LostWillow
2021-01-11, 08:18
Hi,
I ran Spybot one day and it found PU.SpeedTest 131 (which it was able to remove) and six PUPS-004 (which it said were not possible to remove since they were still working in memory or something like that - and that Spybot would start up again after a reboot and remove them)
Next morning Spybot did start up automatically like it had said it would, and when I ran it again I got the same message that the PUPS could not be removed due to being active in memory.
So I ran Bleachbit after first updating it and restarting. I ran it with the same settings I always use every morning. But this time after it was done I was not able to open any programs with any shortcuts anywhere - not even SpyBot - even if I go into Programs - it appears the programs are no longer there, but the names and the shortcuts are still visible.
I don't know if the PUPS caused this or if something was changed in the update and Bleachbit caused this, but please help :sad:
Thank you for being here! :thanks: :)
The logs are as follows:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-01-2021
Ran by V (administrator) on VENDELA-DESKTOP (08-01-2021 22:59:16)
Running from H:\Farbar Recovery Scan Tool Bleeping Computer
Loaded Profiles: V
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Andrew Ziem -> ) C:\Program Files (x86)\BleachBit\bleachbit.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel(R) Technology Access -> Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Intel(R) Technology Access -> Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer Networking Ltd. -> Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Tresorit Kft. -> Tresorit) C:\Users\V\AppData\Local\Tresorit\v0.8\Tresorit.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [IMSS] => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
HKLM-x32\...\Run: [ExpressVPNNotificationService] => "C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe"
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [Zoom] => [X]
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [Tresorit] => C:\Users\V\AppData\Local\Tresorit\v0.8\Tresorit.exe [32804376 2020-12-10] (Tresorit Kft. -> Tresorit)
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [1161440 2020-09-15] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\MountPoints2: {80b1b2c4-3037-11e2-8b00-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG6200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAU.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6200 series: C:\Windows\system32\CNMLMAU.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\87.1.18.78\Installer\chrmstp.exe [2021-01-08] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk.disabled [2013-12-13]
ShortcutTarget: ImageBrowser EX Agent.lnk.disabled -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk [2015-05-05]
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (No File)
Startup: C:\Users\V\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk.disabled [2014-12-30]
ShortcutTarget: EvernoteClipper.lnk.disabled -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (No File)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0635FD96-1F8D-4513-80FA-193194F4DF4F} - System32\Tasks\{068590DC-6521-4BA5-8EF5-5893A2969D69} => C:\Windows\system32\pcalua.exe -a C:\Users\V\AppData\Local\Evernote\Evernote\AutoUpdate\Evernote_6.5.4.4720.exe -d "C:\Program Files (x86)\Evernote\Evernote" -c /qb
Task: {0E250BC7-950C-42A3-B186-FD9B6DF92A51} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel(R) Software Asset Manager -> Intel Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d" was unlocked. <==== ATTENTION
Task: {12DF64C9-2537-4846-994B-A2A56DD47137} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
Task: {1E97F4FF-4D5A-4284-962A-9FE97BE7F343} - System32\Tasks\{A2A5DDC7-FC65-4D4C-8BD2-322C87E57169} => C:\Windows\system32\pcalua.exe -a C:\Users\V\Desktop\shb_kortlasare.exe -d C:\Users\V\Desktop
Task: {245D3C31-2C5E-4EEF-95C5-8E69FB8EF5BE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {260A87B6-2C85-4FE1-AACA-211C3E96A52B} - System32\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000 => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2021-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {3C2B5431-B579-4F1B-9454-8E8430DFCB69} - System32\Tasks\{A45E7AF1-28B8-45C3-9CC9-8CA857FF4B28} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" was unlocked. <==== ATTENTION
Task: {3F784A64-5FBC-487E-B26E-99232C30D96C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
Task: {41218B50-BD6D-471B-AE39-155B7440B10B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {4A5D48AC-1DC3-45B7-B303-CCB695ADB9B7} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {4E628E33-1E42-4066-9EA1-4DE1625B66E9} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {5A2D3CA9-CEC3-4841-8666-05A29A00F605} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {5F745D9A-EDA3-42FF-AFF4-E7F464DB4147} - System32\Tasks\{97BEA7E4-3AF6-41F3-984A-66FB5B6B9B13} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {69FC1478-9C17-4120-A999-49539B1C98D2} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1738504 2015-09-04] (Intel(R) Software -> Intel Corporation)
Task: {6D394EE7-BD9B-40B6-B61C-7CF6CC1A4C56} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {76E40658-CEF7-4D11-91E4-01D35F44E2AF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {8137D42F-EB2F-43EB-A776-698CFA2A5D46} - System32\Tasks\{0878759E-89D7-4069-B304-85D5D1B02C6E} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {81C69542-D639-40A3-99C3-F9D47C0C6F41} - System32\Tasks\{57CB18CA-18C0-493E-A4F6-DD23C9EDBF15} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {8B52CFBB-8C4D-40A1-B67C-63788D4F751A} - System32\Tasks\{038683BD-D6E7-4614-8F07-D83EFC18DE21} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {94E2556A-C0F9-4FE0-BDD8-F444A162B982} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {98B2959C-01C8-4617-81D2-5EC6E2E8E2AD} - System32\Tasks\{32BE4989-89FF-4CC1-BB55-973B84FA440A} => C:\Program Files (x86)\Audacity\audacity.exe
Task: {A3C4ACF0-AC34-41F0-8167-EECB0392FBD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {A92F73A6-0A57-43EE-8959-9AEFFC179F24} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" was unlocked. <==== ATTENTION
Task: {ACA3BC47-EF9B-4935-9A4A-F896A8477028} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
Task: {AD7C1240-808A-4303-8D50-E6EC258C6120} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {B29627B2-EA18-4E20-B34F-4C0E6E26267E} - System32\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000 => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2021-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {B3019D79-FC95-41DD-B7F2-3B546B4FF91F} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {B68F01B8-621D-42B7-ACEE-B3FC2605B7EE} - System32\Tasks\{30435168-8CAF-444D-94F5-4D669F89C5EE} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {BA2DDE11-C344-4ABC-9146-88FEA55CE291} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {BD567324-A810-4394-8B3F-058A3E77075C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe
Task: {C4893018-60F6-4F9F-8E33-50F6071C75CC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe
Task: {C62AF088-E3F2-43FB-8A08-022D620D7AA9} - System32\Tasks\{A6DF4408-4142-4855-8631-2B2BA2AE6D41} => C:\Windows\system32\pcalua.exe -a C:\Users\V\Evernote\AutoUpdate\Evernote_6.7.5.5825.exe -d "C:\Program Files (x86)\Evernote\Evernote" -c /qb
Task: {CD09FD93-E87B-4664-84FD-2299C48AFDA3} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel(R) Software Asset Manager -> Intel Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" was unlocked. <==== ATTENTION
Task: {D3A93B1C-C69A-4C08-B641-AC55B169CDFE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
Task: {D83096CF-3B85-4C58-AA89-C852E6433A9F} - \Pokki -> No File <==== ATTENTION
Task: {E065CF8E-8874-4A8A-A7AC-24C504278088} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E6DDB849-6882-4897-9C89-7BADFAEECD37} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {ECC27D1A-6331-4650-8153-1DCA60106C7C} - System32\Tasks\{5E702ED3-50CE-4900-B756-967F080E98E9} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {ED50A085-D013-4D6C-A13E-EA8BE6524530} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {F3B5B6BC-C515-4887-B390-63D660553792} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F61F2334-028A-4CD4-AF1B-36FBB2F64CDA} - System32\Tasks\AdobeAAMUpdater-1.0-Vendela-Desktop-V => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" was unlocked. <==== ATTENTION
Task: {FEDBC755-CE2E-4D86-8000-A649856819E3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000.job => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000.job => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{E0B65D48-D961-4B66-B151-B123EA3FD5BC}: [DhcpNameServer] 192.168.10.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\V\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-21]
FireFox:
========
FF DefaultProfile: uc0ymu7c.default-1574636001328
FF ProfilePath: C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\jygdiui4.default-release [2021-01-08]
FF Extension: (ETP Search Volume Study) - C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\jygdiui4.default-release\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-08-14]
FF ProfilePath: C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\uc0ymu7c.default-1574636001328 [2021-01-08]
FF Session Restore: Mozilla\Firefox\Profiles\uc0ymu7c.default-1574636001328 -> is enabled.
FF Extension: (uBlock Origin) - C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\uc0ymu7c.default-1574636001328\Extensions\uBlock0@raymondhill.net.xpi [2020-12-19]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin HKU\S-1-5-21-558363904-2571121243-1357282318-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\V\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-12-18] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-558363904-2571121243-1357282318-1000: pokki.com/PokkiDownloadHelper -> C:\Users\V\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
FF Plugin HKU\S-1-5-21-558363904-2571121243-1357282318-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\tossc32.dll [No File]
Chrome:
=======
CHR Profile: C:\Users\V\AppData\Local\Google\Chrome\User Data\Default [2021-01-08]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Drive) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (DuckDuckGo) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2020-12-17]
CHR Extension: (YouTube) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-05]
CHR Extension: (Web Media Center) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\boahfmccdndnpmlllehgfkpeoccmkedj [2017-06-03]
CHR Extension: (Cloud Audio Recorder) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\coiefjfjbldcapekmclpdfemapaifbmh [2018-07-16]
CHR Extension: (ZIP Extractor) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2019-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437472 2020-09-15] (Express Vpn LLC -> ExpressVPN)
S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [153296 2016-04-26] (Intel(R) Technology Access -> Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [478416 2016-04-26] (Intel(R) Technology Access -> Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd. -> Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\elevation_service.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\elevation_service.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrfl.sys [41176 2015-04-30] (Intel(R) Technology Access -> Intel Corporation)
S3 NetTap60; C:\Windows\System32\DRIVERS\nettap60.sys [51416 2015-04-30] (Intel(R) Technology Access -> Intel Corporation)
S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [36208 2020-09-15] (ExprsVPN LLC -> The OpenVPN Project)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Todos Data System AB)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
U3 aswbdisk; no ImagePath
U3 aswblog; no ImagePath
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
S3 expressvpnsplittunnel; \??\C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-08 22:57 - 2021-01-08 22:59 - 000000000 ____D C:\FRST
2021-01-08 15:20 - 2021-01-08 15:20 - 000001587 _____ C:\Users\V\Desktop\SDWinSec.exe - Shortcut (2).lnk
2021-01-08 15:18 - 2021-01-08 15:18 - 000001587 _____ C:\Users\V\Desktop\SDWinSec.exe - Shortcut.lnk
2021-01-08 05:47 - 2021-01-08 05:47 - 000000985 _____ C:\Users\Public\Desktop\BleachBit.lnk
2021-01-08 05:47 - 2021-01-08 05:47 - 000000985 _____ C:\ProgramData\Desktop\BleachBit.lnk
2021-01-08 05:47 - 2021-01-08 05:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BleachBit
2021-01-08 05:47 - 2021-01-08 05:47 - 000000000 ____D C:\Program Files (x86)\BleachBit
2020-12-31 08:42 - 2020-12-31 08:43 - 002148720 _____ C:\Users\V\Downloads\Vendela Mitchel -FORECAST – 2022(1).pdf
2020-12-28 08:31 - 2020-12-28 08:31 - 002188612 _____ C:\Users\V\Downloads\Vendela Mitchel -FORECAST-2021.pdf
2020-12-24 17:48 - 2020-12-24 17:48 - 000000000 ____D C:\Users\V\Documents\Solar Fire User Files
2020-12-24 17:48 - 2020-12-24 17:48 - 000000000 ____D C:\Users\V\AppData\Roaming\Esoteric Technologies
2020-12-24 17:48 - 2020-12-24 17:48 - 000000000 ____D C:\Users\V\AppData\Local\Esoteric Technologies
2020-12-24 16:30 - 2020-12-24 16:30 - 000001902 _____ C:\Users\Public\Desktop\Solar Fire v9.lnk
2020-12-24 16:30 - 2020-12-24 16:30 - 000001902 _____ C:\ProgramData\Desktop\Solar Fire v9.lnk
2020-12-24 16:30 - 2020-12-24 16:30 - 000000731 _____ C:\Windows\Solfire9.ini
2020-12-24 16:30 - 2020-12-24 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Esoteric Technologies
2020-12-23 08:18 - 2020-12-23 08:18 - 000053942 _____ C:\Users\V\Downloads\taxdocument (3).pdf
2020-12-22 18:28 - 2020-12-22 18:28 - 000143008 _____ C:\Users\V\Downloads\2019_12_Statement (3).pdf
2020-12-21 19:15 - 2020-12-21 19:15 - 000215019 _____ C:\Users\V\Downloads\2018_12_Statement.pdf
2020-12-21 18:36 - 2020-12-21 18:36 - 000145702 _____ C:\Users\V\Downloads\2020_1_Statement.pdf
2020-12-21 17:53 - 2020-12-21 17:53 - 000143007 _____ C:\Users\V\Downloads\2019_12_Statement (2).pdf
2020-12-21 16:26 - 2020-12-21 16:26 - 000053942 _____ C:\Users\V\Downloads\taxdocument (2).pdf
2020-12-19 17:18 - 2020-12-19 17:18 - 000053942 _____ C:\Users\V\Downloads\taxdocument (1).pdf
2020-12-19 17:16 - 2020-12-19 17:16 - 000143008 _____ C:\Users\V\Downloads\2019_12_Statement (1).pdf
2020-12-18 19:38 - 2020-12-18 19:39 - 000067663 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden.13151.20534.pdf
2020-12-18 19:35 - 2020-12-18 19:35 - 000067102 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden.12915.13786.pdf
2020-12-18 19:27 - 2020-12-18 19:27 - 000067113 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden.12461.24375.pdf
2020-12-17 13:36 - 2020-12-17 13:37 - 000143008 _____ C:\Users\V\Downloads\2019_12_Statement.pdf
2020-12-14 20:28 - 2020-12-14 20:28 - 000067549 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden_hw.16128.6810.pdf
2020-12-14 19:19 - 2020-12-14 19:19 - 000067753 _____ C:\Users\V\Downloads\astro_2anz_vendela_sweden.11953.17654.pdf
2020-12-14 19:15 - 2020-12-14 19:15 - 000067753 _____ C:\Users\V\Downloads\astro_2anz_vendela_sweden.11723.36641.pdf
2020-12-14 19:13 - 2020-12-14 19:13 - 000067107 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden_hp.11595.16754.pdf
2020-12-14 19:03 - 2020-12-14 19:03 - 000077153 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden_hw.11000.16897.pdf
2020-12-14 07:10 - 2020-12-14 07:10 - 001072300 _____ C:\Users\V\Downloads\Vendela-REKTIF.pdf
2020-12-14 07:10 - 2020-12-14 07:10 - 000308813 _____ C:\Users\V\Downloads\Vendela-Natal Chart Report.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-08 22:58 - 2009-07-13 21:13 - 000784326 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-08 22:58 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2021-01-08 22:50 - 2015-05-29 20:34 - 000000610 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000.job
2021-01-08 22:20 - 2014-03-04 14:03 - 000000514 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000.job
2021-01-08 21:20 - 2019-06-21 05:56 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-01-08 21:20 - 2019-06-21 05:56 - 000002266 _____ C:\Users\Public\Desktop\Brave.lnk
2021-01-08 21:20 - 2019-06-21 05:56 - 000002266 _____ C:\ProgramData\Desktop\Brave.lnk
2021-01-08 21:03 - 2019-06-21 05:54 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2021-01-08 19:52 - 2009-07-13 20:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-08 19:52 - 2009-07-13 20:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-08 19:44 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\Registration
2021-01-08 18:45 - 2020-05-28 16:51 - 000000000 ____D C:\Users\V\.dbus-keyrings
2021-01-08 06:24 - 2017-07-07 22:47 - 000000000 ____D C:\Users\V\AppData\Local\GoToMeeting
2021-01-08 06:24 - 2015-05-29 20:34 - 000003642 _____ C:\Windows\system32\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000
2021-01-08 06:24 - 2014-03-04 14:03 - 000003546 _____ C:\Windows\system32\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000
2021-01-08 05:48 - 2020-03-03 18:21 - 000000000 ____D C:\Users\V\AppData\Roaming\discord
2021-01-08 05:42 - 2020-09-22 15:59 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2021-01-08 05:42 - 2020-04-18 10:05 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2021-01-08 05:42 - 2012-11-16 13:46 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-08 05:40 - 2012-11-19 09:57 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-01-08 05:30 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-06 17:57 - 2017-05-05 15:15 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-06 17:57 - 2017-05-05 15:15 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-06 17:57 - 2017-05-05 15:15 - 000002189 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-06 06:13 - 2019-10-01 07:29 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-01-06 06:13 - 2019-10-01 07:29 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-01-03 09:32 - 2019-03-10 10:05 - 000000000 ____D C:\Users\V\Downloads\New
2020-12-26 09:25 - 2012-11-19 09:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-12-25 09:20 - 2012-11-16 13:51 - 000033992 _____ C:\Users\V\AppData\Local\GDIPFONTCACHEV1.DAT
2020-12-25 09:16 - 2009-07-13 20:45 - 000250288 _____ C:\Windows\system32\FNTCACHE.DAT
2020-12-23 15:18 - 2013-05-05 13:30 - 000001456 _____ C:\Users\V\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-12-23 15:01 - 2019-11-25 09:02 - 000000000 ____D C:\Users\V\AppData\Local\CrashDumps
2020-12-21 20:20 - 2020-07-13 17:01 - 000001013 _____ C:\Users\Public\Desktop\TradeLog.lnk
2020-12-21 20:20 - 2020-07-13 17:01 - 000001013 _____ C:\ProgramData\Desktop\TradeLog.lnk
2020-12-21 20:20 - 2020-07-13 17:01 - 000000000 ____D C:\Users\V\Documents\tradelog
2020-12-21 20:20 - 2020-07-13 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeLog
2020-12-19 23:15 - 2016-11-18 06:13 - 000000000 ____D C:\Users\V\AppData\LocalLow\Mozilla
2020-12-19 11:24 - 2020-10-19 16:05 - 000002229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-19 11:24 - 2020-10-19 16:05 - 000002188 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-19 11:24 - 2020-10-19 16:05 - 000002188 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-16 05:58 - 2020-09-22 16:54 - 000000000 ____D C:\Users\V\AppData\Local\Downloaded Installations
2020-12-16 05:58 - 2020-09-22 16:40 - 000000000 ____D C:\Users\V\AppData\Local\Tresorit
==================== Files in the root of some directories ========
2016-07-31 16:29 - 2016-07-31 16:29 - 000000027 ____H () C:\ProgramData\.d59546f61165ae53742c10f688282916.dat
2020-05-28 16:39 - 2020-05-28 16:39 - 000169554 _____ (BleachBit.org) C:\Program Files (x86)\uninstall.exe
2020-06-12 18:36 - 2020-06-12 18:36 - 000000132 _____ () C:\Users\V\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-01-13 14:22 - 2015-05-23 23:36 - 000000132 _____ () C:\Users\V\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-11-25 22:12 - 2020-06-12 18:38 - 000000132 _____ () C:\Users\V\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-07-20 10:38 - 2017-11-22 10:43 - 000000034 _____ () C:\Users\V\AppData\Roaming\AdobeWLCMCache.dat
2013-01-09 22:46 - 2013-01-14 20:43 - 000003072 _____ () C:\Users\V\AppData\Roaming\Photobook Designer Prefsv3
2020-05-01 18:26 - 2020-05-01 18:26 - 000018408 _____ () C:\Users\V\AppData\Roaming\UserTile.png
2014-09-30 19:21 - 2014-12-03 10:21 - 000000156 _____ () C:\Users\V\AppData\Roaming\WB.CFG
2013-05-05 13:30 - 2020-12-23 15:18 - 000001456 _____ () C:\Users\V\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-09 23:21 - 2014-12-01 16:21 - 000000010 _____ () C:\Users\V\AppData\Local\DSI.DAT
2018-09-26 09:18 - 2018-09-26 09:18 - 000000000 _____ () C:\Users\V\AppData\Local\oobelibMkey.log
2018-01-06 23:16 - 2020-05-02 08:48 - 000007611 _____ () C:\Users\V\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-01-02 10:15
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021
Ran by V (08-01-2021 23:00:25)
Running from H:\Farbar Recovery Scan Tool Bleeping Computer
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-16 21:35:26)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-558363904-2571121243-1357282318-500 - Administrator - Disabled)
Guest (S-1-5-21-558363904-2571121243-1357282318-501 - Limited - Enabled)
V (S-1-5-21-558363904-2571121243-1357282318-1000 - Administrator - Enabled) => C:\Users\V
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0_1) (Version: 19.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1939737088.1637808.1637864.0 - Audible, Inc.)
BleachBit 4.2.0.1795 (HKLM-x32\...\BleachBit) (Version: 4.2.0.1795 - BleachBit)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 87.1.18.78 - Brave Software Inc)
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - )
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\Digital Photo Professional) (Version: 3.11.27.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.11.2.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.10.1.0 - Canon Inc.)
ClamAV (HKLM\...\ClamAV_is1) (Version: 0.102.3 - Cisco Systems, Inc.)
darktable (HKLM\...\darktable) (Version: 3.0.2 - the darktable project)
Discord (HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Discord) (Version: 0.0.306 - Discord Inc.)
Evernote v. 6.22.3 (HKLM-x32\...\{B212CBD0-20F1-11EA-B312-005056951CAD}) (Version: 6.22.3.8816 - Evernote Corp.)
ExpressVPN (HKLM-x32\...\{50a2d477-790e-4407-bd6a-06a5c5ce3c1d}) (Version: 8.0.0.1381 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B856CD7D96}) (Version: 8.0.0.1381 - ExpressVPN) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{1709a432-4aab-4ad0-870d-ff74abc41bdd}) (Version: 1.9.0.1021 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
Intel(R) Technology Access Software Asset Manager (HKLM-x32\...\{C1C74874-4E6F-49B8-BBCD-D43E277D8D28}) (Version: 3.4.1942 - Intel Corporation) Hidden
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Firefox 81.0 (x64 en-US) (HKLM\...\Mozilla Firefox 81.0 (x64 en-US)) (Version: 81.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.0.2 - OBS Project)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
RescueTime 2.12.4.1450 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Security Task Manager 2.3e (HKLM-x32\...\Security Task Manager) (Version: 2.3e - Neuber Software)
Shooter Suite v12.3.2 (HKLM-x32\...\{7DFC5E36-8CC9-4EC5-9C24-A3770A669E3F}_is1) (Version: 12.3.2 - Red Giant, LLC)
Solar Fire v9 (HKLM-x32\...\{93397832-4E51-47E9-A10D-6C17C50E1F17}) (Version: 9.0.25 - Esoteric Technologies Pty Ltd)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.2 - Krzysztof Kowalczyk)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tradelog (HKLM-x32\...\TradeLog_is1) (Version: 15 - Cogenta Computing, Inc.)
Tresorit (HKLM-x32\...\{1C482EFC-5175-48D4-B57D-0C2F160936B2}) (Version: 3.5.2432.1370 - Tresorit)
Tresorit for Outlook (HKLM-x32\...\{814BC99F-BCBF-4A8B-BBB8-1B216DCA8921}) (Version: 1.0.85.85 - Tresorit)
Zoom (HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{1B8DEAA1-E192-429B-89A7-89BD19183A67} -> [Tresorit Drive] => T:\0
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{822B4859-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll (Tresorit Kft. -> )
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{822B485A-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll (Tresorit Kft. -> )
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{822B485B-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll (Tresorit Kft. -> )
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\V\AppData\Local\GoToMeeting\18962\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{D6EB3938-8CBE-4CC5-8CFA-C89750619193} -> [Synced Tresors] => %USERPROFILE%\.tresorit\Tresors0
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1_S-1-5-21-558363904-2571121243-1357282318-1000: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll [2020-09-22] (Tresorit Kft. -> )
ContextMenuHandlers4_S-1-5-21-558363904-2571121243-1357282318-1000: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll [2020-09-22] (Tresorit Kft. -> )
ContextMenuHandlers5_S-1-5-21-558363904-2571121243-1357282318-1000: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll [2020-09-22] (Tresorit Kft. -> )
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name="BVTConsumer"",Filter="__EventFilter.Name="BVTFilter"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2021-01-02 13:40 - 2021-01-02 13:40 - 000027136 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_bz2.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000035328 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_ctypes.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000067072 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_decimal.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000368128 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_hashlib.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000009728 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_scandir.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000019968 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_socket.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000020480 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_sqlite3.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000537600 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_ssl.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000082944 _____ () [File not signed] C:\Program Files (x86)\BleachBit\gi._gi.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000592384 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libcairo-gobject-2.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000287744 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libepoxy-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000015872 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libffi-6.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000106496 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libfontconfig-1.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000266752 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libfreetype-6.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000070656 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libgirepository-1.0-1.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000237568 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libharfbuzz-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000102400 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libjasper-1.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000104960 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libjpeg-8.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000093184 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libpng16-16.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000098816 _____ () [File not signed] C:\Program Files (x86)\BleachBit\librsvg-2-2.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000197632 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libtiff-5.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000118272 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libwebp-5.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000448512 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libxmlxpat.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000130560 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libzzz.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000052224 _____ () [File not signed] C:\Program Files (x86)\BleachBit\pyexpat.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000131072 _____ () [File not signed] C:\Program Files (x86)\BleachBit\pythoncom34.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000050688 _____ () [File not signed] C:\Program Files (x86)\BleachBit\pywintypes34.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000299008 _____ () [File not signed] C:\Program Files (x86)\BleachBit\unicodedata.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000034304 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32api.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000118784 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32com.shell.shell.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000037888 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32file.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000047616 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32gui.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000036352 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32security.pyd
2015-07-07 10:44 - 2015-07-07 10:44 - 000088064 _____ () [File not signed] C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000044544 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\BleachBit\libintl-8.dll
2015-02-08 09:53 - 2015-02-08 09:53 - 000501248 _____ (iMatix Corporation) [File not signed] C:\Program Files\Intel Corporation\Intel(R) Technology Access\libzmq-v120-mt-3_2_4.dll
2019-12-11 17:57 - 2019-12-11 17:57 - 000019968 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\381150874a7d9193173a6be9ae02975a\IAStorCommon.ni.dll
2020-01-16 10:00 - 2020-01-16 10:00 - 000379392 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\a172f6a28e83f214403475f218a838a8\IAStorUtil.ni.dll
2015-02-08 10:20 - 2015-02-08 10:20 - 000111840 _____ (Intel(R) Technology Access -> NT Kernel Resources) [File not signed] C:\Program Files\Intel Corporation\Intel(R) Technology Access\ndisapi.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000346112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\BleachBit\MSVCR100.dll
2019-12-11 17:57 - 2019-12-11 17:57 - 000027136 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\1940d3df103eed000444fff76f95a709\IAStorDataMgrSvcInterfaces.ni.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000022528 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files (x86)\BleachBit\libwinpthread-1.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 001084928 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\BleachBit\python34.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000104960 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpango-1.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000021504 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpangocairo-1.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000030208 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpangoft2-1.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000025600 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpangowin32-1.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000424373 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\BleachBit\sqlite3.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000039424 _____ (Sun Microsystems Inc.) [File not signed] C:\Program Files (x86)\BleachBit\libatk-1.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000411136 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgio-2.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000455168 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libglib-2.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000009728 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgmodule-2.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000099840 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgobject-2.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000093696 _____ (The GTK developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgdk_pixbuf-2.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000249344 _____ (The GTK developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgdk-3-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 001592320 _____ (The GTK developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgtk-3-0.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 11) (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-558363904-2571121243-1357282318-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\BHO\ie_to_edge_bho_64.dll => No File
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\BHO\ie_to_edge_bho.dll => No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll => No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll => No File
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2020-04-26 20:45 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\V\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: TrustedInstaller => 3
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{9D9D0D71-7A2F-4094-A325-E252B4A5CF3B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
FirewallRules: [UDP Query User{0B460939-4E96-425F-9261-84096B29EBD3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
FirewallRules: [TCP Query User{3CF95B4F-EBE8-4F56-AA30-8C00212BD5B2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
FirewallRules: [UDP Query User{A1CF92F9-057B-424F-B27C-A7EF26CCE676}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
FirewallRules: [{E57D21BF-A810-4C86-BBDF-A46A9648DA7F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{546A1AA9-E650-4ED1-ABC6-8794F448F702}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A644EC56-B3A9-41A7-A24D-4025BC0073FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{A46E5391-EB86-49EE-8DAE-1E7F48422899}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{157883BD-BC7F-4409-865F-CB9012E3CAAE}C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Allow) C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe => No File
FirewallRules: [UDP Query User{699998A5-9C8D-4943-8215-D5853B4C1C2E}C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Allow) C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe => No File
FirewallRules: [TCP Query User{B73FF379-3BB4-4BCA-8202-7AAE65CF27B4}C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe => No File
FirewallRules: [UDP Query User{EB9035D6-B08D-4019-AD9F-DAF1578CA1EE}C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe => No File
FirewallRules: [{3CCB747D-B09A-49C5-8C9D-A197D5F2FCE8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
FirewallRules: [{BBF3C7D9-F91A-4910-86E8-60094468FBD7}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Restore Points =========================
21-12-2020 05:48:52 Intel(R) Technology Access
24-12-2020 16:28:10 Installed Solar Fire v9.
26-12-2020 08:39:53 Revo Uninstaller's restore point - Adobe Flash Player 32 ActiveX
31-12-2020 19:46:38 Intel(R) Technology Access
01-01-2021 15:19:44 Intel(R) Technology Access
==================== Faulty Device Manager Devices ============
Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (01/08/2021 03:22:43 PM) (Source: MsiInstaller) (EventID: 11706) (User: V-Desktop)
Description: Product: Evernote v. 6.22.3 -- Error 1706. An installation package for the product Evernote v. 6.22.3 cannot be found. Try the installation again using a valid copy of the installation package 'Evernote.msi'.
Error: (01/08/2021 03:21:31 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/08/2021 03:21:16 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/08/2021 03:20:44 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/08/2021 03:16:22 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/08/2021 03:13:53 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/08/2021 06:04:16 AM) (Source: MsiInstaller) (EventID: 11706) (User: V-Desktop)
Description: Product: Evernote v. 6.22.3 -- Error 1706. An installation package for the product Evernote v. 6.22.3 cannot be found. Try the installation again using a valid copy of the installation package 'Evernote.msi'.
Error: (01/08/2021 06:01:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
System errors:
=============
Error: (01/08/2021 02:47:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/08/2021 05:33:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/07/2021 05:49:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/06/2021 05:57:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/05/2021 06:00:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2021 06:00:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/03/2021 09:27:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/02/2021 09:48:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Windows Defender:
===================================
Date: 2015-10-30 09:22:58.550
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Pokki&threatid=223536
Name:BrowserModifier:Win32/Pokki
ID:223536
Severity:High
Category:Browser Modifier
Path Found:file:C:\Users\V\AppData\Local\Pokki\analytics.db;file:C:\Users\V\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll;file:C:\Users\V\AppData\Local\Pokki\Download Helper\PokkiDownloadHelper.exe;file:C:\Users\V\AppData\Local\Pokki\Engine-old\HostAppServiceUpdater.exe;file:C:\Users\V\AppData\Local\Pokki\Engine\avcodec-54.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\avformat-54.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\avutil-51.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_100_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_touch_100_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_touch_140_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_touch_180_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\content_resources.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\D3DCompiler_43.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\d3dx9_43.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\en
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
Date: 2015-10-30 09:20:28.246
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Pokki&threatid=223536
Name:BrowserModifier:Win32/Pokki
ID:223536
Severity:High
Category:Browser Modifier
Path Found:file:C:\Users\V\AppData\Local\Pokki\Engine\HostAppService.exe;file:C:\Users\V\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe;file:C:\Users\V\AppData\Local\Pokki\Engine\StartMenuIndexer.exe;process:pid:2052,ProcessStart:130906945176976917;process:pid:3908,ProcessStart:130906945356642270;process:pid:6296,ProcessStart:130906946407782392;process:pid:6700,ProcessStart:130906947794091684
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
Date: 2015-10-30 09:12:03.987
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Pokki&threatid=223536
Name:BrowserModifier:Win32/Pokki
ID:223536
Severity:High
Category:Browser Modifier
Path Found:file:C:\Users\V\AppData\Local\Pokki\Engine\HostAppService.exe
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
Date: 2015-07-03 04:40:17.005
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/AlterbookSP&threatid=211888
Name:BrowserModifier:Win32/AlterbookSP
ID:211888
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;file:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe;file:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe;folder:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\;folder:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe
Date: 2014-02-01 13:04:01.918
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{0E46452A-003F-4FF3-9081-6409DA766EC7}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
Date: 2015-10-30 09:24:57.357
Description:
Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Pokki&threatid=223536
Name:BrowserModifier:Win32/Pokki
ID:223536
Severity:High
Category:Browser Modifier
Path:
Action:Remove
Error Code:0x80070005
Error description:Access is denied.
Status:
==================== Memory info ===========================
BIOS: American Megatrends Inc. P1.50 09/12/2012
Motherboard: ASRock B75 Pro3
Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 88%
Total physical RAM: 7877.16 MB
Available physical RAM: 914.12 MB
Total Virtual: 15752.47 MB
Available Virtual: 8882.83 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:931.51 GB) (Free:469.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Storage1) (Fixed) (Total:931.51 GB) (Free:182.36 GB) NTFS
Drive g: (Storage 3) (Fixed) (Total:3725.9 GB) (Free:3113.76 GB) NTFS
Drive h: () (Removable) (Total:1.9 GB) (Free:1.84 GB) FAT
Drive k: (Storage2) (Fixed) (Total:3725.9 GB) (Free:311.8 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0D487958)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C92B546C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 3 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 8 (Size: 1.9 GB) (Disk ID: 02F4D469)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
==================== End of Addition.txt =======================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2021-01-08 23:33:40
-----------------------------
23:33:40.306 OS Version: Windows x64 6.1.7601 Service Pack 1
23:33:40.307 Number of processors: 4 586 0x3A09
23:33:40.307 ComputerName: VENDELA-DESKTOP UserName: V
23:33:41.637 Initialize success
23:33:41.669 VM: initialized successfully
23:33:41.670 VM: Intel CPU supported
23:33:54.888 VM: disk I/O iaStorA.sys
23:53:28.096 AVAST engine defs: 17030301
23:54:04.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
23:54:04.957 Disk 0 Vendor: ATA_____ 1V02 Size: 953869MB BusType: 11
23:54:04.960 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005d
23:54:04.963 Disk 1 Vendor: ATA_____ 1V02 Size: 953869MB BusType: 11
23:54:04.967 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000060
23:54:04.971 Disk 2 Vendor: ATA_____ 1K02 Size: 3815447MB BusType: 11
23:54:04.975 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T0L0-1
23:54:04.979 Disk 3 Vendor: WDC_WD4000FYYZ-01UL1B2 01.01K03 Size: 3815447MB BusType: 11
23:54:05.091 Disk 0 MBR read successfully
23:54:05.095 Disk 0 MBR scan
23:54:05.160 Disk 0 Windows 7 default MBR code
23:54:05.164 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
23:54:05.168 Disk 0 default boot code
23:54:05.184 Disk 0 scanning C:\Windows\system32\drivers
23:54:12.059 Service scanning
23:54:26.620 Modules scanning
23:54:26.627 Disk 0 trace - called modules:
23:54:26.666 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
23:54:26.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80094e4060]
23:54:26.677 3 CLASSPNP.SYS[fffff88000c7643f] -> nt!IofCallDriver -> [0xfffffa800931f8d0]
23:54:26.682 5 iaStorF.sys[fffff880019e8168] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80072659c0]
23:54:27.909 AVAST engine scan C:\Windows
23:54:29.976 AVAST engine scan C:\Windows\system32
23:56:43.233 AVAST engine scan C:\Windows\system32\drivers
23:56:52.526 AVAST engine scan C:\Users\V
00:01:26.553 Disk 0 MBR has been saved successfully to "H:\Post 2021-01-09\MBR.dat"
00:01:26.569 The log file has been saved successfully to "H:\Post 2021-01-09\aswMBR.txt"
I ran Spybot one day and it found PU.SpeedTest 131 (which it was able to remove) and six PUPS-004 (which it said were not possible to remove since they were still working in memory or something like that - and that Spybot would start up again after a reboot and remove them)
Next morning Spybot did start up automatically like it had said it would, and when I ran it again I got the same message that the PUPS could not be removed due to being active in memory.
So I ran Bleachbit after first updating it and restarting. I ran it with the same settings I always use every morning. But this time after it was done I was not able to open any programs with any shortcuts anywhere - not even SpyBot - even if I go into Programs - it appears the programs are no longer there, but the names and the shortcuts are still visible.
I don't know if the PUPS caused this or if something was changed in the update and Bleachbit caused this, but please help :sad:
Thank you for being here! :thanks: :)
The logs are as follows:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-01-2021
Ran by V (administrator) on VENDELA-DESKTOP (08-01-2021 22:59:16)
Running from H:\Farbar Recovery Scan Tool Bleeping Computer
Loaded Profiles: V
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Andrew Ziem -> ) C:\Program Files (x86)\BleachBit\bleachbit.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel(R) Technology Access -> Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Intel(R) Technology Access -> Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer Networking Ltd. -> Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Tresorit Kft. -> Tresorit) C:\Users\V\AppData\Local\Tresorit\v0.8\Tresorit.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [IMSS] => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
HKLM-x32\...\Run: [ExpressVPNNotificationService] => "C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe"
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [Zoom] => [X]
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [Tresorit] => C:\Users\V\AppData\Local\Tresorit\v0.8\Tresorit.exe [32804376 2020-12-10] (Tresorit Kft. -> Tresorit)
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [1161440 2020-09-15] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\MountPoints2: {80b1b2c4-3037-11e2-8b00-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG6200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAU.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6200 series: C:\Windows\system32\CNMLMAU.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\87.1.18.78\Installer\chrmstp.exe [2021-01-08] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk.disabled [2013-12-13]
ShortcutTarget: ImageBrowser EX Agent.lnk.disabled -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk [2015-05-05]
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (No File)
Startup: C:\Users\V\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk.disabled [2014-12-30]
ShortcutTarget: EvernoteClipper.lnk.disabled -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (No File)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0635FD96-1F8D-4513-80FA-193194F4DF4F} - System32\Tasks\{068590DC-6521-4BA5-8EF5-5893A2969D69} => C:\Windows\system32\pcalua.exe -a C:\Users\V\AppData\Local\Evernote\Evernote\AutoUpdate\Evernote_6.5.4.4720.exe -d "C:\Program Files (x86)\Evernote\Evernote" -c /qb
Task: {0E250BC7-950C-42A3-B186-FD9B6DF92A51} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel(R) Software Asset Manager -> Intel Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d" was unlocked. <==== ATTENTION
Task: {12DF64C9-2537-4846-994B-A2A56DD47137} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
Task: {1E97F4FF-4D5A-4284-962A-9FE97BE7F343} - System32\Tasks\{A2A5DDC7-FC65-4D4C-8BD2-322C87E57169} => C:\Windows\system32\pcalua.exe -a C:\Users\V\Desktop\shb_kortlasare.exe -d C:\Users\V\Desktop
Task: {245D3C31-2C5E-4EEF-95C5-8E69FB8EF5BE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {260A87B6-2C85-4FE1-AACA-211C3E96A52B} - System32\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000 => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2021-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {3C2B5431-B579-4F1B-9454-8E8430DFCB69} - System32\Tasks\{A45E7AF1-28B8-45C3-9CC9-8CA857FF4B28} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" was unlocked. <==== ATTENTION
Task: {3F784A64-5FBC-487E-B26E-99232C30D96C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
Task: {41218B50-BD6D-471B-AE39-155B7440B10B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {4A5D48AC-1DC3-45B7-B303-CCB695ADB9B7} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {4E628E33-1E42-4066-9EA1-4DE1625B66E9} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {5A2D3CA9-CEC3-4841-8666-05A29A00F605} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {5F745D9A-EDA3-42FF-AFF4-E7F464DB4147} - System32\Tasks\{97BEA7E4-3AF6-41F3-984A-66FB5B6B9B13} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {69FC1478-9C17-4120-A999-49539B1C98D2} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1738504 2015-09-04] (Intel(R) Software -> Intel Corporation)
Task: {6D394EE7-BD9B-40B6-B61C-7CF6CC1A4C56} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {76E40658-CEF7-4D11-91E4-01D35F44E2AF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {8137D42F-EB2F-43EB-A776-698CFA2A5D46} - System32\Tasks\{0878759E-89D7-4069-B304-85D5D1B02C6E} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {81C69542-D639-40A3-99C3-F9D47C0C6F41} - System32\Tasks\{57CB18CA-18C0-493E-A4F6-DD23C9EDBF15} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {8B52CFBB-8C4D-40A1-B67C-63788D4F751A} - System32\Tasks\{038683BD-D6E7-4614-8F07-D83EFC18DE21} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {94E2556A-C0F9-4FE0-BDD8-F444A162B982} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {98B2959C-01C8-4617-81D2-5EC6E2E8E2AD} - System32\Tasks\{32BE4989-89FF-4CC1-BB55-973B84FA440A} => C:\Program Files (x86)\Audacity\audacity.exe
Task: {A3C4ACF0-AC34-41F0-8167-EECB0392FBD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {A92F73A6-0A57-43EE-8959-9AEFFC179F24} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" was unlocked. <==== ATTENTION
Task: {ACA3BC47-EF9B-4935-9A4A-F896A8477028} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
Task: {AD7C1240-808A-4303-8D50-E6EC258C6120} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {B29627B2-EA18-4E20-B34F-4C0E6E26267E} - System32\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000 => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2021-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {B3019D79-FC95-41DD-B7F2-3B546B4FF91F} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {B68F01B8-621D-42B7-ACEE-B3FC2605B7EE} - System32\Tasks\{30435168-8CAF-444D-94F5-4D669F89C5EE} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {BA2DDE11-C344-4ABC-9146-88FEA55CE291} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {BD567324-A810-4394-8B3F-058A3E77075C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe
Task: {C4893018-60F6-4F9F-8E33-50F6071C75CC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe
Task: {C62AF088-E3F2-43FB-8A08-022D620D7AA9} - System32\Tasks\{A6DF4408-4142-4855-8631-2B2BA2AE6D41} => C:\Windows\system32\pcalua.exe -a C:\Users\V\Evernote\AutoUpdate\Evernote_6.7.5.5825.exe -d "C:\Program Files (x86)\Evernote\Evernote" -c /qb
Task: {CD09FD93-E87B-4664-84FD-2299C48AFDA3} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel(R) Software Asset Manager -> Intel Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" was unlocked. <==== ATTENTION
Task: {D3A93B1C-C69A-4C08-B641-AC55B169CDFE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
Task: {D83096CF-3B85-4C58-AA89-C852E6433A9F} - \Pokki -> No File <==== ATTENTION
Task: {E065CF8E-8874-4A8A-A7AC-24C504278088} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E6DDB849-6882-4897-9C89-7BADFAEECD37} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {ECC27D1A-6331-4650-8153-1DCA60106C7C} - System32\Tasks\{5E702ED3-50CE-4900-B756-967F080E98E9} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {ED50A085-D013-4D6C-A13E-EA8BE6524530} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {F3B5B6BC-C515-4887-B390-63D660553792} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F61F2334-028A-4CD4-AF1B-36FBB2F64CDA} - System32\Tasks\AdobeAAMUpdater-1.0-Vendela-Desktop-V => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" was unlocked. <==== ATTENTION
Task: {FEDBC755-CE2E-4D86-8000-A649856819E3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000.job => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000.job => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{E0B65D48-D961-4B66-B151-B123EA3FD5BC}: [DhcpNameServer] 192.168.10.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\V\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-21]
FireFox:
========
FF DefaultProfile: uc0ymu7c.default-1574636001328
FF ProfilePath: C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\jygdiui4.default-release [2021-01-08]
FF Extension: (ETP Search Volume Study) - C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\jygdiui4.default-release\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-08-14]
FF ProfilePath: C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\uc0ymu7c.default-1574636001328 [2021-01-08]
FF Session Restore: Mozilla\Firefox\Profiles\uc0ymu7c.default-1574636001328 -> is enabled.
FF Extension: (uBlock Origin) - C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\uc0ymu7c.default-1574636001328\Extensions\uBlock0@raymondhill.net.xpi [2020-12-19]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin HKU\S-1-5-21-558363904-2571121243-1357282318-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\V\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-12-18] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-558363904-2571121243-1357282318-1000: pokki.com/PokkiDownloadHelper -> C:\Users\V\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
FF Plugin HKU\S-1-5-21-558363904-2571121243-1357282318-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\tossc32.dll [No File]
Chrome:
=======
CHR Profile: C:\Users\V\AppData\Local\Google\Chrome\User Data\Default [2021-01-08]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Drive) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (DuckDuckGo) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2020-12-17]
CHR Extension: (YouTube) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-05]
CHR Extension: (Web Media Center) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\boahfmccdndnpmlllehgfkpeoccmkedj [2017-06-03]
CHR Extension: (Cloud Audio Recorder) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\coiefjfjbldcapekmclpdfemapaifbmh [2018-07-16]
CHR Extension: (ZIP Extractor) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2019-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437472 2020-09-15] (Express Vpn LLC -> ExpressVPN)
S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [153296 2016-04-26] (Intel(R) Technology Access -> Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [478416 2016-04-26] (Intel(R) Technology Access -> Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd. -> Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\elevation_service.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\elevation_service.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrfl.sys [41176 2015-04-30] (Intel(R) Technology Access -> Intel Corporation)
S3 NetTap60; C:\Windows\System32\DRIVERS\nettap60.sys [51416 2015-04-30] (Intel(R) Technology Access -> Intel Corporation)
S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [36208 2020-09-15] (ExprsVPN LLC -> The OpenVPN Project)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Todos Data System AB)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
U3 aswbdisk; no ImagePath
U3 aswblog; no ImagePath
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
S3 expressvpnsplittunnel; \??\C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-08 22:57 - 2021-01-08 22:59 - 000000000 ____D C:\FRST
2021-01-08 15:20 - 2021-01-08 15:20 - 000001587 _____ C:\Users\V\Desktop\SDWinSec.exe - Shortcut (2).lnk
2021-01-08 15:18 - 2021-01-08 15:18 - 000001587 _____ C:\Users\V\Desktop\SDWinSec.exe - Shortcut.lnk
2021-01-08 05:47 - 2021-01-08 05:47 - 000000985 _____ C:\Users\Public\Desktop\BleachBit.lnk
2021-01-08 05:47 - 2021-01-08 05:47 - 000000985 _____ C:\ProgramData\Desktop\BleachBit.lnk
2021-01-08 05:47 - 2021-01-08 05:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BleachBit
2021-01-08 05:47 - 2021-01-08 05:47 - 000000000 ____D C:\Program Files (x86)\BleachBit
2020-12-31 08:42 - 2020-12-31 08:43 - 002148720 _____ C:\Users\V\Downloads\Vendela Mitchel -FORECAST – 2022(1).pdf
2020-12-28 08:31 - 2020-12-28 08:31 - 002188612 _____ C:\Users\V\Downloads\Vendela Mitchel -FORECAST-2021.pdf
2020-12-24 17:48 - 2020-12-24 17:48 - 000000000 ____D C:\Users\V\Documents\Solar Fire User Files
2020-12-24 17:48 - 2020-12-24 17:48 - 000000000 ____D C:\Users\V\AppData\Roaming\Esoteric Technologies
2020-12-24 17:48 - 2020-12-24 17:48 - 000000000 ____D C:\Users\V\AppData\Local\Esoteric Technologies
2020-12-24 16:30 - 2020-12-24 16:30 - 000001902 _____ C:\Users\Public\Desktop\Solar Fire v9.lnk
2020-12-24 16:30 - 2020-12-24 16:30 - 000001902 _____ C:\ProgramData\Desktop\Solar Fire v9.lnk
2020-12-24 16:30 - 2020-12-24 16:30 - 000000731 _____ C:\Windows\Solfire9.ini
2020-12-24 16:30 - 2020-12-24 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Esoteric Technologies
2020-12-23 08:18 - 2020-12-23 08:18 - 000053942 _____ C:\Users\V\Downloads\taxdocument (3).pdf
2020-12-22 18:28 - 2020-12-22 18:28 - 000143008 _____ C:\Users\V\Downloads\2019_12_Statement (3).pdf
2020-12-21 19:15 - 2020-12-21 19:15 - 000215019 _____ C:\Users\V\Downloads\2018_12_Statement.pdf
2020-12-21 18:36 - 2020-12-21 18:36 - 000145702 _____ C:\Users\V\Downloads\2020_1_Statement.pdf
2020-12-21 17:53 - 2020-12-21 17:53 - 000143007 _____ C:\Users\V\Downloads\2019_12_Statement (2).pdf
2020-12-21 16:26 - 2020-12-21 16:26 - 000053942 _____ C:\Users\V\Downloads\taxdocument (2).pdf
2020-12-19 17:18 - 2020-12-19 17:18 - 000053942 _____ C:\Users\V\Downloads\taxdocument (1).pdf
2020-12-19 17:16 - 2020-12-19 17:16 - 000143008 _____ C:\Users\V\Downloads\2019_12_Statement (1).pdf
2020-12-18 19:38 - 2020-12-18 19:39 - 000067663 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden.13151.20534.pdf
2020-12-18 19:35 - 2020-12-18 19:35 - 000067102 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden.12915.13786.pdf
2020-12-18 19:27 - 2020-12-18 19:27 - 000067113 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden.12461.24375.pdf
2020-12-17 13:36 - 2020-12-17 13:37 - 000143008 _____ C:\Users\V\Downloads\2019_12_Statement.pdf
2020-12-14 20:28 - 2020-12-14 20:28 - 000067549 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden_hw.16128.6810.pdf
2020-12-14 19:19 - 2020-12-14 19:19 - 000067753 _____ C:\Users\V\Downloads\astro_2anz_vendela_sweden.11953.17654.pdf
2020-12-14 19:15 - 2020-12-14 19:15 - 000067753 _____ C:\Users\V\Downloads\astro_2anz_vendela_sweden.11723.36641.pdf
2020-12-14 19:13 - 2020-12-14 19:13 - 000067107 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden_hp.11595.16754.pdf
2020-12-14 19:03 - 2020-12-14 19:03 - 000077153 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden_hw.11000.16897.pdf
2020-12-14 07:10 - 2020-12-14 07:10 - 001072300 _____ C:\Users\V\Downloads\Vendela-REKTIF.pdf
2020-12-14 07:10 - 2020-12-14 07:10 - 000308813 _____ C:\Users\V\Downloads\Vendela-Natal Chart Report.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-08 22:58 - 2009-07-13 21:13 - 000784326 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-08 22:58 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2021-01-08 22:50 - 2015-05-29 20:34 - 000000610 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000.job
2021-01-08 22:20 - 2014-03-04 14:03 - 000000514 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000.job
2021-01-08 21:20 - 2019-06-21 05:56 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-01-08 21:20 - 2019-06-21 05:56 - 000002266 _____ C:\Users\Public\Desktop\Brave.lnk
2021-01-08 21:20 - 2019-06-21 05:56 - 000002266 _____ C:\ProgramData\Desktop\Brave.lnk
2021-01-08 21:03 - 2019-06-21 05:54 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2021-01-08 19:52 - 2009-07-13 20:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-08 19:52 - 2009-07-13 20:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-08 19:44 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\Registration
2021-01-08 18:45 - 2020-05-28 16:51 - 000000000 ____D C:\Users\V\.dbus-keyrings
2021-01-08 06:24 - 2017-07-07 22:47 - 000000000 ____D C:\Users\V\AppData\Local\GoToMeeting
2021-01-08 06:24 - 2015-05-29 20:34 - 000003642 _____ C:\Windows\system32\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000
2021-01-08 06:24 - 2014-03-04 14:03 - 000003546 _____ C:\Windows\system32\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000
2021-01-08 05:48 - 2020-03-03 18:21 - 000000000 ____D C:\Users\V\AppData\Roaming\discord
2021-01-08 05:42 - 2020-09-22 15:59 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2021-01-08 05:42 - 2020-04-18 10:05 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2021-01-08 05:42 - 2012-11-16 13:46 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-08 05:40 - 2012-11-19 09:57 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-01-08 05:30 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-06 17:57 - 2017-05-05 15:15 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-06 17:57 - 2017-05-05 15:15 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-06 17:57 - 2017-05-05 15:15 - 000002189 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-06 06:13 - 2019-10-01 07:29 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-01-06 06:13 - 2019-10-01 07:29 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-01-03 09:32 - 2019-03-10 10:05 - 000000000 ____D C:\Users\V\Downloads\New
2020-12-26 09:25 - 2012-11-19 09:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-12-25 09:20 - 2012-11-16 13:51 - 000033992 _____ C:\Users\V\AppData\Local\GDIPFONTCACHEV1.DAT
2020-12-25 09:16 - 2009-07-13 20:45 - 000250288 _____ C:\Windows\system32\FNTCACHE.DAT
2020-12-23 15:18 - 2013-05-05 13:30 - 000001456 _____ C:\Users\V\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-12-23 15:01 - 2019-11-25 09:02 - 000000000 ____D C:\Users\V\AppData\Local\CrashDumps
2020-12-21 20:20 - 2020-07-13 17:01 - 000001013 _____ C:\Users\Public\Desktop\TradeLog.lnk
2020-12-21 20:20 - 2020-07-13 17:01 - 000001013 _____ C:\ProgramData\Desktop\TradeLog.lnk
2020-12-21 20:20 - 2020-07-13 17:01 - 000000000 ____D C:\Users\V\Documents\tradelog
2020-12-21 20:20 - 2020-07-13 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeLog
2020-12-19 23:15 - 2016-11-18 06:13 - 000000000 ____D C:\Users\V\AppData\LocalLow\Mozilla
2020-12-19 11:24 - 2020-10-19 16:05 - 000002229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-19 11:24 - 2020-10-19 16:05 - 000002188 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-19 11:24 - 2020-10-19 16:05 - 000002188 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-16 05:58 - 2020-09-22 16:54 - 000000000 ____D C:\Users\V\AppData\Local\Downloaded Installations
2020-12-16 05:58 - 2020-09-22 16:40 - 000000000 ____D C:\Users\V\AppData\Local\Tresorit
==================== Files in the root of some directories ========
2016-07-31 16:29 - 2016-07-31 16:29 - 000000027 ____H () C:\ProgramData\.d59546f61165ae53742c10f688282916.dat
2020-05-28 16:39 - 2020-05-28 16:39 - 000169554 _____ (BleachBit.org) C:\Program Files (x86)\uninstall.exe
2020-06-12 18:36 - 2020-06-12 18:36 - 000000132 _____ () C:\Users\V\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-01-13 14:22 - 2015-05-23 23:36 - 000000132 _____ () C:\Users\V\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-11-25 22:12 - 2020-06-12 18:38 - 000000132 _____ () C:\Users\V\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-07-20 10:38 - 2017-11-22 10:43 - 000000034 _____ () C:\Users\V\AppData\Roaming\AdobeWLCMCache.dat
2013-01-09 22:46 - 2013-01-14 20:43 - 000003072 _____ () C:\Users\V\AppData\Roaming\Photobook Designer Prefsv3
2020-05-01 18:26 - 2020-05-01 18:26 - 000018408 _____ () C:\Users\V\AppData\Roaming\UserTile.png
2014-09-30 19:21 - 2014-12-03 10:21 - 000000156 _____ () C:\Users\V\AppData\Roaming\WB.CFG
2013-05-05 13:30 - 2020-12-23 15:18 - 000001456 _____ () C:\Users\V\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-09 23:21 - 2014-12-01 16:21 - 000000010 _____ () C:\Users\V\AppData\Local\DSI.DAT
2018-09-26 09:18 - 2018-09-26 09:18 - 000000000 _____ () C:\Users\V\AppData\Local\oobelibMkey.log
2018-01-06 23:16 - 2020-05-02 08:48 - 000007611 _____ () C:\Users\V\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-01-02 10:15
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021
Ran by V (08-01-2021 23:00:25)
Running from H:\Farbar Recovery Scan Tool Bleeping Computer
Windows 7 Home Premium Service Pack 1 (X64) (2012-11-16 21:35:26)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-558363904-2571121243-1357282318-500 - Administrator - Disabled)
Guest (S-1-5-21-558363904-2571121243-1357282318-501 - Limited - Enabled)
V (S-1-5-21-558363904-2571121243-1357282318-1000 - Administrator - Enabled) => C:\Users\V
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0_1) (Version: 19.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1939737088.1637808.1637864.0 - Audible, Inc.)
BleachBit 4.2.0.1795 (HKLM-x32\...\BleachBit) (Version: 4.2.0.1795 - BleachBit)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 87.1.18.78 - Brave Software Inc)
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - )
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\Digital Photo Professional) (Version: 3.11.27.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.11.2.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.10.1.0 - Canon Inc.)
ClamAV (HKLM\...\ClamAV_is1) (Version: 0.102.3 - Cisco Systems, Inc.)
darktable (HKLM\...\darktable) (Version: 3.0.2 - the darktable project)
Discord (HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Discord) (Version: 0.0.306 - Discord Inc.)
Evernote v. 6.22.3 (HKLM-x32\...\{B212CBD0-20F1-11EA-B312-005056951CAD}) (Version: 6.22.3.8816 - Evernote Corp.)
ExpressVPN (HKLM-x32\...\{50a2d477-790e-4407-bd6a-06a5c5ce3c1d}) (Version: 8.0.0.1381 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B856CD7D96}) (Version: 8.0.0.1381 - ExpressVPN) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{1709a432-4aab-4ad0-870d-ff74abc41bdd}) (Version: 1.9.0.1021 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
Intel(R) Technology Access Software Asset Manager (HKLM-x32\...\{C1C74874-4E6F-49B8-BBCD-D43E277D8D28}) (Version: 3.4.1942 - Intel Corporation) Hidden
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Firefox 81.0 (x64 en-US) (HKLM\...\Mozilla Firefox 81.0 (x64 en-US)) (Version: 81.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.0.2 - OBS Project)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
RescueTime 2.12.4.1450 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Security Task Manager 2.3e (HKLM-x32\...\Security Task Manager) (Version: 2.3e - Neuber Software)
Shooter Suite v12.3.2 (HKLM-x32\...\{7DFC5E36-8CC9-4EC5-9C24-A3770A669E3F}_is1) (Version: 12.3.2 - Red Giant, LLC)
Solar Fire v9 (HKLM-x32\...\{93397832-4E51-47E9-A10D-6C17C50E1F17}) (Version: 9.0.25 - Esoteric Technologies Pty Ltd)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.2 - Krzysztof Kowalczyk)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tradelog (HKLM-x32\...\TradeLog_is1) (Version: 15 - Cogenta Computing, Inc.)
Tresorit (HKLM-x32\...\{1C482EFC-5175-48D4-B57D-0C2F160936B2}) (Version: 3.5.2432.1370 - Tresorit)
Tresorit for Outlook (HKLM-x32\...\{814BC99F-BCBF-4A8B-BBB8-1B216DCA8921}) (Version: 1.0.85.85 - Tresorit)
Zoom (HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{1B8DEAA1-E192-429B-89A7-89BD19183A67} -> [Tresorit Drive] => T:\0
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{822B4859-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll (Tresorit Kft. -> )
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{822B485A-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll (Tresorit Kft. -> )
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{822B485B-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll (Tresorit Kft. -> )
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\V\AppData\Local\GoToMeeting\18962\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{D6EB3938-8CBE-4CC5-8CFA-C89750619193} -> [Synced Tresors] => %USERPROFILE%\.tresorit\Tresors0
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1_S-1-5-21-558363904-2571121243-1357282318-1000: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll [2020-09-22] (Tresorit Kft. -> )
ContextMenuHandlers4_S-1-5-21-558363904-2571121243-1357282318-1000: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll [2020-09-22] (Tresorit Kft. -> )
ContextMenuHandlers5_S-1-5-21-558363904-2571121243-1357282318-1000: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll [2020-09-22] (Tresorit Kft. -> )
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name="BVTConsumer"",Filter="__EventFilter.Name="BVTFilter"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2021-01-02 13:40 - 2021-01-02 13:40 - 000027136 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_bz2.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000035328 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_ctypes.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000067072 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_decimal.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000368128 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_hashlib.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000009728 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_scandir.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000019968 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_socket.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000020480 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_sqlite3.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000537600 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_ssl.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000082944 _____ () [File not signed] C:\Program Files (x86)\BleachBit\gi._gi.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000592384 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libcairo-gobject-2.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000287744 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libepoxy-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000015872 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libffi-6.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000106496 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libfontconfig-1.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000266752 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libfreetype-6.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000070656 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libgirepository-1.0-1.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000237568 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libharfbuzz-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000102400 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libjasper-1.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000104960 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libjpeg-8.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000093184 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libpng16-16.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000098816 _____ () [File not signed] C:\Program Files (x86)\BleachBit\librsvg-2-2.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000197632 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libtiff-5.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000118272 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libwebp-5.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000448512 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libxmlxpat.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000130560 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libzzz.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000052224 _____ () [File not signed] C:\Program Files (x86)\BleachBit\pyexpat.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000131072 _____ () [File not signed] C:\Program Files (x86)\BleachBit\pythoncom34.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000050688 _____ () [File not signed] C:\Program Files (x86)\BleachBit\pywintypes34.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000299008 _____ () [File not signed] C:\Program Files (x86)\BleachBit\unicodedata.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000034304 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32api.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000118784 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32com.shell.shell.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000037888 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32file.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000047616 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32gui.pyd
2021-01-02 13:40 - 2021-01-02 13:40 - 000036352 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32security.pyd
2015-07-07 10:44 - 2015-07-07 10:44 - 000088064 _____ () [File not signed] C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000044544 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\BleachBit\libintl-8.dll
2015-02-08 09:53 - 2015-02-08 09:53 - 000501248 _____ (iMatix Corporation) [File not signed] C:\Program Files\Intel Corporation\Intel(R) Technology Access\libzmq-v120-mt-3_2_4.dll
2019-12-11 17:57 - 2019-12-11 17:57 - 000019968 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\381150874a7d9193173a6be9ae02975a\IAStorCommon.ni.dll
2020-01-16 10:00 - 2020-01-16 10:00 - 000379392 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\a172f6a28e83f214403475f218a838a8\IAStorUtil.ni.dll
2015-02-08 10:20 - 2015-02-08 10:20 - 000111840 _____ (Intel(R) Technology Access -> NT Kernel Resources) [File not signed] C:\Program Files\Intel Corporation\Intel(R) Technology Access\ndisapi.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000346112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\BleachBit\MSVCR100.dll
2019-12-11 17:57 - 2019-12-11 17:57 - 000027136 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\1940d3df103eed000444fff76f95a709\IAStorDataMgrSvcInterfaces.ni.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000022528 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files (x86)\BleachBit\libwinpthread-1.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 001084928 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\BleachBit\python34.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000104960 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpango-1.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000021504 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpangocairo-1.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000030208 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpangoft2-1.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000025600 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpangowin32-1.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000424373 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\BleachBit\sqlite3.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000039424 _____ (Sun Microsystems Inc.) [File not signed] C:\Program Files (x86)\BleachBit\libatk-1.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000411136 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgio-2.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000455168 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libglib-2.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000009728 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgmodule-2.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000099840 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgobject-2.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000093696 _____ (The GTK developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgdk_pixbuf-2.0-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 000249344 _____ (The GTK developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgdk-3-0.dll
2021-01-02 13:40 - 2021-01-02 13:40 - 001592320 _____ (The GTK developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgtk-3-0.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 11) (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-558363904-2571121243-1357282318-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\BHO\ie_to_edge_bho_64.dll => No File
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\BHO\ie_to_edge_bho.dll => No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll => No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll => No File
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2020-04-26 20:45 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-558363904-2571121243-1357282318-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\V\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: TrustedInstaller => 3
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{9D9D0D71-7A2F-4094-A325-E252B4A5CF3B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
FirewallRules: [UDP Query User{0B460939-4E96-425F-9261-84096B29EBD3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
FirewallRules: [TCP Query User{3CF95B4F-EBE8-4F56-AA30-8C00212BD5B2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
FirewallRules: [UDP Query User{A1CF92F9-057B-424F-B27C-A7EF26CCE676}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
FirewallRules: [{E57D21BF-A810-4C86-BBDF-A46A9648DA7F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{546A1AA9-E650-4ED1-ABC6-8794F448F702}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A644EC56-B3A9-41A7-A24D-4025BC0073FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{A46E5391-EB86-49EE-8DAE-1E7F48422899}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{157883BD-BC7F-4409-865F-CB9012E3CAAE}C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Allow) C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe => No File
FirewallRules: [UDP Query User{699998A5-9C8D-4943-8215-D5853B4C1C2E}C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Allow) C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe => No File
FirewallRules: [TCP Query User{B73FF379-3BB4-4BCA-8202-7AAE65CF27B4}C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe => No File
FirewallRules: [UDP Query User{EB9035D6-B08D-4019-AD9F-DAF1578CA1EE}C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe => No File
FirewallRules: [{3CCB747D-B09A-49C5-8C9D-A197D5F2FCE8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
FirewallRules: [{BBF3C7D9-F91A-4910-86E8-60094468FBD7}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Restore Points =========================
21-12-2020 05:48:52 Intel(R) Technology Access
24-12-2020 16:28:10 Installed Solar Fire v9.
26-12-2020 08:39:53 Revo Uninstaller's restore point - Adobe Flash Player 32 ActiveX
31-12-2020 19:46:38 Intel(R) Technology Access
01-01-2021 15:19:44 Intel(R) Technology Access
==================== Faulty Device Manager Devices ============
Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (01/08/2021 03:22:43 PM) (Source: MsiInstaller) (EventID: 11706) (User: V-Desktop)
Description: Product: Evernote v. 6.22.3 -- Error 1706. An installation package for the product Evernote v. 6.22.3 cannot be found. Try the installation again using a valid copy of the installation package 'Evernote.msi'.
Error: (01/08/2021 03:21:31 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/08/2021 03:21:16 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/08/2021 03:20:44 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/08/2021 03:16:22 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/08/2021 03:13:53 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/08/2021 06:04:16 AM) (Source: MsiInstaller) (EventID: 11706) (User: V-Desktop)
Description: Product: Evernote v. 6.22.3 -- Error 1706. An installation package for the product Evernote v. 6.22.3 cannot be found. Try the installation again using a valid copy of the installation package 'Evernote.msi'.
Error: (01/08/2021 06:01:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
System errors:
=============
Error: (01/08/2021 02:47:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/08/2021 05:33:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/07/2021 05:49:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/06/2021 05:57:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/05/2021 06:00:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2021 06:00:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/03/2021 09:27:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (01/02/2021 09:48:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Windows Defender:
===================================
Date: 2015-10-30 09:22:58.550
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Pokki&threatid=223536
Name:BrowserModifier:Win32/Pokki
ID:223536
Severity:High
Category:Browser Modifier
Path Found:file:C:\Users\V\AppData\Local\Pokki\analytics.db;file:C:\Users\V\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll;file:C:\Users\V\AppData\Local\Pokki\Download Helper\PokkiDownloadHelper.exe;file:C:\Users\V\AppData\Local\Pokki\Engine-old\HostAppServiceUpdater.exe;file:C:\Users\V\AppData\Local\Pokki\Engine\avcodec-54.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\avformat-54.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\avutil-51.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_100_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_touch_100_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_touch_140_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_touch_180_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\content_resources.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\D3DCompiler_43.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\d3dx9_43.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\en
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
Date: 2015-10-30 09:20:28.246
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Pokki&threatid=223536
Name:BrowserModifier:Win32/Pokki
ID:223536
Severity:High
Category:Browser Modifier
Path Found:file:C:\Users\V\AppData\Local\Pokki\Engine\HostAppService.exe;file:C:\Users\V\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe;file:C:\Users\V\AppData\Local\Pokki\Engine\StartMenuIndexer.exe;process:pid:2052,ProcessStart:130906945176976917;process:pid:3908,ProcessStart:130906945356642270;process:pid:6296,ProcessStart:130906946407782392;process:pid:6700,ProcessStart:130906947794091684
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
Date: 2015-10-30 09:12:03.987
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Pokki&threatid=223536
Name:BrowserModifier:Win32/Pokki
ID:223536
Severity:High
Category:Browser Modifier
Path Found:file:C:\Users\V\AppData\Local\Pokki\Engine\HostAppService.exe
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
Date: 2015-07-03 04:40:17.005
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/AlterbookSP&threatid=211888
Name:BrowserModifier:Win32/AlterbookSP
ID:211888
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;file:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe;file:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe;folder:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\;folder:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe
Date: 2014-02-01 13:04:01.918
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{0E46452A-003F-4FF3-9081-6409DA766EC7}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
Date: 2015-10-30 09:24:57.357
Description:
Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Pokki&threatid=223536
Name:BrowserModifier:Win32/Pokki
ID:223536
Severity:High
Category:Browser Modifier
Path:
Action:Remove
Error Code:0x80070005
Error description:Access is denied.
Status:
==================== Memory info ===========================
BIOS: American Megatrends Inc. P1.50 09/12/2012
Motherboard: ASRock B75 Pro3
Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 88%
Total physical RAM: 7877.16 MB
Available physical RAM: 914.12 MB
Total Virtual: 15752.47 MB
Available Virtual: 8882.83 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:931.51 GB) (Free:469.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Storage1) (Fixed) (Total:931.51 GB) (Free:182.36 GB) NTFS
Drive g: (Storage 3) (Fixed) (Total:3725.9 GB) (Free:3113.76 GB) NTFS
Drive h: () (Removable) (Total:1.9 GB) (Free:1.84 GB) FAT
Drive k: (Storage2) (Fixed) (Total:3725.9 GB) (Free:311.8 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0D487958)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C92B546C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 3 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 8 (Size: 1.9 GB) (Disk ID: 02F4D469)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
==================== End of Addition.txt =======================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2021-01-08 23:33:40
-----------------------------
23:33:40.306 OS Version: Windows x64 6.1.7601 Service Pack 1
23:33:40.307 Number of processors: 4 586 0x3A09
23:33:40.307 ComputerName: VENDELA-DESKTOP UserName: V
23:33:41.637 Initialize success
23:33:41.669 VM: initialized successfully
23:33:41.670 VM: Intel CPU supported
23:33:54.888 VM: disk I/O iaStorA.sys
23:53:28.096 AVAST engine defs: 17030301
23:54:04.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
23:54:04.957 Disk 0 Vendor: ATA_____ 1V02 Size: 953869MB BusType: 11
23:54:04.960 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005d
23:54:04.963 Disk 1 Vendor: ATA_____ 1V02 Size: 953869MB BusType: 11
23:54:04.967 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000060
23:54:04.971 Disk 2 Vendor: ATA_____ 1K02 Size: 3815447MB BusType: 11
23:54:04.975 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T0L0-1
23:54:04.979 Disk 3 Vendor: WDC_WD4000FYYZ-01UL1B2 01.01K03 Size: 3815447MB BusType: 11
23:54:05.091 Disk 0 MBR read successfully
23:54:05.095 Disk 0 MBR scan
23:54:05.160 Disk 0 Windows 7 default MBR code
23:54:05.164 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
23:54:05.168 Disk 0 default boot code
23:54:05.184 Disk 0 scanning C:\Windows\system32\drivers
23:54:12.059 Service scanning
23:54:26.620 Modules scanning
23:54:26.627 Disk 0 trace - called modules:
23:54:26.666 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
23:54:26.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80094e4060]
23:54:26.677 3 CLASSPNP.SYS[fffff88000c7643f] -> nt!IofCallDriver -> [0xfffffa800931f8d0]
23:54:26.682 5 iaStorF.sys[fffff880019e8168] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80072659c0]
23:54:27.909 AVAST engine scan C:\Windows
23:54:29.976 AVAST engine scan C:\Windows\system32
23:56:43.233 AVAST engine scan C:\Windows\system32\drivers
23:56:52.526 AVAST engine scan C:\Users\V
00:01:26.553 Disk 0 MBR has been saved successfully to "H:\Post 2021-01-09\MBR.dat"
00:01:26.569 The log file has been saved successfully to "H:\Post 2021-01-09\aswMBR.txt"