - 030354344 _____ (Telegram FZ-LLC ) C:\Users\Dell\Downloads\tsetup-x64.2.8.1.exe
2021-07-11 09:08 - 2021-07-11 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2021-07-10 14:26 - 2021-07-10 14:26 - 000000000 ____D C:\ProgramData\WildTangent
2021-07-09 10:37 - 2021-07-09 10:37 - 000000000 ____D C:\Users\Dell\Documents\GTA3 User Files
2021-07-07 20:36 - 2021-07-07 20:36 - 000000000 ____D C:\Users\Dell\AppData\Local\TKHGKNXA
2021-07-07 20:36 - 2021-07-07 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game
2021-07-07 20:29 - 2021-07-15 13:56 - 000000000 ____D C:\Games
2021-07-07 14:39 - 2021-07-07 14:39 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-07-06 11:20 - 2021-07-06 11:29 - 000000000 ____D C:\Users\Dell\Downloads\Grand Theft Auto III
2021-07-05 17:09 - 2021-07-05 17:10 - 005330689 _____ C:\Users\Dell\Downloads\Stairs vs. escalator VID-20180421-WA0014.mp4
2021-07-04 17:21 - 2021-07-04 17:21 - 000000000 ____D C:\Users\Dell\MMPublicationsIWB
2021-07-04 17:20 - 2021-07-04 17:20 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Macromedia
2021-07-03 00:21 - 2021-07-03 00:21 - 000200005 _____ C:\Users\Dell\Desktop\CV CKR Jun 2021.pdf
2021-07-02 14:44 - 2021-07-18 14:47 - 000000000 ____D C:\Users\Dell\AppData\Local\CrashDumps
2021-07-02 14:43 - 2021-07-03 10:12 - 000000000 ____D C:\ProgramData\TEMP
2021-07-02 14:43 - 2021-07-02 14:43 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Luxor
2021-07-02 14:43 - 2021-07-02 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luxor
2021-07-02 14:42 - 2021-07-18 10:34 - 000000000 ____D C:\ProgramData\Big Fish
2021-07-02 14:41 - 2021-07-02 14:42 - 000000000 ____D C:\Users\Dell\AppData\Local\Big Fish
2021-07-02 07:44 - 2021-06-28 22:14 - 000049118 _____ C:\Users\Dell\Desktop\CV Krisch Christian EU.pdf
2021-07-01 19:49 - 2021-07-01 19:49 - 000000000 ____D C:\Users\Dell\Downloads\CodingResources
2021-06-30 06:38 - 2021-07-19 12:39 - 000000000 ____D C:\Users\Dell\AppData\LocalLow\uTorrent
2021-06-30 06:02 - 2021-07-19 16:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-29 17:25 - 2021-06-29 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Path - Prologue
2021-06-29 16:25 - 2021-06-29 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-06-28 23:11 - 2021-06-28 23:12 - 000000000 ____D C:\Users\Dell\AppData\LocalLow\Adobe
2021-06-28 22:59 - 2021-07-17 22:13 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-06-28 22:56 - 2021-07-14 22:17 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-28 22:56 - 2021-06-28 22:56 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2021-06-28 22:53 - 2021-06-28 22:53 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-06-28 22:49 - 2021-06-28 23:12 - 000000000 ____D C:\ProgramData\Adobe
2021-06-28 22:48 - 2021-07-16 14:48 - 000000000 ____D C:\Users\Dell\AppData\Local\Adobe
2021-06-27 00:23 - 2021-06-27 00:23 - 000000000 ____D C:\Users\Dell\AppData\Local\mbam
2021-06-26 23:07 - 2021-06-26 23:07 - 062878500 _____ C:\Users\Dell\Downloads\Astérix en Italia (Tinblack).cbr
2021-06-26 22:42 - 2021-07-08 09:44 - 000000880 _____ C:\Users\Dell\Desktop\CDisplayEx.lnk
2021-06-26 22:42 - 2021-06-26 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2021-06-26 22:42 - 2021-06-26 22:42 - 000000000 ____D C:\Program Files\CDisplayEx
2021-06-26 22:41 - 2021-06-26 22:41 - 103132212 _____ C:\Users\Dell\Downloads\ASTERIX 38 - LA HIJA DE VERCINGETÓRIX (Tinblack).cbr
2021-06-26 22:39 - 2021-06-26 22:39 - 006461445 _____ (Progdigy Software S.A.R.L. ) C:\Users\Dell\Downloads\CDisplayExWin64v1.10.33.exe
2021-06-26 22:36 - 2021-06-26 22:37 - 168125685 _____ C:\Users\Dell\Downloads\457321x_36-40.howtoarsenio.blogspot.com.rar
2021-06-23 16:57 - 2021-06-23 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zuma Deluxe
2021-06-23 16:46 - 2021-07-19 13:11 - 000000000 ____D C:\Users\Dell\AppData\Local\BitTorrentHelper
2021-06-23 16:34 - 2021-07-19 22:39 - 000000000 ____D C:\Users\Dell\AppData\Roaming\uTorrent
2021-06-23 16:34 - 2021-06-23 16:34 - 000000792 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-06-23 16:33 - 2021-06-23 16:33 - 000000000 ____D C:\Users\Dell\AppData\Local\UT008
