Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think my computer may be infected [Solved]


  • This topic is locked This topic is locked

#1
arwier

arwier

    Member

  • Member
  • PipPip
  • 77 posts

I hope I am posting this  in the right place. My computer has gradually gotten slower but now when I go to play online games mostly on pogo most of the time on chrome browser it only loads parthially then stops and if i try playing on opera it starts to load and within a few seconds it pops up a screen that says it has lost connection and i should check my internet connection which is always good so i press the ok button  and it does the same thing. I hae uninstalleda number of progams that i haven't used in more that a  year I have run security essensials I have run malwarebytes and also AVArmor all to no avail so here are the 2 texts you want 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2022
Ran by Art (administrator) on ART-PC (Hewlett-Packard HP Compaq 8100 Elite CMT PC) (09-04-2022 13:04:30)
Running from C:\Users\Art\Desktop
Loaded Profiles: Art
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP3LAK.EXE
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(explorer.exe ->) (Outbyte Computing Pty Ltd -> Outbyte) C:\Program Files\Outbyte\AVArmor\AVArmor.exe
(services.exe ->) (Adaware Software -> ) C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.7.1052.0\AdAwareService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (INTERNET PROJECT LLC -> Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(spool\drivers\x64\3\CNAP3LAK.EXE ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABISWD.EXE <3>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CNAP3 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2021-01-02] (CANON INC. -> CANON INC.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [Opera Browser Assistant] => C:\Users\Art\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {029c5a94-37c8-11ea-8da9-1cc1de5dad22} - F:\windows\AutoRun.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {2c6770ed-3b49-11e6-8f3a-1cc1de5dad22} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {38673154-5b18-11e6-9061-1cc1de5dad22} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {446e88ce-6494-11ea-8da9-1cc1de5dad22} - F:\windows\AutoRun.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {51bb3d55-b9d7-11e5-8fe6-1cc1de5dad22} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {8b5a1af4-5f73-11e6-9061-1cc1de5dad22} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {8bd6b0d4-95fe-11e5-a774-1cc1de5dad22} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {a8f699e6-0387-11e8-8b65-1cc1de5dad22} - F:\.\Driver\DriverInstaller.exe -eject
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {d407ad0b-e8f9-11e5-8d8b-1cc1de5dad22} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {f767d2e2-dea4-11ea-87e4-1cc1de5dad22} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MARINE~1.SCR [6938624 2011-06-09] (SereneScreen) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\Windows\system32\CNAP3SMD.DLL [1470464 2014-11-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON XP-340 Series 64MonitorBE: C:\Windows\system32\E_YLMBRBE.DLL [182784 2015-12-08] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2008-03-03] (Hewlett Packard) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.75\Installer\chrmstp.exe [2022-04-04] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2013-01-16] (Hewlett-Packard Company -> Hewlett-Packard Company)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01573DE8-0D4C-4861-916B-E8F74D55E117} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {04724AF9-B688-4BE0-8387-9D95E1F6E474} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {06C59630-0D72-4EC6-AD9B-8C1E520CE97A} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {0A6E41CD-98B8-473E-9D80-F01B41DFA68F} - System32\Tasks\Outbyte\Driver Updater\Support offer => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6028168 2022-02-17] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {16DF55BA-C55F-488B-8E50-A5FA2215DDC7} - System32\Tasks\Outbyte\PC Repair\Start PC Repair оn logon => C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe [9578376 2022-02-22] (Outbyte Computing Pty Ltd -> Outbyte) <==== ATTENTION
Task: {216573DF-710D-41ED-914A-D7B3C33C8973} - System32\Tasks\{A8E9C448-5B1C-4BF5-A3DA-4CA09E5D53AD} => C:\Windows\system32\pcalua.exe -a "E:\8100 elite drivers\sp66134.exe" -d "E:\8100 elite drivers"
Task: {23BB2F2D-75DC-4892-B424-2F55E918F3D1} - System32\Tasks\Outbyte\Driver Updater\Tweak offer => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6028168 2022-02-17] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {2CF73D26-3566-4841-8CF4-08F5AEBE0667} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {30E6880A-7493-4F4B-ADFF-BE6F0402ACEF} - System32\Tasks\{E9BF2F75-97CD-4EC2-A47D-D1F072210551} => C:\Windows\system32\pcalua.exe -a D:\fscommand\menu.exe -d D:\
Task: {31500587-F98F-4A30-93F0-BABFD763FBBD} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {315A9903-1AEA-495D-A38A-79E3128AA341} - System32\Tasks\Outbyte\AVArmor\Start Outbyte AVArmor automatic scanning => C:\Program Files\Outbyte\AVArmor\AVArmor.exe [6272832 2021-01-29] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {37E983A5-5D1E-4D55-97F4-2BB7C7311B52} - System32\Tasks\Outbyte\Driver Updater\PCRSafeSurfing => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6028168 2022-02-17] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {3C0608CB-EBEE-448F-AAEC-697A182C9B81} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {3CB1E99F-0B03-4162-B317-44B47B93E714} - System32\Tasks\{F91A8E38-2EC4-42D0-9418-AED7BAE56FB7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Art\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJMQ5JJS\JavaSetup8u91.exe" -d C:\Users\Art\Desktop
Task: {4025AAEC-33CA-4922-A2F0-1F1D1E5ACA4C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {41926182-8BC2-4FF2-A519-89468A9CFE09} - System32\Tasks\Auslogics\Boost Speed\Disk Defrag\Console Defragmentation => C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\cdefrag.exe [91248 2010-04-01] (Auslogics Software -> ) -> -c -bk -Log:"C:\Users\Art\AppData\Roaming\Auslogics\Disk Defrag\Logs\"
Task: {5665B457-EDCA-43D4-BEE6-27F33844F483} - System32\Tasks\{AE427F53-7452-4559-B9B2-3F9BFEFE6FA6} => C:\Windows\system32\pcalua.exe -a "E:\8100 elite drivers\sp56990.exe" -d "E:\8100 elite drivers"
Task: {5BF95F32-59B2-42A5-B37B-082EC58DC9D9} - System32\Tasks\Outbyte\PC Repair\DailyTip => C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe [9578376 2022-02-22] (Outbyte Computing Pty Ltd -> Outbyte) <==== ATTENTION
Task: {6102BFF7-378A-49C8-A629-7832370C2FCA} - System32\Tasks\Outbyte\PC Repair\WiFiCheck => C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe [9578376 2022-02-22] (Outbyte Computing Pty Ltd -> Outbyte) <==== ATTENTION
Task: {648D2D9F-02D7-4A3B-AC12-6C843A994DA7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-09-21] (Garmin International, Inc. -> )
Task: {6886F4CC-75C3-40FE-929F-48DAC792DB52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {6956AE9E-DF51-4EF8-A3D5-CAE87F85ED0B} - System32\Tasks\Outbyte\Driver Updater\PCRDiskSpace => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6028168 2022-02-17] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {6D43F3A2-07DA-43E8-9C54-27CA2ABE2F8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {6FFB62D8-968A-47FD-AF05-5E8BD10DC5FF} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\Art\AppData\Local\Temp\IHU328B.tmp.exe <==== ATTENTION
Task: {712CC812-5E71-469F-8543-21B5BFB01666} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {76530735-C7FD-442C-9E8D-C0FE3E33598D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2012456220-316695357-2301545490-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {79C8B109-DE68-4ED8-8469-AF0F983DD250} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {7C5FD3AE-1DAF-431D-98BC-79EE52090C02} - System32\Tasks\{99472F5E-C01B-4B91-9137-2EFA7592DDFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe" -d C:\Users\Art\Desktop -c -o "C:\Users\Art\Desktop\May2017Bills.ods"
Task: {7CB00CB9-7BE6-4C02-BBB9-7B8140755770} - System32\Tasks\IHSelfDeleteTASK => CMD /C DEL C:\Users\Art\AppData\Local\Temp\IHU33F2.tmp.exe <==== ATTENTION
Task: {9C239C66-6A76-4109-9819-7C95189A49AC} - System32\Tasks\Outbyte\PC Repair\Survey => C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe [9578376 2022-02-22] (Outbyte Computing Pty Ltd -> Outbyte) <==== ATTENTION
Task: {A0042067-66FD-4CC9-9613-BD5299EF6826} - System32\Tasks\Outbyte\Driver Updater\Send update results => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6028168 2022-02-17] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {A5268831-1CAE-4860-976C-3C44AD94750A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {A873D485-154F-43FC-A8ED-077BB41584A6} - System32\Tasks\Outbyte\PC Repair\NewDeceptors => C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe [9578376 2022-02-22] (Outbyte Computing Pty Ltd -> Outbyte) <==== ATTENTION
Task: {AA1FC477-E2D9-4AEE-A46B-938B6C698E3D} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1775752 2013-08-30] (CANON INC. -> CANON INC.) -> /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
Task: {AE5EA83A-C333-4AD0-98FA-76AC44694056} - System32\Tasks\Outbyte\Driver Updater\Subscription offer => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6028168 2022-02-17] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {B2B0432E-9C38-4E83-89D5-6C61C2AB0DCF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {B818CC6A-0845-465A-88CB-4E8D5545EED0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {BA58B71D-49A0-47F1-9B3A-2B64ACC9B0BF} - System32\Tasks\Outbyte\Driver Updater\Time for deal => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6028168 2022-02-17] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {C20ED6FB-0C0D-43C0-A5B9-E95EBF49BE33} - System32\Tasks\{4337E0EE-E164-4A0D-B89A-14C8DFBAA1CD} => C:\Windows\system32\pcalua.exe -a "E:\8100 elite drivers\sp46783.exe" -d "E:\8100 elite drivers"
Task: {C3155139-DB86-4D73-A8B4-A0A1E2047FF0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {C37EC27D-BF39-48DB-866F-0A0EE1440126} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {C3A4CFF4-1C25-4194-94D8-024C50ABA1E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {C615717A-FCB8-42A6-AB2C-F113D19AA461} - System32\Tasks\Outbyte\Driver Updater\Survey offer => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6028168 2022-02-17] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {C9253408-A8C1-40E7-9F24-C0E5E4AD80CD} - System32\Tasks\{5F774E8A-C5D2-4F0E-97DB-7879424E95F1} => msiexec.exe /package "C:\Users\Art\Desktop\WinterPlayerPack.msi"
Task: {D7030625-9C7D-4065-B1DF-A4C05FE6EA1D} - System32\Tasks\Opera scheduled Autoupdate 1627571888 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2469120 2022-04-01] (Opera Software AS -> Opera Software)
Task: {D8DF082D-0644-434B-8755-AA69C77F8C80} - System32\Tasks\Outbyte\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6028168 2022-02-17] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {DA22D176-5183-4FA3-9DED-9BB51C2FA710} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [326320 2021-06-16] (HP Inc. -> HP Inc.)
Task: {F18F9830-C63B-4847-80D1-D273A3A2C025} - System32\Tasks\Outbyte\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6028168 2022-02-17] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {F90A734F-1830-4416-B58A-CFA36873D1D2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-08] (Adobe Inc. -> Adobe)
Task: {FE887839-7E11-45F3-B917-99F7A03A9354} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {FF988BA5-04AB-4661-B841-C5D586EDB41F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {FFE661D7-25C3-418D-83E4-F91C338CB17A} - System32\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{46456222-9B9B-4384-B862-62B2FAC12445}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{62EBE42C-851F-43FB-B7E2-E9334B0F8D6F}: [DhcpNameServer] 192.168.42.129
 
FireFox:
========
FF DefaultProfile: whx4aer7.default-1627042292606
FF ProfilePath: C:\Users\Art\AppData\Roaming\TomTom\HOME\Profiles\xd4wb18b.default [2021-06-24]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF ProfilePath: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\whx4aer7.default-1627042292606 [2022-03-19]
FF Plugin: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-03-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-03-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [No File]
 
Chrome: 
=======
CHR Profile: C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default [2022-04-09]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Google Drive) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-14]
CHR Extension: (Gmail) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-19]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
Opera: 
=======
OPR Profile: C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable [2022-04-09]
OPR StartupUrls: Opera Stable -> "hxxp://google.com/"
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-02-18]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-13]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.7.1052.0\AdAwareService.exe [587832 2019-11-08] (Adaware Software -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
S3 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [73200 2018-10-10] (INTERNET PROJECT LLC -> Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [15856 2018-10-10] (INTERNET PROJECT LLC -> Ellora Assets Corp.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [7391408 2021-06-23] (Malwarebytes Inc -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1337216 2022-03-19] (Windscribe Limited -> Windscribe Limited)
S2 HPSLPSVC; C:\Users\Art\AppData\Local\Temp\7zS64DC\hpslpsvc64.dll [X] <==== ATTENTION
S2 RestoroActiveProtection; "C:\Program Files\Restoro\bin\RestoroProtection.exe" [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [34416 2017-06-20] (Anvsoft Inc. -> AnvSoft Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (西安博汇电子科技有限公司 -> Wireless Data Device)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [78848 2009-12-21] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
S3 FXVAD; C:\Windows\System32\drivers\fxvad.sys [326120 2021-07-14] (FxSound, LLC -> Windows ® Win 7 DDK provider)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [187688 2018-05-02] (Bitdefender SRL -> BitDefender LLC)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (ZTE CORPORATION -> HandSet Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-08-20] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-08-20] (Malwarebytes Inc -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation -> Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 ObDrvAntiSpyAVSrv; C:\Program Files\Outbyte\AVArmor\DrvAntiSpywareX64.sys [54960 2021-01-12] (Outbyte Computing Pty Ltd -> Outbyte)
R3 ObDrvMonAVSrv; C:\Program Files\Outbyte\AVArmor\DrvMonX64.sys [186544 2021-01-12] (Outbyte Computing Pty Ltd -> Outbyte)
R3 ObDrvMonPCRSrv; C:\Program Files (x86)\Outbyte\PC Repair\DrvMonX64.sys [186544 2021-06-30] (Outbyte Computing Pty Ltd -> Outbyte)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [48544 2022-03-19] (Windscribe Limited -> The OpenVPN Project)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2018-05-02] (Bitdefender SRL -> BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2014-11-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [29184 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [31232 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [37888 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94720 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 WindscribeSplitTunnel; C:\Windows\System32\DRIVERS\WindscribeSplitTunnel.sys [25384 2022-03-19] (Windscribe Limited -> )
R3 windtun420; C:\Windows\System32\DRIVERS\windtun420.sys [38312 2022-03-19] (Windscribe Limited -> WireGuard LLC)
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrpan; system32\DRIVERS\csrpan.sys [X]
S3 csrserial; system32\DRIVERS\csrserial.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Art\AppData\Local\Temp\tmpDB12.tmp [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-04-09 13:04 - 2022-04-09 13:05 - 000033111 _____ C:\Users\Art\Desktop\FRST.txt
2022-04-09 13:03 - 2022-04-09 13:03 - 000000000 ____D C:\Users\Art\Desktop\FRST-OlderVersion
2022-04-09 13:02 - 2022-04-09 13:03 - 002365440 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe
2022-04-02 13:41 - 2022-04-09 11:40 - 000000000 ____D C:\Windows\SysWOW64\idx
2022-04-02 13:41 - 2022-04-02 13:41 - 000000918 _____ C:\Users\Art\Desktop\AVArmor.lnk
2022-04-02 13:41 - 2022-04-02 13:41 - 000000000 ____D C:\Program Files\Outbyte
2022-04-02 13:38 - 2022-04-02 13:39 - 016622768 _____ (Outbyte) C:\Users\Art\Downloads\outbyte-avarmor.exe
2022-03-28 00:27 - 2022-03-28 00:27 - 000001277 _____ C:\Users\Art\Desktop\Outbyte File Recovery.lnk
2022-03-28 00:12 - 2022-03-28 00:13 - 000000000 ____D C:\ProgramData\BSD
2022-03-28 00:12 - 2022-03-28 00:12 - 000001196 _____ C:\Users\Art\Desktop\Driver Updater.lnk
2022-03-27 23:34 - 2022-03-27 23:20 - 000192736 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2022-03-27 23:18 - 2022-03-27 23:18 - 000000000 ____D C:\Program Files\Java
2022-03-27 22:27 - 2022-04-09 12:06 - 000000000 ____D C:\Windows\system32\Tasks\Outbyte
2022-03-27 22:27 - 2022-04-02 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outbyte
2022-03-27 22:27 - 2022-03-28 00:27 - 000000000 ____D C:\Program Files (x86)\Outbyte
2022-03-27 22:27 - 2022-03-27 22:27 - 000001136 _____ C:\Users\Art\Desktop\PC Repair.lnk
2022-03-27 22:26 - 2022-04-02 13:33 - 000000000 ____D C:\ProgramData\Outbyte
2022-03-27 22:26 - 2022-03-27 22:26 - 022988248 _____ (Outbyte) C:\Users\Art\Downloads\outbyte-pc-repair.exe
2022-03-22 22:32 - 2022-03-22 22:32 - 000000000 ____D C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2022-03-19 02:55 - 2022-03-19 02:55 - 000001071 _____ C:\Users\Public\Desktop\Windscribe.lnk
2022-03-19 02:55 - 2022-03-19 02:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2022-03-19 02:52 - 2022-03-19 02:52 - 019552128 _____ (Windscribe Limited) C:\Users\Art\Downloads\Windscribe (2).exe
2022-03-19 02:52 - 2022-03-19 02:52 - 000048544 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2022-03-19 02:52 - 2022-03-19 02:52 - 000038312 _____ (WireGuard LLC) C:\Windows\system32\Drivers\windtun420.sys
2022-03-19 02:52 - 2022-03-19 02:52 - 000025384 _____ C:\Windows\system32\Drivers\WindscribeSplitTunnel.sys
2022-03-19 02:36 - 2022-03-19 02:36 - 000329520 _____ C:\active_protection.txt
2022-03-19 02:36 - 2022-03-19 02:36 - 000037888 _____ C:\urls.set
2022-03-19 02:16 - 2022-03-19 02:16 - 007513880 _____ (VS Revo Group ) C:\Users\Art\Downloads\revosetup (1).exe
2022-03-13 16:22 - 2022-03-18 16:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2022-03-13 01:02 - 2022-03-13 01:02 - 000094705 _____ C:\Users\Art\Downloads\2022-02-16 Statement - USB Dillons 5368.pdf
2022-03-10 16:03 - 2022-03-10 16:03 - 002516696 _____ C:\Users\Art\Downloads\LT ABS ARTHUR (1).pdf
2022-03-10 16:01 - 2022-03-10 16:01 - 000040939 _____ C:\Users\Art\Downloads\ID-front (1).pdf
2022-03-10 16:01 - 2022-03-10 16:01 - 000012528 _____ C:\Users\Art\Downloads\Record_Request (1).pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-04-09 13:04 - 2017-03-18 06:43 - 000000000 ____D C:\FRST
2022-04-09 13:00 - 2015-11-29 00:20 - 000000384 _____ C:\Windows\Tasks\update-sys.job
2022-04-09 12:53 - 2022-02-11 01:01 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{BF21A923-A93E-412B-9FC4-6EA3E52D3F63}
2022-04-09 12:09 - 2015-05-18 22:15 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-09 11:58 - 2018-08-13 07:29 - 000000000 ____D C:\Users\Art\AppData\LocalLow\Mozilla
2022-04-09 11:44 - 2020-02-03 10:23 - 000000000 ____D C:\ProgramData\Mozilla
2022-04-09 11:03 - 2015-11-29 00:20 - 000000384 _____ C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job
2022-04-09 09:00 - 2022-01-30 04:02 - 000000000 ____D C:\Users\Art\Desktop\open office
2022-04-09 04:28 - 2009-07-13 23:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-04-09 04:28 - 2009-07-13 23:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-04-09 00:13 - 2009-07-13 21:34 - 000000466 _____ C:\Windows\win.ini
2022-04-05 13:59 - 2018-05-23 09:43 - 000000000 ____D C:\Users\Art\AppData\Roaming\uTorrent
2022-04-05 13:58 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2022-04-05 13:55 - 2015-06-07 14:12 - 000000000 ____D C:\Users\Art\Desktop\New folder
2022-04-05 13:37 - 2020-04-09 12:09 - 000000000 ____D C:\Users\Art\AppData\Local\BitTorrentHelper
2022-04-05 09:33 - 2018-05-27 11:54 - 000000000 ____D C:\Users\Art\Downloads\torrents
2022-04-04 15:14 - 2021-08-02 10:35 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-04 15:14 - 2021-08-02 10:35 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-04-04 09:16 - 2021-07-29 10:18 - 000004026 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1627571888
2022-04-02 13:41 - 2016-01-25 15:05 - 000000000 ____D C:\ProgramData\Package Cache
2022-04-02 13:18 - 2009-07-14 00:13 - 000798694 _____ C:\Windows\system32\PerfStringBackup.INI
2022-04-02 13:18 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2022-04-02 13:11 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-03-28 00:20 - 2020-11-23 18:02 - 000000000 ____D C:\Program Files\DIFX
2022-03-27 23:34 - 2016-08-05 09:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-03-27 22:43 - 2021-06-24 02:39 - 000000000 ____D C:\Users\Art\AppData\LocalLow\IGDump
2022-03-26 01:33 - 2019-11-12 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2022-03-23 06:24 - 2015-12-03 18:39 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-03-22 23:09 - 2018-05-23 08:58 - 000000000 ____D C:\Program Files (x86)\Windscribe
2022-03-22 23:07 - 2019-11-06 19:35 - 000007668 _____ C:\Users\Art\AppData\Local\Resmon.ResmonCfg
2022-03-20 22:36 - 2015-10-10 16:33 - 000000000 ____D C:\Users\Art\AppData\Roaming\vlc
2022-03-19 02:52 - 2018-05-23 08:58 - 000000000 ____D C:\Users\Art\AppData\Local\Windscribe
2022-03-19 02:48 - 2015-10-03 12:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-03-19 02:39 - 2019-05-26 21:27 - 000001077 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2022-03-19 02:39 - 2019-05-26 21:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2022-03-19 02:24 - 2022-02-09 01:00 - 000000178 _____ C:\Windows\restoro.ini
2022-03-19 02:22 - 2015-10-17 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2022-03-19 02:22 - 2015-10-17 06:58 - 000000000 ____D C:\ProgramData\Auslogics
2022-03-19 02:17 - 2017-07-28 01:39 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2022-03-19 02:17 - 2017-07-28 01:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
 
==================== Files in the root of some directories ========
 
2016-02-17 21:13 - 2016-03-08 03:27 - 000399360 _____ () C:\Program Files\CascLib.dll
2016-02-17 21:13 - 2016-03-08 03:27 - 000326144 _____ () C:\Program Files\DXPRecastPathFinding2.dll
2016-02-19 22:52 - 2016-02-19 22:52 - 000003766 _____ () C:\Program Files\error.txt
2016-02-17 21:13 - 2016-02-01 15:51 - 000301056 _____ (The Apache Software Foundation) C:\Program Files\log4net.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000510976 _____ (Newtonsoft) C:\Program Files\Newtonsoft.Json.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000230912 _____ (Alexandre Mutel) C:\Program Files\SharpDX.Direct2D1.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000558080 _____ (Alexandre Mutel) C:\Program Files\SharpDX.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000090624 _____ (Alexandre Mutel) C:\Program Files\SharpDX.DXGI.dll
2016-06-20 11:11 - 2013-08-31 14:01 - 000121696 _____ () C:\Program Files\Weather_Meter_V1.7.gadget
2016-01-17 14:28 - 2017-03-28 21:09 - 000000933 _____ () C:\Users\Art\AppData\Roaming\burnaware.ini
2017-07-29 23:33 - 2017-07-30 03:10 - 000000098 _____ () C:\Users\Art\AppData\Roaming\LauncherSettings_live.cfg
2017-07-30 01:01 - 2017-07-30 01:01 - 000000042 _____ () C:\Users\Art\AppData\Roaming\TheHunterSettings_live.cfg
2016-09-27 00:21 - 2016-09-27 00:21 - 000000046 _____ () C:\Users\Art\AppData\Roaming\WB.CFG
2017-10-27 13:33 - 2020-06-03 13:29 - 000000367 _____ () C:\Users\Art\AppData\Roaming\Weather Meter_Settings.ini
2016-01-24 09:57 - 2016-02-04 21:50 - 000000031 _____ () C:\Users\Art\AppData\Local\burnaware.ini
2019-02-28 23:12 - 2019-02-28 23:12 - 000000084 _____ () C:\Users\Art\AppData\Local\DVDPATH.TXT
2019-11-06 19:35 - 2022-03-22 23:07 - 000007668 _____ () C:\Users\Art\AppData\Local\Resmon.ResmonCfg
2021-06-24 07:08 - 2021-06-24 07:08 - 000000003 _____ () C:\Users\Art\AppData\Local\updater.log
2015-11-29 00:20 - 2022-03-05 20:09 - 000000424 _____ () C:\Users\Art\AppData\Local\UserProducts.xml
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2022-04-07 04:25
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022
Ran by Art (09-04-2022 13:09:07)
Running from C:\Users\Art\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X64) (2015-05-19 02:10:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2012456220-316695357-2301545490-500 - Administrator - Disabled)
Art (S-1-5-21-2012456220-316695357-2301545490-1000 - Administrator - Enabled) => C:\Users\Art
G5PWFULZDC (S-1-5-21-2012456220-316695357-2301545490-1001 - Limited - Enabled) => C:\Users\G5PWFULZDC
Guest (S-1-5-21-2012456220-316695357-2301545490-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2012456220-316695357-2301545490-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: adaware antivirus (Enabled - Up to date) {3AF56CA3-CA5A-215C-108D-CECA729D293A}
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: adaware antivirus (Enabled - Up to date) {81948D47-EC60-2ED2-2A3D-F5B8091A6387}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\uTorrent) (Version: 3.5.5.46206 - BitTorrent Inc.)
AdAwareInstaller (HKLM\...\{894C03B8-5FB6-4F8C-BE33-0791583DCBF6}) (Version: 12.7.1052.0 - adaware) Hidden
AdAwareUpdater (HKLM\...\{56DA06D2-5614-49C5-AA64-8BDA2E259798}) (Version: 12.7.1052.0 - adaware) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20085 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
AMD Catalyst Install Manager (HKLM\...\{B046F915-7A34-7D83-5494-67D8BD488538}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{16BA964D-698D-4663-8FA7-B9613DA7958B}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntimalwareEngine (HKLM\...\{5C7A5F94-02E9-4C5D-A594-B1F10865965A}) (Version: 3.0.160.0 - adaware) Hidden
Any Video Converter Ultimate 6.2.4 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 9.2.0.0 - Auslogics Labs Pty Ltd)
AVCWare DVD Copy 2 (HKLM-x32\...\AVCWare DVD Copy 2) (Version: 2.0.4.20170210 - AVCWare)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 1.2.11 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.2.11.10002 - CANON INC.)
Canon LBP6230 6240 Uninstaller (HKLM\...\Canon LBP6230 6240) (Version: 6, 3, 1, 0 - Canon Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
DVD-Cloner 2019 (HKLM-x32\...\DVD-Cloner 2019_is1) (Version: 16.10.0.1444 - OpenCloner Inc.)
Easy Photo Scan (HKLM-x32\...\{1021AA9F-6A0A-4128-B89B-1A05A8DD1770}) (Version: 1.00.0009 - Seiko Epson Corporation)
EKS Sherlock (HKLM-x32\...\EKS Sherlock) (Version:  - )
Elevated Installer (HKLM-x32\...\{877496C2-70B0-42F1-835A-FAFE2CF0199C}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 9.02 - NCH Software)
Fast Duplicate File Finder 5.9.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 5.9.0.1 - MindGems, Inc.)
Filmotech v3.9.1 (HKLM\...\Filmotech_is1) (Version: 3.9.1 - )
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
Garmin Express (HKLM-x32\...\{235f2ee5-7383-44df-a298-01221caa5532}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E944FA32-8BCF-474F-BFB2-D1EF24555873}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.75 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.18.34.21 - Hewlett-Packard Company)
HydraVision (HKLM-x32\...\{5F170011-13ED-E84C-7844-6B941CA34F30}) (Version: 4.2.222.0 - Advanced Micro Devices, Inc.) Hidden
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 321 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
LG VZW United Drivers (HKLM-x32\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version: 1.18.27.10 - LightScribe)
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.23.5.1 - Marvell)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
Mozilla Thunderbird 78.11.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 78.11.0 (x86 en-US)) (Version: 78.11.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewFreeScreensaver nfsUnderwaterLife (HKLM-x32\...\nfsUnderwaterLife New Free Screensaver_is1) (Version:  - NewFreeScreensavers.com)
ODT Viewer version 1.0 (HKLM-x32\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
OpenOffice 4.1.10 (HKLM-x32\...\{D909483F-780E-4232-9313-4C24A1B09BE8}) (Version: 4.110.9807 - Apache Software Foundation)
Opera Stable 85.0.4341.47 (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Opera 85.0.4341.47) (Version: 85.0.4341.47 - Opera Software)
Outbyte AVArmor (HKLM\...\{6D2DE302-B1E4-47BC-A870-83089CA9A6D8}_is1) (Version: 4.1.2.62618 - Outbyte Computing Pty Ltd)
Outbyte Driver Updater (HKLM-x32\...\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1) (Version: 2.1.17.5814 - Outbyte Computing Pty Ltd)
Outbyte File Recovery (HKLM-x32\...\{9AE5542F-3E25-4A55-ADEC-13646CFF46EA}_is1) (Version: 8.0.25.0 - Outbyte Computing Pty Ltd)
Outbyte PC Repair (HKLM-x32\...\{D5C6DB0C-BC43-4A77-9121-D1A07591F855}_is1) (Version: 1.7.102.5916 - Outbyte Computing Pty Ltd)
Pogo (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\7800fd33e6d3fd32066a5d9e92b24b59) (Version: 1.0 - Google\Chrome)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Revo Uninstaller 2.3.8 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.8 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 4.5.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.5.5 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{F3BA1C5E-51F1-4256-B5FD-0C060D963D35}) (Version: 2.17.0214 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{EDB7BFB3-9B55-4A70-920F-35226A4E4A12}) (Version: 2.16.0504 - Samsung Electronics Co., Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows Driver Package - Canon Printer  (07/02/2019 21.46.0.0) (HKLM\...\7B4C73808C155604A986DC16347581EF007C38D5) (Version: 07/02/2019 21.46.0.0 - Canon)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\BD28A75CDFB28255C4F7327AD9EC5B23B9DD7481) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\BF1AD0105EBDCA6E730BE93DE583343339830A7A) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Media Player 9 Series Winter Fun Pack (HKLM-x32\...\{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}) (Version: 1.0.0 - <no manufacturer>)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.3 Build 16 - Windscribe Limited)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B08 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\ChromeHTML: ->  <==== ATTENTION
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.7.1052.0\AdAwareShellExtension.dll [2019-11-08] (Adaware Software -> )
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.7.1052.0\AdAwareShellExtension.dll [2019-11-08] (Adaware Software -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pogo.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=bkjcnfmlobgpbcmjdhpedlfcbcbdgmag
 
==================== Loaded Modules (Whitelisted) =============
 
2021-08-04 15:23 - 2013-01-31 04:21 - 000152064 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2008-03-03 13:35 - 2008-03-03 13:35 - 000153088 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hptcpmib.dll
2008-03-03 13:36 - 2008-03-03 13:36 - 000331264 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\HpTcpMon.dll
2005-04-08 01:27 - 2005-04-08 01:27 - 000132096 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hpzjrd01.dll
2013-01-16 14:15 - 2013-01-16 14:15 - 000033792 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2013-01-16 14:15 - 2013-01-16 14:15 - 000110592 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2016-02-09 16:25 - 2008-05-07 20:59 - 000099840 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpzpplhn.dll
2015-10-23 12:30 - 2015-10-23 12:30 - 000425744 _____ (Lavasoft Limited -> Lavasoft Limited) [File not signed] C:\Windows\system32\LavasoftTcpService64.dll
2019-03-27 23:34 - 2019-03-27 23:34 - 000130560 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2008-03-03 13:36 - 2008-03-03 13:36 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\HPTcpMUI.dll
2017-06-24 19:45 - 2015-12-08 14:08 - 000182784 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\E_YLMBRBE.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Version 11) (Whitelisted) ==========
 
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_321\bin\ssv.dll [2022-03-27] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-03-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-06] (Oracle America, Inc. -> Oracle Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-04-05 13:58 - 2022-04-05 13:58 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Art\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D46333DB-7ECF-41C1-AC2F-2B393DC04A73}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D3BAF84-2602-4CFD-9A9B-78C8161F808B}] => (Allow) LPort=67
FirewallRules: [{9AFEE362-8358-4F36-839E-8A35E6221800}] => (Allow) LPort=67
FirewallRules: [TCP Query User{B49E544D-6E50-4481-A8F5-880F2F9499F7}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{CB26F1F7-99AD-4256-894B-BC99E8CD701F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [TCP Query User{E2BFD027-3D18-4E15-B194-C7B351796008}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{71440E9D-3A85-47ED-BBC7-607E4AC7A70A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [TCP Query User{7E28F5A7-300E-47C8-B6CB-9A0B3A252517}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{90AD9F5A-3B3D-4963-9470-714EB0D8F103}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{9B997D3D-D2F2-4009-8C94-8B5CDA95DFE7}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{2F70C83E-B40A-4E57-AD3B-B1D855623E2D}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{682EAB60-F568-482C-BEE6-97034D37DD49}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{6BE74172-D7C4-4940-8FC2-43CFEFBEA733}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{E01E9E19-5D5B-468C-A2FA-1EF488889FA9}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{C9516795-B1DA-4CB4-892E-D7B44B260BD4}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{6A97E8EE-C116-43EA-A272-D493D73695AF}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{DF98DD41-29F6-45EC-888A-526A29AA1DE0}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{12D9EA34-5E14-44E7-A461-B2D721507E7B}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{64F432AB-8CF5-4FC4-9AC2-39312749F779}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{7EEE913C-DC20-43EE-805D-A62A8EBFDD88}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{78831BCF-6178-4AF7-A74A-66307FA7CB94}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [{CBE67FEB-E661-431B-9406-9DE3C4EFAED0}] => (Allow) C:\Users\Art\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{03DC014D-7FD0-4B81-ADDD-6183E9E91F91}] => (Allow) C:\Users\Art\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{9CF9A3C2-FE53-4301-8AF7-8D2B41A6EFC8}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [UDP Query User{85A7B166-58A5-4186-8D14-9805CE4D65F5}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [TCP Query User{521CF2B7-1317-4F35-8EF8-2F444FEE990E}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [UDP Query User{F4121D3C-7EA4-4745-863A-D0821F0B8652}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [TCP Query User{CF4DE86D-EDFD-4AB0-9D20-3678EC1E6EBA}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{C774692B-4084-4E6A-A0A1-8F9BE26284FC}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{EF9DB066-48C9-4901-86AC-B95EFCD1832D}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{B31526B4-B506-49B3-8D9C-34BB75BBE376}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{58DAE6A7-0D74-4FC2-BADE-A6C0EB12ABE1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
28-03-2022 04:36:39 Scheduled Checkpoint
02-04-2022 13:40:38 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660
 
==================== Faulty Device Manager Devices ============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/09/2022 09:01:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7601.24382 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1814
 
Start Time: 01d84c1329b747f7
 
Termination Time: 20
 
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
Report Id: 849e1b30-b80d-11ec-89ff-1cc1de5dad22
 
Error: (04/09/2022 05:11:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (04/08/2022 10:33:03 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (04/07/2022 03:55:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (04/06/2022 08:50:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (04/06/2022 01:09:59 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (04/05/2022 06:14:00 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (04/04/2022 11:49:36 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
 
System errors:
=============
Error: (04/09/2022 01:12:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
 
Error: (04/09/2022 03:26:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (04/09/2022 03:26:54 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (04/09/2022 03:26:54 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (04/09/2022 03:26:54 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (04/09/2022 03:26:54 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (04/08/2022 01:22:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.361.1492.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
Source Path: Default URL
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.19000.8
 
Error code: 0x80070422
 
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (04/08/2022 05:00:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard 786H1 v01.02 12/16/2009
Motherboard: Hewlett-Packard 304Bh
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 74%
Total physical RAM: 7991.29 MB
Available physical RAM: 2069.32 MB
Total Virtual: 15980.73 MB
Available Virtual: 9576.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:704.53 GB) NTFS
 
\\?\Volume{9dc8774c-fdda-11e4-b284-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 75E2953E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Hi, arwier.
 
Thanks for your patience.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below. As soon as I have your agreement, I'll start the cleaning procedure. 

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


  • 0

#3
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

I am sorry to take so long to reply and I do know that pirated software is illegal and that any you find on here will be removed and I have no problem with that so I will do exactly what you tell me to no more no less and thank you for your help


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Hi, arwier.
 
Here are my first comments/instructions:
 
 
1. P2P Program

You have μΤorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it.

 

2. Adaware antivirus
 
This antivirus appears in the Security Center of the log, however it is not shown in the Installed Programs list. There are remnants, which we are going to remove in a next step. 
 
Have in mind that installing more than one of those programs may conflict with each other and cause the following:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

 

3. Flash Player
 
This Product reached its end of life since January 2021. Keeping it in your computer is a security risk. 
 
Thus, I recommend you to uninstall the following:
 
Adobe Flash Player 32 ActiveX 
Adobe Flash Player 32 PPAPI 
 
 
4. Java
 
There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version. You have an old version of Java installed and this is another security risk. Please, uninstall it.
 
Java 8 Update 231 
 
If you decide that you don't need Java at all, also uninstall the following:
 
Java 8 Update 321 
 
 
5. Outbyte

We do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. In addition, Outbyte is detected by some tools we use here as a potentially unwanted program, so...
 
I recommend you to uninstall:
 
Outbyte Driver Updater 
Outbyte PC Repair 
Outbyte File Recovery 
 
 
6. Fresh FRST logs
 
After uninstalling all the above programs, please let me check fresh FRST logs.

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

 

 

 

In your next reply please post:

  1. Which programs did you uninstall
  2. The fresh FRST logs, Addition and FRST

  • 0

#5
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

I did as you suggested and uninstalled:

utorrent

adobe flash player :32 active x : and ppapi

java 8 update: 231: and 321

outbyte: driver updater: pc repair: file recovery

I could not find adaware

 

Attached Files


  • 1

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Thank you. :)

 

Since here it is late (almost 23:00), I'll review your logs tomorrow and give you a new set of instructions then.


  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Hi, arwier.
 
Let's continue. 
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
AdAwareInstaller (HKLM\...\{894C03B8-5FB6-4F8C-BE33-0791583DCBF6}) (Version: 12.7.1052.0 - adaware) Hidden
AdAwareUpdater (HKLM\...\{56DA06D2-5614-49C5-AA64-8BDA2E259798}) (Version: 12.7.1052.0 - adaware) Hidden
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\ChromeHTML: ->  <==== ATTENTION
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} =>  -> No File
2015-10-23 12:30 - 2015-10-23 12:30 - 000425744 _____ (Lavasoft Limited -> Lavasoft Limited) [File not signed] C:\Windows\system32\LavasoftTcpService64.dll
IE trusted site: HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\webcompanion.com -> hxxp://webcompanion.com
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
FirewallRules: [TCP Query User{B49E544D-6E50-4481-A8F5-880F2F9499F7}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{CB26F1F7-99AD-4256-894B-BC99E8CD701F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [TCP Query User{E2BFD027-3D18-4E15-B194-C7B351796008}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{71440E9D-3A85-47ED-BBC7-607E4AC7A70A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [TCP Query User{9B997D3D-D2F2-4009-8C94-8B5CDA95DFE7}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{2F70C83E-B40A-4E57-AD3B-B1D855623E2D}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{682EAB60-F568-482C-BEE6-97034D37DD49}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{6BE74172-D7C4-4940-8FC2-43CFEFBEA733}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{E01E9E19-5D5B-468C-A2FA-1EF488889FA9}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{C9516795-B1DA-4CB4-892E-D7B44B260BD4}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{6A97E8EE-C116-43EA-A272-D493D73695AF}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{DF98DD41-29F6-45EC-888A-526A29AA1DE0}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{12D9EA34-5E14-44E7-A461-B2D721507E7B}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{64F432AB-8CF5-4FC4-9AC2-39312749F779}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{7EEE913C-DC20-43EE-805D-A62A8EBFDD88}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{78831BCF-6178-4AF7-A74A-66307FA7CB94}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{9CF9A3C2-FE53-4301-8AF7-8D2B41A6EFC8}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [UDP Query User{85A7B166-58A5-4186-8D14-9805CE4D65F5}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [TCP Query User{521CF2B7-1317-4F35-8EF8-2F444FEE990E}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [UDP Query User{F4121D3C-7EA4-4745-863A-D0821F0B8652}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {029c5a94-37c8-11ea-8da9-1cc1de5dad22} - F:\windows\AutoRun.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {2c6770ed-3b49-11e6-8f3a-1cc1de5dad22} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {38673154-5b18-11e6-9061-1cc1de5dad22} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {446e88ce-6494-11ea-8da9-1cc1de5dad22} - F:\windows\AutoRun.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {51bb3d55-b9d7-11e5-8fe6-1cc1de5dad22} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {8b5a1af4-5f73-11e6-9061-1cc1de5dad22} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {8bd6b0d4-95fe-11e5-a774-1cc1de5dad22} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {a8f699e6-0387-11e8-8b65-1cc1de5dad22} - F:\.\Driver\DriverInstaller.exe -eject
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {d407ad0b-e8f9-11e5-8d8b-1cc1de5dad22} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {f767d2e2-dea4-11ea-87e4-1cc1de5dad22} - F:\VZW_Software_upgrade_assistant.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {216573DF-710D-41ED-914A-D7B3C33C8973} - System32\Tasks\{A8E9C448-5B1C-4BF5-A3DA-4CA09E5D53AD} => C:\Windows\system32\pcalua.exe -a "E:\8100 elite drivers\sp66134.exe" -d "E:\8100 elite drivers"
Task: {30E6880A-7493-4F4B-ADFF-BE6F0402ACEF} - System32\Tasks\{E9BF2F75-97CD-4EC2-A47D-D1F072210551} => C:\Windows\system32\pcalua.exe -a D:\fscommand\menu.exe -d D:\
Task: {315A9903-1AEA-495D-A38A-79E3128AA341} - System32\Tasks\Outbyte\AVArmor\Start Outbyte AVArmor automatic scanning => C:\Program Files\Outbyte\AVArmor\AVArmor.exe [6272832 2021-01-29] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {3C0608CB-EBEE-448F-AAEC-697A182C9B81} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {3CB1E99F-0B03-4162-B317-44B47B93E714} - System32\Tasks\{F91A8E38-2EC4-42D0-9418-AED7BAE56FB7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Art\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJMQ5JJS\JavaSetup8u91.exe" -d C:\Users\Art\Desktop
Task: {5665B457-EDCA-43D4-BEE6-27F33844F483} - System32\Tasks\{AE427F53-7452-4559-B9B2-3F9BFEFE6FA6} => C:\Windows\system32\pcalua.exe -a "E:\8100 elite drivers\sp56990.exe" -d "E:\8100 elite drivers"
Task: {6102BFF7-378A-49C8-A629-7832370C2FCA} - System32\Tasks\Outbyte\PC Repair\WiFiCheck => C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe /UseTray /Schedule /WiFiCheck (No File) <==== ATTENTION
Task: {6FFB62D8-968A-47FD-AF05-5E8BD10DC5FF} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\Art\AppData\Local\Temp\IHU328B.tmp.exe <==== ATTENTION
Task: {7CB00CB9-7BE6-4C02-BBB9-7B8140755770} - System32\Tasks\IHSelfDeleteTASK => CMD /C DEL C:\Users\Art\AppData\Local\Temp\IHU33F2.tmp.exe <==== ATTENTION
Task: {9C239C66-6A76-4109-9819-7C95189A49AC} - System32\Tasks\Outbyte\PC Repair\Survey => C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe /UseTray /Schedule /Survey (No File) <==== ATTENTION
Task: {A0042067-66FD-4CC9-9613-BD5299EF6826} - System32\Tasks\Outbyte\Driver Updater\Send update results => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe /Schedule /SendUpdateResults (No File)
Task: {A873D485-154F-43FC-A8ED-077BB41584A6} - System32\Tasks\Outbyte\PC Repair\NewDeceptors => C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe /UseTray /Schedule /NewDeceptors (No File) <==== ATTENTION
Task: {B818CC6A-0845-465A-88CB-4E8D5545EED0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {C20ED6FB-0C0D-43C0-A5B9-E95EBF49BE33} - System32\Tasks\{4337E0EE-E164-4A0D-B89A-14C8DFBAA1CD} => C:\Windows\system32\pcalua.exe -a "E:\8100 elite drivers\sp46783.exe" -d "E:\8100 elite drivers"
Task: {C3A4CFF4-1C25-4194-94D8-024C50ABA1E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (No File)
Task: {C9253408-A8C1-40E7-9F24-C0E5E4AD80CD} - System32\Tasks\{5F774E8A-C5D2-4F0E-97DB-7879424E95F1} => msiexec.exe /package "C:\Users\Art\Desktop\WinterPlayerPack.msi"
Task: {F90A734F-1830-4416-B58A-CFA36873D1D2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin (No File)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File]
FF Plugin-x32: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S2 HPSLPSVC; C:\Users\Art\AppData\Local\Temp\7zS64DC\hpslpsvc64.dll [X] <==== ATTENTION
S2 RestoroActiveProtection; "C:\Program Files\Restoro\bin\RestoroProtection.exe" [X] <==== ATTENTION
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [187688 2018-05-02] (Bitdefender SRL -> BitDefender LLC)
R3 ObDrvAntiSpyAVSrv; C:\Program Files\Outbyte\AVArmor\DrvAntiSpywareX64.sys [54960 2021-01-12] (Outbyte Computing Pty Ltd -> Outbyte)
R3 ObDrvMonAVSrv; C:\Program Files\Outbyte\AVArmor\DrvMonX64.sys [186544 2021-01-12] (Outbyte Computing Pty Ltd -> Outbyte)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2018-05-02] (Bitdefender SRL -> BitDefender S.R.L.)
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrpan; system32\DRIVERS\csrpan.sys [X]
S3 csrserial; system32\DRIVERS\csrserial.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Art\AppData\Local\Temp\tmp23C5.tmp [X] <==== ATTENTION
2022-04-02 13:41 - 2022-04-12 01:50 - 000000000 ____D C:\Windows\SysWOW64\idx
2022-04-02 13:41 - 2022-04-02 13:41 - 000000918 _____ C:\Users\Art\Desktop\AVArmor.lnk
2022-04-02 13:41 - 2022-04-02 13:41 - 000000000 ____D C:\Program Files\Outbyte
2022-04-02 13:38 - 2022-04-02 13:39 - 016622768 _____ (Outbyte) C:\Users\Art\Downloads\outbyte-avarmor.exe
2022-03-28 00:12 - 2022-03-28 00:13 - 000000000 ____D C:\ProgramData\BSD
2022-03-27 22:27 - 2022-04-14 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outbyte
2022-03-27 22:27 - 2022-04-14 13:55 - 000000000 ____D C:\Program Files (x86)\Outbyte
2022-03-27 22:27 - 2022-04-09 12:06 - 000000000 ____D C:\Windows\system32\Tasks\Outbyte
2022-03-27 22:26 - 2022-04-14 13:55 - 000000000 ____D C:\ProgramData\Outbyte
2022-03-27 22:26 - 2022-03-27 22:26 - 022988248 _____ (Outbyte) C:\Users\Art\Downloads\outbyte-pc-repair.exe
2022-04-14 13:53 - 2015-10-03 12:28 - 000000000 ____D C:\Program Files (x86)\Java
2022-04-14 13:42 - 2015-09-04 07:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2022-04-05 13:37 - 2020-04-09 12:09 - 000000000 ____D C:\Users\Art\AppData\Local\BitTorrentHelper
2022-03-26 01:33 - 2019-11-12 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2022-03-19 02:24 - 2022-02-09 01:00 - 000000178 _____ C:\Windows\restoro.ini
C:\Windows\System32\DRIVERS\gzflt.sys
C:\Windows\System32\DRIVERS\Trufos.sys
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
cmd: netsh winsock reset
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Uninstall prorams
 
Please, uninstall the following:
 
AdAwareInstaller 
AdAwareUpdater

Malwarebytes version 4.4.0.117 (It's an old version. I'm going to ask you to install the latest version at Step 4)


3. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

4. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

In your next reply please post:

  1. The fixlog.txt
  2. If uninstalling the 2 programs went fine
  3. The AdwCleaner[S0*].txt
  4. The Malwarebytes report
     

  • 0

#8
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-04-2022
Ran by Art (15-04-2022 17:43:24) Run:1
Running from C:\Users\Art\Desktop
Loaded Profiles: Art
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AdAwareInstaller (HKLM\...\{894C03B8-5FB6-4F8C-BE33-0791583DCBF6}) (Version: 12.7.1052.0 - adaware) Hidden
AdAwareUpdater (HKLM\...\{56DA06D2-5614-49C5-AA64-8BDA2E259798}) (Version: 12.7.1052.0 - adaware) Hidden
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\ChromeHTML: ->  <==== ATTENTION
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} =>  -> No File
2015-10-23 12:30 - 2015-10-23 12:30 - 000425744 _____ (Lavasoft Limited -> Lavasoft Limited) [File not signed] C:\Windows\system32\LavasoftTcpService64.dll
IE trusted site: HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\webcompanion.com -> hxxp://webcompanion.com
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
FirewallRules: [TCP Query User{B49E544D-6E50-4481-A8F5-880F2F9499F7}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{CB26F1F7-99AD-4256-894B-BC99E8CD701F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [TCP Query User{E2BFD027-3D18-4E15-B194-C7B351796008}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{71440E9D-3A85-47ED-BBC7-607E4AC7A70A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [TCP Query User{9B997D3D-D2F2-4009-8C94-8B5CDA95DFE7}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{2F70C83E-B40A-4E57-AD3B-B1D855623E2D}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{682EAB60-F568-482C-BEE6-97034D37DD49}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{6BE74172-D7C4-4940-8FC2-43CFEFBEA733}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{E01E9E19-5D5B-468C-A2FA-1EF488889FA9}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{C9516795-B1DA-4CB4-892E-D7B44B260BD4}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{6A97E8EE-C116-43EA-A272-D493D73695AF}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{DF98DD41-29F6-45EC-888A-526A29AA1DE0}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{12D9EA34-5E14-44E7-A461-B2D721507E7B}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{64F432AB-8CF5-4FC4-9AC2-39312749F779}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{7EEE913C-DC20-43EE-805D-A62A8EBFDD88}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{78831BCF-6178-4AF7-A74A-66307FA7CB94}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{9CF9A3C2-FE53-4301-8AF7-8D2B41A6EFC8}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [UDP Query User{85A7B166-58A5-4186-8D14-9805CE4D65F5}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [TCP Query User{521CF2B7-1317-4F35-8EF8-2F444FEE990E}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [UDP Query User{F4121D3C-7EA4-4745-863A-D0821F0B8652}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {029c5a94-37c8-11ea-8da9-1cc1de5dad22} - F:\windows\AutoRun.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {2c6770ed-3b49-11e6-8f3a-1cc1de5dad22} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {38673154-5b18-11e6-9061-1cc1de5dad22} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {446e88ce-6494-11ea-8da9-1cc1de5dad22} - F:\windows\AutoRun.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {51bb3d55-b9d7-11e5-8fe6-1cc1de5dad22} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {8b5a1af4-5f73-11e6-9061-1cc1de5dad22} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {8bd6b0d4-95fe-11e5-a774-1cc1de5dad22} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {a8f699e6-0387-11e8-8b65-1cc1de5dad22} - F:\.\Driver\DriverInstaller.exe -eject
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {d407ad0b-e8f9-11e5-8d8b-1cc1de5dad22} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\MountPoints2: {f767d2e2-dea4-11ea-87e4-1cc1de5dad22} - F:\VZW_Software_upgrade_assistant.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {216573DF-710D-41ED-914A-D7B3C33C8973} - System32\Tasks\{A8E9C448-5B1C-4BF5-A3DA-4CA09E5D53AD} => C:\Windows\system32\pcalua.exe -a "E:\8100 elite drivers\sp66134.exe" -d "E:\8100 elite drivers"
Task: {30E6880A-7493-4F4B-ADFF-BE6F0402ACEF} - System32\Tasks\{E9BF2F75-97CD-4EC2-A47D-D1F072210551} => C:\Windows\system32\pcalua.exe -a D:\fscommand\menu.exe -d D:\
Task: {315A9903-1AEA-495D-A38A-79E3128AA341} - System32\Tasks\Outbyte\AVArmor\Start Outbyte AVArmor automatic scanning => C:\Program Files\Outbyte\AVArmor\AVArmor.exe [6272832 2021-01-29] (Outbyte Computing Pty Ltd -> Outbyte)
Task: {3C0608CB-EBEE-448F-AAEC-697A182C9B81} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {3CB1E99F-0B03-4162-B317-44B47B93E714} - System32\Tasks\{F91A8E38-2EC4-42D0-9418-AED7BAE56FB7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Art\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJMQ5JJS\JavaSetup8u91.exe" -d C:\Users\Art\Desktop
Task: {5665B457-EDCA-43D4-BEE6-27F33844F483} - System32\Tasks\{AE427F53-7452-4559-B9B2-3F9BFEFE6FA6} => C:\Windows\system32\pcalua.exe -a "E:\8100 elite drivers\sp56990.exe" -d "E:\8100 elite drivers"
Task: {6102BFF7-378A-49C8-A629-7832370C2FCA} - System32\Tasks\Outbyte\PC Repair\WiFiCheck => C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe /UseTray /Schedule /WiFiCheck (No File) <==== ATTENTION
Task: {6FFB62D8-968A-47FD-AF05-5E8BD10DC5FF} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\Art\AppData\Local\Temp\IHU328B.tmp.exe <==== ATTENTION
Task: {7CB00CB9-7BE6-4C02-BBB9-7B8140755770} - System32\Tasks\IHSelfDeleteTASK => CMD /C DEL C:\Users\Art\AppData\Local\Temp\IHU33F2.tmp.exe <==== ATTENTION
Task: {9C239C66-6A76-4109-9819-7C95189A49AC} - System32\Tasks\Outbyte\PC Repair\Survey => C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe /UseTray /Schedule /Survey (No File) <==== ATTENTION
Task: {A0042067-66FD-4CC9-9613-BD5299EF6826} - System32\Tasks\Outbyte\Driver Updater\Send update results => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe /Schedule /SendUpdateResults (No File)
Task: {A873D485-154F-43FC-A8ED-077BB41584A6} - System32\Tasks\Outbyte\PC Repair\NewDeceptors => C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe /UseTray /Schedule /NewDeceptors (No File) <==== ATTENTION
Task: {B818CC6A-0845-465A-88CB-4E8D5545EED0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {C20ED6FB-0C0D-43C0-A5B9-E95EBF49BE33} - System32\Tasks\{4337E0EE-E164-4A0D-B89A-14C8DFBAA1CD} => C:\Windows\system32\pcalua.exe -a "E:\8100 elite drivers\sp46783.exe" -d "E:\8100 elite drivers"
Task: {C3A4CFF4-1C25-4194-94D8-024C50ABA1E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (No File)
Task: {C9253408-A8C1-40E7-9F24-C0E5E4AD80CD} - System32\Tasks\{5F774E8A-C5D2-4F0E-97DB-7879424E95F1} => msiexec.exe /package "C:\Users\Art\Desktop\WinterPlayerPack.msi"
Task: {F90A734F-1830-4416-B58A-CFA36873D1D2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin (No File)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-23] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File]
FF Plugin-x32: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S2 HPSLPSVC; C:\Users\Art\AppData\Local\Temp\7zS64DC\hpslpsvc64.dll [X] <==== ATTENTION
S2 RestoroActiveProtection; "C:\Program Files\Restoro\bin\RestoroProtection.exe" [X] <==== ATTENTION
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [187688 2018-05-02] (Bitdefender SRL -> BitDefender LLC)
R3 ObDrvAntiSpyAVSrv; C:\Program Files\Outbyte\AVArmor\DrvAntiSpywareX64.sys [54960 2021-01-12] (Outbyte Computing Pty Ltd -> Outbyte)
R3 ObDrvMonAVSrv; C:\Program Files\Outbyte\AVArmor\DrvMonX64.sys [186544 2021-01-12] (Outbyte Computing Pty Ltd -> Outbyte)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2018-05-02] (Bitdefender SRL -> BitDefender S.R.L.)
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrpan; system32\DRIVERS\csrpan.sys [X]
S3 csrserial; system32\DRIVERS\csrserial.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Art\AppData\Local\Temp\tmp23C5.tmp [X] <==== ATTENTION
2022-04-02 13:41 - 2022-04-12 01:50 - 000000000 ____D C:\Windows\SysWOW64\idx
2022-04-02 13:41 - 2022-04-02 13:41 - 000000918 _____ C:\Users\Art\Desktop\AVArmor.lnk
2022-04-02 13:41 - 2022-04-02 13:41 - 000000000 ____D C:\Program Files\Outbyte
2022-04-02 13:38 - 2022-04-02 13:39 - 016622768 _____ (Outbyte) C:\Users\Art\Downloads\outbyte-avarmor.exe
2022-03-28 00:12 - 2022-03-28 00:13 - 000000000 ____D C:\ProgramData\BSD
2022-03-27 22:27 - 2022-04-14 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outbyte
2022-03-27 22:27 - 2022-04-14 13:55 - 000000000 ____D C:\Program Files (x86)\Outbyte
2022-03-27 22:27 - 2022-04-09 12:06 - 000000000 ____D C:\Windows\system32\Tasks\Outbyte
2022-03-27 22:26 - 2022-04-14 13:55 - 000000000 ____D C:\ProgramData\Outbyte
2022-03-27 22:26 - 2022-03-27 22:26 - 022988248 _____ (Outbyte) C:\Users\Art\Downloads\outbyte-pc-repair.exe
2022-04-14 13:53 - 2015-10-03 12:28 - 000000000 ____D C:\Program Files (x86)\Java
2022-04-14 13:42 - 2015-09-04 07:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2022-04-05 13:37 - 2020-04-09 12:09 - 000000000 ____D C:\Users\Art\AppData\Local\BitTorrentHelper
2022-03-26 01:33 - 2019-11-12 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2022-03-19 02:24 - 2022-02-09 01:00 - 000000178 _____ C:\Windows\restoro.ini
C:\Windows\System32\DRIVERS\gzflt.sys
C:\Windows\System32\DRIVERS\Trufos.sys
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
cmd: netsh winsock reset
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp: 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{894C03B8-5FB6-4F8C-BE33-0791583DCBF6}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56DA06D2-5614-49C5-AA64-8BDA2E259798}\\SystemComponent" => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000_Classes\ChromeHTML => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Fast Explorer => removed successfully
C:\Windows\system32\LavasoftTcpService64.dll => moved successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B49E544D-6E50-4481-A8F5-880F2F9499F7}C:\program files (x86)\windscribe\wsappcontrol.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CB26F1F7-99AD-4256-894B-BC99E8CD701F}C:\program files (x86)\windscribe\wsappcontrol.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E2BFD027-3D18-4E15-B194-C7B351796008}C:\program files (x86)\windscribe\wsappcontrol.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{71440E9D-3A85-47ED-BBC7-607E4AC7A70A}C:\program files (x86)\windscribe\wsappcontrol.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9B997D3D-D2F2-4009-8C94-8B5CDA95DFE7}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2F70C83E-B40A-4E57-AD3B-B1D855623E2D}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{682EAB60-F568-482C-BEE6-97034D37DD49}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6BE74172-D7C4-4940-8FC2-43CFEFBEA733}C:\users\art\appdata\local\programs\opera\77.0.4054.277\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E01E9E19-5D5B-468C-A2FA-1EF488889FA9}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9516795-B1DA-4CB4-892E-D7B44B260BD4}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6A97E8EE-C116-43EA-A272-D493D73695AF}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DF98DD41-29F6-45EC-888A-526A29AA1DE0}C:\users\art\appdata\local\programs\opera\78.0.4093.147\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{12D9EA34-5E14-44E7-A461-B2D721507E7B}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{64F432AB-8CF5-4FC4-9AC2-39312749F779}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7EEE913C-DC20-43EE-805D-A62A8EBFDD88}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{78831BCF-6178-4AF7-A74A-66307FA7CB94}C:\users\art\appdata\local\programs\opera\78.0.4093.184\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9CF9A3C2-FE53-4301-8AF7-8D2B41A6EFC8}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{85A7B166-58A5-4186-8D14-9805CE4D65F5}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{521CF2B7-1317-4F35-8EF8-2F444FEE990E}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F4121D3C-7EA4-4745-863A-D0821F0B8652}C:\users\art\appdata\local\programs\opera\78.0.4093.231\opera.exe" => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{029c5a94-37c8-11ea-8da9-1cc1de5dad22} => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c6770ed-3b49-11e6-8f3a-1cc1de5dad22} => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38673154-5b18-11e6-9061-1cc1de5dad22} => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446e88ce-6494-11ea-8da9-1cc1de5dad22} => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51bb3d55-b9d7-11e5-8fe6-1cc1de5dad22} => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b5a1af4-5f73-11e6-9061-1cc1de5dad22} => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bd6b0d4-95fe-11e5-a774-1cc1de5dad22} => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8f699e6-0387-11e8-8b65-1cc1de5dad22} => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d407ad0b-e8f9-11e5-8d8b-1cc1de5dad22} => removed successfully
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f767d2e2-dea4-11ea-87e4-1cc1de5dad22} => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{216573DF-710D-41ED-914A-D7B3C33C8973}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{216573DF-710D-41ED-914A-D7B3C33C8973}" => removed successfully
C:\Windows\System32\Tasks\{A8E9C448-5B1C-4BF5-A3DA-4CA09E5D53AD} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A8E9C448-5B1C-4BF5-A3DA-4CA09E5D53AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30E6880A-7493-4F4B-ADFF-BE6F0402ACEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30E6880A-7493-4F4B-ADFF-BE6F0402ACEF}" => removed successfully
C:\Windows\System32\Tasks\{E9BF2F75-97CD-4EC2-A47D-D1F072210551} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E9BF2F75-97CD-4EC2-A47D-D1F072210551}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{315A9903-1AEA-495D-A38A-79E3128AA341}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{315A9903-1AEA-495D-A38A-79E3128AA341}" => removed successfully
C:\Windows\System32\Tasks\Outbyte\AVArmor\Start Outbyte AVArmor automatic scanning => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Outbyte\AVArmor\Start Outbyte AVArmor automatic scanning" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C0608CB-EBEE-448F-AAEC-697A182C9B81}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C0608CB-EBEE-448F-AAEC-697A182C9B81}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CB1E99F-0B03-4162-B317-44B47B93E714}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CB1E99F-0B03-4162-B317-44B47B93E714}" => removed successfully
C:\Windows\System32\Tasks\{F91A8E38-2EC4-42D0-9418-AED7BAE56FB7} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F91A8E38-2EC4-42D0-9418-AED7BAE56FB7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5665B457-EDCA-43D4-BEE6-27F33844F483}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5665B457-EDCA-43D4-BEE6-27F33844F483}" => removed successfully
C:\Windows\System32\Tasks\{AE427F53-7452-4559-B9B2-3F9BFEFE6FA6} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AE427F53-7452-4559-B9B2-3F9BFEFE6FA6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6102BFF7-378A-49C8-A629-7832370C2FCA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6102BFF7-378A-49C8-A629-7832370C2FCA}" => removed successfully
C:\Windows\System32\Tasks\Outbyte\PC Repair\WiFiCheck => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Outbyte\PC Repair\WiFiCheck" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FFB62D8-968A-47FD-AF05-5E8BD10DC5FF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FFB62D8-968A-47FD-AF05-5E8BD10DC5FF}" => removed successfully
C:\Windows\System32\Tasks\IHUninstallTrackingTASK => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CB00CB9-7BE6-4C02-BBB9-7B8140755770}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CB00CB9-7BE6-4C02-BBB9-7B8140755770}" => removed successfully
C:\Windows\System32\Tasks\IHSelfDeleteTASK => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHSelfDeleteTASK" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C239C66-6A76-4109-9819-7C95189A49AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C239C66-6A76-4109-9819-7C95189A49AC}" => removed successfully
C:\Windows\System32\Tasks\Outbyte\PC Repair\Survey => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Outbyte\PC Repair\Survey" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0042067-66FD-4CC9-9613-BD5299EF6826}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0042067-66FD-4CC9-9613-BD5299EF6826}" => removed successfully
C:\Windows\System32\Tasks\Outbyte\Driver Updater\Send update results => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Outbyte\Driver Updater\Send update results" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A873D485-154F-43FC-A8ED-077BB41584A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A873D485-154F-43FC-A8ED-077BB41584A6}" => removed successfully
C:\Windows\System32\Tasks\Outbyte\PC Repair\NewDeceptors => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Outbyte\PC Repair\NewDeceptors" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B818CC6A-0845-465A-88CB-4E8D5545EED0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B818CC6A-0845-465A-88CB-4E8D5545EED0}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C20ED6FB-0C0D-43C0-A5B9-E95EBF49BE33}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C20ED6FB-0C0D-43C0-A5B9-E95EBF49BE33}" => removed successfully
C:\Windows\System32\Tasks\{4337E0EE-E164-4A0D-B89A-14C8DFBAA1CD} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4337E0EE-E164-4A0D-B89A-14C8DFBAA1CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3A4CFF4-1C25-4194-94D8-024C50ABA1E3}" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3A4CFF4-1C25-4194-94D8-024C50ABA1E3} => removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9253408-A8C1-40E7-9F24-C0E5E4AD80CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9253408-A8C1-40E7-9F24-C0E5E4AD80CD}" => removed successfully
C:\Windows\System32\Tasks\{5F774E8A-C5D2-4F0E-97DB-7879424E95F1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F774E8A-C5D2-4F0E-97DB-7879424E95F1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F90A734F-1830-4416-B58A-CFA36873D1D2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F90A734F-1830-4416-B58A-CFA36873D1D2}" => removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015 => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@Motive.com/NpMotive,version=1.1 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1 => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb => removed successfully
HKLM\System\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc => removed successfully
AdobeFlashPlayerUpdateSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\HPSLPSVC => removed successfully
HPSLPSVC => service removed successfully
HKLM\System\CurrentControlSet\Services\RestoroActiveProtection => removed successfully
RestoroActiveProtection => service removed successfully
gzflt => Unable to stop service.
HKLM\System\CurrentControlSet\Services\gzflt => removed successfully
gzflt => service removed successfully
ObDrvAntiSpyAVSrv => service not found.
ObDrvMonAVSrv => service not found.
Trufos => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\Trufos => removed successfully
Trufos => service removed successfully
HKLM\System\CurrentControlSet\Services\CsrBtPort => removed successfully
CsrBtPort => service removed successfully
HKLM\System\CurrentControlSet\Services\csrpan => removed successfully
csrpan => service removed successfully
HKLM\System\CurrentControlSet\Services\csrserial => removed successfully
csrserial => service removed successfully
HKLM\System\CurrentControlSet\Services\csrusb => removed successfully
csrusb => service removed successfully
HKLM\System\CurrentControlSet\Services\MREMP50 => removed successfully
MREMP50 => service removed successfully
HKLM\System\CurrentControlSet\Services\MREMP50a64 => removed successfully
MREMP50a64 => service removed successfully
HKLM\System\CurrentControlSet\Services\MREMPR5 => removed successfully
MREMPR5 => service removed successfully
HKLM\System\CurrentControlSet\Services\MRENDIS5 => removed successfully
MRENDIS5 => service removed successfully
HKLM\System\CurrentControlSet\Services\MRESP50 => removed successfully
MRESP50 => service removed successfully
HKLM\System\CurrentControlSet\Services\MRESP50a64 => removed successfully
MRESP50a64 => service removed successfully
HKLM\System\CurrentControlSet\Services\VBAudioVMVAIOMME => removed successfully
VBAudioVMVAIOMME => service removed successfully
WinRing0_1_2_0 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => removed successfully
WinRing0_1_2_0 => service removed successfully
C:\Windows\SysWOW64\idx => moved successfully
C:\Users\Art\Desktop\AVArmor.lnk => moved successfully
 
"C:\Program Files\Outbyte" folder move:
 
Could not move "C:\Program Files\Outbyte" => Scheduled to move on reboot.
 
C:\Users\Art\Downloads\outbyte-avarmor.exe => moved successfully
C:\ProgramData\BSD => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outbyte => moved successfully
C:\Program Files (x86)\Outbyte => moved successfully
C:\Windows\system32\Tasks\Outbyte => moved successfully
C:\ProgramData\Outbyte => moved successfully
C:\Users\Art\Downloads\outbyte-pc-repair.exe => moved successfully
C:\Program Files (x86)\Java => moved successfully
C:\Windows\SysWOW64\Macromed => moved successfully
C:\Users\Art\AppData\Local\BitTorrentHelper => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware => moved successfully
C:\Windows\restoro.ini => moved successfully
C:\Windows\System32\DRIVERS\gzflt.sys => moved successfully
C:\Windows\System32\DRIVERS\Trufos.sys => moved successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully
 
========= netsh winsock reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
 
Image Version: 6.1.7601.18489
 
 
Error: 87
 
The cleanup-image option is unknown. 
For more information, refer to the help by running DISM.exe /?.
 
The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
 
Windows Resource Protection could not start the repair service.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8086392 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 127573 B
Edge => 0 B
Chrome => 445357805 B
Firefox => 3767326 B
Opera => 431690682 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 1672548 B
LocalService => 1738776 B
NetworkService => 27904762 B
Art => 148137220 B
G5PWFULZDC => 148137220 B
 
RecycleBin => 173835176 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-04-2022 17:46:41)
 
C:\Program Files\Outbyte => Is moved successfully
 
==== End of Fixlog 17:46:41 ====
 
 
 
all went good with uninstall 3 programs
 
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build:    03-23-2022
# Database: 2022-03-15.3 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-15-2022
# Duration: 00:00:10
# OS:       Windows 7 Professional
# Scanned:  32048
# Detected: 50
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy             C:\ProgramData\iwin games
PUP.Optional.Legacy             C:\Users\Art\Documents\TotalAV
PUP.Optional.Legacy             C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect          C:\ProgramData\SecuritySuite
PUP.Optional.WebCompanion       C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService
 
***** [ Files ] *****
 
PUP.Optional.AuslogicsDiskDefrag C:\Users\Art\Desktop\Auslogics Disk Defrag.lnk
PUP.Optional.Legacy             C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
PUP.Optional.Legacy             C:\Windows\SysWOW64\lavasofttcpservice.dll
PUP.Optional.Legacy             C:\Windows\System32\LavasoftTcpServiceOff.ini
PUP.Optional.TotalAV            C:\Users\Art\Downloads\TOTALAV_SETUP.EXE
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\CLASSES\INTERFACE\{6855F0CE-00B1-483F-8633-33B650EE4310}
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Classes\AppID\{93469602-4134-4012-A6BC-3E73B9855F90}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Classes\Interface\{3A3310BE-83DD-4E80-AC51-997CA2BA1080}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-C0B2C19C6B87}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Wow6432Node\\Classes\AppID\{93469602-4134-4012-A6BC-3E73B9855F90}
PUP.Optional.DriverUpdatePlus   HKLM\Software\Wow6432Node\BSD
PUP.Optional.Legacy             HKCU\Software\AppDataLow\Software\adawarebp
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
PUP.Optional.OutbytePCRepair    HKLM\Software\Outbyte
PUP.Optional.OutbytePCRepair    HKLM\Software\Wow6432Node\Outbyte
PUP.Optional.PCProtect          HKCU\Software\SSProtect
PUP.Optional.PCProtect          HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.Restoro            HKLM\Software\Classes\Restoro.Engine
PUP.Optional.Restoro            HKLM\Software\Restoro
PUP.Optional.SafePCKit          HKCU\Software\Sunisoft
PUP.Optional.TheBrightTag       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com
PUP.Optional.TotalAV            HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV            HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV            HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV            HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityServiceMonitor
PUP.Optional.WebCompanion       HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
PUP.Optional.WebCompanion       HKLM\Software\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\\Classes\AppID\LavasoftTcpService.exe
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS 
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Art\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Art\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{61EB474B-67A6-47F4-B1B7-386851BAB3D0} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F6A11738-3EE4-4573-AEA5-6CD5D491C167} 
Preinstalled.SamsungSmartSwitch   Folder   C:\Users\Art\AppData\Roaming\SAMSUNG\SMART SWITCH PC 
 
 
AdwCleaner[S00].txt - [6210 octets] - [15/04/2022 18:04:12]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/15/22
Scan Time: 6:34 PM
Log File: a656e166-bd14-11ec-9163-1cc1de5dad22.json
 
-Software Information-
Version: 4.5.7.186
Components Version: 1.0.1645
Update Package Version: 1.0.53721
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Art-PC\Art
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 245324
Threats Detected: 25
Threats Quarantined: 0
Time Elapsed: 9 min, 54 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 5
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, No Action By User, 813, 551614, 1.0.53721, , ame, , , 
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, No Action By User, 813, 551619, , , , , , 
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, No Action By User, 813, 551619, 1.0.53721, , ame, , , 
PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1, No Action By User, 3421, 722903, 1.0.53721, , ame, , , 
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\WOW6432NODE\UNKNOWN\UNKNOWN\Unknown, No Action By User, 3527, 728588, 1.0.53721, , ame, , , 
 
Registry Value: 1
PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1|DISPLAYNAME, No Action By User, 3421, 722903, 1.0.53721, , ame, , , 
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 2
PUP.Optional.AuslogicsDiskDefrag, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\AUSLOGICS\Disk Defrag, No Action By User, 3421, 350023, 1.0.53721, , ame, , , 
PUP.Optional.AuslogicsDiskDefrag, C:\USERS\ART\APPDATA\ROAMING\AUSLOGICS\DISK DEFRAG, No Action By User, 3421, 818929, 1.0.53721, , ame, , , 
 
File: 17
PUP.Optional.AuslogicsDiskDefrag, C:\USERS\ART\DESKTOP\Auslogics Disk Defrag.lnk, No Action By User, 3421, 350022, 1.0.53721, , ame, , 2312840F0AD31E6ADF11C667C39E9704, CA8618AF570491160EE692D48B20035053639FB8A65144AF2FC846762F9A3979
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag on the Web.url, No Action By User, 3421, 350023, , , , , 633598D7735608D4EC1701DEC59D46C2, 7AF61BF79A0E01DA439B84C126FCBE6992C0EB42A436B5A59086F451EA513E1E
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag.lnk, No Action By User, 3421, 350023, , , , , CE51760F8B320F6F46B395AA055E07BC, FD682761117D987F5219881EFF17AE6428B683E0B40913BF4A4CF32FF5EEB2C1
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Disk Defrag\Uninstall Auslogics Disk Defrag.lnk, No Action By User, 3421, 350023, , , , , 6C858D4FE71844F4AD683D95EE1D0ACA, 9BAD672D6AB5A23EE36824E096A5AC8C030CC33F77AB6594FC4D2C767D407696
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\AUSLOGICS\AUSLOGICS DISK DEFRAG\DISKDEFRAG.EXE, No Action By User, 3527, 610189, 1.0.53721, , ame, , 8E62F5143D7FAF3E4AC0287008760E82, D595A5B27F4D7677213DF055A07523CE1C621647F271257E4A952B7F9933CBA5
PUP.Optional.Restoro, C:\USERS\ART\DOWNLOADS\RESTORO.EXE, No Action By User, 813, 551611, 1.0.53721, , ame, , 39FEF85FE114D96DDE745B8CE0659B2E, 08333E61156E2CCFD7843A924FB671862FC226C89BF98F20AB95EA6125130EF7
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\AUSLOGICS\AUSLOGICS DISK DEFRAG\DEBUGMODE.DLL, No Action By User, 3527, 610189, 1.0.53721, , ame, , 164C2691CAD693FEE5CFE25CC44A42E4, B8C02B6BCCC3057AFD3007BB77BA9F614DBF322B52740856EBF2E59F6162DBAE
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\AUSLOGICS\AUSLOGICS DISK DEFRAG\TASKSCHEDULERHELPER.DLL, No Action By User, 3527, 610189, 1.0.53721, , ame, , E76A1148F0A1CEFF9531569A2D9A1EA2, 8D4A8632B8750C786FFEDC9F2A0E6580DCC0FF514FE37DB0248F6D9138B82950
PUP.Optional.Auslogics, C:\PROGRAM FILES (X86)\AUSLOGICS\DUPLICATE FILE FINDER\DUPLICATEFILEFINDER.EXE, No Action By User, 7023, 907668, 1.0.53721, , ame, , F346701ADC88B12E40FF1695D626680C, C7BD244EBD97EE15099E8BFC3531C2B4E80D27CE3037D9BBE1482EAF15CFE903
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\AUSLOGICS\AUSLOGICS DISK DEFRAG\DISKDEFRAGHELPER.DLL, No Action By User, 3527, 610189, 1.0.53721, , ame, , B88157BA4EAF32DE4DC08BA8D94DD2B7, 1FED255375CEAB20E1F9DD4CB67A669F7B50614BE0F596886C8E5EAA47E81B8B
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\AUSLOGICS\AUSLOGICS DISK DEFRAG\SETTINGS.DLL, No Action By User, 3527, 610189, 1.0.53721, , ame, , 5DF9FF91E3B66C7250AE9D499F0CBC7D, 014AC4EDEC31E57C6CC34E19165890AD11395797F2A139EAEE1BD0A77985E58A
PUP.Optional.Auslogics, C:\PROGRAM FILES (X86)\AUSLOGICS\DUPLICATE FILE FINDER\AXCOMPONENTSRTL.BPL, No Action By User, 7023, 907668, 1.0.53721, , ame, , EE838D83C226ECF0799B9B78C6249714, 9EDB61E162833109B383C853804580A2302AA5EC79B28547313E719D7C00FFF2
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\AUSLOGICS\DUPLICATE FILE FINDER\BROWSERHELPER.DLL, No Action By User, 3527, 895624, 1.0.53721, , ame, , 40CD1DB2B7602A2159B8B04E66A589AF, 3E8CD3EAA0D84A4646A00E6BD99AA96A8E7F6BAF1A34BB2F54B55B5E7764D708
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\AUSLOGICS\DUPLICATE FILE FINDER\DSSRCWM.DLL, No Action By User, 3527, 895624, 1.0.53721, , ame, , 68E8951345E30FB981896AA74AF68261, C775C45EA978822DEDE99ACD3369C7C71270D8FBD666275927C507E0C3F7C96A
PUP.Optional.Auslogics, C:\PROGRAM FILES (X86)\AUSLOGICS\DUPLICATE FILE FINDER\ATHELPER.DLL, No Action By User, 7023, 907669, 1.0.53721, , ame, , 2794111EE8FC7B21B7570914EC4789A9, 61D3D9EB7AF5552FA1020C8E6138B0DB7E28F683BC69BD6DA6D650BCD4A9D331
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\AUSLOGICS\DUPLICATE FILE FINDER\DSSRCASYNC.DLL, No Action By User, 3527, 895624, 1.0.53721, , ame, , A343A0473FA178695442F642C58094FB, 50DFC43CF00752C246E0DED3C2EB1C986590D7CD24F1C852ECD1D459EFC4150B
PUP.Optional.AuslogicsDiskDefrag, C:\USERS\ART\DOWNLOADS\TORRENTS\DISK-DEFRAG-SETUP.EXE, No Action By User, 3421, 722892, 1.0.53721, , ame, , 612C30DC662F445A7C9E7F398942CEF1, 69119D9F0FD101DE1A3DF7473370DE6F8BBB39464BBCD70BE64A8E91C8F468AC
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 

  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Hi, arwier.
 
 
1. Auslogics products
 
The tools detected Auslogics products as PUPs, which is standing for potentially unwanted programs. You have these two Auslogics products installed:
 
Auslogics Disk Defrag 
Auslogics Duplicate File Finder 
 
Although when we have to do with PUPs it's up to the User to keep them or not, I recommend you to uninstall Auslogics Disk Defrag. You can keep the other one, if you use/need it.


2. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

3. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

4. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

In your next reply, please post:

  1. If uninstalling Auslogics product(s) ran smoothly
  2. The AdwCleaner[C0*].txt
  3. The Malwarebytes report
  4. The eset.txt

  • 0

#10
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

uninstall auslogics went smoothly

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build:    03-23-2022
# Database: 2022-03-15.3 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-17-2022
# Duration: 00:00:15
# OS:       Windows 7 Professional
# Scanned:  32047
# Detected: 49
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy             C:\ProgramData\iwin games
PUP.Optional.Legacy             C:\Users\Art\Documents\TotalAV
PUP.Optional.Legacy             C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect          C:\ProgramData\SecuritySuite
PUP.Optional.WebCompanion       C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService
 
***** [ Files ] *****
 
PUP.Optional.Legacy             C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
PUP.Optional.Legacy             C:\Windows\SysWOW64\lavasofttcpservice.dll
PUP.Optional.Legacy             C:\Windows\System32\LavasoftTcpServiceOff.ini
PUP.Optional.TotalAV            C:\Users\Art\Downloads\TOTALAV_SETUP.EXE
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\CLASSES\INTERFACE\{6855F0CE-00B1-483F-8633-33B650EE4310}
PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Classes\AppID\{93469602-4134-4012-A6BC-3E73B9855F90}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Classes\Interface\{3A3310BE-83DD-4E80-AC51-997CA2BA1080}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-C0B2C19C6B87}
PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Wow6432Node\\Classes\AppID\{93469602-4134-4012-A6BC-3E73B9855F90}
PUP.Optional.DriverUpdatePlus   HKLM\Software\Wow6432Node\BSD
PUP.Optional.Legacy             HKCU\Software\AppDataLow\Software\adawarebp
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
PUP.Optional.OutbytePCRepair    HKLM\Software\Outbyte
PUP.Optional.OutbytePCRepair    HKLM\Software\Wow6432Node\Outbyte
PUP.Optional.PCProtect          HKCU\Software\SSProtect
PUP.Optional.PCProtect          HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.Restoro            HKLM\Software\Classes\Restoro.Engine
PUP.Optional.Restoro            HKLM\Software\Restoro
PUP.Optional.SafePCKit          HKCU\Software\Sunisoft
PUP.Optional.TheBrightTag       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com
PUP.Optional.TotalAV            HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV            HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV            HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV            HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityServiceMonitor
PUP.Optional.WebCompanion       HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
PUP.Optional.WebCompanion       HKLM\Software\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\\Classes\AppID\LavasoftTcpService.exe
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS 
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Art\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Art\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{61EB474B-67A6-47F4-B1B7-386851BAB3D0} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F6A11738-3EE4-4573-AEA5-6CD5D491C167} 
Preinstalled.SamsungSmartSwitch   Folder   C:\Users\Art\AppData\Roaming\SAMSUNG\SMART SWITCH PC 
 
 
AdwCleaner[S00].txt - [6210 octets] - [15/04/2022 18:04:12]
AdwCleaner[S01].txt - [6271 octets] - [15/04/2022 18:18:14]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/17/22
Scan Time: 10:53 AM
Log File: 7dac230e-be66-11ec-ae67-1cc1de5dad22.json
 
-Software Information-
Version: 4.5.7.186
Components Version: 1.0.1645
Update Package Version: 1.0.53811
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Art-PC\Art
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 244919
Threats Detected: 7
Threats Quarantined: 7
Time Elapsed: 9 min, 38 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 4
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, Quarantined, 813, 551614, 1.0.53811, , ame, , , 
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\WOW6432NODE\UNKNOWN\UNKNOWN\Unknown, Quarantined, 3526, 728588, 1.0.53811, , ame, , , 
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, Quarantined, 813, 551619, , , , , , 
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, Quarantined, 813, 551619, 1.0.53811, , ame, , , 
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 1
PUP.Optional.AuslogicsDiskDefrag, C:\USERS\ART\APPDATA\ROAMING\AUSLOGICS\DISK DEFRAG, Quarantined, 3420, 818929, 1.0.53811, , ame, , , 
 
File: 2
PUP.Optional.Restoro, C:\USERS\ART\DOWNLOADS\RESTORO.EXE, Quarantined, 813, 551611, 1.0.53811, , ame, , 39FEF85FE114D96DDE745B8CE0659B2E, 08333E61156E2CCFD7843A924FB671862FC226C89BF98F20AB95EA6125130EF7
PUP.Optional.AuslogicsDiskDefrag, C:\USERS\ART\DOWNLOADS\TORRENTS\DISK-DEFRAG-SETUP.EXE, Quarantined, 3420, 722892, 1.0.53811, , ame, , 612C30DC662F445A7C9E7F398942CEF1, 69119D9F0FD101DE1A3DF7473370DE6F8BBB39464BBCD70BE64A8E91C8F468AC
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
4/17/2022 13:05:09 PM
Files scanned: 230781
Detected files: 2
Cleaned files: 2
Total scan time 01:47:37
Scan status: Finished
C:\Users\Art\Downloads\Adaware_Installer.exe a variant of Win32/Adaware.A potentially unwanted application cleaned by deleting
 
C:\Users\Art\Downloads\ausetup.exe Win32/GlaryUtilities.D potentially unwanted application cleaned by deleting
 
 

  • 0

Advertisements


#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Thanks, arwier.

 

However, you ran the AdwCleaner again in the scan mode, meaning you didn't send to Quarantine any of the detected items. Please run it once more, and follow the instructions here to quarantine them. If you did quarantine them, then post the right log: AdwCleaner[C0*].txt

 

 

=======================================

 

After posting the correct log, let me check fresh FRST logs, to ensure that everything is clean now.

 

Also, please let me know how is the computer running now. Any remaining issue/question/concern? 


  • 0

#12
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build:    03-23-2022
# Database: 2022-03-15.3 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-17-2022
# Duration: 00:00:14
# OS:       Windows 7 Professional
# Cleaned:  26
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Users\Art\Documents\TotalAV
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
 
***** [ Files ] *****
 
Deleted       C:\Users\Art\Downloads\TOTALAV_SETUP.EXE
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
Deleted       HKCU\Software\Sunisoft
Deleted       HKLM\SOFTWARE\CLASSES\INTERFACE\{6855F0CE-00B1-483F-8633-33B650EE4310}
Deleted       HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
Deleted       HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\Software\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted       HKLM\Software\Classes\AppID\{93469602-4134-4012-A6BC-3E73B9855F90}
Deleted       HKLM\Software\Classes\Interface\{3A3310BE-83DD-4E80-AC51-997CA2BA1080}
Deleted       HKLM\Software\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-C0B2C19C6B87}
Deleted       HKLM\Software\Outbyte
Deleted       HKLM\Software\Wow6432Node\BSD
Deleted       HKLM\Software\Wow6432Node\Outbyte
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\LavasoftTcpService.exe
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{93469602-4134-4012-A6BC-3E73B9855F90}
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityServiceMonitor
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] remove_folder_Auslogics
[+] remove_folder_Auslogics(2)
[+] remove_folder_Auslogics(3)
[+] remove_folder_Auslogics(4)
[+] remove_regKey_Auslogics
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [6210 octets] - [15/04/2022 18:04:12]
AdwCleaner[S01].txt - [6271 octets] - [15/04/2022 18:18:14]
AdwCleaner[S02].txt - [6251 octets] - [17/04/2022 10:29:08]
AdwCleaner[S03].txt - [5662 octets] - [17/04/2022 14:14:02]
AdwCleaner[S04].txt - [5723 octets] - [17/04/2022 14:24:13]
AdwCleaner[S05].txt - [5722 octets] - [17/04/2022 14:37:03]
AdwCleaner[S06].txt - [5783 octets] - [17/04/2022 14:48:15]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C06].txt ##########
 
 
it seems to be running fine now

  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Thanks. This is the right log. I see that you ran AdwCleaner 6 times and you decided to remove the pre-installed software. 

 

Can you please make another scan with the FRST tool and let me check fresh FRST logs (FRST and Addition)?


  • 0

#14
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

I think that frst has frozen the green bar is not moving


  • 0

#15
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Give it some time (half an hour). If it is still frozen, restart the computer and run the tool again. Let me know what happens. 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP