Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Remove Segurazo Antivirus

3K views 8 replies 2 participants last post by  DR.M 
#1 ·
Hello, new here, and desperately looking for help to get rid of Segurazo Anitvirus that is crashing all my browsers. I don't even know what it came in on. I did follow detailed instructions from another source on how to remove it from the registry but some of them wouldn't allow me to remove them. I can't afford an antivirus program right now and I'm using free version of Avast. I did download Syphunter but after a deep scan they put me on hold for 48 hours and no guarantee they'll get it all. My laptop wouldn't even let me do a system restore I imagine the virus is preventing it. Please help me get this thing off my laptop so my browsers will stop crashing. Before they do a box pops up with a warning from Segurazo. I have an Asus laptop Windows 10 thank you.
 
#2 ·
Hi, aslan777.

Segurazo is a potentially unwanted program and it's not easy to uninstall or remove manually. It can be downloaded from their website, but users have reported it is also being installed by bundlers.

Since I am still in training and my fixes have to be approved by my instructor, there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Before we start the cleaning procedure, please take in mind the following:

1. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

2. Always ask before act. Do not continue if you are not sure, or if something unexpected happens.

_________________________

Download Farbar Recovery Scan Tooland save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
  • Right-click FRST.exe/FRST64.exe then click Run as administrator.
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs, called FRST.txt and Addition.txt, in the same directory the tool was run from (Desktop).
  • Copy and paste the logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt
 
#3 ·
Hello, I ran the scan and these were the notes after is this what you were looking for?

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by Administrator (17-02-2020 21:27:11)
Running from C:\Users\Administrator\Downloads
Windows 10 Home Version 2004 19041.1 (X64) (2019-12-14 17:29:34)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1911043098-2004026473-3262525351-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1911043098-2004026473-3262525351-503 - Limited - Disabled)
frict (S-1-5-21-1911043098-2004026473-3262525351-1001 - Administrator - Enabled) => C:\Users\frict
Guest (S-1-5-21-1911043098-2004026473-3262525351-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1911043098-2004026473-3262525351-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{6452120E-72FC-49D7-AB36-7042CC9746FB}) (Version: 31.0.0 - 8GadgetPack.net)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.314 - Adobe)
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 13.2.0 - IObit)
Aiseesoft Free Video Converter 2.0.20 (HKLM-x32\...\{F59A2AAF-0CD0-4db0-91C3-6B3812711566}_is1) (Version: 2.0.20 - Aiseesoft Studio)
Alamoon Watermark v1.4 (HKLM-x32\...\Alamoon Watermark_is1) (Version: - )
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.5.0 - ASUSTeK COMPUTER INC.)
ASUS GiftBox Service (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 3.2.5.0 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0060 - ASUSTeK COMPUTER INC.)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.9.7 - ICEpower a/s)
Autodesk Pixlr (HKLM-x32\...\{B0547B43-3AEE-453C-9945-800DDF92052D}) (Version: 1.1.1.0 - Autodesk) Hidden
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.1.1.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 79.0.3060.80 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Best PDF to Word Converter 3.5 (HKLM-x32\...\Best PDF to Word Converter_is1) (Version: - Best PDF Tools)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.1.23 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Disk Cleaner (remove only) (HKLM-x32\...\DiskCleaner) (Version: - )
Driver Booster 7 (HKLM-x32\...\Driver Booster_is1) (Version: 7.2.0 - IObit)
Epic Privacy Browser (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Epic Privacy Browser) (Version: 71.0.3578.98 - Epic)
Foxit PhantomPDF (HKLM-x32\...\{0d5f6162-33b5-11ea-b51e-54bf64a63c26}) (Version: 9.7.1.29511 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.7.1.29511 - Foxit Software Inc.)
Free Instagram Download 4.1.6.2 (HKLM-x32\...\Free Instagram Download_is1) (Version: - FreeInstagramDownload Co.,Ltd.)
Free NIV Bible (HKLM-x32\...\{4D6729F2-9A2F-4BCC-BB75-9F32B880494A}) (Version: 1.0.0 - Media Freeware)
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)
GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.106 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 5.2.0.0 - Google LLC.)
Gramblr (HKLM\...\Gramblr) (Version: 2.9.193 - Gramblr Team)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
IObit Malware Fighter 7 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 7.5.0.5842 - IObit)
IObit Software Updater (HKLM-x32\...\IObit Software Updater_is1) (Version: 2.3.0.2839 - IObit)
IObit Uninstaller 9 (HKLM-x32\...\IObitUninstall) (Version: 9.3.0.9 - IObit)
JACo Watermark (HKLM-x32\...\{E3DBE9C4-5CD9-4830-BB28-BCF5A4E57FFA}) (Version: 0.5.0 - Cristian Sulea)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Maiar (HKLM-x32\...\Elrond Maiar-Browser) (Version: 72.0.59.100 - Elrond Ltd)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12607.20000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\OneDriveSetup.exe) (Version: 19.163.0818.0005 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox 73.0 (x64 en-CA) (HKLM\...\Mozilla Firefox 73.0 (x64 en-CA)) (Version: 73.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
Mozilla Thunderbird 68.2.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.2.1 (x86 en-US)) (Version: 68.2.1 - Mozilla)
Mozilla Thunderbird 68.4.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.4.2 (x86 en-US)) (Version: 68.4.2 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12607.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12607.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12607.20000 - Microsoft Corporation) Hidden
Opera Stable 66.0.3515.72 (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Opera 66.0.3515.72) (Version: 66.0.3515.72 - Opera Software)
PDF-XChange Editor (HKLM\...\{EDBD74BD-2F22-465A-955C-13841D34D67F}) (Version: 8.0.331.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{a2a519c9-19be-469b-9146-b5b4e763d1f6}) (Version: 8.0.331.0 - Tracker Software Products (Canada) Ltd.)
Photo Pos Pro 3 (HKLM\...\Photo Pos Pro 3) (Version: 3.61 - PowerOfSoftware Ltd.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
RealDownloader (HKLM-x32\...\{400538DB-DACD-4DBF-B7AF-0647A19C6DE6}) (Version: 18.1.19.201 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.19 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RoboForm 8-6-6-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-6-6-6 - Siber Systems)
Skype version 8.56 (HKLM-x32\...\Skype_is1) (Version: 8.56 - Skype Technologies S.A.)
Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.4.5 - IObit)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.8.7.163 - EnigmaSoft Limited)
Star Watermark Professional versión 2.0.0 (HKLM-x32\...\{C5EE94F0-61BE-4E4D-B75E-650797B36050}_is1) (Version: 2.0.0 - Star-Watermark.com)
StudioTax 2019 (HKLM-x32\...\{FA46D00B-0F30-4FF5-BB47-EF8D8E5F3B7C}) (Version: 15.0.0.0 - BHOK IT Consulting)
TalkHelper PDF Converter version 2.2.3.0 (HKLM-x32\...\{B9CB8F39-DBBD-4318-85EB-60937265D62D}_is1) (Version: 2.2.3.0 - TalkHelper Team)
tinySpell 1.9.62 (HKLM-x32\...\tinySpell_is1) (Version: - KEDMI Scientific Computing)
Torch (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Torch) (Version: 69.0.0.1674 - Torch Media, Inc) <==== ATTENTION
uMark 5 (HKLM-x32\...\uMark) (Version: 5.5 - Uconomix)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Visual Watermark version 5.3 (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\{ADD0F13D-4EB0-4324-AF83-24870EC44BF6}_is1) (Version: 5.3 - Portfoler sp. z o. o.)
Vivaldi (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Vivaldi) (Version: 2.10.1745.27 - Vivaldi Technologies AS.)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Web-for-Instagram-Direct-DM 3.7.0 (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\c9ce3cab-2aed-5759-bde7-812e0eddb69b) (Version: 3.7.0 - Web for Instagram Direct DM)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22807 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.10.0 - ASUSTeK COMPUTER INC.)
Zoom (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
[WaterMark] -> C:\Program Files\WindowsApps\41445MartinSchneider.Wasserzeichen_1.0.2.3_neutral__k57yh7h9fx8by [2020-01-01] (Martin Schneider)
ASUS Battery Health Charging -> C:\Program Files\WindowsApps\B9ECED6F.ASUSBatteryHealthCharging_1.0.7.0_x86__qmba6cd70vzyy [2020-01-01] (ASUSTeK COMPUTER INC.) [Startup Task]
ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.1.8.0_x64__qmba6cd70vzyy [2020-01-01] (ASUSTeK COMPUTER INC.)
AudioWizard -> C:\Program Files\WindowsApps\ICEpower.AudioWizard_1.5.23.0_x64__dxp88312j1fgj [2020-01-01] (ICEpower)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.5.8.0_x86__kgqvnymyfvs32 [2020-02-17] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation)
Digital Live Tile Clock -> C:\Program Files\WindowsApps\7566gishtaki.DigitalLiveTileClock_1.2.0.0_x64__hcz95sfhvvan4 [2020-02-15] (gishtaki)
eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.3.0_x86__qmba6cd70vzyy [2020-01-01] (ASUSTeK COMPUTER INC.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2020-01-01] (Instagram)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt [2020-01-03] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.2.0.0_x64__8j3eq9eme6ctt [2020-01-01] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation) [MS Ad]
My Calendar -> C:\Program Files\WindowsApps\25529kineapps.MyCalendar_3.2.72.0_x64__4a6d1yza056d2 [2020-01-14] (kineapps)
NcsiUwpApp -> C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe [2019-12-14] (Microsoft)
One Calendar -> C:\Program Files\WindowsApps\64885BlueEdge.OneCalendar_2019.210.3.0_x64__8kea50m9krsh2 [2020-01-14] (Code Spark)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2020-01-01] (Realtek Semiconductor Corp)
RoboForm Password Manager -> C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.7.0_x86__7kk3kr9e0p1np [2020-01-01] (Siber Systems Inc)
Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System -> C:\Program Files\WindowsApps\64404Softuna.TotalDiskCleaner_2.0.6.0_x64__r1b4jsc7ddp3p [2020-02-09] (Total PC Cleaner)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2020-01-01] (Twitter Inc.)
UDK Package -> C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy [2019-12-14] (Microsoft Corporation)
UX.Client.ST -> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy [2019-12-14] (Microsoft Windows)
Windows Search -> C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy [2020-02-14] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1911043098-2004026473-3262525351-500_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\Administrator\AppData\Local\Vivaldi\Application\2.10.1745.27\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellServiceObjects: OneDrive network states cache SSO -> {78DE489B-7931-4f14-83B4-C56D38AC9FFA} => C:\Windows\System32\Windows.FileExplorer.Common.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
ShellServiceObjects-x32: OneDrive network states cache SSO -> {78DE489B-7931-4f14-83B4-C56D38AC9FFA} => C:\Windows\SysWOW64\Windows.FileExplorer.Common.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2019-12-16] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch Apps\Solitaire.lnk -> C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --profile-directory=Default --app-id=lkbhppfbabandkdmgjmifahoabeodiep
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c94b4caab52db911\Torch.lnk -> C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2020-02-15 09:56 - 2019-01-26 14:23 - 000014848 _____ () [File not signed] C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\AccentColor.64.dll
2020-02-15 09:54 - 2019-10-17 08:38 - 000645120 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2020-02-15 09:56 - 2019-10-08 16:17 - 000701440 _____ (Helmut Buhler) [File not signed] C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll
2020-02-15 09:56 - 2019-10-05 14:03 - 000483840 _____ (Helmut Buhler) [File not signed] C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll
2019-06-10 12:23 - 2017-05-23 13:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2019-06-10 12:23 - 2017-05-23 13:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 02:31 - 2020-02-13 08:26 - 000002056 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1911043098-2004026473-3262525351-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\Pictures\PANASONIC PRACTICE\P1010901.JPG
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "UMonit"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_8901C211194C0DFF277C9606C1448E31"
HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "Opera Browser Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6B534208-B18F-4205-919C-8FF3033F3942}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BBEA2EC7-1D78-40D5-B0D7-32DD7DE5537A}] => (Allow) C:\Users\Administrator\AppData\Local\Programs\Opera\63.0.3368.94\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{A60C65BA-DC39-47A8-AC2A-C8CDA2B556CD}] => (Allow) C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc. -> Torch Media Inc.)
FirewallRules: [{34CE2571-04CF-4E24-B772-768847AF4D8A}] => (Allow) C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc. -> Torch Media Inc.)
FirewallRules: [{EC44F8F1-E0AD-4AF3-87D0-E72909DE0C8D}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{6FA28190-0E40-4708-91E4-AF64660E3A3C}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{678B1CEB-72CA-4B87-8785-F164D402EA84}] => (Allow) C:\Users\Administrator\AppData\Local\Epic Privacy Browser\Application\epic.exe (Hidden Reflex Authors) [File not signed]
FirewallRules: [{0470ECDA-10D5-4F33-A505-C0602637142E}] => (Allow) C:\Program Files (x86)\Elrond\Maiar-Browser\Application\maiar.exe (Elrond Network SRL -> Elrond, Ltd.)
FirewallRules: [{F10D67CE-A086-4AD4-A3F3-53AD6C14C7DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{41E6FF2A-96A4-486F-AD6D-227E0C0BBDAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D5E98ED-87AF-4DBB-97F8-A54EF556A7D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B3ABF713-62A8-41C0-9515-9D641835ECB9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{43DE802A-48D7-41F6-A826-E568957C0F77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69F4BA2F-4CD7-4C06-A873-CA1FCEB8C9A8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1EC6939C-3C90-42D1-8271-EB434F86B6C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6DC46710-DB36-4F6A-A9F4-289D19EDE973}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5DD2A067-6105-47C9-99FC-E98EA6BA989D}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{B6701615-531D-4C45-A532-99042F364A33}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{042B57DA-27D5-40CF-8D2C-39730C8CDCF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6F512CB4-F8BA-414A-82D4-E67EC1127FF1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{969D1FF2-F12E-4C57-89F9-79035ECCD944}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{988584FA-D508-4DE3-8A22-B99FD8E5FAD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{59C6E009-6720-44CF-A190-AAA9B31F74D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{57F60510-9B2C-43A7-9CB1-5FB7AB5851B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{01B99E80-F0FF-4546-A788-116327432FB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5742BA46-67ED-459F-98B2-6AAEF94C5191}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{74B05E48-1A68-42FA-99D0-421370A436A5}] => (Allow) C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A2B9AE91-85A2-4A55-B101-986E612E8B00}] => (Allow) C:\Users\Administrator\AppData\Local\Programs\Opera\66.0.3515.44\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{CBBCD7EE-647E-4634-B6F7-98242D5C0208}] => (Allow) C:\Users\Administrator\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{99D8A3FB-8FEF-4EC6-AC5D-5D38B6C088E8}] => (Allow) C:\Users\Administrator\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{286CE21F-1267-47BC-A84F-2B17C49EC049}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8D2C1BD9-0D3E-43B4-BDE4-817B6EA82D40}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E864326-C9DA-4BDF-B1AB-6A4739EA5744}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{48F015D0-F35E-44FF-A7D1-F5FE5297FC47}] => (Allow) C:\Users\Administrator\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{CA0E9CA3-EA08-4839-AEAE-AC826DB7140A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/17/2020 08:52:04 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).

Error: (02/17/2020 08:32:29 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {759DBF09-D988-758D-88D9-8D75A4F1CB03}. The error code was 0x80010114.

Error: (02/17/2020 08:11:19 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).

Error: (02/17/2020 07:58:36 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).

Error: (02/17/2020 07:55:26 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {76C7BF09-D988-76B7-88D9-B7767CF1E603}. The error code was 0x80010114.

Error: (02/17/2020 07:29:01 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {76C7BF09-D988-76B7-88D9-B7767CF1E603}. The error code was 0x80010114.

Error: (02/17/2020 06:48:55 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {04377058-D988-76B7-88D9-B7767CF1E603}. The error code was 0x800401fd.

Error: (02/17/2020 05:37:06 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).

System errors:
=============
Error: (02/17/2020 08:57:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (02/17/2020 08:53:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The jhi_service service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/17/2020 08:51:39 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.

Error: (02/17/2020 08:23:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (02/17/2020 08:19:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The jhi_service service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/17/2020 08:17:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sppsvc service.

Error: (02/17/2020 08:17:00 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.

Error: (02/17/2020 08:12:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The jhi_service service depends on the iphlpsvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Windows Defender:
===================================
Date: 2020-02-16 06:25:07.7580000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Administrator\AppData\Local\Temp\adobe_flash_player_1564798518.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe
Security intelligence Version: AV: 1.307.2684.0, AS: 1.307.2684.0, NIS: 1.307.2684.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-20 21:06:59.2270000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {3A44049F-2DFA-4988-8874-D0BE19F07770}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-20 20:30:51.8820000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {97CD3071-BEE7-4396-8D45-31F35FB6B7E5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-20 19:01:48.5560000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {EA29F382-B951-4A97-86A8-A5194CE5F8AB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-20 17:33:24.4930000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C18305C9-6D2B-45C9-B99D-31E0F6249DDD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2020-02-17 21:10:54.8500000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-17 21:09:42.0220000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-17 21:09:41.7550000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-17 21:09:41.6500000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-17 21:09:41.3220000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-17 21:09:41.1420000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-17 21:09:41.0030000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-17 21:09:40.9690000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X540MA.314 10/01/2019
Motherboard: ASUSTeK COMPUTER INC. X540MA
Processor: Intel(R) Pentium(R) Silver N5000 CPU @ 1.10GHz
Percentage of memory in use: 64%
Total physical RAM: 8014.97 MB
Available physical RAM: 2875.32 MB
Total Virtual: 17742.97 MB
Available Virtual: 12033.1 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:930.41 GB) (Free:704.69 GB) NTFS

\\?\Volume{f7340b35-5178-475c-b150-4f4796ac1c10}\ (RECOVERY) (Fixed) (Total:0.83 GB) (Free:0.42 GB) NTFS
\\?\Volume{c7a0bbfa-feb8-4241-abe0-c3341def21ec}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BD3FA6B9)

Partition: GPT.

==================== End of Addition.txt =======================
 
#7 ·
Hi, aslan777.

I have seen a lot of unnecessary staff in your computer. Let's start work to clean it. Please, stay with me until I tell you that the computer is completely clean.

1. Browsers and extensions

You have 10 browsers installed! Edge, Internet Explorer, Firefox, Chrome, Vivaldi, Epic, Maxthon, Brave, Opera, Torch... Do you really need them? And the most important, do you keep them updated? You should consider to uninstall some of them and stay with 2-4 of them (step 2). Moreover, you have so many extensions in Chrome, Firefox and Opera. Do you need them all? If not, go on and remove whatever you don't use and need, in case you keep these three browsers.

Removing extensions:

Firefox: https://support.mozi...ving-extensions

Opera: Open your extensions manager page via the Opera menu (or type Ctrl+Shift+E {or type opera://extensions/ in the address bar and hit enter}) and click the small x in the upper right corner of the entry of extension you wish to remove. Thats all you need to do to remove an extension.

Chrome:
Type chrome://extensions in the address bar and press Enter.
Click Remove under the extension you'd like to completely remove.
A confirmation dialog appears, click Remove.

2. Uninstall programs


You have some programs installed in your computer that need to be uninstalled. Among them, there are programs called registry or disk cleaners or optimizers or driver boosters (see 3-8 in the following list). Although these programs are not malware, they are marked by many antivirus programs (including Malwarebytes) as potentially unwanted programs, that they can be harmful to a computer in many ways. However, serious issues can occur when you modify the registry incorrectly using these types of utilities. These issues might require users to reinstall the operating system due to instability. I recommend you to uninstall them, but it's your choice what are you going to do with them. Some useful stuff for you to read about them:

https://www.bleepingcomputer.com/fo...curity-questions-best-practices/#entry2853053
https://support.microsoft.com/en-us...cy-for-the-use-of-registry-cleaning-utilities

Uninstall list:
  1. Any of the browsers you decide that you don't need.
  2. Torch
  3. Advanced SystemCare (optional)
  4. Disk Cleaner (optional)
  5. Driver Booster 7 (optional)
  6. IObit Malware Fighter 7 (optional)
  7. IObit Software Updater (optional)
  8. IObit Uninstaller 9 (optional)
For the programs you have to uninstall or you decide to uninstall, please do the following:
  • Press the Windows key together with the R key on the keyboard at the same time, to open the Control Panel.
  • Type appwiz.cpl in the window open and click OK.
  • In the list of programs look for the programs listed above, right-click the entry and click Uninstall.
    • If any of the programs do not appear in the Control Panel list, just go further.
    • If you get any warnings that the program is already removed, accept uninstalling it from Program and Features.
    • Restart if you are asked to.

3. Fresh FRST logs


Please run FRST as you did before. Since our tools are running more efficiently when on the Desktop, please go to your Downloads folder move the FRST program to your Desktop.
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • Press the Scan button once and wait.
  • FRST will produce two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these logs in your next reply (if you can't paste a log, because of its size, you can upload it as a notepad file. No need to provide a Word document.)
 
#9 ·
Due to lack of feedback, this topic has been closed.

If you need this topic to reopen, please contact a staff member. This applies only to the original topic starter. Everyone else, please begin a new topic.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top