2021-06-22 15:15 - 2021-06-22 15:15 - 007492292 _____ C:\Users\Dell\Downloads\yt1s.com - Tumblebugs 2 Illegal Main Menu_144p.3gp
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-07-19 22:18 - 2021-04-29 21:09 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-19 18:00 - 2021-06-15 17:59 - 000000000 ____D C:\Program Files\CCleaner
2021-07-19 17:05 - 2021-01-22 15:20 - 000000000 ____D C:\Users\Dell\AppData\LocalLow\Mozilla
2021-07-19 12:13 - 2009-07-14 06:45 - 000024224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-07-19 12:13 - 2009-07-14 06:45 - 000024224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-07-19 11:41 - 2021-06-15 17:59 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-07-19 10:37 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-18 10:20 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2021-07-18 07:34 - 2021-06-15 18:19 - 000000000 ____D C:\Users\Dell\AppData\Local\Avast Software
2021-07-18 07:28 - 2021-05-09 10:56 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-07-18 07:22 - 2021-05-09 10:52 - 000000000 ____D C:\ProgramData\Avast Software
2021-07-17 22:52 - 2021-05-23 11:48 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-17 22:14 - 2021-06-06 15:35 - 000003618 _____ C:\Windows\system32\Tasks\Total AV Setup
2021-07-17 22:14 - 2021-01-22 15:24 - 000003124 _____ C:\Windows\system32\Tasks\{65A94DB3-A5D8-468B-A281-A247495B24E7}
2021-07-17 22:13 - 2021-06-15 17:59 - 000002804 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2021-07-17 22:13 - 2021-04-29 21:09 - 000003462 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-17 22:13 - 2021-04-29 21:09 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-17 18:18 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-07-15 21:56 - 2009-07-14 07:08 - 000032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-07-15 13:59 - 2009-10-30 18:56 - 000683120 _____ C:\Windows\system32\perfh00E.dat
2021-07-15 13:59 - 2009-10-30 18:56 - 000170678 _____ C:\Windows\system32\perfc00E.dat
2021-07-15 13:59 - 2009-07-14 19:58 - 000688398 _____ C:\Windows\system32\perfh007.dat
2021-07-15 13:59 - 2009-07-14 19:58 - 000148370 _____ C:\Windows\system32\perfc007.dat
2021-07-15 13:59 - 2009-07-14 07:13 - 002464046 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-14 21:47 - 2004-09-17 00:51 - 000000000 ____D C:\Users\Dell
2021-07-14 21:42 - 2021-02-05 11:57 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2021-07-11 20:02 - 2009-07-14 06:45 - 000434128 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-11 10:45 - 2021-05-01 20:04 - 000111520 _____ C:\Users\Dell\AppData\Local\GDIPFONTCACHEV1.DAT
2021-07-11 09:04 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-07-11 09:03 - 2021-05-01 10:59 - 000000000 ____D C:\Program Files\Microsoft Office
2021-07-11 09:02 - 2021-05-01 10:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-07-08 20:24 - 2021-06-08 11:56 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2021-07-08 09:33 - 2021-01-22 15:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-02 23:39 - 2020-06-04 09:22 - 000000000 ____D C:\Users\Dell\Documents\chris
2021-07-02 07:52 - 2021-06-06 16:11 - 000000000 ____D C:\Users\Dell\Documents\los cvs
2021-07-02 06:16 - 2021-04-29 21:10 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-02 06:16 - 2021-04-29 21:10 - 000002119 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-01 22:15 - 2021-06-15 17:59 - 000000000 ____D C:\Program Files (x86)\BokangSpeedup
2021-07-01 22:11 - 2021-05-09 10:53 - 000000000 ____D C:\Program Files (x86)\TsapriSpeedup
2021-06-28 23:11 - 2021-06-07 05:30 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Adobe
2021-06-28 22:16 - 2021-05-20 06:42 - 000000000 ___SD C:\Users\Dell\AppData\LocalLow\Temp
2021-06-23 16:58 - 2004-09-17 00:51 - 000000000 ____D C:\Users\Dell\AppData\Local\VirtualStore
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2021-07-17 18:56
==================== End of FRST.txt ========================
 
