Things are looking far better.
First, please uninstall Google Update Helper, (or any other google-related programmes)
================================================
Please run FRST again and make sure there is a checkmark next to ‘Addition.txt’ before you hit Scan.
Logs to include with next post:
New Frst.txt
New Addition.txt
Thanks
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Internet Browsers been infected [Solved]
Started by
yukukuhi
, Dec 21 2019 05:25 AM
-
This topic is locked
73 replies to this topic
#61
Satchfan
-
- Malware Team
-
- 6,813 posts
SuperHelper
- Interests:LFC, music, more LFC, more music
Posted 06 January 2020 - 04:47 PM
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.Register to Remove
#62
yukukuhi
-
- Authentic Member
-
- 92 posts
Authentic Member
Posted 07 January 2020 - 07:08 AM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by SGK (administrator) on DESKTOP-VF56AA2 (LENOVO 20CKCTO1WW) (07-01-2020 11:38:53)
Running from C:\Users\SGK\Desktop
Loaded Profiles: SGK (Available Profiles: SGK)
Platform: Windows 10 Pro Version 1903 18362.356 (X64) Language: English (United States)
Default browser not detected!
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\iMController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\TpShocks.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19072.18011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-07-07] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1312040 2018-12-04] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIUNE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIUNE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Windows\System32\osk.exe [640000 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\osk.exe [640000 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\79.1.2.41\Installer\chrmstp.exe [2020-01-07] (Brave Software, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk [2019-12-23]
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc.) [File not signed]
Startup: C:\Users\SGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Sound Recorder Update.lnk [2019-10-10]
ShortcutTarget: Free Sound Recorder Update.lnk -> C:\Program Files (x86)\Free Sound Recorder\Free Sound Recorder Update.exe (No File)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00C9775A-7C49-4359-9CD3-33AF8051D574} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {069B45B6-ED78-4C29-A115-974553475799} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [564664 2015-06-12] (LENOVO -> Lenovo)
Task: {0CCE4F7C-E31E-4598-8A5D-9FF635BC4839} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FCF35A8-0E29-43B8-967D-069EE6AE57CD} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {12768BAD-7F3D-4748-92DB-C78D2304F844} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [17184 2014-09-02] (LENOVO -> Lenovo)
Task: {1BCF664A-DF62-44D4-903E-E1BFFA6050C2} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [564664 2015-06-12] (LENOVO -> Lenovo)
Task: {2201B329-1587-425D-9741-A15C1C11BDBC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1514416 2018-04-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {2417BE97-F92E-4DF4-8E32-CF7FDBFD42DA} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1360320 2015-09-05] (LENOVO -> Lenovo)
Task: {343BDB46-D18F-450A-81AE-425EDDB0C256} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3FAFF3BD-FB0A-46EC-BAB5-8294B38FA110} - System32\Tasks\EPSON L3150 Series Update {EB3992DF-6650-4241-A140-08977B791365} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {41AB9512-9F20-498A-9133-F293D1522CB5} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9464768 2015-09-05] (LENOVO -> )
Task: {48670278-F002-4FF8-9D8E-A365D5317805} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9464768 2015-09-05] (LENOVO -> )
Task: {5155A95A-0A65-4360-B5B2-F42FE0A5E78E} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1514416 2018-04-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {56284708-6204-4F68-9F15-EFA59AD15D90} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe [58552 2019-02-12] (Lenovo -> )
Task: {622CD398-E4F4-4942-AB65-1F8532616046} - System32\Tasks\Lenovo Active Protection System => C:\Windows\system32\TpShUI.exe [120424 2017-03-21] (Lenovo -> Lenovo.)
Task: {67215899-2122-41EB-9D81-8FA35A83A9E0} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-09-29] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {674F069F-9B32-4950-A015-E228A4A2FCF2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54144 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {7620AEB6-6806-4324-B297-F00FFC5AD35E} - System32\Tasks\Product Updater => C:\Program Files (x86)\MP3 Cutter Joiner Free\FFProductUpdater.exe
Task: {7D4F7FCF-6C00-4A4E-A17E-6CA509EA294F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {8B58203B-01A8-4E7B-A25E-D713E37227F1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_pepper.exe [1453112 2019-12-15] (Adobe Inc. -> Adobe)
Task: {8D89C1B7-144A-445C-9F16-F1DC8A58F30F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\68cb2408-c14c-4348-8f2b-72f4e2e62506 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {93599D55-4245-4EF9-A413-5F715A5F4021} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\07c442ad-77f0-489c-bc47-d9cfc21e5d63 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {94C7DB49-81E7-4CE1-83AB-65FBCA77EF54} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-09-29] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9DDD4663-28D7-4445-B8FB-C6CF0C5472B4} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {A8575C5E-3759-495A-91F1-85A99018ED58} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {BA94AE67-7A42-4CA6-A405-3A6EEA82AE6D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {BE780F7D-DEDC-47B7-A47D-378193C46EB8} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [287688 2017-06-11] (LENOVO -> Lenovo)
Task: {BF32976A-45F2-42D4-A7A4-8AAD5FF0E936} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {C87B1E9E-F468-4BAB-B8B3-BE548DB8320A} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {C91BF3D1-9E7B-4FE0-B869-257F2A22124D} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {D92F0C7F-2382-4087-95C5-0DAE14CC43B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2E2B5E1-8CC2-406D-A551-F0FBB0905373} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-15] (Adobe Inc. -> Adobe)
Task: {E9B8FC8C-1D6D-417E-913C-7DFDADEC3B30} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270272 2015-09-05] (LENOVO -> Lenovo)
Task: {E9DDFD50-7748-44E6-B815-E22A34C950EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F0B70A85-BCBF-44FE-8F27-4ABAB6BF7B0C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {F259D293-1C22-4A40-876D-4BFC8CC7BDCA} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112312 2019-02-12] (Lenovo -> Lenovo)
Task: {F46FF6A6-7156-40E7-A8EC-A3E362F97ACD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON L3150 Series Update {EB3992DF-6650-4241-A140-08977B791365}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE:/EXE:{EB3992DF-6650-4241-A140-08977B791365} /F:UpdateWORKGROUP\DESKTOP-VF56AA2$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\Lenovo Active Protection System.job => C:\Windows\system32\TpShUI.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9e8827fe-e5ba-4082-80b6-6eac0b961629}: [DhcpNameServer] 172.168.127.2
Tcpip\..\Interfaces\{a7b1feef-c942-43a6-b975-ba7b52789bf5}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: w02vk56o.default
FF ProfilePath: C:\Users\SGK\AppData\Roaming\Mozilla\Firefox\Profiles\9cl2d4l1.default-release [2020-01-06]
FF Extension: (Video DownloadHelper) - C:\Users\SGK\AppData\Roaming\Mozilla\Firefox\Profiles\9cl2d4l1.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-10-10]
FF ProfilePath: C:\Users\SGK\AppData\Roaming\Mozilla\Firefox\Profiles\w02vk56o.default [2020-01-06]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-09-29] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-09-29] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-08-21] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-09-29] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-09-29] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2019-09-19] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S4 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [829080 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
S3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [396072 2016-10-05] (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc.) [File not signed]
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2018-01-10] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2016-11-23] (Intel® pGFX -> Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-07] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [711248 2017-04-01] (Lenovo -> Lenovo.)
S4 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-09-05] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-08] (Malwarebytes Inc -> Malwarebytes)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16569400 2019-12-16] (Adlice -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333232 2018-04-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [259176 2016-10-02] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4110624 2019-05-14] (Intel Corporation -> Intel® Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Co., Ltd. -> AnvSoft Inc.)
S3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-09-05] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_9b04ae4c30c0d829\e1d68x64.sys [606688 2019-09-10] (Intel® INTELND1820 -> Intel Corporation)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [25752 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [117912 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2018-01-10] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-10] (Intel® Software -> Intel Corporation)
S3 IT9517BDA; C:\WINDOWS\System32\Drivers\hcwG4bda.sys [752656 2016-08-11] (Hauppauge Computer Works Inc. -> ITE )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2020-01-06] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-06] (Malwarebytes Inc -> Malwarebytes)
S3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [7030040 2015-07-16] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8731536 2019-06-03] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-10-12] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [763120 2015-08-20] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [50808 2016-04-21] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51296 2016-10-02] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [749640 2016-07-01] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (Windscribe Limited -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2020-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2016-04-23] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2020-01-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-06] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-06 19:19 - 2020-01-07 10:51 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-01-06 19:19 - 2020-01-06 19:19 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-01-06 19:19 - 2020-01-06 19:19 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-01-06 19:10 - 2020-01-06 19:15 - 000762702 _____ C:\Users\SGK\Desktop\Fixlog.txt
2020-01-05 19:29 - 2020-01-05 19:32 - 000382350 _____ C:\Users\SGK\Desktop\Addition.txt
2020-01-05 11:18 - 2020-01-05 11:18 - 002272256 _____ (Farbar) C:\Users\SGK\Desktop\FRST64.exe
2020-01-04 12:23 - 2020-01-04 12:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1774D5F4.sys
2020-01-04 12:20 - 2020-01-04 20:30 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-01-04 12:20 - 2020-01-04 13:06 - 000000000 ____D C:\Users\SGK\Desktop\mbar
2020-01-04 11:36 - 2020-01-04 11:36 - 014178840 _____ (Malwarebytes Corp.) C:\Users\SGK\Desktop\mbar-1.10.3.1001.exe
2019-12-28 23:46 - 2019-12-22 13:36 - 000901467 _____ C:\Users\SGK\Desktop\json.txt
2019-12-23 20:00 - 2019-12-23 20:00 - 000002172 _____ C:\Users\Public\Desktop\Hauppauge Capture.lnk
2019-12-23 20:00 - 2019-12-23 20:00 - 000002172 _____ C:\ProgramData\Desktop\Hauppauge Capture.lnk
2019-12-23 20:00 - 2019-12-23 20:00 - 000000000 ____D C:\Users\SGK\AppData\Roaming\ArcSoft
2019-12-23 20:00 - 2019-12-23 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge
2019-12-22 22:53 - 2020-01-07 11:40 - 000027330 _____ C:\Users\SGK\Desktop\FRST.txt
2019-12-22 21:01 - 2019-12-22 21:01 - 000468480 _____ () C:\Users\SGK\Desktop\CKScanner.exe
2019-12-22 20:41 - 2019-12-22 20:41 - 000001808 _____ C:\Users\SGK\Desktop\Alaiosai.Vprj
2019-12-22 20:30 - 2020-01-05 18:11 - 000000000 ____D C:\Users\SGK\AppData\Local\CrashDumps
2019-12-22 13:12 - 2019-12-22 13:20 - 000000000 ____D C:\ProgramData\RogueKiller
2019-12-22 13:12 - 2019-12-22 13:12 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-12-22 13:12 - 2019-12-22 13:12 - 000000906 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2019-12-22 13:12 - 2019-12-22 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-12-22 13:12 - 2019-12-22 13:12 - 000000000 ____D C:\Program Files\RogueKiller
2019-12-22 11:11 - 2019-12-22 11:17 - 046219768 _____ (Adlice Software ) C:\Users\SGK\Desktop\RogueKiller_setup_ref3.exe
2019-12-22 11:10 - 2019-12-22 11:16 - 008237744 _____ (Malwarebytes) C:\Users\SGK\Desktop\adwcleaner_8.0.1.exe
2019-12-21 13:20 - 2020-01-07 11:39 - 000000000 ____D C:\FRST
2019-12-21 12:13 - 2019-12-29 19:23 - 000000000 ____D C:\WINDOWS\Minidump
2019-12-21 12:04 - 2019-12-21 12:07 - 000000000 ____D C:\Users\SGK\Documents\Bandicam
2019-12-20 20:57 - 2020-01-07 11:01 - 000002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-12-20 20:57 - 2020-01-07 11:01 - 000002384 _____ C:\Users\Public\Desktop\Brave.lnk
2019-12-20 20:57 - 2020-01-07 11:01 - 000002384 _____ C:\ProgramData\Desktop\Brave.lnk
2019-12-20 20:49 - 2019-12-20 20:49 - 003839032 _____ C:\Users\SGK\Documents\bookmarks_12_20_19.html
2019-12-20 20:43 - 2019-12-20 20:43 - 000000080 ___SH C:\bootTel.dat
2019-12-16 13:35 - 2019-12-16 13:35 - 000000000 ____D C:\ProgramData\AutoUpdate
2019-12-16 13:35 - 2019-12-16 13:35 - 000000000 ____D C:\ProgramData\Airy Team
2019-12-16 12:38 - 2019-12-16 12:38 - 000000000 ____D C:\Download
2019-12-16 12:36 - 2019-12-16 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2019-12-16 12:36 - 2019-12-16 12:36 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2019-12-16 12:22 - 2019-12-16 12:23 - 000000000 ____D C:\Users\SGK\Downloads\Kadar Majee
2019-12-16 12:19 - 2019-12-20 13:17 - 000000000 ____D C:\Users\SGK\AppData\Roaming\Intel Rapid
2019-12-16 12:04 - 2019-12-20 13:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\System
2019-12-16 12:02 - 2019-12-20 13:17 - 000000000 ____D C:\Users\SGK\AppData\Roaming\UBlockPlugin
2019-12-16 11:50 - 2019-12-16 11:50 - 000000000 ____D C:\Users\SGK\AppData\Local\cache
2019-12-15 13:14 - 2019-12-15 13:14 - 002621096 _____ C:\Users\SGK\Downloads\Kannana Kannanukku-Aalayamani Tml Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:14 - 2019-12-15 13:14 - 002545332 _____ C:\Users\SGK\Downloads\Kallelam Maanikka-Aalayamani Tml Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:14 - 2019-12-15 13:14 - 002303000 _____ C:\Users\SGK\Downloads\Satti Suttathada-Aalayamani Tml Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:14 - 2019-12-15 13:14 - 001854432 _____ C:\Users\SGK\Downloads\Maanaattam-Aalayamani Tml Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:14 - 2019-12-15 13:14 - 001760620 _____ C:\Users\SGK\Downloads\Thookam Un Kangalai-Aalayamani Tml Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:14 - 2019-12-15 13:14 - 001245688 _____ C:\Users\SGK\Downloads\Kallelaam Maanikka-Aalayamani Tml Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:14 - 2019-12-15 13:14 - 000355884 _____ C:\Users\SGK\Downloads\Karunai Magan-Aalayamani Tml Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:10 - 2019-12-15 13:10 - 002797440 _____ C:\Users\SGK\Downloads\Thanjavur Melam Atichi-Simla Special Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:10 - 2019-12-15 13:10 - 002609816 _____ C:\Users\SGK\Downloads\Ven Megame Oodiva-Simla Special Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:10 - 2019-12-15 13:10 - 002441368 _____ C:\Users\SGK\Downloads\Look Love Me Dear - Ven Megame-Simla Special Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:09 - 2019-12-15 13:09 - 002434224 _____ C:\Users\SGK\Downloads\Kuthura Kuthula-Simla Special Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:09 - 2019-12-15 13:09 - 002272356 _____ C:\Users\SGK\Downloads\Unnakkenna Melae-Simla Special Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:08 - 2019-12-15 13:08 - 001649324 _____ C:\Users\SGK\Downloads\Sollale Vilakka Theriyale-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:08 - 2019-12-15 13:08 - 001621688 _____ C:\Users\SGK\Downloads\Nalangittu Paarpomadi-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:08 - 2019-12-15 13:08 - 001572996 _____ C:\Users\SGK\Downloads\Kaathalennum Solaiyile-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:08 - 2019-12-15 13:08 - 001461136 _____ C:\Users\SGK\Downloads\Ennam Ellam-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:08 - 2019-12-15 13:08 - 001287800 _____ C:\Users\SGK\Downloads\Sollalae Villakkath Theriallae-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:07 - 2019-12-15 13:07 - 001309420 _____ C:\Users\SGK\Downloads\Ellayillatha Indathile-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:07 - 2019-12-15 13:07 - 001184964 _____ C:\Users\SGK\Downloads\Kannalane Vaarunga-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:07 - 2019-12-15 13:07 - 001121232 _____ C:\Users\SGK\Downloads\Enthan Inbam-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:06 - 2019-12-15 13:06 - 001789196 _____ C:\Users\SGK\Downloads\Porakkumpothu-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:06 - 2019-12-15 13:06 - 001688804 _____ C:\Users\SGK\Downloads\Aada Vaanga-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:06 - 2019-12-15 13:06 - 001579576 _____ C:\Users\SGK\Downloads\Yematram Thaana-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:06 - 2019-12-15 13:06 - 001443088 _____ C:\Users\SGK\Downloads\Aththanum Naanthane-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:05 - 2019-12-15 13:06 - 001852364 _____ C:\Users\SGK\Downloads\Manithan Porakkumpothu-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-15 13:05 - 2019-12-15 13:05 - 001612664 _____ C:\Users\SGK\Downloads\Urangaiyile-Chakravarthi Thirumagal Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:51 - 2019-12-13 12:51 - 001856688 _____ C:\Users\SGK\Downloads\Undaakki Vittavargal-Muharasi Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:51 - 2019-12-13 12:51 - 001418836 _____ C:\Users\SGK\Downloads\Enakkum Unakkumthaan-Muharasi Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:51 - 2019-12-13 12:51 - 001142288 _____ C:\Users\SGK\Downloads\Mugathai Kaatti Katti-Muharasi Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:49 - 2019-12-13 12:49 - 002812856 _____ C:\Users\SGK\Downloads\Jalitha Vanitha-Avanthaan Manithan Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:49 - 2019-12-13 12:49 - 002464116 _____ C:\Users\SGK\Downloads\Anbu Nadamaadum-Avanthaan Manithan Gaana.com (index_0_a) (via Skyload) (1).mp4
2019-12-13 12:49 - 2019-12-13 12:49 - 002370304 _____ C:\Users\SGK\Downloads\Manithan Ninaippathundu-Avanthaan Manithan Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:49 - 2019-12-13 12:49 - 001910644 _____ C:\Users\SGK\Downloads\Anbu Nadamaadum-Avanthaan Manithan Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:48 - 2019-12-13 12:48 - 002058224 _____ C:\Users\SGK\Downloads\Aattuvittaal-Avanthaan Manithan Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:43 - 2019-12-13 12:43 - 003105196 _____ C:\Users\SGK\Downloads\Jambulingame Jadathara-Kasethan Kadavulada Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:43 - 2019-12-13 12:43 - 002205616 _____ C:\Users\SGK\Downloads\Indru Vandha Intha Mayakkam-Kasethan Kadavulada Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:43 - 2019-12-13 12:43 - 001984340 _____ C:\Users\SGK\Downloads\Aval Enna Ninaithal-Kasethan Kadavulada Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:43 - 2019-12-13 12:43 - 001936212 _____ C:\Users\SGK\Downloads\Andavan Thodangi-Kasethan Kadavulada Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:40 - 2019-12-13 12:40 - 001315436 _____ C:\Users\SGK\Downloads\Kasethan Kadavulappa-A Tribute to Vaali Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:16 - 2019-12-13 12:16 - 002806464 _____ C:\Users\SGK\Downloads\Mazhai Kaalam Megam Ondru-Vazhve Maayam Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:16 - 2019-12-13 12:16 - 002493632 _____ C:\Users\SGK\Downloads\Vandhanam Yen Vandhanam-Vazhve Maayam Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:16 - 2019-12-13 12:16 - 002456408 _____ C:\Users\SGK\Downloads\Devi Sridevi vun Thirumal-Vazhve Maayam Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:16 - 2019-12-13 12:16 - 002447384 _____ C:\Users\SGK\Downloads\Neela Vaanam Odaiyil-Vazhve Maayam Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:16 - 2019-12-13 12:16 - 002348120 _____ C:\Users\SGK\Downloads\Vazhve Maayam Intha Vazhve-Vazhve Maayam Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:16 - 2019-12-13 12:16 - 002251300 _____ C:\Users\SGK\Downloads\Ye Rajave O Rajathi-Vazhve Maayam Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:15 - 2019-12-13 12:15 - 002366732 _____ C:\Users\SGK\Downloads\Malargalil-Kalyana Raman Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:15 - 2019-12-13 12:15 - 001497044 _____ C:\Users\SGK\Downloads\Kaathal Deepam Ondru-Kalyana Raman Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:14 - 2019-12-13 12:14 - 002263896 _____ C:\Users\SGK\Downloads\Ninaithaal Inikkum-Kalyana Raman Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:14 - 2019-12-13 12:14 - 002136432 _____ C:\Users\SGK\Downloads\Kaathal Vanthiruchi-Kalyana Raman Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:14 - 2019-12-13 12:14 - 002069692 _____ C:\Users\SGK\Downloads\Aaha Vandhirichchu-Kalyana Raman Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:05 - 2019-12-13 12:05 - 001527124 _____ C:\Users\SGK\Downloads\Thedum Deivam-Kazhugu Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:05 - 2019-12-13 12:05 - 001199440 _____ C:\Users\SGK\Downloads\Kathal Ennum Kovil-Kazhugu Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:04 - 2019-12-13 12:04 - 001658724 _____ C:\Users\SGK\Downloads\Thangangale Thambigale-Thillu Mullu Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 12:04 - 2019-12-13 12:04 - 000607804 _____ C:\Users\SGK\Downloads\Thillumullu Thillumullu-Thillu Mullu Gaana.com (index_0_a) (via Skyload).mp4
2019-12-13 11:51 - 2020-01-06 19:10 - 000000000 ____D C:\Users\SGK\AppData\Local\GoogleChromeUserData
2019-12-11 13:41 - 2019-12-11 13:43 - 000000000 ____D C:\Users\SGK\Downloads\Medeival Tamil Songs
2019-12-11 13:33 - 2019-12-21 12:24 - 000000000 ____D C:\Users\SGK\AppData\Local\GoogleChromeApplication
2019-12-11 12:15 - 2019-12-11 12:15 - 006848922 _____ C:\Users\SGK\Downloads\Kai Kodutha Deivam Sindhu Nadhiyin song (4).mp4
2019-12-11 11:19 - 2019-12-11 11:22 - 000000000 ____D C:\Users\SGK\AppData\Roaming\YouTubeByClick
2019-12-11 11:19 - 2019-12-11 11:19 - 000000000 ____D C:\ProgramData\Caphyon
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-07 10:55 - 2019-10-15 00:07 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{0A00A2D4-6E2D-4A15-AC5D-1F5CEDAEDF66}
2020-01-07 10:51 - 2017-06-11 22:14 - 000000000 __SHD C:\Users\SGK\IntelGraphicsProfiles
2020-01-06 19:24 - 2018-03-02 21:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-01-06 19:21 - 2018-12-30 18:34 - 000000000 ____D C:\Users\SGK\AppData\Local\PlaceholderTileLogoFolder
2020-01-06 19:19 - 2019-03-19 10:22 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-06 19:18 - 2019-10-15 00:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-06 19:18 - 2019-03-19 10:07 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-06 12:01 - 2019-10-14 23:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-05 19:16 - 2018-03-18 17:59 - 000000000 ____D C:\Users\Public\Hauppauge Capture
2020-01-05 12:31 - 2017-06-17 19:50 - 000000000 ____D C:\Users\SGK\Documents\Vuze Downloads
2020-01-05 12:25 - 2018-10-13 21:00 - 000000000 ____D C:\Users\SGK\Downloads\Illayaraja Official
2020-01-05 11:08 - 2019-10-13 20:18 - 000000000 ____D C:\Users\SGK\Desktop\BlueStacks Apps
2020-01-04 13:18 - 2017-06-19 20:15 - 000000000 ____D C:\Users\SGK\AppData\Roaming\BaiduYunGuanjia
2020-01-04 12:23 - 2017-06-13 18:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-12-28 23:04 - 2018-05-23 20:23 - 000536152 _____ C:\WINDOWS\ntbtlog.txt
2019-12-23 20:01 - 2018-05-06 14:39 - 000000000 ____D C:\ProgramData\Hauppauge
2019-12-23 20:00 - 2018-03-14 22:29 - 000000000 ____D C:\Program Files (x86)\Hauppauge
2019-12-23 19:59 - 2018-03-14 22:29 - 000006970 _____ C:\hcwDriverInstall.txt
2019-12-22 22:38 - 2019-08-31 21:00 - 000000000 ____D C:\Users\SGK\Downloads\Compressed
2019-12-22 21:49 - 2017-06-13 18:27 - 000000000 ____D C:\Users\SGK\Documents\20i6--apower-cn4.5.2
2019-12-22 21:28 - 2017-06-13 21:16 - 000000000 ____D C:\ProgramData\TEMP
2019-12-22 21:28 - 2017-06-13 21:16 - 000000000 ____D C:\Program Files (x86)\VideoReDoTVSuite5
2019-12-22 21:28 - 2017-06-13 20:16 - 000000000 ____D C:\Program Files\WinRAR
2019-12-22 21:27 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-22 21:27 - 2018-03-22 19:58 - 000000000 ____D C:\Users\SGK\AppData\Local\Packages
2019-12-22 20:57 - 2019-11-08 11:38 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-12-22 20:42 - 2017-07-06 10:54 - 000000000 ____D C:\Program Files\SpoonUninstall
2019-12-22 20:42 - 2017-07-06 10:54 - 000000000 ____D C:\Program Files\dBpoweramp
2019-12-22 20:40 - 2017-07-06 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp
2019-12-22 20:35 - 2018-03-09 20:49 - 000000000 ____D C:\Program Files\Adobe
2019-12-22 20:35 - 2017-06-21 20:33 - 000000000 ____D C:\Users\Public\Documents\Adobe
2019-12-22 20:35 - 2017-06-21 20:33 - 000000000 ____D C:\ProgramData\Documents\Adobe
2019-12-22 20:29 - 2017-06-11 22:14 - 000000000 ____D C:\Users\SGK\AppData\Roaming\Adobe
2019-12-22 12:10 - 2017-07-11 20:26 - 000000000 ____D C:\AdwCleaner
2019-12-21 20:34 - 2019-03-19 10:20 - 000000000 ____D C:\WINDOWS\INF
2019-12-21 13:36 - 2019-10-14 23:49 - 000000000 ____D C:\Users\SGK
2019-12-21 13:34 - 2019-03-19 10:22 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-21 13:33 - 2017-06-14 17:08 - 000000000 ____D C:\ProgramData\HP
2019-12-21 13:31 - 2017-10-03 19:58 - 000000000 ____D C:\Fraps
2019-12-20 20:57 - 2019-09-29 21:01 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2019-12-20 20:51 - 2019-11-09 11:51 - 000000000 ____D C:\Program Files (x86)\Google
2019-12-20 20:31 - 2019-10-09 12:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-12-20 13:25 - 2017-06-25 20:05 - 000000000 ____D C:\Users\SGK\AppData\LocalLow\Mozilla
2019-12-20 13:16 - 2019-10-10 20:02 - 000000000 ____D C:\Users\SGK\AppData\Roaming\Free Sound Recorder New Version Available
2019-12-20 13:14 - 2019-10-09 21:38 - 000000000 ____D C:\Program Files (x86)\Auslogics
2019-12-16 21:38 - 2019-08-31 21:00 - 000000000 ____D C:\Users\SGK\AppData\Roaming\DMCache
2019-12-16 14:08 - 2016-02-24 00:38 - 000000000 ____D C:\ProgramData\Package Cache
2019-12-16 14:03 - 2018-02-12 20:43 - 000000000 ____D C:\Users\SGK\AppData\Local\4kdownload.com
2019-12-16 13:55 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-12-16 12:46 - 2018-09-27 22:26 - 000000000 ____D C:\Users\SGK\AppData\Local\MediaHuman
2019-12-15 12:57 - 2019-10-15 00:07 - 000004554 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-12-15 12:57 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-12-15 12:57 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-12-09 14:00 - 2019-10-26 14:30 - 000000000 ____D C:\Users\SGK\Downloads\Mani
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
#63
yukukuhi
-
- Authentic Member
-
- 92 posts
Authentic Member
Posted 07 January 2020 - 07:10 AM
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by SGK (07-01-2020 11:42:34)
Running from C:\Users\SGK\Desktop
Windows 10 Pro Version 1903 18362.356 (X64) (2019-10-14 18:38:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2295186157-4208122820-3846616368-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2295186157-4208122820-3846616368-503 - Limited - Disabled)
Guest (S-1-5-21-2295186157-4208122820-3846616368-501 - Limited - Disabled)
SGK (S-1-5-21-2295186157-4208122820-3846616368-1001 - Administrator - Enabled) => C:\Users\SGK
WDAGUtilityAccount (S-1-5-21-2295186157-4208122820-3846616368-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adownloader version 18.1 (HKLM-x32\...\{41E8664D-2C33-4B67-9702-C0FAC4DF4763}_is1) (Version: 18.1 - Denobis)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.130.6.1102 - BlueStack Systems, Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.2.41 - The Brave Authors)
dBpoweramp AAC Encoder (HKLM-x32\...\dBpoweramp AAC Encoder) (Version: Release 2.1 - Illustrate)
dBpoweramp DirectShow Decoder (HKLM-x32\...\dBpoweramp DirectShow Decoder) (Version: Release 3 - Illustrate)
dBpoweramp m4a FDK (AAC) Encoder (HKLM-x32\...\dBpoweramp m4a FDK (AAC) Encoder) (Version: Release 4 (FDK v0.1.4 & v0.63) - Illustrate)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{15F081E3-93FF-4FF3-B447-42CC458C4F79}) (Version: 3.11.0021 - Seiko Epson Corporation)
EPSON L3150 Series Printer Uninstall (HKLM\...\EPSON L3150 Series) (Version: - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{FD036A57-F81D-4865-AAF0-811558EA76AE}) (Version: 4.5.1 - Seiko Epson Corporation)
EPSON Universal Print Driver Printer Uninstall (HKLM\...\EPSON Universal Print Driver) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
ExpressCache (HKLM\...\{F19137D8-2E93-4043-9634-4D44E7EFE889}) (Version: 1.3.118.0 - Condusiv Technologies)
Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.1.35054 - Hauppauge Computer Works)
Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.4.34279 - Hauppauge Computer Works, Inc.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Huffyuv AVI lossless video codec (Remove Only) (HKLM\...\HUFFYUV) (Version: - )
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{1A51AA9E-D4BC-4318-9419-B55EA4C95B3C}) (Version: 17.1.1525.1443 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{50cf70be-570a-46b0-8a05-ea84ad3b4a36}) (Version: 21.20.0 - Intel Corporation)
K-Lite Codec Pack 13.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.5 - KLCP)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.14 - Lenovo) Hidden
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.72.10 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.016.00 - Lenovo)
Lenovo Settings - Power (HKLM-x32\...\{A6CFC34A-56EE-4AF5-8C49-995F59E6A160}) (Version: 8.03.14 - Lenovo Group Limited) Hidden
Lenovo Solution Center (HKLM\...\{DB529F41-7844-4FD9-B660-CE829E59A71E}) (Version: 3.1.002.00 - Lenovo)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
MKVCleaver x64 (HKLM\...\{EE4FBCD4-BAB6-405A-8AFF-5FEF41B841B4}) (Version: 7.0.2 - Ilia Bakhmoutski)
MKVToolNix 13.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 13.0.0 - Moritz Bunkus)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.11 - Lenovo)
RogueKiller version 14.0.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.0.2.0 - Adlice Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
ThinkPad Settings Dependency (HKLM\...\{08515684-CE49-47EF-B509-326A2E91BC5C}_is1) (Version: 3.0.0.12 - Lenovo) Hidden
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 10.1.506.2015 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F49D6A65-1AB6-4728-9FDA-DB5BAB631CF6}) (Version: 1.23.0.0 - Microsoft Corporation) Hidden
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 18.2.1 - UMEZAWA Takeshi)
Videoder 1.0.9 (HKLM-x32\...\808fc302-3d01-59ce-8094-e0443a55877e) (Version: 1.0.9 - GlennioTech)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Lenovo 1.67.10.15 (06/22/2015 1.67.10.15) (HKLM\...\116858BC299A848A634E4FC927990093F81F608D) (Version: 06/22/2015 1.67.10.15 - Lenovo)
Windows Driver Package - Realtek Semiconduct Corp. (RTSPER) MTD (05/29/2015 10.0.10125.21277) (HKLM\...\4E55DAEF56C7E4B0BFE2CA2C3C55718B1DB7B3B9) (Version: 05/29/2015 10.0.10125.21277 - Realtek Semiconduct Corp.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/29/2015 6.0.1.7572) (HKLM\...\FB7FCBF0F17BC6F027BA3449CC8B02C4445C5565) (Version: 07/29/2015 6.0.1.7572 - Realtek Semiconductor Corp.)
Windows Driver Package - Synaptics (SmbDrv) System (07/24/2015 19.0.17.2) (HKLM\...\D46201570EE858381BA5A517C517317159E0F49A) (Version: 07/24/2015 19.0.17.2 - Synaptics)
Windows Driver Package - Synaptics (SynTP) Mouse (07/24/2015 19.0.17.2) (HKLM\...\BCACBD4A2C3424D2C4AB53EE766C3F38399CEB15) (Version: 07/24/2015 19.0.17.2 - Synaptics)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
YAMB (HKLM-x32\...\YAMB) (Version: - )
Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.150.300.0_x86__kgqvnymyfvs32 [2019-10-17] (king.com)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-09] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-10-09] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-09] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.94.574.0_x64__mcm4njqhnhss8 [2019-10-09] (Netflix, Inc.)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-04-29] (Adobe Systems Incorporated)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-14] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-08] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.ULRA] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULRG] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY0] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY4] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH0] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH4] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQY2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQRG] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQRA] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\WINDOWS\system32\huffyuv.dll [33280 2000-08-23] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.ULRA] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULRG] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY0] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY4] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH0] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH4] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQY2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQRG] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQRA] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-12-09 12:15 - 2019-05-28 14:06 - 001021440 _____ () [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2019-11-27 20:28 - 2019-10-27 05:36 - 001261568 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 16:34 - 2020-01-06 19:12 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Condusiv Technologies\ExpressCache\;C:\WINDOWS\System32\OpenSSH\;C:\Users\SGK\AppData\Local\Microsoft\WindowsApps;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Lenovo\Sketch.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: ExpressCache => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HcwDevCentralService => 3
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: ImControllerService => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LPlatSvc => 2
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: uSHAREitSvc => 3
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\StartupFolder: => "Hauppauge Device Properties.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Integrated Camera_Monitor"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\StartupFolder: => "Free Sound Recorder Update.lnk"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\Run: => "HP Deskjet 3050 J610 series (NET)"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DC583C1B-8AB9-4A8D-8ED1-030D4112499C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{A9BD72D0-9F69-4A89-A503-C0BC3898CEFE}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{A9079169-9F7B-4946-988A-7F4F2213EA65}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{279F25A3-F737-4202-87A9-9D4E84CBBC89}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{C7FB2B01-E72A-4B15-BA30-6DF6724E9D33}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{FF01A8F0-D70F-42E4-A926-1C1AC3E0CA89}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{4E1917F8-10C4-4596-AFAB-E6DD18316D74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{BB2F01B0-0093-4665-9847-C7584BCFB07E}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [UDP Query User{20D6CA23-BD64-4008-930D-AB92A88DEAFB}C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe] => (Allow) C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe (Hauppauge Computer Works) [File not signed]
FirewallRules: [TCP Query User{25E09969-BA09-4FEA-97A8-324094CC0BDB}C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe] => (Allow) C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe (Hauppauge Computer Works) [File not signed]
FirewallRules: [TCP Query User{4E0E073A-8DD5-4985-AEBA-AE9A7D7346AF}C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe] => (Allow) C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe (Hauppauge Computer Works) [File not signed]
FirewallRules: [UDP Query User{E0DF9177-0EA3-4A11-B0E0-C45D2A16B976}C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe] => (Allow) C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe (Hauppauge Computer Works) [File not signed]
FirewallRules: [{7CF5DC7B-FEDB-4B2E-8C86-2EF05A8F9173}] => (Allow) C:\ProgramData\winnmgr\svcnetwk.exe No File
FirewallRules: [{13B22AC3-A986-43E7-8B23-2D1DAFBB11D1}] => (Allow) C:\WINDOWS\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C7456182-5DC2-4E37-909C-0B6319AA9691}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{26363556-AF43-4B07-81F0-78BAFBFB19B3}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5C01C797-6EE8-41D9-9A0A-84CAB97803D4}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{D1B1F64D-BE62-4436-A300-70E13286E9A1}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{1230E975-41EF-4470-8FDD-815276F1A899}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{454FABC5-965B-4B52-9065-9199C7D2F867}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{FA975676-ECA6-4648-8071-471EA80B8A19}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{37AE93F5-76FC-4CB3-875F-ED70C84A31A2}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{29AADF23-411D-4D29-91D0-71FEE1CF2097}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{B420CB10-CDAB-4893-ACF2-11D66AC2B9DF}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{5040B3AE-40DA-4CD7-8A03-60995B22206D}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{E38F8849-0EA6-4938-B863-2531A0A256C8}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{37C3F6E2-82F4-4375-9FB3-76DAC7C57BA0}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{742E3514-4713-40A7-AA77-2306AA23600F}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{001E6EDF-8650-4554-97A5-59C02678A8D4}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{73CE9222-5561-44BC-B14E-57CE6503F1A4}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{B7033EFF-9D46-4815-BD89-805DC6566629}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{1115016F-93B0-44BC-A033-0F640BCEAB82}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{17B00121-2A10-4006-B34D-B2BBE6071584}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{585DC182-90E0-4E59-BD98-08C2D40843A8}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{25F955D5-DB2C-463B-B66E-A16476B5FB82}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{6F8BDB3A-7DC9-4F48-A027-0865D128F46C}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{B82850C1-9A88-415E-B647-5390C969562A}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{DDF6D14A-BA25-4C55-B4BE-C2AF1B3F6A82}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{A65AA0BC-1F5B-4AB9-9EAB-1A278C657EBE}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{0656F891-CB3F-4E50-8D3D-42A0B323B056}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{0C8EEE46-5319-4EE1-B255-8D18E6D86F4F}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{8AD03A75-0177-416C-9C29-6A4B67454981}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{CA566250-4758-4604-AF66-E83FC6BF0A52}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Restore Points =========================
07-01-2020 10:55:26 Removed Google Update Helper
==================== Faulty Device Manager Devices ============
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.
Name: ThinkPad T550/W550S System Firmware 1.20
Description: ThinkPad T550/W550S System Firmware 1.20
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Lenovo Ltd.
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (01/07/2020 10:56:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary WinQuic.
System Error:
The resource loader failed to find MUI file.
.
Error: (01/06/2020 11:06:01 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/05/2020 07:24:42 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/05/2020 06:10:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YourPhone.exe, version: 1.19092.399.0, time stamp: 0x5d97becc
Faulting module name: ntdll.dll, version: 10.0.18362.356, time stamp: 0xf24fc044
Exception code: 0xc0000374
Fault offset: 0x00000000000f9269
Faulting process id: 0x1178
Faulting application start time: 0x01d5c3c534fcf094
Faulting application path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19092.399.0_x64__8wekyb3d8bbwe\YourPhone.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c826fe41-5898-4bad-b6cf-671bd12bad50
Faulting package full name: Microsoft.YourPhone_1.19092.399.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (01/05/2020 11:25:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 28.12.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2db0
Start Time: 01d5c38beb0a93aa
Termination Time: 4294967295
Application Path: C:\Users\SGK\Desktop\FRST64.exe
Report Id: 79efac13-0e6b-47e4-972f-e1dda0be6afc
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (01/04/2020 08:30:31 PM) (Source: EventSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ComponentModel.Win32Exception: The system cannot find the file specified
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at winsw.Util.ProcessHelper.StartProcessAndCallbackForExit(Process processToStart, String executable, String arguments, Dictionary`2 envVars, String workingDirectory, Nullable`1 priority, ProcessCompletionCallback callback, Boolean redirectStdin, LogHandler logHandler)
at winsw.WrapperService.StartProcess(Process processToStart, String arguments, String executable, LogHandler logHandler, Boolean redirectStdin)
at winsw.WrapperService.OnStart(String[] _)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/04/2020 08:30:31 PM) (Source: EventSvc) (EventID: 0) (User: )
Description: Failed to download https://mydl-1259140.../ntv2_2017.docxto C:\ProgramData\EventSvc/n2/n2up.zip
Error: (01/04/2020 01:12:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.329 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 231c
Start Time: 01d5c2d244be690f
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: 201b24a3-ce83-45c5-b76d-85d36221f5fa
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Hang type: Cross-thread
System errors:
=============
Error: (01/06/2020 07:17:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:17:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:41 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2020-01-06 19:24:36.816
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Generic!rfn
ID: 2147744279
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\Seed Trade\Seed\seed.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.307.1817.0, AS: 1.307.1817.0, NIS: 1.307.1817.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2019-11-07 21:58:23.657
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/Generic.LO!ml
ID: 2147739110
Severity: Severe
Category: Suspicious Behaviour
Path: file:_C:\ProgramData\CloudPrinter\CloudPrinter.exe; file:_C:\ProgramData\Voyasollam\Voyasollam.exe; file:_C:\Users\SGK\AppData\Local\FreshSolin.exe; file:_C:\Users\SGK\AppData\Local\Iseco.exe; file:_C:\Users\SGK\AppData\Local\Temp\a1i1mdiib2o\fish.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\SGK\AppData\Local\Temp\a1i1mdiib2o\fish.exe
Security intelligence Version: AV: 1.305.1600.0, AS: 1.305.1600.0, NIS: 1.305.1600.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-07 21:58:23.572
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/Generic.LO!ml
ID: 2147739110
Severity: Severe
Category: Suspicious Behaviour
Path: file:_C:\ProgramData\CloudPrinter\CloudPrinter.exe; file:_C:\ProgramData\Voyasollam\Voyasollam.exe; file:_C:\Users\SGK\AppData\Local\FreshSolin.exe; file:_C:\Users\SGK\AppData\Local\Temp\a1i1mdiib2o\fish.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\SGK\AppData\Local\Temp\a1i1mdiib2o\fish.exe
Security intelligence Version: AV: 1.305.1600.0, AS: 1.305.1600.0, NIS: 1.305.1600.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-07 21:58:22.042
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/Execution.LU!ml
ID: 2147737010
Severity: Severe
Category: Suspicious Behaviour
Path: file:_C:\Users\SGK\AppData\Local\Temp\5kxdy5yqox4\nmgewiakjaoq.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.305.1600.0, AS: 1.305.1600.0, NIS: 1.305.1600.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-07 21:58:20.002
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/Persistence.MI!ml
ID: 2147737727
Severity: Severe
Category: Suspicious Behaviour
Path: file:_C:\Users\SGK\AppData\Roaming\qcderzm5ywg\puco2llrgd3.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.305.1600.0, AS: 1.305.1600.0, NIS: 1.305.1600.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-05 19:06:39.632
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1165.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-05 19:06:39.631
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1165.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-05 19:06:39.631
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1165.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-05 19:06:39.621
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1165.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-05 19:06:39.620
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1165.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2019-12-22 12:22:39.117
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-22 12:22:39.093
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-22 12:17:09.399
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-22 12:17:09.382
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-20 12:58:19.987
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-20 12:58:19.961
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-20 12:47:28.039
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-12-20 12:47:26.441
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
==================== Memory info ===========================
BIOS: LENOVO N11ET34W (1.10 ) 08/20/2015
Motherboard: LENOVO 20CKCTO1WW
Processor: Intel® Core™ i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 39%
Total physical RAM: 8071.02 MB
Available physical RAM: 4910.51 MB
Total Virtual: 9351.02 MB
Available Virtual: 6740.16 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:464.51 GB) (Free:20.85 GB) NTFS
\\?\Volume{0ddc9a10-2292-4309-a776-910ae8c1162f}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{c954ef0e-b60d-4694-9b70-f3a3534ec80b}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8AC34E9B)
Partition: GPT.
==========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 8AC34F58)
Partition: GPT.
==================== End of Addition.txt =======================
#64
yukukuhi
-
- Authentic Member
-
- 92 posts
Authentic Member
Posted 07 January 2020 - 07:20 AM
I forgot to mention that windows defender detected a severe threat level trojan win32 generic in C:\Program Files (x86)\seed trade folder, right after the restart done by the completion of the fix run on FRST. But i don't ever remember installing such app.
#65
Satchfan
-
- Malware Team
-
- 6,813 posts
SuperHelper
- Interests:LFC, music, more LFC, more music
Posted 07 January 2020 - 03:15 PM
You need to unplug your usb flash drive.
Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.
Run Farbar Recovery Scan Tool
Open notepad. Please copy the contents of the code box below and paste it into Notepad.
CloseProcesses:
ShortcutTarget: Free Sound Recorder Update.lnk -> C:\Program Files (x86)\Free Sound Recorder\Free Sound Recorder Update.exe (No File)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [No File]
2020-01-06 19:19 - 2020-01-07 10:51 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-01-04 12:23 - 2020-01-04 12:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1774D5F4.sys
FirewallRules: [{4E1917F8-10C4-4596-AFAB-E6DD18316D74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{7CF5DC7B-FEDB-4B2E-8C86-2EF05A8F9173}] => (Allow) C:\ProgramData\winnmgr\svcnetwk.exe No File
C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{D1B1F64D-BE62-4436-A300-70E13286E9A1}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{1230E975-41EF-4470-8FDD-815276F1A899}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{454FABC5-965B-4B52-9065-9199C7D2F867}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{FA975676-ECA6-4648-8071-471EA80B8A19}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{37AE93F5-76FC-4CB3-875F-ED70C84A31A2}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{29AADF23-411D-4D29-91D0-71FEE1CF2097}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{B420CB10-CDAB-4893-ACF2-11D66AC2B9DF}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{5040B3AE-40DA-4CD7-8A03-60995B22206D}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{E38F8849-0EA6-4938-B863-2531A0A256C8}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{37C3F6E2-82F4-4375-9FB3-76DAC7C57BA0}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{742E3514-4713-40A7-AA77-2306AA23600F}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{001E6EDF-8650-4554-97A5-59C02678A8D4}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{73CE9222-5561-44BC-B14E-57CE6503F1A4}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{B7033EFF-9D46-4815-BD89-805DC6566629}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{1115016F-93B0-44BC-A033-0F640BCEAB82}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{17B00121-2A10-4006-B34D-B2BBE6071584}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{585DC182-90E0-4E59-BD98-08C2D40843A8}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{25F955D5-DB2C-463B-B66E-A16476B5FB82}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{6F8BDB3A-7DC9-4F48-A027-0865D128F46C}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{B82850C1-9A88-415E-B647-5390C969562A}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{DDF6D14A-BA25-4C55-B4BE-C2AF1B3F6A82}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{A65AA0BC-1F5B-4AB9-9EAB-1A278C657EBE}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{0656F891-CB3F-4E50-8D3D-42A0B323B056}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{0C8EEE46-5319-4EE1-B255-8D18E6D86F4F}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{8AD03A75-0177-416C-9C29-6A4B67454981}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
C:\Program Files (x86)\Seed Trade
C:\ProgramData\Voyasollam
C:\Users\SGK\AppData\Local\FreshSolin.exe
C:\Users\SGK\AppData\Local\Temp\a1i1mdiib2o
C:\Users\SGK\AppData\Local\Temp\5kxdy5yqox4
C:\Users\SGK\AppData\Roaming\qcderzm5ywg
EmptyTemp:
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
- run FRST64 then click Fix just once and wait
- it will create a log on your desktop, (Fixlog.txt); please post it to your reply.
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.
#66
yukukuhi
-
- Authentic Member
-
- 92 posts
Authentic Member
Posted 08 January 2020 - 02:03 AM
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by SGK (08-01-2020 13:23:26) Run:3
Running from C:\Users\SGK\Desktop
Loaded Profiles: SGK (Available Profiles: SGK)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
ShortcutTarget: Free Sound Recorder Update.lnk -> C:\Program Files (x86)\Free Sound Recorder\Free Sound Recorder Update.exe (No File)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [No File]
2020-01-06 19:19 - 2020-01-07 10:51 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-01-04 12:23 - 2020-01-04 12:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1774D5F4.sys
FirewallRules: [{4E1917F8-10C4-4596-AFAB-E6DD18316D74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{7CF5DC7B-FEDB-4B2E-8C86-2EF05A8F9173}] => (Allow) C:\ProgramData\winnmgr\svcnetwk.exe No File
C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{D1B1F64D-BE62-4436-A300-70E13286E9A1}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{1230E975-41EF-4470-8FDD-815276F1A899}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{454FABC5-965B-4B52-9065-9199C7D2F867}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{FA975676-ECA6-4648-8071-471EA80B8A19}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{37AE93F5-76FC-4CB3-875F-ED70C84A31A2}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{29AADF23-411D-4D29-91D0-71FEE1CF2097}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{B420CB10-CDAB-4893-ACF2-11D66AC2B9DF}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{5040B3AE-40DA-4CD7-8A03-60995B22206D}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{E38F8849-0EA6-4938-B863-2531A0A256C8}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{37C3F6E2-82F4-4375-9FB3-76DAC7C57BA0}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{742E3514-4713-40A7-AA77-2306AA23600F}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{001E6EDF-8650-4554-97A5-59C02678A8D4}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{73CE9222-5561-44BC-B14E-57CE6503F1A4}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{B7033EFF-9D46-4815-BD89-805DC6566629}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{1115016F-93B0-44BC-A033-0F640BCEAB82}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{17B00121-2A10-4006-B34D-B2BBE6071584}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{585DC182-90E0-4E59-BD98-08C2D40843A8}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{25F955D5-DB2C-463B-B66E-A16476B5FB82}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{6F8BDB3A-7DC9-4F48-A027-0865D128F46C}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{B82850C1-9A88-415E-B647-5390C969562A}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{DDF6D14A-BA25-4C55-B4BE-C2AF1B3F6A82}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{A65AA0BC-1F5B-4AB9-9EAB-1A278C657EBE}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{0656F891-CB3F-4E50-8D3D-42A0B323B056}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{0C8EEE46-5319-4EE1-B255-8D18E6D86F4F}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{8AD03A75-0177-416C-9C29-6A4B67454981}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
C:\Program Files (x86)\Seed Trade
C:\ProgramData\Voyasollam
C:\Users\SGK\AppData\Local\FreshSolin.exe
C:\Users\SGK\AppData\Local\Temp\a1i1mdiib2o
C:\Users\SGK\AppData\Local\Temp\5kxdy5yqox4
C:\Users\SGK\AppData\Roaming\qcderzm5ywg
EmptyTemp:
*****************
Processes closed successfully.
"C:\Program Files (x86)\Free Sound Recorder\Free Sound Recorder Update.exe" => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\WINDOWS\system32\Drivers\1774D5F4.sys => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E1917F8-10C4-4596-AFAB-E6DD18316D74}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CF5DC7B-FEDB-4B2E-8C86-2EF05A8F9173}" => removed successfully
"C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1B1F64D-BE62-4436-A300-70E13286E9A1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1230E975-41EF-4470-8FDD-815276F1A899}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{454FABC5-965B-4B52-9065-9199C7D2F867}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA975676-ECA6-4648-8071-471EA80B8A19}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37AE93F5-76FC-4CB3-875F-ED70C84A31A2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29AADF23-411D-4D29-91D0-71FEE1CF2097}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B420CB10-CDAB-4893-ACF2-11D66AC2B9DF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5040B3AE-40DA-4CD7-8A03-60995B22206D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E38F8849-0EA6-4938-B863-2531A0A256C8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37C3F6E2-82F4-4375-9FB3-76DAC7C57BA0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{742E3514-4713-40A7-AA77-2306AA23600F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{001E6EDF-8650-4554-97A5-59C02678A8D4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73CE9222-5561-44BC-B14E-57CE6503F1A4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7033EFF-9D46-4815-BD89-805DC6566629}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1115016F-93B0-44BC-A033-0F640BCEAB82}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17B00121-2A10-4006-B34D-B2BBE6071584}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{585DC182-90E0-4E59-BD98-08C2D40843A8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25F955D5-DB2C-463B-B66E-A16476B5FB82}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F8BDB3A-7DC9-4F48-A027-0865D128F46C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B82850C1-9A88-415E-B647-5390C969562A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDF6D14A-BA25-4C55-B4BE-C2AF1B3F6A82}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A65AA0BC-1F5B-4AB9-9EAB-1A278C657EBE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0656F891-CB3F-4E50-8D3D-42A0B323B056}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C8EEE46-5319-4EE1-B255-8D18E6D86F4F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8AD03A75-0177-416C-9C29-6A4B67454981}" => removed successfully
C:\Program Files (x86)\Seed Trade => moved successfully
"C:\ProgramData\Voyasollam" => not found
"C:\Users\SGK\AppData\Local\FreshSolin.exe" => not found
"C:\Users\SGK\AppData\Local\Temp\a1i1mdiib2o" => not found
"C:\Users\SGK\AppData\Local\Temp\5kxdy5yqox4" => not found
C:\Users\SGK\AppData\Roaming\qcderzm5ywg => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26462362 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2340881 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2370 B
NetworkService => 5119358 B
SGK => 5212817 B
RecycleBin => 0 B
EmptyTemp: => 44.8 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:23:42 ====
#67
Satchfan
-
- Malware Team
-
- 6,813 posts
SuperHelper
- Interests:LFC, music, more LFC, more music
Posted 08 January 2020 - 03:14 AM
Things are looking much better. I'd like you to run another scan to be sure nothing else is left.
Run Emsisoft Emergency Kit
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
- after extraction, double-click on the new Start Emsisoft Emergency Kit icon on your desktop
- the first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates: click Yes so that it downloads the latest database updates
- when update the is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning
- when the scan has completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan
- when the threats have been quarantined, click the View report button in the lower-right corner and the scan log will open in Notepad
- please save the Notepad log on your desktop and post the contents in your next reply
- when you close Emsisoft Emergency Kit it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Can you tell me if there are any outstandoing problems.
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.
#68
yukukuhi
-
- Authentic Member
-
- 92 posts
Authentic Member
Posted 08 January 2020 - 08:34 AM
Emsisoft Emergency Kit - Version 2020.1
Last update: 08-01-2020 19:46:58
User account: DESKTOP-VF56AA2\SGK
Computer name: DESKTOP-VF56AA2
OS version: Windows 10x64
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
Scan start: 08-01-2020 19:49:46
C:\Users\SGK\AppData\Local\baidu detected: Application.AppInstall (A) [226898]
C:\Users\SGK\Downloads\uᜄ.exe detected: Application.Agent.BNR (
[krnl.xmd]
[krnl.xmd]Scanned 85025
Found 2
Scan end: 08-01-2020 20:04:04
Scan time: 0:14:18
C:\Users\SGK\Downloads\uᜄ.exe Application.Agent.BNR (
C:\Users\SGK\AppData\Local\baidu Application.AppInstall (A)
Quarantined 2
#69
Satchfan
-
- Malware Team
-
- 6,813 posts
SuperHelper
- Interests:LFC, music, more LFC, more music
Posted 08 January 2020 - 10:01 AM
Can you tell me if there are any outstandoing problems.
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.
#70
yukukuhi
-
- Authentic Member
-
- 92 posts
Authentic Member
Posted 08 January 2020 - 10:03 AM
Well i don't think so.
Register to Remove
#71
Satchfan
-
- Malware Team
-
- 6,813 posts
SuperHelper
- Interests:LFC, music, more LFC, more music
Posted 08 January 2020 - 10:19 AM
Good. You've done well. 
Your computer appears to be clean. Now that it seems to be running well, please follow these steps to tidy up and decrease the likelihood of getting infected again:
Uninstall FRST
- right-click on FRST.exe/FRST64.exe and select Rename
- rename the file to Uninstall.exe
- double-click on Uninstall.exe – this will uninstall FRST
===================================================
Uninstall AdwCleaner
- open adwcleaner.exe
- click on Settings
- click on the Application tab and scroll down to the bottom
- click on Remove.
===================================================
Uninstall remaining programmes
To check for any leftover installed tools press the Windows Key + R at the same time, then type appwiz.cpl then Enter. You can uninstall any programmes we’ve used that still remain:
You can also delete all other logs and programmes that we’ve used that are on your desktop. Just click on them and press Delete.
===================================================
Recommended
Update and run Malwarebytes. This really is an excellent program that you should update and run on a regular basis, probably weekly.
===================================================
I also recommend that you read the following:
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams
Answers to Common Security Questions - Best Practices by quietman7
How Malware Spreads - How Did I Get Infected by quietman7
I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.
Safe computing
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.
#72
yukukuhi
-
- Authentic Member
-
- 92 posts
Authentic Member
Posted 09 January 2020 - 12:47 AM
Thanks a lot Satchfan. Really appreciate the help.
#73
Satchfan
-
- Malware Team
-
- 6,813 posts
SuperHelper
- Interests:LFC, music, more LFC, more music
Posted 09 January 2020 - 02:50 AM
You're welcome.
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.
#74
Satchfan
-
- Malware Team
-
- 6,813 posts
SuperHelper
- Interests:LFC, music, more LFC, more music
Posted 10 January 2020 - 06:07 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
