Hello, need your help tracing / stoping a hacker who remotely accesses my computer since some time,
Shortly what happened :
- Hacker mostly only spies, did not show any presence until recently
- Randomly when I was present in house and PC was left on with no activity for a time, I saw programs shifting with alt + tab and mouse moving by itself not only once
- I have windows 7, disabled ipv6, no wi-fi keyboard or mouse, all is wired, tried probably all security settings possible for a safety internet connection, everything with remote is disabled
- After carefuly tracing hacker activity with a specific process viewer, I noticed that hacker accesed BRAVE browser and was going to an address that I blocked, I did not screen the adress but it was something that had JSON in it, I blocked that connection then I forced end task BRAVE, but hacker somehow kept opening BRAVE as it was again in processes. I had to force end task BRAVE again and delete it after disableing internet
I am going to ask you, please if you can respond to all:
- Did you encounter this hacker behaviour and what exactly does it sound like, how do you suspect hacker accesed my computer and remotely used it ?
- What could that brave browser + json indicate ?
- Entered no dangerous website, using onlyhttps, various safety blockers for browsers, how did hacker still get into my pc like that ?
- I can’t find how he remotely connected to my pc, only suspect things I could find is in DEVICES and printers there was a printer and a fax that I never had and I deleted them, also in local area connection my network is one : public two : private but I have no clue why as I have only one network, could that be related to this ? can’t find anything more suspect except I can’t disable NVDisplay.Ccontainer.exe or get it’s proprieties in processes tab
What to do next please ? I am sure that someone has that great experience to help to trace hacker tracks even if hacker is professional, I need to trace him before going to tell police I need evidence, anything
Important LE : farbar kept not responding for 1 hour, I ran a chkdsk /r, I tried again and it did the same. I disabled internet connection while scanning and farbar worked. When I opened internet connection during scanning, farbar kept not responding. What is this ? is it possible that the hacker was targeting farbar during scanning ?!
Does keeping internet disabled affect the result of the farbar scan, should I try to scan again ?
Thank you
LOGS :
FRST :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2023
Ran by v (administrator) on V-PC (MSI MS-7788) (23-09-2023 18:53:03)
Running from C:\Users\v\Desktop\hack\FRST64.exe
Loaded Profiles: v
Platform: Microsoft Windows 7 Ultimate (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
(services.exe ->) (Adobe Systems Incorporated -> Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(taskeng.exe ->) (Janos Mathe -> H.D.S. Hungary) [File not signed] C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268672 2018-03-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [165120 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-04-15] (Power Software Ltd -> Power Software Ltd)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2023-03-16] (BitTorrent Inc -> BitTorrent, Inc.)
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Run: [Opera Browser Assistant] => S:\assistant\browser_assistant.exe (No File)
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Run: [f.lux] => C:\Users\v\AppData\Local\FluxSoftware\Flux\flux.exe [1525880 2023-05-18] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Run: [Trojan Killer] => "C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe" 0 (No File)
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\MountPoints2: F - F:\_aom.exe
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\MountPoints2: {4b13d49c-1d4e-11ec-9839-448a5b204484} - D:\autorun.exe
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\MountPoints2: {7ab94290-fb35-11eb-a206-448a5b204484} - D:\HiSuiteDownLoader.exe
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65160 2021-07-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {36C25192-563E-458D-9054-FBE8C84487DB} - System32\Tasks\{92A57910-858B-4C0E-A9C4-AD974BD65955} => C:\Windows\system32\pcalua.exe [9728 2009-07-14] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\v\xmlinst.exe -d C:\Users\v
Task: {A23FDB3D-DE35-4842-96A8-72F54C9C9F88} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1182232 2018-01-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) [File not signed]
Task: {B642B546-4FED-456F-AC79-B75BF3DE46C4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4734208 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {4B07ACED-87F7-4C21-A3A9-C6197576B405} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2181560 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {943CAF29-27B2-48F0-9524-740AB1AB477A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2021-07-14] (Google LLC -> Google LLC)
Task: {AC6F2705-ECC4-4210-A6E5-D5D112C2C651} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2021-07-14] (Google LLC -> Google LLC)
Task: {F9AB3915-AA0D-4AF6-95D8-1EE9E922B769} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_v => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5968264 2021-01-14] (Janos Mathe -> H.D.S. Hungary) [File not signed]
Task: {B3F61EA9-3765-47C6-8D1E-B791E3F49BF1} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-09-13] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {6405ADB4-3C16-41EE-9BEF-7F41476BA0E1} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2023-09-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {F2813303-1449-423C-94B0-969228AB3962} - System32\Tasks\Opera scheduled assistant Autoupdate 1622973752 => S:\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="S:\assistant" $(Arg0)
Task: {1276000C-E3BB-4502-9074-3672A6863AF2} - System32\Tasks\Opera scheduled Autoupdate 1622973751 => S:\launcher.exe --scheduledautoupdate $(Arg0) (No File) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 193.231.252.1 213.154.124.1
Tcpip\..\Interfaces\{5F7A4642-9982-4E17-8EEF-65A19282017A}: [DhcpNameServer] 193.231.252.1 213.154.124.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,223.255.255.0,-1]
FireFox:
========
FF DefaultProfile: 1xgc9yoj.default
FF ProfilePath: C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\1xgc9yoj.default [2022-12-03]
FF Homepage: Mozilla\Firefox\Profiles\1xgc9yoj.default -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT171003&iDate=2022-12-03 01:21:35&bName=
FF NewTab: Mozilla\Firefox\Profiles\1xgc9yoj.default -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT171003&iDate=2022-12-03 01:21:35&bName=
FF ProfilePath: C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\xgee1ms4.default-release [2023-09-23]
FF Homepage: Mozilla\Firefox\Profiles\xgee1ms4.default-release -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT171003&iDate=2022-12-03 01:21:35&bName=
FF NewTab: Mozilla\Firefox\Profiles\xgee1ms4.default-release -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT171003&iDate=2022-12-03 01:21:35&bName=
FF Extension: (uBlock Origin) - C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\xgee1ms4.default-release\Extensions\uBlock0@raymondhill.net.xpi [2023-09-14]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\xgee1ms4.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-10-15]
FF Extension: (Video DownloadHelper) - C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\xgee1ms4.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-08-25]
FF SearchPlugin: C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\xgee1ms4.default-release\searchplugins\My Bing Search.xml [2022-12-03]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> S:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Inc.) [File not signed]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\v\AppData\Local\Google\Chrome\User Data\Default [2023-09-23]
CHR Notifications: Default -> hxxps://web.whatsapp.com
CHR Extension: (uBlock Origin) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-09-23]
CHR Extension: (Video Downloader Professional) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2023-04-20]
CHR Extension: (HTTPS Everywhere) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2022-05-29]
CHR Extension: (Google Docs Offline) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-14]
CHR Extension: (Web Video Downloader) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\odecbmmehabeloobkgokmfgldaegiflc [2022-07-13]
CHR Profile: C:\Users\v\AppData\Local\Google\Chrome\User Data\System Profile [2021-07-22]
CHR HKU\S-1-5-21-135735136-4288442710-2493696898-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
Opera:
=======
OPR Profile: C:\Users\v\AppData\Roaming\Opera Software\Opera Stable [2021-07-28]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\v\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-06-06]
StartMenuInternet: (HKU\S-1-5-21-135735136-4288442710-2493696898-1000) OperaStable - "S:\\Launcher.exe"
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [623800 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [354048 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7936056 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S4 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare) [File not signed]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 DCIService; C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe [X] <==== ATTENTION
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S2 ElevationService; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS Devices\ElevationService.exe [X]
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [X] <==== ATTENTION
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35792 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [208688 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [365592 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250392 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99376 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41416 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [178000 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [524544 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2023-09-23] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107920 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83496 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [850248 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [466808 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [216488 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [327104 2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [367096 2022-12-03] (Bitdefender SRL -> Bitdefender)
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [161408 2017-09-12] (Zemana Ltd. -> Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2023-07-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation -> Malwarebytes Corporation)
U3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS Devices\DriverInstall.exe [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-09-23 18:07 - 2023-09-23 18:07 - 000003624 ____N C:\bootsqm.dat
2023-09-23 16:09 - 2023-09-23 18:53 - 000000000 ___DC C:\Users\v\Desktop\hack
2023-09-23 04:04 - 2023-09-23 04:05 - 000000000 ___DC C:\Users\v\.zenmap
2023-09-23 04:04 - 2023-09-23 04:04 - 000000000 ___DC C:\Users\v\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2023-09-23 04:04 - 2023-09-23 04:04 - 000000000 ___DC C:\Program Files\Npcap
2023-09-23 04:03 - 2023-09-23 04:04 - 000000000 ___DC C:\Program Files (x86)\Nmap
2023-09-23 04:02 - 2023-09-23 04:02 - 032459224 ____C (Insecure.org) C:\Users\v\Downloads\nmap-7.94-setup.exe
2023-09-23 03:59 - 2023-09-23 03:59 - 000001986 ____C C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2023-09-23 03:59 - 2023-09-23 03:59 - 000000000 ___DC C:\Users\v\AppData\Roaming\AVG
2023-09-23 03:59 - 2023-09-23 03:59 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2023-09-23 03:58 - 2023-09-23 03:58 - 000000000 ___DC C:\Windows\system32\Tasks\AVG
2023-09-23 03:57 - 2023-09-23 03:57 - 000850248 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000524544 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000466808 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000365592 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000340224 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2023-09-23 03:57 - 2023-09-23 03:57 - 000327104 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000250392 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000216488 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000208688 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000178000 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000107920 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000099376 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000083496 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000041416 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000035792 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000029944 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetNd6.sys
2023-09-23 03:57 - 2023-09-23 03:57 - 000003904 ____C C:\Windows\system32\Tasks\Antivirus Emergency Update
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___DC C:\Program Files\Common Files\AVG
2023-09-23 03:56 - 2023-09-23 17:02 - 000000000 ___DC C:\ProgramData\AVG
2023-09-23 03:56 - 2023-09-23 03:56 - 000234936 ____C (AVG Technologies CZ, s.r.o.) C:\Users\v\Downloads\avg_antivirus_free_setup.exe
2023-09-23 03:56 - 2023-09-23 03:56 - 000000000 ___DC C:\Program Files\AVG
2023-09-23 03:55 - 2023-09-23 03:55 - 019945592 ____C (Simply Super Software ) C:\Users\v\Downloads\trjsetup.exe
2023-09-23 03:01 - 2023-09-23 03:01 - 000000000 ___DC C:\Windows\PCHEALTH
2023-09-23 03:01 - 2023-09-23 03:01 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2023-09-23 03:01 - 2023-09-23 03:01 - 000000000 ___DC C:\Program Files\Microsoft Synchronization Services
2023-09-23 03:01 - 2023-09-23 03:01 - 000000000 ___DC C:\Program Files\Microsoft SQL Server Compact Edition
2023-09-23 03:01 - 2023-09-23 03:01 - 000000000 ___DC C:\Program Files\Common Files\DESIGNER
2023-09-23 03:00 - 2023-09-23 03:01 - 000000000 ___DC C:\Program Files\Microsoft Office
2023-09-23 03:00 - 2023-09-23 03:00 - 000000000 _RHDC C:\MSOCache
2023-09-23 03:00 - 2023-09-23 03:00 - 000000000 ___DC C:\Program Files (x86)\Microsoft Office
2023-09-23 02:56 - 2023-09-23 02:57 - 000002844 ____C C:\Users\v\Desktop\Rkill.txt
2023-09-22 01:50 - 2023-09-22 01:57 - 000000000 ___DC C:\Users\v\AppData\Local\Sysinternals
2023-09-18 03:21 - 2023-09-18 03:21 - 000079856 ____C C:\Users\v\Desktop\Tetramorph_Cherubim.webp
2023-09-15 21:05 - 2023-09-15 21:08 - 000000000 ___DC C:\Users\v\Desktop\surgery
2023-09-14 23:13 - 2023-09-16 17:57 - 000000000 ___DC C:\Users\v\Desktop\de editat
2023-09-14 02:49 - 2023-09-14 23:58 - 000000000 ___DC C:\Users\v\AppData\Roaming\XnViewMP
2023-09-14 02:47 - 2023-09-14 02:47 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP
2023-09-14 02:46 - 2023-09-14 02:47 - 000000000 ___DC C:\Program Files\XnViewMP
2023-09-14 02:45 - 2023-09-14 02:46 - 055903144 ____C (Gougelet Pierre-e ) C:\Users\v\Downloads\XnViewMP-win-x64.exe
2023-09-13 15:56 - 2023-09-13 15:56 - 000000000 ___DC C:\Users\v\Desktop\New folder
2023-09-13 14:59 - 2023-09-15 19:46 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2023-09-05 00:59 - 2023-09-05 02:00 - 000000000 ___DC C:\Users\v\Desktop\POZA TEST PT TOATE
2023-09-02 00:30 - 2023-09-02 00:30 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2023-09-02 00:28 - 2023-09-02 00:28 - 000000000 ___DC C:\Program Files (x86)\Microsoft Games
2023-08-31 23:41 - 2023-08-31 23:41 - 001194544 ____C C:\Users\v\Downloads\hmm-transformed.jpeg
2023-08-31 22:03 - 2023-08-31 23:44 - 000000000 ___DC C:\Users\v\Desktop\remake
2023-08-30 22:45 - 2023-08-30 22:45 - 000000000 ___DC C:\Users\v\Desktop\New folder (5)
2023-08-29 23:34 - 2023-09-01 18:23 - 000000000 ___DC C:\Users\v\Desktop\vivec
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-09-23 18:59 - 2021-06-02 04:48 - 000000000 ___DC C:\Program Files (x86)\Google
2023-09-23 18:55 - 2021-07-06 13:40 - 000000000 ___DC C:\FRST
2023-09-23 18:55 - 2009-07-14 07:45 - 000014016 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-09-23 18:55 - 2009-07-14 07:45 - 000014016 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-09-23 18:51 - 2021-06-04 18:09 - 000000000 ___DC C:\Users\v\AppData\Roaming\uTorrent
2023-09-23 18:50 - 2021-06-01 19:21 - 000000000 ___DC C:\ProgramData\NVIDIA
2023-09-23 18:49 - 2009-07-14 08:08 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2023-09-23 17:02 - 2021-06-04 18:01 - 000000000 ___DC C:\Users\v\AppData\Roaming\Microsoft\Word
2023-09-23 16:07 - 2021-06-02 03:38 - 000000000 ___DC C:\Users\v\AppData\Roaming\Microsoft\MMC
2023-09-23 14:47 - 2022-04-15 17:13 - 000000000 ___DC C:\Program Files (x86)\BraveSoftware
2023-09-23 14:42 - 2009-07-14 06:20 - 000000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2023-09-23 14:36 - 2009-07-14 07:45 - 000410384 ____C C:\Windows\system32\FNTCACHE.DAT
2023-09-23 04:04 - 2021-06-01 19:20 - 000000000 ___DC C:\ProgramData\Package Cache
2023-09-23 04:04 - 2021-05-29 10:39 - 000000000 ___DC C:\Users\v
2023-09-23 03:58 - 2009-07-14 06:20 - 000000000 ___DC C:\Windows\inf
2023-09-23 03:56 - 2021-06-02 03:57 - 000109600 ____C C:\Users\v\AppData\Local\GDIPFONTCACHEV1.DAT
2023-09-23 03:49 - 2009-07-14 08:32 - 000000000 ___DC C:\Program Files\Windows Sidebar
2023-09-23 03:16 - 2022-09-08 15:00 - 000000000 ___DC C:\Users\v\AppData\Roaming\Microsoft\Excel
2023-09-23 03:07 - 2021-06-01 19:22 - 000000000 ___DC C:\Users\v\AppData\Local\ElevatedDiagnostics
2023-09-20 19:24 - 2021-07-14 15:42 - 000003628 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2023-09-20 19:24 - 2021-07-14 15:42 - 000003500 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2023-09-15 19:46 - 2021-10-08 21:19 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2023-09-14 23:28 - 2023-07-18 02:55 - 000000000 ___DC C:\Users\v\AppData\Roaming\vlc
2023-09-14 15:06 - 2021-10-08 21:19 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-09-14 03:26 - 2021-06-01 22:05 - 000000000 ___DC C:\Users\v\AppData\Local\CrashDumps
2023-08-30 00:53 - 2022-04-02 17:25 - 000000112 ____C C:\Users\v\AppData\Roaming\JP2K CS6 Prefs
2023-08-29 18:26 - 2021-07-04 17:16 - 000000000 ___DC C:\Users\v\AppData\Roaming\Microsoft\Windows Photo Viewer
2023-08-28 20:02 - 2009-07-14 06:20 - 000000000 ___DC C:\Windows\system32\NDF
2023-08-27 21:40 - 2021-06-02 03:58 - 000001488 _RSHC C:\ProgramData\ntuser.pol
==================== Files in the root of some directories ========
2000-10-20 01:05 - 2000-10-20 01:05 - 000029696 ____C (Microsoft Corporation) C:\Users\v\xmlinst.exe
2022-04-02 17:25 - 2023-08-30 00:53 - 000000112 ____C () C:\Users\v\AppData\Roaming\JP2K CS6 Prefs
2021-09-14 23:44 - 2022-10-01 21:18 - 000001456 ____C () C:\Users\v\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-11-07 19:14 - 2021-11-07 19:34 - 000006656 ____C () C:\Users\v\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2021-09-14 23:02 - 2021-09-14 23:02 - 001065984 ____C () C:\Users\v\AppData\Local\file__0.localstorage
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2023-09-21 11:36
==================== End of FRST.txt ========================
ADDITION :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2023
Ran by v (23-09-2023 19:02:23)
Running from C:\Users\v\Desktop\hack
Microsoft Windows 7 Ultimate (X64) (2021-05-29 07:34:48)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-135735136-4288442710-2493696898-500 - Administrator - Disabled)
Guest (S-1-5-21-135735136-4288442710-2493696898-501 - Limited - Disabled)
v (S-1-5-21-135735136-4288442710-2493696898-1000 - Administrator - Enabled) => C:\Users\v
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20035 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\{A2BCA9F1-566C-4805-97D1-7FDC93386723}) (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - )
AIDA64 Extreme v6.33 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.33 - FinalWire Ltd.)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.2.3170 - AVG Technologies)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.78.1094 - AB Team, d.o.o.)
CPUID CPU-Z 1.97 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.97 - CPUID, Inc.)
f.lux (HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Flux) (Version: 4.124 - f.lux Software LLC)
Goetia (HKLM-x32\...\1661984551_is1) (Version: gog-1 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.70 - Janos Mathe)
Hellish Quart (HKLM-x32\...\1731372333_is1) (Version: 0.26035 - GOG.com)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-001B-0418-1000-0000000FF1CE}_Office14.WORD_{46E2E525-1D24-4699-BF2C-CC7D6F0463B1}) (Version: - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.WORD_{0242505C-4E90-407F-9299-B5B275F50D86}) (Version: - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.WORD_{B51389C8-2890-4633-81D8-47D2A7402274}) (Version: - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-001F-0418-1000-0000000FF1CE}_Office14.WORD_{22E4478F-C3DD-417B-A102-2CCA020911AC}) (Version: - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-002C-0418-1000-0000000FF1CE}_Office14.WORD_{1D0C0168-D1BF-46AC-81AC-B75BB937FD8A}) (Version: - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.WORD_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}) (Version: - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0043-0418-1000-0000000FF1CE}_Office14.WORD_{1EAA1502-D570-4C3F-8708-2367341AB0D9}) (Version: - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-006E-0418-1000-0000000FF1CE}_Office14.WORD_{DE82B455-259D-4448-85EE-9A27F1CE7BFF}) (Version: - Microsoft) Hidden
Microsoft Office Office 32-bit Components 2010 (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Romanian) 2010 (HKLM\...\{90140000-001F-0418-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Romanian) 2010 (HKLM\...\{90140000-002C-0418-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Romanian) 2010 (HKLM\...\{90140000-0043-0418-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Romanian) 2010 (HKLM\...\{90140000-006E-0418-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2010 (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Romanian) 2010 (HKLM\...\{90140000-001B-0418-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.6029.1000 - Microsoft Corporation)
Movavi Video Editor Plus 2021 (HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Movavi Video Editor Plus 2021) (Version: 21.3.0 - Movavi)
Mozilla Firefox ESR (x64 en-US) (HKLM\...\Mozilla Firefox 115.2.1 ESR (x64 en-US)) (Version: 115.2.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 93.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nmap 7.94 (HKLM-x32\...\Nmap) (Version: 7.94 - Nmap Project)
NoVirusThanks Hidden Process Finder v1.1 (HKLM\...\NoVirusThanks Hidden Process Finder_is1) (Version: 1.1.0.0 - NoVirusThanks Company Srl)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Opera Stable 76.0.4017.177 (HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Opera 76.0.4017.177) (Version: 76.0.4017.177 - Opera Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8382 - Realtek Semiconductor Corp.)
Slim PDF Reader 2.0 (HKLM-x32\...\{B1EC64E0-FE39-45C4-B841-F74EAC175DA5}_is1) (Version: 2.0 - Investintech.com Inc.)
Trojan Remover 6.9.3.2939 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.3.2939 - Simply Super Software)
Ultimate Marvel vs. Capcom 3 (HKLM-x32\...\Ultimate Marvel vs. Capcom 3_is1) (Version: - )
VideoProc Converter (HKLM-x32\...\VideoProc Converter) (Version: 4.4 - Digiarty, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
Windows Live ID Sign-in Assistant (HKLM\...\{CE52672C-A0E9-4450-8875-88A221D5CD50}) (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
WinRAR 6.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
XnViewMP 1.5.5 (HKLM\...\XnViewMP_is1) (Version: 1.5.5 - Gougelet Pierre-e)
Zoom (HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\ZoomUMX) (Version: 5.15.3 (18551) - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-01-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) [File not signed]
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2023-09-23 03:57 - 2023-09-23 03:57 - 000011928 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000011720 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000014488 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000012232 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000012432 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000012440 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000015816 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000012232 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000013768 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000012952 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000012464 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000021144 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000020120 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000016536 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000017864 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000018376 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000014280 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000012232 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000590112 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\MSVCP140.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 001035720 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.DLL
2023-09-23 03:57 - 2023-09-23 03:57 - 000101872 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\VCRUNTIME140.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000044528 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\VCRUNTIME140_1.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000011728 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000011744 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000014800 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000012240 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000012240 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000012240 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000015824 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000012240 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000013776 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000012752 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000012240 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000020944 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000019920 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000016336 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000017872 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000018384 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000014288 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000012240 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000565648 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\MSVCP140.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 001035728 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\ucrtbase.DLL
2021-06-25 13:27 - 2021-06-25 13:27 - 000097160 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\VCRUNTIME140.dll
2021-06-25 13:27 - 2021-06-25 13:27 - 000037256 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\defs\23092302\avg.local_vc142.crt\VCRUNTIME140_1.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 005621024 ____C (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files\AVG\Antivirus\mfc140u.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\ucrtbase.DLL
2023-09-23 03:57 - 2023-09-23 03:57 - 000000000 ___CL (Microsoft Corporation) [symlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\VCRUNTIME140.dll
2021-06-02 04:35 - 2021-04-07 17:39 - 000571544 _____ (win.rar GmbH -> Alexander Roshal) [File not signed] C:\Program Files\WinRAR\rarext.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [148]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 8) (Whitelisted) ==========
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\v\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.231.252.1 - 213.154.124.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{1B33CF81-2AF5-42A6-9334-E07C71749A61}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{BD4A7E31-51F7-4E41-AB8D-6232A21764F0}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:34.08 GB) (Free:8.11 GB) (24%)
==================== Faulty Device Manager Devices ============
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (09/23/2023 06:55:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
Error: (09/23/2023 06:55:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
Error: (09/23/2023 06:54:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
Error: (09/23/2023 06:54:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
Error: (09/23/2023 06:54:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
Error: (09/23/2023 06:54:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
Error: (09/23/2023 06:54:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
Error: (09/23/2023 06:54:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
System errors:
=============
Error: (09/23/2023 07:05:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
Error: (09/23/2023 07:04:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (09/23/2023 07:04:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (09/23/2023 07:04:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (09/23/2023 07:04:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (09/23/2023 07:04:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (09/23/2023 07:03:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (09/23/2023 07:03:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
==================== Memory info ===========================
BIOS: American Megatrends Inc. V1.9 01/10/2013
Motherboard: MSI H61M-P20 (G3) (MS-7788)
Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 25%
Total physical RAM: 16349.94 MB
Available physical RAM: 12173.1 MB
Total Virtual: 32698.02 MB
Available Virtual: 28495.61 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:34.08 GB) (Free:8.11 GB) (Model: WDC WD2500AAKX-60U6AA0 ATA Device) NTFS
Drive s: (New Volume) (Fixed) (Total:198.7 GB) (Free:15.04 GB) (Model: WDC WD2500AAKX-60U6AA0 ATA Device) NTFS
\\?\Volume{e666d49a-c04f-11eb-984c-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: BB43FBDB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=34.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Back to top