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by Dell (19-07-2021 22:41:07)
Running from C:\Users\Dell\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2004-09-16 22:51:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Dell (S-1-5-21-3999479891-2882377658-4014428448-1000 - Administrator - Enabled) => C:\Users\Dell
Rendszergazda (S-1-5-21-3999479891-2882377658-4014428448-500 - Administrator - Disabled)
Vendég (S-1-5-21-3999479891-2882377658-4014428448-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Security Cloud (Enabled - Up to date) {F41710F6-65D1-4F66-2B68-CCCF63D4A09E}
FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {841A2C1E-F526-E32F-8E57-7FBF8B0698E4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\uTorrent) (Version: 3.5.5.46038 - BitTorrent Inc.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 21.005.20058 - Adobe Systems Incorporated)
Angry Birds (HKLM-x32\...\{80BF227D-6DAC-4655-AB25-13C0DDEC812A}) (Version: 4.0.0 - Rovio Entertainment Ltd.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 5.1.1.1837 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 3.6.5.668 - Bandicam.com)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
DeepL (HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\DeepL) (Version: 2.4.0 - DeepL GmbH)
DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.4.3 - DEV47APPS)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2.1 - )
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
GTA 3 [v1.1] (HKLM-x32\...\{188CE843-2CDE-4ED8-BFDC-8DA81DCAADED}_RePack_GTA3_is1) (Version:  - Rockstar North)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.50 - Janos Mathe)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 8 Update 291 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Security Cloud (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky)
Luxor (HKLM-x32\...\BFG-Luxor) (Version:  - )
Luxor Super Pack (HKLM-x32\...\Luxor Super Pack_is1) (Version: 1.0 - HGDagon)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 89.0.2 (x64 hu) (HKLM\...\Mozilla Firefox 89.0.2 (x64 hu)) (Version: 89.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0.2 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Realtek USB Wireless LAN Driver (HKLM-x32\...\InstallShield_{DBCC4C27-F949-482b-B786-7B3B67587CD2}) (Version: Drv_3.00.0018 - REALTEK Semiconductor Corp.)
Realtek USB Wireless LAN Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: UI_1.00.0287 - REALTEK Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.2.7010 - Analog Devices)
SSOption (HKLM-x32\...\LyleSmiwnLo) (Version: 3.7.3.5 - LyleSmiwnLo) <==== ATTENTION
SSOption (HKLM-x32\...\VydiBlukousePo) (Version: 3.7.3.5 - VydiBlukousePo) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system)
Telegram Desktop version 2.8.1 (HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.8.1 - Telegram FZ-LLC)
The Path - Prologue 1.1 beta 7 (HKLM-x32\...\{C8142AF9-967D-4F72-8841-FFA87A5D25D0}_is1) (Version:  - Tale of Tales)
The Path 64-bit language update (HKLM-x32\...\{8A3D6A5C-5606-4ACA-A5B5-3F7B3224BD86}_is1) (Version:  - Tale of Tales)
Unknown Device Identifier 9.01 (HKLM\...\Unknown Device Identifier_is1) (Version: 9.01 - Huntersoft)
WinRAR 6.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.004.7033 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{7B46F664-5425-45D9-8761-E506F5D71D12}) (Version: 15.8.169.18768 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.8.169.18768 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{DD4F2B05-0B5A-4C76-AEFE-3C85E1064E57}) (Version: 15.8.169.18768 - Check Point Software Technologies Ltd.) Hidden
Zoom (HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\ZoomUMX) (Version: 5.6.5 (823) - Zoom Video Communications, Inc.)
Zuma Deluxe (HKLM-x32\...\Zuma Deluxe_is1) (Version:  - )
Zuma Deluxe 1.0 (HKLM-x32\...\Zuma Deluxe 1.0) (Version:  - )
ZumaLuxor v. 1.5 (HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\ZumaLuxor v. 1.5) (Version:  - )
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version:  - PopCap Games)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Dell\Pictures\Things\Games\The Path\7-Zip\7-zip.dll -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-07-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-07-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Dell\Pictures\Things\Games\The Path\7-Zip\7-zip.dll -> No File
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-07-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Dell\Pictures\Things\Games\The Path\7-Zip\7-zip.dll -> No File
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-07-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-04-29 20:57 - 2014-04-17 09:54 - 000863232 _____ ( Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\P2PLib.dll
2021-05-01 11:02 - 2021-05-01 11:02 - 008007680 _____ () [File not signed] [File is in use] C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
2020-09-12 22:02 - 2020-09-12 22:02 - 000160768 _____ () [File not signed] C:\Program Files (x86)\DroidCam\lib\DroidCamFilter64.ax
2021-04-29 20:57 - 2014-04-17 09:54 - 000221184 _____ () [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\EnumDevLib.dll
2019-06-10 13:21 - 2019-06-10 13:21 - 000668160 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2017-07-08 12:52 - 2017-07-08 12:52 - 002983917 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2015-11-22 22:05 - 2015-11-22 22:05 - 001530880 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll
2021-05-09 10:52 - 2021-01-13 09:57 - 014318734 _____ () [File not signed] C:\Users\Dell\AppData\Local\Programs\Taskbar system\sdk.dll
2021-05-09 10:52 - 2020-05-14 00:17 - 000112640 _____ (Countly) [File not signed] [File is in use] C:\Users\Dell\AppData\Local\Programs\Taskbar system\Countly.dll
2021-05-09 10:52 - 2018-01-10 13:34 - 000024064 _____ (Daniel Grunwald, Omer Mor, Alex Davies, jnm2) [File not signed] [File is in use] C:\Users\Dell\AppData\Local\Programs\Taskbar system\AsyncBridge.Net35.dll
2021-05-18 09:17 - 2021-05-18 09:17 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2021-05-09 10:52 - 2018-03-24 17:44 - 000475136 _____ (Newtonsoft) [File not signed] [File is in use] C:\Users\Dell\AppData\Local\Programs\Taskbar system\Newtonsoft.Json.dll
2021-04-29 20:57 - 2014-04-17 09:54 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\IpLib.dll
2021-04-29 20:57 - 2014-04-17 09:54 - 000044544 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlQRCode.dll
2021-05-09 10:53 - 2018-05-11 08:52 - 000074240 _____ (Sentry) [File not signed] [File is in use] C:\Users\Dell\AppData\Local\Programs\Taskbar system\SharpRaven.dll
2021-04-29 20:57 - 2014-04-17 09:54 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\LIBEAY32.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D4D38596 [248]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Version 11) (Whitelisted) ==========
 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\ssv.dll [2021-06-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files (x86)\google\googletoolbar.dll [2021-07-12] (Google Inc.) [File not signed]
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-06-06] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar.dll [2021-07-12] (Google Inc.) [File not signed]
Toolbar: HKU\S-1-5-21-3999479891-2882377658-4014428448-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2021-06-06 18:27 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-3999479891-2882377658-4014428448-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2F2B9C73-0A46-40AC-B16A-C88F8FD333B3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{96F10AC2-344A-4A10-BD76-3F110DB40CE8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F65D792D-B6F7-4419-A85E-776B004682F4}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
FirewallRules: [{5D7DE710-AA77-440E-B486-2F663EAC47CB}] => (Allow) LPort=1542
FirewallRules: [{091E3557-0621-4E95-B254-F09D29DCDF6E}] => (Allow) LPort=1542
FirewallRules: [{A43F3547-7788-4B52-B9B3-07607A6984DC}] => (Allow) LPort=53
FirewallRules: [{17A8FC43-61F8-4D9F-A388-B7534925907A}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{46C2B9F4-8948-49D6-8864-90CD5ABB0105}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{F1C27E08-FA35-4AB0-BD61-E2CFB4DD7704}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{067C15B6-DEEE-4674-BC30-00B7FC782868}] => (Allow) LPort=53
FirewallRules: [{2896E0F8-50E7-4423-8705-9B96B243770F}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{5ADB5CFF-539E-4D8C-9155-6D1E4F259BF2}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{709E6794-4FDA-4E7B-875E-7F595750C3CF}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{5247CFA1-9A4C-4A6A-8FC7-3483BA6CBA29}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{F56BF6C1-129F-4341-AC03-242A01476667}] => (Allow) C:\Users\Dell\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FD742601-080B-44E1-8D72-A611AE106826}] => (Allow) C:\Users\Dell\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B4794F46-EA8C-4434-9DA3-F0DCFDF27EA1}] => (Allow) C:\Users\Dell\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{0200E488-60F9-4629-9325-0DDB3AFE9AC6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{0D2EBDE3-B427-45FA-813B-638A455F56F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{F6389892-C6EC-4CBB-8B02-86010DFAC97B}] => (Allow) C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C43B677D-2193-47EE-9CB9-57C30274821C}] => (Allow) C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{57C51DC3-41B2-4254-8C0C-998173A4E453}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6E771081-402A-4E89-9278-542ACB5D8550}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{D1DE40D2-98F9-4B56-8A8F-3A536E447DBE}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{D92B0002-C217-4EFA-ADD8-75853FB60D8A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{4F2A9CE6-5D39-4C3D-9A35-7718BD2CCFFC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
 
==================== Restore Points =========================
 
19-07-2021 22:05:46 Ütemezett ellenőrzési pont
 
==================== Faulty Device Manager Devices ============
 
Name: Video Controller
Description: Video Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/19/2021 10:39:21 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: ZAAR.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: 
Stack:
   at System.Environment.FailFast(System.String, System.Exception)
   at ZACSCommon.ErrorHandling.LogAndExit(System.String, System.Exception)
   at ZACSCommon.ErrorHandling.UnhandledException(System.UnhandledExceptionEventArgs)
   at ZAAR.App.ZAAR_UnhandledException(System.Object, System.UnhandledExceptionEventArgs)
   at ZACSCommon.Logger.Fatal(System.String, System.Object[])
   at ZAAR.App.InitializeEnvironment(System.String)
   at ZAAR.App.AppStartup(System.Object, System.Windows.StartupEventArgs)
   at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   at ZAAR.App.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at ZAAR.App.Main()
 
Error: (07/19/2021 10:38:22 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ZAARUpdateService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at ZACSCommon.Logger..cctor()
 
Exception Info: System.TypeInitializationException
   at ZACSCommon.Logger.Error(System.String)
   at ZAARUpdateService.ZAARUpdateService..cctor()
 
Exception Info: System.TypeInitializationException
   at ZAARUpdateService.ZAARUpdateService.Updater_UnhandledException(System.Object, System.UnhandledExceptionEventArgs)
 
Error: (07/18/2021 02:47:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mspaint.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca29
Faulting module name: UIRibbon.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9de
Exception code: 0xc0000005
Fault offset: 0x000007fee2cd6b55
Faulting process id: 0xb2c
Faulting application start time: 0x01d77bd2dc12f408
Faulting application path: C:\Windows\system32\mspaint.exe
Faulting module path: UIRibbon.dll
Report Id: 482474f9-e7c6-11eb-98fa-001143a3db6e
 
Error: (07/18/2021 10:47:04 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: ZAAR.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: 
Stack:
   at System.Environment.FailFast(System.String, System.Exception)
   at ZACSCommon.ErrorHandling.LogAndExit(System.String, System.Exception)
   at ZACSCommon.ErrorHandling.UnhandledException(System.UnhandledExceptionEventArgs)
   at ZAAR.App.ZAAR_UnhandledException(System.Object, System.UnhandledExceptionEventArgs)
   at ZACSCommon.Logger.Fatal(System.String, System.Object[])
   at ZAAR.App.InitializeEnvironment(System.String)
   at ZAAR.App.AppStartup(System.Object, System.Windows.StartupEventArgs)
   at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   at ZAAR.App.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at ZAAR.App.Main()
 
Error: (07/18/2021 10:32:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, A hozzáférés megtagadva.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Művelet:
   Íróadatok gyűjtése
 
Környezet:
   Író osztályazonosítója: {e8132975-6f93-4464-a53e-1050253ae220}
   Író neve: System Writer
   Író példányazonosítója: {bad7c0f6-b4d8-482a-938b-02de6f32d858}
 
Error: (07/18/2021 10:28:00 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: ZAAR.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: 
Stack:
   at System.Environment.FailFast(System.String, System.Exception)
   at ZACSCommon.ErrorHandling.LogAndExit(System.String, System.Exception)
   at ZACSCommon.ErrorHandling.UnhandledException(System.UnhandledExceptionEventArgs)
   at ZAAR.App.ZAAR_UnhandledException(System.Object, System.UnhandledExceptionEventArgs)
   at ZACSCommon.Logger.Fatal(System.String, System.Object[])
   at ZAAR.App.InitializeEnvironment(System.String)
   at ZAAR.App.AppStartup(System.Object, System.Windows.StartupEventArgs)
   at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   at ZAAR.App.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at ZAAR.App.Main()
 
Error: (07/18/2021 10:27:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ZAARUpdateService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at ZACSCommon.Logger..cctor()
 
Exception Info: System.TypeInitializationException
   at ZACSCommon.Logger.Error(System.String)
   at ZAARUpdateService.ZAARUpdateService..cctor()
 
Exception Info: System.TypeInitializationException
   at ZAARUpdateService.ZAARUpdateService.Updater_UnhandledException(System.Object, System.UnhandledExceptionEventArgs)
 
Error: (07/18/2021 10:15:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZAAR.exe, version: 1.4.7033.18736, time stamp: 0x607d8250
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80131623
Fault offset: 0x00924bbf
Faulting process id: 0x838
Faulting application start time: 0x01d77bacab284312
Faulting application path: C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
Faulting module path: unknown
Report Id: 3fdf04f8-e7a0-11eb-adfe-001143a3db6e
 
 
System errors:
=============
Error: (07/19/2021 02:09:10 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (07/19/2021 10:38:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Realtek DHCP Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/19/2021 10:38:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZAAR Update Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/19/2021 10:38:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ZAAR Update Service service to connect.
 
Error: (07/19/2021 10:37:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZoneAlarm ICM NET Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/19/2021 10:37:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm ICM NET Service service to connect.
 
Error: (07/18/2021 10:45:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Realtek DHCP Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/18/2021 10:45:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZAAR Update Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc.                 ACRSYS - 7 09/17/2004
Motherboard: Dell Inc.           0G5611
Processor: Intel® Pentium® 4 CPU 3.20GHz
Percentage of memory in use: 91%
Total physical RAM: 3062.14 MB
Available physical RAM: 255.53 MB
Total Virtual: 6122.43 MB
Available Virtual: 2520.31 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.43 GB) (Free:3.37 GB) NTFS
Drive d: (Graded Readers) (CDROM) (Total:4.38 GB) (Free:0 GB) CDFS
Drive e: (MobileWiFi) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
 
\\?\Volume{f7bec52d-082f-11d9-a766-806e6f6e6963}\ (Rendszer számára fenntartott) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 7844AF31)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

 

Attached Files


  • 0

Advertisements

#2
DR M
Posted 20 July 2021 - 11:50 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, piratacobra.

 

(How can I call you? )

Welcome to GTG Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

 

=================================

 

Give me some time to review your logs and I will be back to you as soon as I am ready.


  • 0

#3
DR M
Posted 21 July 2021 - 08:34 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
Hello, again.
 
Apologies for the delay.
 
As I told you above, here we can check the computer mainly for malware. I'm not sure if I can help you regarding the Coinbase account. If you have problems after we finish from here, you can ask for help in the Windows 10 Forum or perhaps Networking Forum.
 
Before we start the cleaning process, let me make some necessary comments:
 
 
1. Zero hard drive space, no available RAM
 
It's a miracle that the computer is still running! You have only 3.37GB free hard disk space. That means you can't do anything. You can't download something, you can't update the operating system, you can't install anything. In addition, you have only 4GB RAM installed, and the 91% is in use.
 
What I would do if I was in your position? I would backup all my personal files, find the serial numbers of the programs I would like to reinstall, and go on for a clean install of the operating system. I see that you are still running with Windows 7 which reached its end of life by the end of January 2020. It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. 
 
However, it's your computer so your decision. If don't want to follow the above suggestion, you heed to save your files (documents, videos, music, pictures, photos etc.) in an external drive and delete them from the computer. Also, uninstall any program you don't need/use. Your computer "can't breath" now. It needs your help immediately.
 
In case you choose to continue with Windows 7:
 
 
2. Free some space
 
In addition to save your files in an external disk, this can also help:
  • Press the Windows icon on your keyboard, together with the letter R.
  • Type in the blank area cleanmgr and then press OK.
  • Select Drive C and press OK.
  • Select everything you don't need in the list that will appear. Actually, you can select everything there, but be careful if you need some files in the Downloads folder.
  • Press the button Clean up system files and wait a bit.
  • Again, select everything you don't need, including old Windows installations, if any.
  • Select the tab More options.
  • Under the title System Restore and Shadow Copies, press Clean up.
  • Press Delete and OK if you are asked to.
  • Wait some time (depending of the items that are deleted).
  • Make a restart when the process is finished.
 
3. P2P program

You have μΤorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision. 
  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it.
 
4. Many antivirus
 
I understand your intention to have multiple opinions from several products. But have in mind that sometimes using a lot of these products causes problems/conflicts. 
 
Right now you have these programs installed:
 
Kaspersky Security Cloud
ZoneAlarm Security
Bitdefender Agent 
 
In addition, there are signs of Total AV and AVAST, which are not installed. Probably, not correctly uninstalled. 
 
Keep one of these products and uninstall the others.
 
 
5. Fresh FRST logs
 
After uninstalling any unnecessary program (antivirus or not), please let me see fresh FRST logs.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

  • 0

#4
DR M
Posted 23 July 2021 - 01:14 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello.

 

Do you need any help regarding the above? 


  • 0

#5
Piratacobra
Posted 23 July 2021 - 10:34 PM

Piratacobra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

Hi, thank you for your advices, i tried really hard to uninstall both Avast and AV total. I downloaded REVO uninstaller portable which have worked very well in the past. About BitDefender, i suppose is so messed up that even REVO cannot find the leftovers. I m aware that more than one AV program will interfere with each other. also i am trying to find a PC or Windows optimizer. And yes, i will try to manage some space and files... my kids are chronic downloaders, but i keep telling them to be careful and not to click 'OK" on anything that pops up. I am following your instructions. I will write again in a few hours, thanks again


  • 0

#6
DR M
Posted 23 July 2021 - 10:55 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
Hello.

Just a note while you are proceeding with the above:

I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.
  • 0

#7
DR M
Posted 26 July 2021 - 01:22 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Any progress here?


  • 0

#8
DR M
Posted 29 July 2021 - 03:58 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
Hello.
 
Asking for help, providing your logs for analysis and then go away, is not just a simple thing. People spend a remarkable amount of time to analyse the logs and, as you know, time is valuable for all of us.
 
Due to lack of feedback, this topic has been closed.
 
If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).
 
This applies only to the original topic starter. Everyone else please begin a New Topic.
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP