1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Remove Segurazo Antivirus

Discussion in 'Virus & Other Malware Removal' started by aslan777, Feb 17, 2020.

Advertisement
  1. aslan777

    aslan777 Thread Starter

    Joined:
    Feb 17, 2020
    Messages:
    3
    Hello, new here, and desperately looking for help to get rid of Segurazo Anitvirus that is crashing all my browsers. I don't even know what it came in on. I did follow detailed instructions from another source on how to remove it from the registry but some of them wouldn't allow me to remove them. I can't afford an antivirus program right now and I'm using free version of Avast. I did download Syphunter but after a deep scan they put me on hold for 48 hours and no guarantee they'll get it all. My laptop wouldn't even let me do a system restore I imagine the virus is preventing it. Please help me get this thing off my laptop so my browsers will stop crashing. Before they do a box pops up with a warning from Segurazo. I have an Asus laptop Windows 10 thank you.
     
  2. DR.M

    DR.M Malware Trainee

    Joined:
    Sep 4, 2019
    Messages:
    100
    Hi, aslan777.

    Segurazo is a potentially unwanted program and it's not easy to uninstall or remove manually. It can be downloaded from their website, but users have reported it is also being installed by bundlers.

    Since I am still in training and my fixes have to be approved by my instructor, there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

    Before we start the cleaning procedure, please take in mind the following:

    1. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

    2. Always ask before act. Do not continue if you are not sure, or if something unexpected happens.

    _________________________

    Download Farbar Recovery Scan Tooland save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click Run as administrator.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs, called FRST.txt and Addition.txt, in the same directory the tool was run from (Desktop).
    • Copy and paste the logs in your next reply.
    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
  3. aslan777

    aslan777 Thread Starter

    Joined:
    Feb 17, 2020
    Messages:
    3
    Hello, I ran the scan and these were the notes after is this what you were looking for?

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
    Ran by Administrator (17-02-2020 21:27:11)
    Running from C:\Users\Administrator\Downloads
    Windows 10 Home Version 2004 19041.1 (X64) (2019-12-14 17:29:34)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1911043098-2004026473-3262525351-500 - Administrator - Enabled) => C:\Users\Administrator
    DefaultAccount (S-1-5-21-1911043098-2004026473-3262525351-503 - Limited - Disabled)
    frict (S-1-5-21-1911043098-2004026473-3262525351-1001 - Administrator - Enabled) => C:\Users\frict
    Guest (S-1-5-21-1911043098-2004026473-3262525351-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-1911043098-2004026473-3262525351-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    8GadgetPack (HKLM-x32\...\{6452120E-72FC-49D7-AB36-7042CC9746FB}) (Version: 31.0.0 - 8GadgetPack.net)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.314 - Adobe)
    Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 13.2.0 - IObit)
    Aiseesoft Free Video Converter 2.0.20 (HKLM-x32\...\{F59A2AAF-0CD0-4db0-91C3-6B3812711566}_is1) (Version: 2.0.20 - Aiseesoft Studio)
    Alamoon Watermark v1.4 (HKLM-x32\...\Alamoon Watermark_is1) (Version: - )
    ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.5.0 - ASUSTeK COMPUTER INC.)
    ASUS GiftBox Service (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 3.2.5.0 - ASUSTeK COMPUTER INC.)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
    ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0060 - ASUSTeK COMPUTER INC.)
    AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.9.7 - ICEpower a/s)
    Autodesk Pixlr (HKLM-x32\...\{B0547B43-3AEE-453C-9945-800DDF92052D}) (Version: 1.1.1.0 - Autodesk) Hidden
    Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.1.1.0 - Autodesk)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
    Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 79.0.3060.80 - AVAST Software)
    Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
    Best PDF to Word Converter 3.5 (HKLM-x32\...\Best PDF to Word Converter_is1) (Version: - Best PDF Tools)
    Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.1.23 - Brave Software Inc)
    CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
    Disk Cleaner (remove only) (HKLM-x32\...\DiskCleaner) (Version: - )
    Driver Booster 7 (HKLM-x32\...\Driver Booster_is1) (Version: 7.2.0 - IObit)
    Epic Privacy Browser (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Epic Privacy Browser) (Version: 71.0.3578.98 - Epic)
    Foxit PhantomPDF (HKLM-x32\...\{0d5f6162-33b5-11ea-b51e-54bf64a63c26}) (Version: 9.7.1.29511 - Foxit Software Inc.)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.7.1.29511 - Foxit Software Inc.)
    Free Instagram Download 4.1.6.2 (HKLM-x32\...\Free Instagram Download_is1) (Version: - FreeInstagramDownload Co.,Ltd.)
    Free NIV Bible (HKLM-x32\...\{4D6729F2-9A2F-4BCC-BB75-9F32B880494A}) (Version: 1.0.0 - Media Freeware)
    Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)
    GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.106 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
    Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 5.2.0.0 - Google LLC.)
    Gramblr (HKLM\...\Gramblr) (Version: 2.9.193 - Gramblr Team)
    Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
    Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
    IObit Malware Fighter 7 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 7.5.0.5842 - IObit)
    IObit Software Updater (HKLM-x32\...\IObit Software Updater_is1) (Version: 2.3.0.2839 - IObit)
    IObit Uninstaller 9 (HKLM-x32\...\IObitUninstall) (Version: 9.3.0.9 - IObit)
    JACo Watermark (HKLM-x32\...\{E3DBE9C4-5CD9-4830-BB28-BCF5A4E57FFA}) (Version: 0.5.0 - Cristian Sulea)
    Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
    Maiar (HKLM-x32\...\Elrond Maiar-Browser) (Version: 72.0.59.100 - Elrond Ltd)
    Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12607.20000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\OneDriveSetup.exe) (Version: 19.163.0818.0005 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
    Mozilla Firefox 73.0 (x64 en-CA) (HKLM\...\Mozilla Firefox 73.0 (x64 en-CA)) (Version: 73.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
    Mozilla Thunderbird 68.2.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.2.1 (x86 en-US)) (Version: 68.2.1 - Mozilla)
    Mozilla Thunderbird 68.4.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.4.2 (x86 en-US)) (Version: 68.4.2 - Mozilla)
    MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
    NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
    Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro)
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12607.20000 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12607.20000 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12607.20000 - Microsoft Corporation) Hidden
    Opera Stable 66.0.3515.72 (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Opera 66.0.3515.72) (Version: 66.0.3515.72 - Opera Software)
    PDF-XChange Editor (HKLM\...\{EDBD74BD-2F22-465A-955C-13841D34D67F}) (Version: 8.0.331.0 - Tracker Software Products (Canada) Ltd.) Hidden
    PDF-XChange Editor (HKLM-x32\...\{a2a519c9-19be-469b-9146-b5b4e763d1f6}) (Version: 8.0.331.0 - Tracker Software Products (Canada) Ltd.)
    Photo Pos Pro 3 (HKLM\...\Photo Pos Pro 3) (Version: 3.61 - PowerOfSoftware Ltd.)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
    RealDownloader (HKLM-x32\...\{400538DB-DACD-4DBF-B7AF-0647A19C6DE6}) (Version: 18.1.19.201 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.19 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    RoboForm 8-6-6-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-6-6-6 - Siber Systems)
    Skype version 8.56 (HKLM-x32\...\Skype_is1) (Version: 8.56 - Skype Technologies S.A.)
    Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.4.5 - IObit)
    SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.8.7.163 - EnigmaSoft Limited)
    Star Watermark Professional versión 2.0.0 (HKLM-x32\...\{C5EE94F0-61BE-4E4D-B75E-650797B36050}_is1) (Version: 2.0.0 - Star-Watermark.com)
    StudioTax 2019 (HKLM-x32\...\{FA46D00B-0F30-4FF5-BB47-EF8D8E5F3B7C}) (Version: 15.0.0.0 - BHOK IT Consulting)
    TalkHelper PDF Converter version 2.2.3.0 (HKLM-x32\...\{B9CB8F39-DBBD-4318-85EB-60937265D62D}_is1) (Version: 2.2.3.0 - TalkHelper Team)
    tinySpell 1.9.62 (HKLM-x32\...\tinySpell_is1) (Version: - KEDMI Scientific Computing)
    Torch (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Torch) (Version: 69.0.0.1674 - Torch Media, Inc) <==== ATTENTION
    uMark 5 (HKLM-x32\...\uMark) (Version: 5.5 - Uconomix)
    UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
    vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
    Visual Watermark version 5.3 (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\{ADD0F13D-4EB0-4324-AF83-24870EC44BF6}_is1) (Version: 5.3 - Portfoler sp. z o. o.)
    Vivaldi (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\Vivaldi) (Version: 2.10.1745.27 - Vivaldi Technologies AS.)
    vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
    Web-for-Instagram-Direct-DM 3.7.0 (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\c9ce3cab-2aed-5759-bde7-812e0eddb69b) (Version: 3.7.0 - Web for Instagram Direct DM)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22807 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.10.0 - ASUSTeK COMPUTER INC.)
    Zoom (HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

    Packages:
    =========
    [WaterMark] -> C:\Program Files\WindowsApps\41445MartinSchneider.Wasserzeichen_1.0.2.3_neutral__k57yh7h9fx8by [2020-01-01] (Martin Schneider)
    ASUS Battery Health Charging -> C:\Program Files\WindowsApps\B9ECED6F.ASUSBatteryHealthCharging_1.0.7.0_x86__qmba6cd70vzyy [2020-01-01] (ASUSTeK COMPUTER INC.) [Startup Task]
    ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.1.8.0_x64__qmba6cd70vzyy [2020-01-01] (ASUSTeK COMPUTER INC.)
    AudioWizard -> C:\Program Files\WindowsApps\ICEpower.AudioWizard_1.5.23.0_x64__dxp88312j1fgj [2020-01-01] (ICEpower)
    Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.5.8.0_x86__kgqvnymyfvs32 [2020-02-17] (king.com)
    Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation)
    Digital Live Tile Clock -> C:\Program Files\WindowsApps\7566gishtaki.DigitalLiveTileClock_1.2.0.0_x64__hcz95sfhvvan4 [2020-02-15] (gishtaki)
    eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.3.0_x86__qmba6cd70vzyy [2020-01-01] (ASUSTeK COMPUTER INC.)
    Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2020-01-01] (Instagram)
    Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt [2020-01-03] (INTEL CORP) [Startup Task]
    Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.2.0.0_x64__8j3eq9eme6ctt [2020-01-01] (INTEL CORP)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Studios) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2020-01-01] (Microsoft Corporation) [MS Ad]
    My Calendar -> C:\Program Files\WindowsApps\25529kineapps.MyCalendar_3.2.72.0_x64__4a6d1yza056d2 [2020-01-14] (kineapps)
    NcsiUwpApp -> C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe [2019-12-14] (Microsoft)
    One Calendar -> C:\Program Files\WindowsApps\64885BlueEdge.OneCalendar_2019.210.3.0_x64__8kea50m9krsh2 [2020-01-14] (Code Spark)
    Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2020-01-01] (Realtek Semiconductor Corp)
    RoboForm Password Manager -> C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.7.0_x86__7kk3kr9e0p1np [2020-01-01] (Siber Systems Inc)
    Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System -> C:\Program Files\WindowsApps\64404Softuna.TotalDiskCleaner_2.0.6.0_x64__r1b4jsc7ddp3p [2020-02-09] (Total PC Cleaner)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2020-01-01] (Twitter Inc.)
    UDK Package -> C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy [2019-12-14] (Microsoft Corporation)
    UX.Client.ST -> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy [2019-12-14] (Microsoft Windows)
    Windows Search -> C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy [2020-02-14] (Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1911043098-2004026473-3262525351-500_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\Administrator\AppData\Local\Vivaldi\Application\2.10.1745.27\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
    ShellServiceObjects: OneDrive network states cache SSO -> {78DE489B-7931-4f14-83B4-C56D38AC9FFA} => C:\Windows\System32\Windows.FileExplorer.Common.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    ShellServiceObjects-x32: OneDrive network states cache SSO -> {78DE489B-7931-4f14-83B4-C56D38AC9FFA} => C:\Windows\SysWOW64\Windows.FileExplorer.Common.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
    ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
    ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
    ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
    ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit)
    ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
    ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
    ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
    ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-17] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2019-12-16] (RealNetworks, Inc. -> RealNetworks, Inc.)
    ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
    ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
    ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
    ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
    ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
    ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit)
    ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-17] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch Apps\Solitaire.lnk -> C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --profile-directory=Default --app-id=lkbhppfbabandkdmgjmifahoabeodiep
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c94b4caab52db911\Torch.lnk -> C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --profile-directory=Default

    ==================== Loaded Modules (Whitelisted) =============

    2020-02-15 09:56 - 2019-01-26 14:23 - 000014848 _____ () [File not signed] C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\AccentColor.64.dll
    2020-02-15 09:54 - 2019-10-17 08:38 - 000645120 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
    2020-02-15 09:56 - 2019-10-08 16:17 - 000701440 _____ (Helmut Buhler) [File not signed] C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll
    2020-02-15 09:56 - 2019-10-05 14:03 - 000483840 _____ (Helmut Buhler) [File not signed] C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll
    2019-06-10 12:23 - 2017-05-23 13:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
    2019-06-10 12:23 - 2017-05-23 13:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-09-15 02:31 - 2020-02-13 08:26 - 000002056 _____ C:\WINDOWS\system32\drivers\etc\hosts
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 api.recommendedsw.com
    0.0.0.0 rp.yefeneri2.com
    0.0.0.0 os.yefeneri2.com
    0.0.0.0 os2.yefeneri2.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1911043098-2004026473-3262525351-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\Pictures\PANASONIC PRACTICE\P1010901.JPG
    DNS Servers: 64.71.255.204 - 64.71.255.198
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
    HKLM\...\StartupApproved\Run: => "RtkAudUService"
    HKLM\...\StartupApproved\Run: => "UMonit"
    HKLM\...\StartupApproved\Run32: => "RealDownloader"
    HKLM\...\StartupApproved\Run32: => "TkBellExe"
    HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "RoboForm"
    HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
    HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_8901C211194C0DFF277C9606C1448E31"
    HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "Skype for Desktop"
    HKU\S-1-5-21-1911043098-2004026473-3262525351-500\...\StartupApproved\Run: => "Opera Browser Assistant"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{6B534208-B18F-4205-919C-8FF3033F3942}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{BBEA2EC7-1D78-40D5-B0D7-32DD7DE5537A}] => (Allow) C:\Users\Administrator\AppData\Local\Programs\Opera\63.0.3368.94\opera.exe (Opera Software AS -> Opera Software)
    FirewallRules: [{A60C65BA-DC39-47A8-AC2A-C8CDA2B556CD}] => (Allow) C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc. -> Torch Media Inc.)
    FirewallRules: [{34CE2571-04CF-4E24-B772-768847AF4D8A}] => (Allow) C:\Users\Administrator\AppData\Local\Torch\Application\torch.exe (Torch Media Inc. -> Torch Media Inc.)
    FirewallRules: [{EC44F8F1-E0AD-4AF3-87D0-E72909DE0C8D}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{6FA28190-0E40-4708-91E4-AF64660E3A3C}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{678B1CEB-72CA-4B87-8785-F164D402EA84}] => (Allow) C:\Users\Administrator\AppData\Local\Epic Privacy Browser\Application\epic.exe (Hidden Reflex Authors) [File not signed]
    FirewallRules: [{0470ECDA-10D5-4F33-A505-C0602637142E}] => (Allow) C:\Program Files (x86)\Elrond\Maiar-Browser\Application\maiar.exe (Elrond Network SRL -> Elrond, Ltd.)
    FirewallRules: [{F10D67CE-A086-4AD4-A3F3-53AD6C14C7DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{41E6FF2A-96A4-486F-AD6D-227E0C0BBDAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{8D5E98ED-87AF-4DBB-97F8-A54EF556A7D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B3ABF713-62A8-41C0-9515-9D641835ECB9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{43DE802A-48D7-41F6-A826-E568957C0F77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{69F4BA2F-4CD7-4C06-A873-CA1FCEB8C9A8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1EC6939C-3C90-42D1-8271-EB434F86B6C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{6DC46710-DB36-4F6A-A9F4-289D19EDE973}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5DD2A067-6105-47C9-99FC-E98EA6BA989D}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
    FirewallRules: [{B6701615-531D-4C45-A532-99042F364A33}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
    FirewallRules: [{042B57DA-27D5-40CF-8D2C-39730C8CDCF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{6F512CB4-F8BA-414A-82D4-E67EC1127FF1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{969D1FF2-F12E-4C57-89F9-79035ECCD944}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{988584FA-D508-4DE3-8A22-B99FD8E5FAD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{59C6E009-6720-44CF-A190-AAA9B31F74D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{57F60510-9B2C-43A7-9CB1-5FB7AB5851B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{01B99E80-F0FF-4546-A788-116327432FB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5742BA46-67ED-459F-98B2-6AAEF94C5191}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{74B05E48-1A68-42FA-99D0-421370A436A5}] => (Allow) C:\Users\Administrator\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{A2B9AE91-85A2-4A55-B101-986E612E8B00}] => (Allow) C:\Users\Administrator\AppData\Local\Programs\Opera\66.0.3515.44\opera.exe (Opera Software AS -> Opera Software)
    FirewallRules: [{CBBCD7EE-647E-4634-B6F7-98242D5C0208}] => (Allow) C:\Users\Administrator\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe (Opera Software AS -> Opera Software)
    FirewallRules: [{99D8A3FB-8FEF-4EC6-AC5D-5D38B6C088E8}] => (Allow) C:\Users\Administrator\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
    FirewallRules: [{286CE21F-1267-47BC-A84F-2B17C49EC049}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{8D2C1BD9-0D3E-43B4-BDE4-817B6EA82D40}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{3E864326-C9DA-4BDF-B1AB-6A4739EA5744}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
    FirewallRules: [{48F015D0-F35E-44FF-A7D1-F5FE5297FC47}] => (Allow) C:\Users\Administrator\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
    FirewallRules: [{CA0E9CA3-EA08-4839-AEAE-AC826DB7140A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (02/17/2020 08:52:04 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
    Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).

    Error: (02/17/2020 08:32:29 PM) (Source: COM) (EventID: 10035) (User: )
    Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {759DBF09-D988-758D-88D9-8D75A4F1CB03}. The error code was 0x80010114.

    Error: (02/17/2020 08:11:19 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
    Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).

    Error: (02/17/2020 07:58:36 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
    Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).

    Error: (02/17/2020 07:55:26 PM) (Source: COM) (EventID: 10035) (User: )
    Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {76C7BF09-D988-76B7-88D9-B7767CF1E603}. The error code was 0x80010114.

    Error: (02/17/2020 07:29:01 PM) (Source: COM) (EventID: 10035) (User: )
    Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {76C7BF09-D988-76B7-88D9-B7767CF1E603}. The error code was 0x80010114.

    Error: (02/17/2020 06:48:55 PM) (Source: COM) (EventID: 10035) (User: )
    Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {04377058-D988-76B7-88D9-B7767CF1E603}. The error code was 0x800401fd.

    Error: (02/17/2020 05:37:06 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
    Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe" (value from GetModuleFileName() for the binary that issued the query).


    System errors:
    =============
    Error: (02/17/2020 08:57:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Downloaded Maps Manager service hung on starting.

    Error: (02/17/2020 08:53:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The jhi_service service depends on the iphlpsvc service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (02/17/2020 08:51:39 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.

    Error: (02/17/2020 08:23:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Downloaded Maps Manager service hung on starting.

    Error: (02/17/2020 08:19:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The jhi_service service depends on the iphlpsvc service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (02/17/2020 08:17:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sppsvc service.

    Error: (02/17/2020 08:17:00 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.

    Error: (02/17/2020 08:12:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The jhi_service service depends on the iphlpsvc service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Windows Defender:
    ===================================
    Date: 2020-02-16 06:25:07.7580000Z
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...n32/Occamy.C&threatid=2147726780&enterprise=0
    Name: Trojan:Win32/Occamy.C
    ID: 2147726780
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Administrator\AppData\Local\Temp\adobe_flash_player_1564798518.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe
    Security intelligence Version: AV: 1.307.2684.0, AS: 1.307.2684.0, NIS: 1.307.2684.0
    Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

    Date: 2020-01-20 21:06:59.2270000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {3A44049F-2DFA-4988-8874-D0BE19F07770}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-20 20:30:51.8820000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {97CD3071-BEE7-4396-8D45-31F35FB6B7E5}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-20 19:01:48.5560000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {EA29F382-B951-4A97-86A8-A5194CE5F8AB}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-20 17:33:24.4930000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {C18305C9-6D2B-45C9-B99D-31E0F6249DDD}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    CodeIntegrity:
    ===================================

    Date: 2020-02-17 21:10:54.8500000Z
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-02-17 21:09:42.0220000Z
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-02-17 21:09:41.7550000Z
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-02-17 21:09:41.6500000Z
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-02-17 21:09:41.3220000Z
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-02-17 21:09:41.1420000Z
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-02-17 21:09:41.0030000Z
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-02-17 21:09:40.9690000Z
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. X540MA.314 10/01/2019
    Motherboard: ASUSTeK COMPUTER INC. X540MA
    Processor: Intel(R) Pentium(R) Silver N5000 CPU @ 1.10GHz
    Percentage of memory in use: 64%
    Total physical RAM: 8014.97 MB
    Available physical RAM: 2875.32 MB
    Total Virtual: 17742.97 MB
    Available Virtual: 12033.1 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:930.41 GB) (Free:704.69 GB) NTFS

    \\?\Volume{f7340b35-5178-475c-b150-4f4796ac1c10}\ (RECOVERY) (Fixed) (Total:0.83 GB) (Free:0.42 GB) NTFS
    \\?\Volume{c7a0bbfa-feb8-4241-abe0-c3341def21ec}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: BD3FA6B9)

    Partition: GPT.

    ==================== End of Addition.txt =======================
     
  4. DR.M

    DR.M Malware Trainee

    Joined:
    Sep 4, 2019
    Messages:
    100
    Hello.

    Yes, this is the one of the two logs I asked for. In your Downloads folder you should have another similar file named FRST.txt. Please copy its contents here too.
     
  5. aslan777

    aslan777 Thread Starter

    Joined:
    Feb 17, 2020
    Messages:
    3
    Sorry here's the other note it wouldn't let me put all of it in here so I put it in a Word doc.
     

    Attached Files:

  6. DR.M

    DR.M Malware Trainee

    Joined:
    Sep 4, 2019
    Messages:
    100
    Hi.

    I'm in the process of studying your logs.

    Meanwhile, I attached the FRST.txt content as a notepad file to be easier to read.
     

    Attached Files:

  7. DR.M

    DR.M Malware Trainee

    Joined:
    Sep 4, 2019
    Messages:
    100
    Hi, aslan777.

    I have seen a lot of unnecessary staff in your computer. Let's start work to clean it. Please, stay with me until I tell you that the computer is completely clean.

    1. Browsers and extensions

    You have 10 browsers installed! Edge, Internet Explorer, Firefox, Chrome, Vivaldi, Epic, Maxthon, Brave, Opera, Torch... Do you really need them? And the most important, do you keep them updated? You should consider to uninstall some of them and stay with 2-4 of them (step 2). Moreover, you have so many extensions in Chrome, Firefox and Opera. Do you need them all? If not, go on and remove whatever you don't use and need, in case you keep these three browsers.

    Removing extensions:

    Firefox: https://support.mozi...ving-extensions

    Opera: Open your extensions manager page via the Opera menu (or type Ctrl+Shift+E {or type opera://extensions/ in the address bar and hit enter}) and click the small x in the upper right corner of the entry of extension you wish to remove. Thats all you need to do to remove an extension.

    Chrome:
    Type chrome://extensions in the address bar and press Enter.
    Click Remove under the extension you'd like to completely remove.
    A confirmation dialog appears, click Remove.

    2. Uninstall programs


    You have some programs installed in your computer that need to be uninstalled. Among them, there are programs called registry or disk cleaners or optimizers or driver boosters (see 3-8 in the following list). Although these programs are not malware, they are marked by many antivirus programs (including Malwarebytes) as potentially unwanted programs, that they can be harmful to a computer in many ways. However, serious issues can occur when you modify the registry incorrectly using these types of utilities. These issues might require users to reinstall the operating system due to instability. I recommend you to uninstall them, but it's your choice what are you going to do with them. Some useful stuff for you to read about them:

    https://www.bleepingcomputer.com/fo...curity-questions-best-practices/#entry2853053
    https://support.microsoft.com/en-us...cy-for-the-use-of-registry-cleaning-utilities

    Uninstall list:
    1. Any of the browsers you decide that you don't need.
    2. Torch
    3. Advanced SystemCare (optional)
    4. Disk Cleaner (optional)
    5. Driver Booster 7 (optional)
    6. IObit Malware Fighter 7 (optional)
    7. IObit Software Updater (optional)
    8. IObit Uninstaller 9 (optional)
    For the programs you have to uninstall or you decide to uninstall, please do the following:
    • Press the Windows key together with the R key on the keyboard at the same time, to open the Control Panel.
    • Type appwiz.cpl in the window open and click OK.
    • In the list of programs look for the programs listed above, right-click the entry and click Uninstall.
      • If any of the programs do not appear in the Control Panel list, just go further.
      • If you get any warnings that the program is already removed, accept uninstalling it from Program and Features.
      • Restart if you are asked to.

    3. Fresh FRST logs


    Please run FRST as you did before. Since our tools are running more efficiently when on the Desktop, please go to your Downloads folder move the FRST program to your Desktop.
    • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
    • If the tool warns you about the version you're using being an outdated version please download and run the updated version.
    • Press the Scan button once and wait.
    • FRST will produce two logs on your Desktop: FRST.txt and Addition.txt.
    • Please copy and paste the content of these logs in your next reply (if you can't paste a log, because of its size, you can upload it as a notepad file. No need to provide a Word document.)
     
  8. DR.M

    DR.M Malware Trainee

    Joined:
    Sep 4, 2019
    Messages:
    100
    Hello.

    Do you still need help?
     
  9. DR.M

    DR.M Malware Trainee

    Joined:
    Sep 4, 2019
    Messages:
    100
    Due to lack of feedback, this topic has been closed.

    If you need this topic to reopen, please contact a staff member. This applies only to the original topic starter. Everyone else, please begin a new topic.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1240402

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice