Jump to content


Photo

Browsers Hijacked

Browser Hijack

  • Please log in to reply
29 replies to this topic

#1 chrisling

chrisling

    Advanced Member

  • Helper Trainee+
  • PipPipPip
  • 118 posts

Posted 27 August 2020 - 03:34 AM

Hi,

 

I would like request for a quick help here.

 

The issue happened at my workstation where all the browsers had been hijacked. I had attempted some fixes before but no aid.

 

The logs are provided here.

 

Any help is really appreciated.

 

Thank you!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-08-2020
Ran by Administrator (administrator) on CAPS-Q3DEMO-A (27-08-2020 15:48:42)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
() [File not signed] C:\Users\Administrator\Desktop\baretail.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <2>
(CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\ConfigService\OPIConfigService.exe
(CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\OPI\bin\OPIService.exe
(CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\OPI\bin\UtilityService.exe
(DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe
(D-LINK CORPORATION -> D-Link Corp.) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle America, Inc. -> MICROS Systems Inc.) C:\Program Files (x86)\MICROS\McrsCAL\McrsCal.exe
(Oracle America, Inc. -> MICROS Systems Inc.) C:\Program Files (x86)\MICROS\McrsCAL\WIN7CALStart.exe
(Oracle America, Inc. -> Oracle) C:\Micros\Simphony\WebServer\ServiceHost.exe <2>
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [DpTsClnt] => Regsvr32.exe /s "C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpTsClnt.dll"
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [156808 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-06] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [MAKEN OPEN DRAWER] => D:\POS SYSTEM\????(??)\DrawTest.exe start
HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1095984 2014-03-18] (D-LINK CORPORATION -> D-Link Corp.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2019-08-21]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1DB5DA09-C167-4D0F-AD68-F51CBD502750} - System32\Tasks\Microsoft POS for .NET SQM Uploader => C:\Program Files (x86)\Microsoft Point Of Service\SqmUploader.exe [147704 2017-08-08] (Microsoft Corporation -> )
Task: {4576D400-3CFD-4748-832C-04BAE9CBE76D} - System32\Tasks\{1B0F8D77-A354-4DDA-8E75-ABE69A60EDF1} => C:\Windows\system32\pcalua.exe -a "D:\POS SYSTEM\KPOS_Printer_DriverInstall_Graph(附安装说明)(3)(1)\KPOS_Printer_DriverInstall_Graphú¿╕╜░▓╫░╦╡├≈ú⌐\KPOS_Printer_DriverInstall_Graph_20190426\POS104Install.exe" -d "D:\POS SYSTEM\KPOS_Printer_DriverInstall_Graph(附安装说明)(3)(1)\KPOS_Printer_DriverInstall_Graphú¿╕╜░▓╫░╦╡├≈ú⌐\KPOS_Printer_Driv (the data entry has 25 more characters).
Task: {E6EAD99D-BDCA-457E-83E7-EFC7AB6AABC8} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3858056 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {FFD2951F-2AD3-4B0D-8401-D3C98AFE7A47} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1792136 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8
Tcpip\..\Interfaces\{49D3160E-9769-4443-8845-529949E72514}: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8
Tcpip\..\Interfaces\{F26F6D75-F8F7-413A-A510-67DF5E6A3839}: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: 5c5wbps2.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5c5wbps2.default [2020-08-27]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mpwzd1gz.default-release-1598513963193 [2020-08-27]
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

Chrome: 
=======
StartMenuInternet: Google Chrome.6Y2LFEZ7UHFRSQMVKOHQNSWZNY - C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"{74712200-2132-494a-BD2F-D9CFE8900378}" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378} => C:\Windows\System32\drivers\zokng.sys [11470256 2019-07-25] () [File not signed] <==== ATTENTION (Rootkit!/Locked Service)

R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3668944 2020-08-08] (philandro Software GmbH -> philandro Software GmbH)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [354272 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7823296 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 DpHost; C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe [473424 2014-12-15] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-08-25] (Malwarebytes Inc -> Malwarebytes)
R2 MICROS CAL Client; C:\Program Files (x86)\Micros\McrsCAL\McrsCal.exe [76624 2019-09-02] (Oracle America, Inc. -> MICROS Systems Inc.)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [163008 2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
R2 OPIConfigService; C:\OraclePaymentInterface\v19.1\Services\ConfigService\OPIConfigService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
R2 OPIService; C:\OraclePaymentInterface\v19.1\Services\OPI\bin\OPIService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
R2 Oracle Hospitality Simphony Service Host; C:\Micros\Simphony\WebServer\ServiceHost.exe [18440 2020-01-09] (Oracle America, Inc. -> Oracle)
S4 POSPerformanceCounters; C:\Program Files (x86)\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [37624 2017-08-08] (Microsoft Corporation -> )
S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [448704 2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
R2 UtilityService; C:\OraclePaymentInterface\v19.1\Services\OPI\bin\UtilityService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37208 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [205952 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [235656 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [195720 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [61064 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42840 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [175264 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [515600 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2020-08-25] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [109336 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [84912 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [851664 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [466816 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [217392 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [323848 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 bhound7; C:\Windows\System32\DRIVERS\bhound7.sys [68064 2009-03-02] (Perisoft -> Perisoft)
S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [48648 2011-06-22] (Cypress -> Cypress Semiconductor)
S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [71904 2017-07-05] (Cypress Semiconductor Technology India Pvt Ltd. -> Cypress Semiconductor)
S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65408 2013-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2013-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [94208 2013-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217088 2020-08-27] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-25] (Malwarebytes Inc -> Malwarebytes)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [2225808 2014-12-08] (MEDIATEK INC. -> MediaTek Inc.)
S3 rusb3hub; C:\Windows\system32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
R3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [89600 2007-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
S3 VUSB3HUB; C:\Windows\system32\DRIVERS\ViaHub3.sys [221696 2016-02-03] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\DRIVERS\xhcdrv.sys [294912 2016-02-03] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-27 15:47 - 2020-08-27 15:48 - 000000000 ____D C:\Users\Administrator\Downloads\FRST-OlderVersion
2020-08-27 15:47 - 2020-08-27 15:47 - 000000000 ___HD C:\$AV_AVG
2020-08-27 15:39 - 2020-08-27 15:39 - 000000000 ____D C:\Users\Administrator\Desktop\Old Firefox Data
2020-08-27 15:38 - 2020-08-27 15:41 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-08-27 15:38 - 2020-08-27 15:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-08-27 15:38 - 2020-08-27 15:38 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-08-27 15:38 - 2020-08-27 15:38 - 000000924 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-08-27 15:38 - 2020-08-27 15:38 - 000000924 _____ C:\ProgramData\Desktop\Firefox.lnk
2020-08-27 15:32 - 2020-08-27 15:32 - 000217088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-08-27 15:30 - 2020-08-27 15:30 - 020447232 ____N C:\Windows\system32\config\SYSTEM
2020-08-25 18:00 - 2020-08-27 15:30 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2020-08-25 17:42 - 2020-08-25 17:42 - 000046177 _____ C:\Users\Administrator\Downloads\Shortcut.txt
2020-08-25 17:17 - 2020-08-25 17:17 - 008414384 _____ (Malwarebytes) C:\Users\Administrator\Downloads\adwcleaner_8.0.7.exe
2020-08-25 17:14 - 2020-08-25 17:19 - 000000000 ____D C:\AdwCleaner
2020-08-25 17:08 - 2020-08-25 17:55 - 000001105 _____ C:\Users\Administrator\Downloads\Fixlog.txt
2020-08-25 15:56 - 2020-08-25 17:42 - 000031971 _____ C:\Users\Administrator\Downloads\Addition.txt
2020-08-25 15:49 - 2020-08-27 15:50 - 000016556 _____ C:\Users\Administrator\Downloads\FRST.txt
2020-08-25 15:49 - 2020-08-27 15:49 - 000000000 ____D C:\FRST
2020-08-25 15:49 - 2020-08-27 15:47 - 002298368 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Avg
2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2020-08-25 15:25 - 2020-08-25 15:25 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2020-08-25 15:24 - 2020-08-27 15:30 - 000003904 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2020-08-25 15:24 - 2020-08-25 15:24 - 000851664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000515600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000466816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000336520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2020-08-25 15:24 - 2020-08-25 15:24 - 000323848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000235656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000217392 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000205952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000195720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000175264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000109336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000084912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000061064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000042840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000037208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000029944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetNd6.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____D C:\Program Files\Common Files\AVG
2020-08-25 15:23 - 2020-08-27 15:42 - 000000000 ____D C:\ProgramData\AVG
2020-08-25 15:23 - 2020-08-25 15:23 - 000271696 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Administrator\Downloads\avg_antivirus_free_setup.exe
2020-08-25 15:23 - 2020-08-25 15:23 - 000000000 ____D C:\Program Files\AVG
2020-08-25 15:21 - 2020-08-25 15:21 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-24 16:03 - 2020-08-24 16:43 - 000710356 _____ C:\Windows\ntbtlog.txt
2020-08-24 15:42 - 2020-08-24 16:16 - 000000000 ____D C:\Windows\pss
2020-08-24 15:40 - 2020-08-27 15:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2020-08-24 14:57 - 2020-08-24 14:58 - 006455520 _____ (EnigmaSoft Limited) C:\Users\Administrator\Downloads\SpyHunter-Installer.exe
2020-08-24 14:51 - 2020-08-24 14:51 - 000000000 ____D C:\Users\Administrator\Downloads\chc
2020-08-24 14:50 - 2020-08-24 14:50 - 009047080 _____ C:\Users\Administrator\Downloads\chc.zip
2020-08-24 11:48 - 2020-08-25 15:22 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-24 11:48 - 2020-08-25 15:22 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-24 11:48 - 2020-08-25 15:22 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-08-24 11:48 - 2020-08-24 11:48 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
2020-08-24 11:47 - 2020-08-25 15:21 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-24 11:47 - 2020-08-24 11:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-24 11:47 - 2020-08-24 11:47 - 000000000 ____D C:\Program Files\Malwarebytes
2020-08-24 11:45 - 2020-08-24 11:45 - 002040904 _____ (Malwarebytes) C:\Users\Administrator\Downloads\MBSetup.exe
2020-08-24 11:45 - 2020-08-24 11:45 - 000388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis.exe
2020-08-17 16:18 - 2020-08-27 15:30 - 000000000 ___HD C:\Windows\msdownld.tmp
2020-08-17 16:13 - 2020-08-25 17:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2020-08-17 16:12 - 2020-08-25 17:15 - 000000000 ____D C:\Program Files (x86)\Google

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-27 15:49 - 2019-07-25 07:15 - 020709376 _____ C:\Windows\system32\C_32770.NLS
2020-08-27 15:41 - 2019-08-13 17:27 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2020-08-27 15:37 - 2009-07-14 13:13 - 000910410 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-27 15:37 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2020-08-27 15:32 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-08-27 15:32 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-08-27 15:31 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-27 04:20 - 2019-08-13 18:36 - 000000000 ____D C:\Windows\system32\MRT
2020-08-27 04:15 - 2019-08-13 18:35 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-08-26 20:07 - 2019-08-20 10:00 - 001509224 _____ C:\Journal.txt
2020-08-08 18:24 - 2019-08-21 11:53 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2020-08-05 10:17 - 2019-08-21 11:33 - 000001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2020-08-05 10:17 - 2019-08-21 11:33 - 000001090 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2020-08-05 10:17 - 2019-08-21 11:33 - 000001090 _____ C:\ProgramData\Desktop\TeamViewer 8.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-08-25 00:56
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-08-2020
Ran by Administrator (27-08-2020 15:52:43)
Running from C:\Users\Administrator\Downloads
Windows 7 Professional Service Pack 1 (X64) (2019-07-24 22:55:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-2582853694-2877760415-371799054-1000 - Administrator - Disabled) => C:\Users\admin
Administrator (S-1-5-21-2582853694-2877760415-371799054-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2582853694-2877760415-371799054-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.0.7 - philandro Software GmbH)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.6.3135 - AVG Technologies)
Bus Hound (HKLM-x32\...\{7A19AACA-48DD-43E1-92BE-B12D78466C89}) (Version: 6.1.0 - Perisoft)
DigitalPersona TouchChip Device Add-On for U.are.U SDK (HKLM\...\{20CB814D-73D5-422B-9E61-BE3F68E280DD}) (Version: 1.0.1.767 - DigitalPersona, Inc.)
DigitalPersona U.are.U RTE (HKLM\...\{3FE5B696-9DA2-41AA-8414-58E3936169A6}) (Version: 2.3.1.767 - DigitalPersona, Inc.)
D-Link DWA-125 (HKLM-x32\...\{E45CACFE-0576-4375-A84F-C34B99A7B652}) (Version:  - D-Link Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Malwarebytes version 4.2.0.82 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.0.82 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft POS for .NET 1.14.1 (HKLM-x32\...\{9352A741-7648-46DA-806F-44ED64890BA4}) (Version: 1.14.1708.8001 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{B9274744-8BAE-4874-8E59-2610919CD419}) (Version: 11.4.7001.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{5B2CB8F5-3151-4B85-8EC7-E7BF1CFC8646}) (Version: 11.4.7001.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{18F346D2-4CE0-45C4-BCD9-BA054FE7CB91}) (Version: 11.4.7001.0 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.4.7001.0 - Microsoft Corporation)
Mozilla Firefox 72.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.2 (x64 en-US)) (Version: 72.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0 - Mozilla)
Oracle Payment Interface (HKLM-x32\...\{FDFB3AFE-1D8F-4145-BE5F-9466F5984455}) (Version: 19.1.0.0 - Oracle) Hidden
Oracle Payment Interface (HKLM-x32\...\InstallShield_{FDFB3AFE-1D8F-4145-BE5F-9466F5984455}) (Version: 19.1.0.0 - Oracle)
Printer Driver Setup v2.0 (HKLM-x32\...\{DEFC2352-70A5-433C-841D-5EC6527E2EA9}) (Version: 2.0 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Service Pack 4 for SQL Server 2012 (KB4018073) (HKLM-x32\...\KB4018073) (Version: 11.4.7001.0 - Microsoft Corporation)
SQL Server 2012 Common Files (HKLM-x32\...\{124D51A1-F3C2-45AE-B812-D3CA71247093}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM-x32\...\{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{87D50333-E534-493A-8E98-0A49BC28F64B}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{C22613C2-C7A4-4761-A906-116ECD4E7477}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{54F84805-0116-467F-8713-899DFC472235}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{D0F44C37-A22B-4733-BBA7-86C9F4988725}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.4.7001.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.258861 - TeamViewer)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
WIN32 CAL Client (HKLM-x32\...\{0B64324E-75FA-4A9C-8997-9C21F8777110}) (Version: 3.1.4.146 - ORACLE | Micros) Hidden
WIN32 CAL Client (HKLM-x32\...\InstallShield_{0B64324E-75FA-4A9C-8997-9C21F8777110}) (Version: 3.1.4.146 - ORACLE | Micros)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2582853694-2877760415-371799054-500_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-03-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-03-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-24] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Administrator\Desktop\LaunchConfiguration - Shortcut.lnk -> C:\OraclePaymentInterface\v19.1\Config\LaunchConfiguration.bat ()

==================== Loaded Modules (Whitelisted) =============

2019-08-27 10:32 - 2019-08-27 10:32 - 000315392 _____ () [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
2019-08-27 10:32 - 2012-12-05 10:40 - 000303104 _____ () [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll
2019-07-25 07:19 - 2014-03-06 10:08 - 000074240 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2020-08-27 15:32 - 2020-08-27 15:32 - 000198144 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jna-1840106495\jna1208285878972502543.dll
2020-08-27 15:31 - 2020-08-27 15:31 - 000198144 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jna-1840106495\jna7570238549666890663.dll
2019-08-27 10:32 - 2010-07-12 14:39 - 000413696 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\MSVCP60.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2020-01-09 14:16 - 2020-01-09 14:16 - 000796672 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\MSVCR80.dll
2019-08-14 09:37 - 2019-08-14 09:37 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\ucrtbase.DLL
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\VCRUNTIME140.dll
2019-08-27 10:32 - 2012-09-04 15:31 - 000278528 _____ (Wireless Service) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\wnicapi.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2020-08-17 18:05 - 000000152 _____ C:\Windows\system32\drivers\etc\hosts
192.168.1.15	simapp.q3aurelia.com
175.143.55.113	simapp.q3aurelia.com
192.168.1.18	simrpt.q3aurelia.com
175.143.55.113	simrpt.q3aurelia.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\
HKU\S-1-5-21-2582853694-2877760415-371799054-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.6 - 192.168.1.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B231DE16-40B6-4ABD-B7E2-A79168D1CD06}] => (Allow) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{7E18DC82-0E7C-46A4-BE84-13ABEF854B2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{A082D422-7099-44B3-BA13-5D1C5C84E61B}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{318DDDE5-0B27-4FA2-9BCD-C8E8D562DBAA}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{1D90D57C-843A-44E4-9932-0BD875DBED81}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{4FD3B272-07A7-4539-8DB5-BACC4ABCFFE6}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{B68F8AA1-E8E5-44AE-824B-74B79F04DD14}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{F689A6C3-0E21-4EE8-8607-077A65EFFEB7}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{7FE72AE8-5290-4DC8-B243-D71F70533A13}] => (Allow) C:\Micros\Simphony\WebServer\ServiceHost.exe (Oracle America, Inc. -> Oracle)
FirewallRules: [{77257AAC-8EA2-41F0-B4ED-4965A0778AC0}] => (Allow) C:\Micros\Simphony\WebServer\ServiceHost.exe (Oracle America, Inc. -> Oracle)
FirewallRules: [{1F60E561-F666-4D24-9C4B-DADD02FF3979}] => (Allow) LPort=1434
FirewallRules: [{536DE056-6B5D-459D-A4E2-38EF087B4D66}] => (Allow) LPort=1433
FirewallRules: [{962F0249-DDF1-4453-817A-9C764D673680}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer GmbH)
FirewallRules: [{0D11B8B2-84B8-4F04-ABA3-F15773ED857A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer GmbH)
FirewallRules: [{646583CE-020D-4F64-B165-63ADF393A69B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer GmbH)
FirewallRules: [{69800F2C-A6BA-44E8-BD2F-7F708E40684C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer GmbH)
FirewallRules: [{6AA4549C-4F38-4781-97B1-FF900EB68A1F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{E413EAC6-1445-43B0-AF2E-FE1F4B8FD7D6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{E344BD32-9B67-4C2C-BC2A-3A120B8873C2}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{BBC7A038-649C-40DB-B85A-C92E70685A01}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{A1DC380A-3E8E-4494-8E18-B0B5522F085C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{CC0ED5A7-CBD0-41D8-A475-3AF70DAC09A5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{E8628A48-8619-4500-9F37-865EA71241F9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8DE820D2-D58D-4469-AC66-E4FFA0EE34D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

25-08-2020 15:24:53 Device Driver Package Install: AVG Technologies Network Service
25-08-2020 18:06:55 Windows Modules Installer
25-08-2020 18:11:45 Windows Modules Installer
25-08-2020 18:24:23 Windows Modules Installer
25-08-2020 18:29:09 Windows Modules Installer
27-08-2020 04:14:18 Windows Update

==================== Faulty Device Manager Devices ============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/27/2020 03:36:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0x37c
Faulting application start time: 0x01d67c44c8d787bb
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 08433df0-e838-11ea-b1bb-68eda42b384e

Error: (08/27/2020 03:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0x142c
Faulting application start time: 0x01d67c44bfa4338e
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: ff8a4bae-e837-11ea-b1bb-68eda42b384e

Error: (08/27/2020 03:36:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0x434
Faulting application start time: 0x01d67c44be96420a
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: fe835f24-e837-11ea-b1bb-68eda42b384e

Error: (08/27/2020 03:36:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0xe0
Faulting application start time: 0x01d67c44b75aa68d
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: fb4fed84-e837-11ea-b1bb-68eda42b384e

Error: (08/27/2020 03:29:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0x1108
Faulting application start time: 0x01d67c43ba7081e6
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: fbb62f2c-e836-11ea-aad5-68eda42b384e

Error: (08/27/2020 03:07:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0x1a30
Faulting application start time: 0x01d67c40bc3a383c
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: fbca3fd9-e833-11ea-aad5-68eda42b384e

Error: (08/27/2020 03:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0x19f4
Faulting application start time: 0x01d67c40baa190e0
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: fa2f7595-e833-11ea-aad5-68eda42b384e

Error: (08/27/2020 03:06:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0xd08
Faulting application start time: 0x01d67c408c5d2b42
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: cbf1519e-e833-11ea-aad5-68eda42b384e


System errors:
=============
Error: (08/27/2020 03:32:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (08/26/2020 07:41:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Oracle Hospitality Simphony Service Host service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/25/2020 06:20:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (08/25/2020 05:57:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (08/25/2020 05:21:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (08/25/2020 05:20:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (08/25/2020 05:19:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The OPI Utility Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/25/2020 05:19:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 5.6.5 05/07/2019
Motherboard: AMI Corporation Aptio CRB
Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Percentage of memory in use: 90%
Total physical RAM: 1938.64 MB
Available physical RAM: 191.08 MB
Total Virtual: 5235.96 MB
Available Virtual: 409.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.62 GB) (Free:8.9 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 59.6 GB) (Disk ID: 33217C0D)
Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Attached Files


Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,376 posts

Posted 27 August 2020 - 06:08 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Windows Firewall is disabled.
Turn ON your Firewall Windows.
<<<>>>
 
Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start::
 
CreateRestorePoint:
CloseProcesses:
 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
StartMenuInternet: Google Chrome.6Y2LFEZ7UHFRSQMVKOHQNSWZNY - C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
"{74712200-2132-494a-BD2F-D9CFE8900378}" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378} => C:\Windows\System32\drivers\zokng.sys [11470256 2019-07-25] () [File not signed] <==== ATTENTION (Rootkit!/Locked Service)
 
Unlock: HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378}
Unlock: C:\Windows\System32\drivers\zokng.sys
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{7E18DC82-0E7C-46A4-BE84-13ABEF854B2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{A082D422-7099-44B3-BA13-5D1C5C84E61B}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{318DDDE5-0B27-4FA2-9BCD-C8E8D562DBAA}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{1D90D57C-843A-44E4-9932-0BD875DBED81}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{4FD3B272-07A7-4539-8DB5-BACC4ABCFFE6}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{B68F8AA1-E8E5-44AE-824B-74B79F04DD14}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{F689A6C3-0E21-4EE8-8607-077A65EFFEB7}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
 
C:\Windows\System32\drivers\zokng.sys
 
EmptyTemp:
 
End::
 
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
If the problem persists please run the Farbar program again and post fresj logs for my review.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 chrisling

chrisling

    Advanced Member

  • Helper Trainee+
  • PipPipPip
  • 118 posts

Posted 27 August 2020 - 11:55 PM

Hi nasdaq,

 

The issue persists. I am aware of the Firewall issue. Please allow me some time to whitelist the ports before I turn it back on.

 

Please refer to the log below after the fix.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-08-2020
Ran by Administrator (28-08-2020 11:12:51) Run:4
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
StartMenuInternet: Google Chrome.6Y2LFEZ7UHFRSQMVKOHQNSWZNY - C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
"{74712200-2132-494a-BD2F-D9CFE8900378}" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378} => C:\Windows\System32\drivers\zokng.sys [11470256 2019-07-25] () [File not signed] <==== ATTENTION (Rootkit!/Locked Service)
 
Unlock: HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378}
Unlock: C:\Windows\System32\drivers\zokng.sys
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{7E18DC82-0E7C-46A4-BE84-13ABEF854B2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{A082D422-7099-44B3-BA13-5D1C5C84E61B}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{318DDDE5-0B27-4FA2-9BCD-C8E8D562DBAA}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{1D90D57C-843A-44E4-9932-0BD875DBED81}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{4FD3B272-07A7-4539-8DB5-BACC4ABCFFE6}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{B68F8AA1-E8E5-44AE-824B-74B79F04DD14}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
FirewallRules: [{F689A6C3-0E21-4EE8-8607-077A65EFFEB7}] => (Allow) C:\Users\Administrator\Desktop\AnyDesk.exe => No File
 
C:\Windows\System32\drivers\zokng.sys
 
EmptyTemp:
 

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.6Y2LFEZ7UHFRSQMVKOHQNSWZNY\shell\open\command\\"Default"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"" => value restored successfully
"{74712200-2132-494a-BD2F-D9CFE8900378}" => service could not be unlocked. <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378} => C:\Windows\System32\drivers\zokng.sys [11470256 2019-07-25] () [File not signed] <==== ATTENTION (Rootkit!/Locked Service) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378}" => not found
"C:\Windows\System32\drivers\zokng.sys" => could not be unlocked
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E18DC82-0E7C-46A4-BE84-13ABEF854B2F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A082D422-7099-44B3-BA13-5D1C5C84E61B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{318DDDE5-0B27-4FA2-9BCD-C8E8D562DBAA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D90D57C-843A-44E4-9932-0BD875DBED81}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FD3B272-07A7-4539-8DB5-BACC4ABCFFE6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B68F8AA1-E8E5-44AE-824B-74B79F04DD14}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F689A6C3-0E21-4EE8-8607-077A65EFFEB7}" => removed successfully
Could not move "C:\Windows\System32\drivers\zokng.sys" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1801337 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 955 B
Edge => 0 B
Chrome => 0 B
Firefox => 39246740 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 792576 B
admin => 792576 B
Administrator => 8761268 B

RecycleBin => 58071460 B
EmptyTemp: => 112.4 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-08-2020 11:36:36)

C:\Windows\System32\drivers\zokng.sys => Could not move

==== End of Fixlog 11:36:36 ====

I realized the driver file failed to be moved yet I am logging into the Windows by built-in Administrator. Therefore I have tried to remove the file in Safe Mode. The file re-appeared in the directory after I restart the Windows in normal mode.

 

Adhere the fresh FRST log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-08-2020
Ran by Administrator (administrator) on CAPS-Q3DEMO-A (28-08-2020 12:42:56)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\ConfigService\OPIConfigService.exe
(CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\OPI\bin\OPIService.exe
(CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\OPI\bin\UtilityService.exe
(DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe
(D-LINK CORPORATION -> D-Link Corp.) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle America, Inc. -> MICROS Systems Inc.) C:\Program Files (x86)\MICROS\McrsCAL\McrsCal.exe
(Oracle America, Inc. -> MICROS Systems Inc.) C:\Program Files (x86)\MICROS\McrsCAL\WIN7CALStart.exe
(Oracle America, Inc. -> Oracle) C:\Micros\Simphony\WebServer\ServiceHost.exe <2>
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [DpTsClnt] => Regsvr32.exe /s "C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpTsClnt.dll"
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [156808 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-06] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [MAKEN OPEN DRAWER] => D:\POS SYSTEM\????(??)\DrawTest.exe start
HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1095984 2014-03-18] (D-LINK CORPORATION -> D-Link Corp.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2019-08-21]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1DB5DA09-C167-4D0F-AD68-F51CBD502750} - System32\Tasks\Microsoft POS for .NET SQM Uploader => C:\Program Files (x86)\Microsoft Point Of Service\SqmUploader.exe [147704 2017-08-08] (Microsoft Corporation -> )
Task: {4576D400-3CFD-4748-832C-04BAE9CBE76D} - System32\Tasks\{1B0F8D77-A354-4DDA-8E75-ABE69A60EDF1} => C:\Windows\system32\pcalua.exe -a "D:\POS SYSTEM\KPOS_Printer_DriverInstall_Graph(附安装说明)(3)(1)\KPOS_Printer_DriverInstall_Graphú¿╕╜░▓╫░╦╡├≈ú⌐\KPOS_Printer_DriverInstall_Graph_20190426\POS104Install.exe" -d "D:\POS SYSTEM\KPOS_Printer_DriverInstall_Graph(附安装说明)(3)(1)\KPOS_Printer_DriverInstall_Graphú¿╕╜░▓╫░╦╡├≈ú⌐\KPOS_Printer_Driv (the data entry has 25 more characters).
Task: {E6EAD99D-BDCA-457E-83E7-EFC7AB6AABC8} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3858056 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {FFD2951F-2AD3-4B0D-8401-D3C98AFE7A47} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1792136 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8
Tcpip\..\Interfaces\{49D3160E-9769-4443-8845-529949E72514}: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8
Tcpip\..\Interfaces\{F26F6D75-F8F7-413A-A510-67DF5E6A3839}: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2582853694-2877760415-371799054-500 -> DefaultScope {79fc4e3c-8838-4344-bcd7-be78bcbbfe3e} URL = 
SearchScopes: HKU\S-1-5-21-2582853694-2877760415-371799054-500 -> {f283e7fa-8226-404a-b8f5-f55694b1edce} URL = hxxps://www.so.com/s?src=lm&ls=sm2330541&lm_extend=ctype:31&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: 5c5wbps2.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5c5wbps2.default [2020-08-28]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uzlch7ay.default-release-1598589718315 [2020-08-28]
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3668944 2020-08-08] (philandro Software GmbH -> philandro Software GmbH)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [354272 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7823296 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 DpHost; C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe [473424 2014-12-15] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-08-25] (Malwarebytes Inc -> Malwarebytes)
R2 MICROS CAL Client; C:\Program Files (x86)\Micros\McrsCAL\McrsCal.exe [76624 2019-09-02] (Oracle America, Inc. -> MICROS Systems Inc.)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [163008 2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
R2 OPIConfigService; C:\OraclePaymentInterface\v19.1\Services\ConfigService\OPIConfigService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
R2 OPIService; C:\OraclePaymentInterface\v19.1\Services\OPI\bin\OPIService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
R2 Oracle Hospitality Simphony Service Host; C:\Micros\Simphony\WebServer\ServiceHost.exe [18440 2020-01-09] (Oracle America, Inc. -> Oracle)
S4 POSPerformanceCounters; C:\Program Files (x86)\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [37624 2017-08-08] (Microsoft Corporation -> )
S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [448704 2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
R2 UtilityService; C:\OraclePaymentInterface\v19.1\Services\OPI\bin\UtilityService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37208 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [205952 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [235656 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [195720 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [61064 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42840 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [175264 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [515600 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2020-08-25] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [109336 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [84912 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [851664 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [466816 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [217392 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [323848 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 bhound7; C:\Windows\System32\DRIVERS\bhound7.sys [68064 2009-03-02] (Perisoft -> Perisoft)
S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [48648 2011-06-22] (Cypress -> Cypress Semiconductor)
S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [71904 2017-07-05] (Cypress Semiconductor Technology India Pvt Ltd. -> Cypress Semiconductor)
S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65408 2013-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2013-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [94208 2013-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217088 2020-08-28] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-28] (Malwarebytes Inc -> Malwarebytes)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [2225808 2014-12-08] (MEDIATEK INC. -> MediaTek Inc.)
S3 rusb3hub; C:\Windows\system32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
R3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [89600 2007-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
S3 VUSB3HUB; C:\Windows\system32\DRIVERS\ViaHub3.sys [221696 2016-02-03] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\DRIVERS\xhcdrv.sys [294912 2016-02-03] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-28 12:12 - 2020-08-28 12:12 - 000217088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-08-28 12:09 - 2020-08-28 12:10 - 020447232 ____N C:\Windows\system32\config\SYSTEM
2020-08-28 11:38 - 2020-08-28 11:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-08-27 15:47 - 2020-08-27 15:48 - 000000000 ____D C:\Users\Administrator\Downloads\FRST-OlderVersion
2020-08-27 15:47 - 2020-08-27 15:47 - 000000000 ___HD C:\$AV_AVG
2020-08-27 15:39 - 2020-08-28 12:42 - 000000000 ____D C:\Users\Administrator\Desktop\Old Firefox Data
2020-08-27 15:38 - 2020-08-28 12:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-08-27 15:38 - 2020-08-27 15:38 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-08-27 15:38 - 2020-08-27 15:38 - 000000924 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-08-25 18:00 - 2020-08-28 12:41 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2020-08-25 17:42 - 2020-08-25 17:42 - 000046177 _____ C:\Users\Administrator\Downloads\Shortcut.txt
2020-08-25 17:17 - 2020-08-25 17:17 - 008414384 _____ (Malwarebytes) C:\Users\Administrator\Downloads\adwcleaner_8.0.7.exe
2020-08-25 17:14 - 2020-08-25 17:19 - 000000000 ____D C:\AdwCleaner
2020-08-25 17:08 - 2020-08-28 11:36 - 000005441 _____ C:\Users\Administrator\Downloads\Fixlog.txt
2020-08-25 15:56 - 2020-08-27 15:56 - 000031918 _____ C:\Users\Administrator\Downloads\Addition.txt
2020-08-25 15:49 - 2020-08-28 13:04 - 000016355 _____ C:\Users\Administrator\Downloads\FRST.txt
2020-08-25 15:49 - 2020-08-28 13:03 - 000000000 ____D C:\FRST
2020-08-25 15:49 - 2020-08-27 15:47 - 002298368 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Avg
2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2020-08-25 15:25 - 2020-08-25 15:25 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2020-08-25 15:24 - 2020-08-28 12:41 - 000003904 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2020-08-25 15:24 - 2020-08-25 15:24 - 000851664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000515600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000466816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000336520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2020-08-25 15:24 - 2020-08-25 15:24 - 000323848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000235656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000217392 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000205952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000195720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000175264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000109336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000084912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000061064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000042840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000037208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000029944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetNd6.sys
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____D C:\Program Files\Common Files\AVG
2020-08-25 15:23 - 2020-08-28 12:06 - 000000000 ____D C:\ProgramData\AVG
2020-08-25 15:23 - 2020-08-25 15:23 - 000271696 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Administrator\Downloads\avg_antivirus_free_setup.exe
2020-08-25 15:23 - 2020-08-25 15:23 - 000000000 ____D C:\Program Files\AVG
2020-08-25 15:21 - 2020-08-28 12:12 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-24 16:03 - 2020-08-28 12:09 - 000896886 _____ C:\Windows\ntbtlog.txt
2020-08-24 15:42 - 2020-08-24 16:16 - 000000000 ____D C:\Windows\pss
2020-08-24 15:40 - 2020-08-28 11:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2020-08-24 14:57 - 2020-08-24 14:58 - 006455520 _____ (EnigmaSoft Limited) C:\Users\Administrator\Downloads\SpyHunter-Installer.exe
2020-08-24 14:51 - 2020-08-24 14:51 - 000000000 ____D C:\Users\Administrator\Downloads\chc
2020-08-24 14:50 - 2020-08-24 14:50 - 009047080 _____ C:\Users\Administrator\Downloads\chc.zip
2020-08-24 11:48 - 2020-08-25 15:22 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-24 11:48 - 2020-08-25 15:22 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-24 11:48 - 2020-08-24 11:48 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
2020-08-24 11:47 - 2020-08-25 15:21 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-24 11:47 - 2020-08-24 11:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-24 11:47 - 2020-08-24 11:47 - 000000000 ____D C:\Program Files\Malwarebytes
2020-08-24 11:45 - 2020-08-24 11:45 - 002040904 _____ (Malwarebytes) C:\Users\Administrator\Downloads\MBSetup.exe
2020-08-24 11:45 - 2020-08-24 11:45 - 000388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis.exe
2020-08-17 16:18 - 2020-08-27 15:30 - 000000000 ___HD C:\Windows\msdownld.tmp
2020-08-17 16:13 - 2020-08-25 17:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2020-08-17 16:12 - 2020-08-25 17:15 - 000000000 ____D C:\Program Files (x86)\Google

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-28 13:02 - 2019-07-25 07:15 - 020447232 _____ C:\Windows\system32\C_32770.NLS
2020-08-28 12:42 - 2019-08-13 17:27 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2020-08-28 12:17 - 2009-07-14 13:13 - 000910410 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-28 12:17 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2020-08-28 12:11 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-28 12:06 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-08-28 12:06 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-08-27 04:20 - 2019-08-13 18:36 - 000000000 ____D C:\Windows\system32\MRT
2020-08-27 04:15 - 2019-08-13 18:35 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-08-26 20:07 - 2019-08-20 10:00 - 001509224 _____ C:\Journal.txt
2020-08-08 18:24 - 2019-08-21 11:53 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2020-08-05 10:17 - 2019-08-21 11:33 - 000001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2020-08-05 10:17 - 2019-08-21 11:33 - 000001090 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-08-25 00:56
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-08-2020
Ran by Administrator (28-08-2020 13:06:31)
Running from C:\Users\Administrator\Downloads
Windows 7 Professional Service Pack 1 (X64) (2019-07-24 22:55:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-2582853694-2877760415-371799054-1000 - Administrator - Disabled) => C:\Users\admin
Administrator (S-1-5-21-2582853694-2877760415-371799054-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2582853694-2877760415-371799054-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.0.7 - philandro Software GmbH)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.6.3135 - AVG Technologies)
Bus Hound (HKLM-x32\...\{7A19AACA-48DD-43E1-92BE-B12D78466C89}) (Version: 6.1.0 - Perisoft)
DigitalPersona TouchChip Device Add-On for U.are.U SDK (HKLM\...\{20CB814D-73D5-422B-9E61-BE3F68E280DD}) (Version: 1.0.1.767 - DigitalPersona, Inc.)
DigitalPersona U.are.U RTE (HKLM\...\{3FE5B696-9DA2-41AA-8414-58E3936169A6}) (Version: 2.3.1.767 - DigitalPersona, Inc.)
D-Link DWA-125 (HKLM-x32\...\{E45CACFE-0576-4375-A84F-C34B99A7B652}) (Version:  - D-Link Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Malwarebytes version 4.2.0.82 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.0.82 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft POS for .NET 1.14.1 (HKLM-x32\...\{9352A741-7648-46DA-806F-44ED64890BA4}) (Version: 1.14.1708.8001 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{B9274744-8BAE-4874-8E59-2610919CD419}) (Version: 11.4.7001.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{5B2CB8F5-3151-4B85-8EC7-E7BF1CFC8646}) (Version: 11.4.7001.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{18F346D2-4CE0-45C4-BCD9-BA054FE7CB91}) (Version: 11.4.7001.0 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.4.7001.0 - Microsoft Corporation)
Mozilla Firefox 80.0 (x64 en-US) (HKLM\...\Mozilla Firefox 80.0 (x64 en-US)) (Version: 80.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0 - Mozilla)
Oracle Payment Interface (HKLM-x32\...\{FDFB3AFE-1D8F-4145-BE5F-9466F5984455}) (Version: 19.1.0.0 - Oracle) Hidden
Oracle Payment Interface (HKLM-x32\...\InstallShield_{FDFB3AFE-1D8F-4145-BE5F-9466F5984455}) (Version: 19.1.0.0 - Oracle)
Printer Driver Setup v2.0 (HKLM-x32\...\{DEFC2352-70A5-433C-841D-5EC6527E2EA9}) (Version: 2.0 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Service Pack 4 for SQL Server 2012 (KB4018073) (HKLM-x32\...\KB4018073) (Version: 11.4.7001.0 - Microsoft Corporation)
SQL Server 2012 Common Files (HKLM-x32\...\{124D51A1-F3C2-45AE-B812-D3CA71247093}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM-x32\...\{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{87D50333-E534-493A-8E98-0A49BC28F64B}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{C22613C2-C7A4-4761-A906-116ECD4E7477}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{54F84805-0116-467F-8713-899DFC472235}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{D0F44C37-A22B-4733-BBA7-86C9F4988725}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.4.7001.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.258861 - TeamViewer)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
WIN32 CAL Client (HKLM-x32\...\{0B64324E-75FA-4A9C-8997-9C21F8777110}) (Version: 3.1.4.146 - ORACLE | Micros) Hidden
WIN32 CAL Client (HKLM-x32\...\InstallShield_{0B64324E-75FA-4A9C-8997-9C21F8777110}) (Version: 3.1.4.146 - ORACLE | Micros)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2582853694-2877760415-371799054-500_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-03-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-03-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-24] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Administrator\Desktop\LaunchConfiguration - Shortcut.lnk -> C:\OraclePaymentInterface\v19.1\Config\LaunchConfiguration.bat ()

==================== Loaded Modules (Whitelisted) =============

2019-08-27 10:32 - 2019-08-27 10:32 - 000315392 _____ () [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
2019-08-27 10:32 - 2012-12-05 10:40 - 000303104 _____ () [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll
2019-07-25 07:19 - 2014-03-06 10:08 - 000074240 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2020-08-28 12:11 - 2020-08-28 12:11 - 000198144 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jna-1840106495\jna4762472834468935659.dll
2020-08-28 12:11 - 2020-08-28 12:11 - 000198144 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jna-1840106495\jna8924763950478109193.dll
2019-08-27 10:32 - 2010-07-12 14:39 - 000413696 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\MSVCP60.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2020-01-09 14:16 - 2020-01-09 14:16 - 000796672 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\MSVCR80.dll
2019-08-14 09:37 - 2019-08-14 09:37 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\ucrtbase.DLL
2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\VCRUNTIME140.dll
2019-08-27 10:32 - 2012-09-04 15:31 - 000278528 _____ (Wireless Service) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\wnicapi.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2020-08-17 18:05 - 000000152 _____ C:\Windows\system32\drivers\etc\hosts
192.168.1.15	simapp.q3aurelia.com
175.143.55.113	simapp.q3aurelia.com
192.168.1.18	simrpt.q3aurelia.com
175.143.55.113	simrpt.q3aurelia.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\
HKU\S-1-5-21-2582853694-2877760415-371799054-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.6 - 192.168.1.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B231DE16-40B6-4ABD-B7E2-A79168D1CD06}] => (Allow) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{7FE72AE8-5290-4DC8-B243-D71F70533A13}] => (Allow) C:\Micros\Simphony\WebServer\ServiceHost.exe (Oracle America, Inc. -> Oracle)
FirewallRules: [{77257AAC-8EA2-41F0-B4ED-4965A0778AC0}] => (Allow) C:\Micros\Simphony\WebServer\ServiceHost.exe (Oracle America, Inc. -> Oracle)
FirewallRules: [{1F60E561-F666-4D24-9C4B-DADD02FF3979}] => (Allow) LPort=1434
FirewallRules: [{536DE056-6B5D-459D-A4E2-38EF087B4D66}] => (Allow) LPort=1433
FirewallRules: [{962F0249-DDF1-4453-817A-9C764D673680}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer GmbH)
FirewallRules: [{0D11B8B2-84B8-4F04-ABA3-F15773ED857A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer GmbH)
FirewallRules: [{646583CE-020D-4F64-B165-63ADF393A69B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer GmbH)
FirewallRules: [{69800F2C-A6BA-44E8-BD2F-7F708E40684C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer GmbH)
FirewallRules: [{E8628A48-8619-4500-9F37-865EA71241F9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8DE820D2-D58D-4469-AC66-E4FFA0EE34D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FF17202E-A741-4604-9E0C-152A038AC7F6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{18F0D26D-E47E-4861-B958-A899CDFA2FAE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{E854E47D-CE02-4E04-8C47-F46977FD0501}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{D573F365-3F52-41DD-A390-7FD64627D9E6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{A1B8F7AF-4DCA-4490-837B-BBBD029B7D86}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{3C68BA1C-C004-4423-B7CA-7524A837F49B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================

25-08-2020 15:24:53 Device Driver Package Install: AVG Technologies Network Service
25-08-2020 18:06:55 Windows Modules Installer
25-08-2020 18:11:45 Windows Modules Installer
25-08-2020 18:24:23 Windows Modules Installer
25-08-2020 18:29:09 Windows Modules Installer
27-08-2020 04:14:18 Windows Update

==================== Faulty Device Manager Devices ============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/28/2020 01:03:39 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a7737bde-ae65-11e9-be8d-806e6f6e6963} - 0000000000000124,0x0053c008,000000000035E090,0,0000000000109FB0,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (08/28/2020 11:42:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0x19ac
Faulting application start time: 0x01d67ced314a8adf
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 71f41cec-e8e0-11ea-85dd-68eda42b384e

Error: (08/28/2020 11:33:31 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a7737bde-ae65-11e9-be8d-806e6f6e6963} - 0000000000000140,0x0053c008,00000000004EC090,0,00000000004ED0A0,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (08/28/2020 11:22:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Administrator\Downloads\FRST64.exe ; Description = Restore Point Created by FRST; Error = 0x81000101).

Error: (08/28/2020 11:12:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {433ddd3d-e5ed-4eac-bf11-945807d6376a}

Error: (08/27/2020 03:36:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0x37c
Faulting application start time: 0x01d67c44c8d787bb
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 08433df0-e838-11ea-b1bb-68eda42b384e

Error: (08/27/2020 03:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0x142c
Faulting application start time: 0x01d67c44bfa4338e
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: ff8a4bae-e837-11ea-b1bb-68eda42b384e

Error: (08/27/2020 03:36:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000027a6d
Faulting process id: 0x434
Faulting application start time: 0x01d67c44be96420a
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: fe835f24-e837-11ea-b1bb-68eda42b384e


System errors:
=============
Error: (08/28/2020 01:03:39 PM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (08/28/2020 12:11:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (08/28/2020 12:09:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

Error: (08/28/2020 12:09:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/28/2020 12:09:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (08/28/2020 12:09:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (08/28/2020 12:09:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/28/2020 12:09:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 5.6.5 05/07/2019
Motherboard: AMI Corporation Aptio CRB
Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Percentage of memory in use: 92%
Total physical RAM: 1938.64 MB
Available physical RAM: 151.26 MB
Total Virtual: 4827.79 MB
Available Virtual: 389.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.62 GB) (Free:8.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 59.6 GB) (Disk ID: 33217C0D)
Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,376 posts

Posted 28 August 2020 - 05:43 AM

Hi,

 

Your logs are clean.

 

What is the issues with this computer?

 

What can you tell me about the System Restore being disabled.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 chrisling

chrisling

    Advanced Member

  • Helper Trainee+
  • PipPipPip
  • 118 posts

Posted 28 August 2020 - 06:02 AM

Hi,

 

Your logs are clean.

 

What is the issues with this computer?

 

What can you tell me about the System Restore being disabled.

 

Hi Nasdaq,

 

The browser is still showing the Chinese web page as I had attached in my first post. I had tried reset my Firefox browser and reinstalled it, the main page is just there.

 

System Restore to be turned off is one of the requirements to setup a program in this machine (from Oracle).


Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,376 posts

Posted 29 August 2020 - 06:02 AM

Hi,
 
It should be enable.
 
ATTENTION: System Restore is disabled
Turn your System Restore ON  Windows 7 - Immediately.
<<<>>>
 
 

The browser is still showing the Chinese web page as I had attached in my first post. I had tried reset my Firefox browser and reinstalled it, the main page is just there.
 
The previous settings are used when you just reinstall the browser.
 
Remove and re-install Firefox it may be compromised.
 
Navigate to this page.
 
 
Go directly to this section:
4. Reinstall Firefox
 
p.s.
This process will not remove your Firefox profile data (such as bookmarks and passwords), since that information is stored in a different location.
Follow the suggested directives.
<<<>>>
 
Let me know if the problem is solved.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 chrisling

chrisling

    Advanced Member

  • Helper Trainee+
  • PipPipPip
  • 118 posts

Posted 30 August 2020 - 04:04 AM

Hi Nasdaq,

 

I have turned on System Restore.

 

The issue persists at my Mozilla Firefox. I have attempted, uninstallation > search all leftover files with Firefox and deleted > reinstall Firefox and performed Refresh Firefox. When I open the browser, it is still the Chinese webpage!  :angry:


Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,376 posts

Posted 30 August 2020 - 05:22 AM

Hi,
 

Check the value of the general.useragent.locale pref on the about:config page and set that value to language code of the version or language pack that you have downloaded ("en-US") if there is still a wrong locale set
 
Open Firefox click the 3 horizontal bars on the top right corner.
 
Select options
 
Under this section select the language you want.
Language
Choose the languages used to display menus, messages, and notifications from Firefox.
 
Close Firefox.
 
Restart the application.
 
Is the problem solved?

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 chrisling

chrisling

    Advanced Member

  • Helper Trainee+
  • PipPipPip
  • 118 posts

Posted 30 August 2020 - 05:54 AM

Hi Nasdaq,

 

You have got me wrong. The browser main page always directed to www.385wz.com. I had attached the picture in my first post. In Firefox setting, I am very sure the main page did not set at that web page. No matter I refresh Firefox, reinstallation, the main web page is always directed to that webpage.

 

Same goes to Internet Explorer and Chrome. I had uninstalled Chrome at the moment.


Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,376 posts

Posted 30 August 2020 - 11:45 AM

HI,
 
--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
  • =======
     
    Lets check your Master Boot Record.
     
    Read carefully and follow these steps.
    TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  •  
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  •  
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #11 chrisling

    chrisling

      Advanced Member

    • Helper Trainee+
    • PipPipPip
    • 118 posts

    Posted 30 August 2020 - 10:26 PM

    Hi nasdaq,

     

    Here's the RogueKiller log:

    RogueKiller Anti-Malware V14.7.0.0 (x64) [Aug 24 2020] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
    Started in : Normal mode
    User : Administrator [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20200828_093149, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2020/08/31 02:09:56 (Duration : 00:35:53)
    Switches : -minimize
    
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    >>>>>> XX - Software
      [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Tencent -- N/A -> Found
    >>>>>> XX - System Policies
      [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found
    
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
    

    Here's the TDSSKiller log:

    12:12:34.0148 5588  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    12:12:36.0153 5588  ============================================================
    12:12:36.0153 5588  Current date / time: 2020/08/31 12:12:36.0153
    12:12:36.0153 5588  SystemInfo:
    12:12:36.0153 5588  
    12:12:36.0153 5588  OS Version: 6.1.7601 ServicePack: 1.0
    12:12:36.0153 5588  Product type: Workstation
    12:12:36.0154 5588  ComputerName: CAPS-Q3DEMO-A
    12:12:36.0154 5588  UserName: Administrator
    12:12:36.0154 5588  Windows directory: C:\Windows
    12:12:36.0154 5588  System windows directory: C:\Windows
    12:12:36.0154 5588  Running under WOW64
    12:12:36.0154 5588  Processor architecture: Intel x64
    12:12:36.0154 5588  Number of processors: 4
    12:12:36.0154 5588  Page size: 0x1000
    12:12:36.0154 5588  Boot type: Normal boot
    12:12:36.0154 5588  ============================================================
    12:12:36.0635 5588  Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:12:36.0645 5588  ============================================================
    12:12:36.0645 5588  \Device\Harddisk0\DR0:
    12:12:36.0645 5588  MBR partitions:
    12:12:36.0645 5588  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7740000
    12:12:36.0645 5588  ============================================================
    12:12:36.0647 5588  C: <-> \Device\Harddisk0\DR0\Partition1
    12:12:36.0647 5588  ============================================================
    12:12:36.0647 5588  Initialize success
    12:12:36.0647 5588  ============================================================
    12:12:43.0887 1452  ============================================================
    12:12:43.0887 1452  Scan started
    12:12:43.0887 1452  Mode: Manual; 
    12:12:43.0887 1452  ============================================================
    12:12:44.0114 1452  ================ Scan system memory ========================
    12:12:44.0115 1452  System memory - ok
    12:12:44.0116 1452  ================ Scan services =============================
    12:12:44.0116 1452  ================ Scan global ===============================
    12:12:44.0361 1452  [ 4B3A70E412A7A18A4DBA277251E85BCF ] C:\Windows\system32\services.exe
    12:12:44.0424 1452  [Global] - ok
    12:12:44.0425 1452  ================ Scan MBR ==================================
    12:12:44.0429 1452  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    12:12:44.0588 1452  \Device\Harddisk0\DR0 - ok
    12:12:44.0589 1452  ================ Scan VBR ==================================
    12:12:44.0606 1452  [ 014A80D63B29B3B9B26884FEDE9D5A7F ] \Device\Harddisk0\DR0\Partition1
    12:12:44.0608 1452  \Device\Harddisk0\DR0\Partition1 - ok
    12:12:44.0609 1452  ============================================================
    12:12:44.0609 1452  Scan finished
    12:12:44.0609 1452  ============================================================
    12:12:44.0636 7676  Detected object count: 0
    12:12:44.0636 7676  Actual detected object count: 0
    12:14:39.0102 1764  Deinitialize success
    
    

    The machine has been restarted and the browser is still being compromised to the Chinese web site.


    Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


    #12 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 31 August 2020 - 05:45 AM

    Hi,
     
    Let's reset these settings.
     
    Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
    Type Notepad and and click the OK key.
    Please copy the entire contents of the code box below to the a new file.
     
    start
     
    CreateRestorePoint:
    CloseProcesses:
     
    cmd: ipconfig /flushdns
    cmd: IPCONFIG /release
    cmd: IPCONFIG /renew
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: netsh winsock reset catalog
    CMD: netsh int ip reset c:\resetlog.txt
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
     
    Hosts:
     
    StartRegedit:
    Windows Registry Editor Version 5.00
     
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
    EndRegedit: 
     
    EmptyTemp:
     
    End
    
     
    Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
    The location is listed in the 3rd line of the Farbar log you have submitted.
     
    Run FRST and click Fix only once and wait.
     
    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #13 chrisling

    chrisling

      Advanced Member

    • Helper Trainee+
    • PipPipPip
    • 118 posts

    Posted 31 August 2020 - 08:52 PM

    Hi nasdaq,

     

    Sadly, the browser is still direct me to the Chinese website whenever browser opened. I have attached the picture in this post for your reference.

     

    Log requested as below:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2020
    Ran by Administrator (01-09-2020 10:26:22) Run:5
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator
    Boot Mode: Normal
    ==============================================
    
    fixlist content:
    *****************
    start
     
    CreateRestorePoint:
    CloseProcesses:
     
    cmd: ipconfig /flushdns
    cmd: IPCONFIG /release
    cmd: IPCONFIG /renew
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: netsh winsock reset catalog
    CMD: netsh int ip reset c:\resetlog.txt
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
     
    Hosts:
     
    StartRegedit:
    Windows Registry Editor Version 5.00
     
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
    EndRegedit: 
     
    EmptyTemp:
     
    End
    *****************
    
    Restore point was successfully created.
    Processes closed successfully.
    
    ========= ipconfig /flushdns =========
    
    
    Windows IP Configuration
    
    Successfully flushed the DNS Resolver Cache.
    
    ========= End of CMD: =========
    
    
    ========= IPCONFIG /release =========
    
    
    Windows IP Configuration
    
    
    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . : 
       Link-local IPv6 Address . . . . . : fe80::109c:8989:1042:ef10%10
       Default Gateway . . . . . . . . . : 
    
    Tunnel adapter isatap.BIZQCS.COM.MY:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
    
    ========= End of CMD: =========
    
    
    ========= IPCONFIG /renew =========
    
    
    Windows IP Configuration
    
    
    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . : BIZQCS.COM.MY
       Link-local IPv6 Address . . . . . : fe80::109c:8989:1042:ef10%10
       IPv4 Address. . . . . . . . . . . : 192.168.1.166
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
    
    ========= End of CMD: =========
    
    
    ========= netsh advfirewall reset =========
    
    Ok.
    
    
    ========= End of CMD: =========
    
    
    ========= netsh advfirewall set allprofiles state ON =========
    
    Ok.
    
    
    ========= End of CMD: =========
    
    
    ========= netsh winsock reset catalog =========
    
    
    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.
    
    
    ========= End of CMD: =========
    
    
    ========= netsh int ip reset c:\resetlog.txt =========
    
    Reseting Global, OK!
    Reseting Interface, OK!
    Restart the computer to complete this action.
    
    
    ========= End of CMD: =========
    
    
    ========= netsh int ipv4 reset =========
    
    There's no user specified settings to be reset.
    
    
    ========= End of CMD: =========
    
    
    ========= netsh int ipv6 reset =========
    
    There's no user specified settings to be reset.
    
    
    ========= End of CMD: =========
    
    
    ========= bitsadmin /reset /allusers =========
    
    
    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.
    
    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
    
    0 out of 0 jobs canceled.
    
    ========= End of CMD: =========
    
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    Registry ====> The operation completed successfully.
    
    
    =========== EmptyTemp: ==========
    
    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1845113 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 136768 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 31183321 B
    Opera => 0 B
    
    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 0 B
    NetworkService => 396288 B
    admin => 396288 B
    Administrator => 22679097 B
    
    RecycleBin => 109 B
    EmptyTemp: => 62 MB temporary data Removed.
    
    ================================
    
    
    The system needed a reboot.
    
    ==== End of Fixlog 10:27:51 ====
    

    hijacked.jpg


    Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


    #14 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 01 September 2020 - 04:59 AM

    Hi,
     
    If you are Syncing Firefox with other Devices reset it.
     
    Navigate to this page and Remove it as suggested.
     
     
    When done restart the computer normally.
     
    If all is well.
     
    Return to your Firefox Account and Click the Connect button.
     
    Reset the sync.
     
    Restart the computer normally.
    <<<>>>
     
    How is it now?

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #15 chrisling

    chrisling

      Advanced Member

    • Helper Trainee+
    • PipPipPip
    • 118 posts

    Posted 01 September 2020 - 06:47 AM

    Hi nasdaq,

     

    Nope, it's not connected or sync to any account.

     

    I'm not sure how far the infection will go, hope it won't affect the performance if the machine. 

     

    2020-09-01-20-44-44.jpg


    Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


    #16 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 01 September 2020 - 12:15 PM

    HI,

     

    Found this in your FRST.TXT log.

     

    Can you identify with this so.com?

    Do you use that that domain?

     

    SearchScopes: HKU\S-1-5-21-2582853694-2877760415-371799054-500 -> {f283e7fa-8226-404a-b8f5-f55694b1edce} URL = hxxps://www.so.com/s?src=lm&ls=sm2330541&lm_extend=ctype:31&q={searchTerms}


    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #17 chrisling

    chrisling

      Advanced Member

    • Helper Trainee+
    • PipPipPip
    • 118 posts

    Posted 01 September 2020 - 08:57 PM

    Hi nasdaq,

     

    No I don't use that. That is not my domain.


    Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


    #18 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 02 September 2020 - 05:26 AM

    Hi
     
    Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
    Type Notepad and and click the OK key.
    Please copy the entire contents of the code box below to the a new file.
     
     
    start::
     
    CreateRestorePoint:
    CloseProcesses:
     
    SearchScopes: HKU\S-1-5-21-2582853694-2877760415-371799054-500 -> {f283e7fa-8226-404a-b8f5-f55694b1edce} URL = hxxps://www.so.com/s?src=lm&ls=sm2330541&lm_extend=ctype:31&q={searchTerms}
     
    cmd: ipconfig /flushdns
    cmd: IPCONFIG /release
    cmd: IPCONFIG /renew
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: netsh winsock reset catalog
    CMD: netsh int ip reset c:\resetlog.txt
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
     
    Reboot:
     
    End::
     
    Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
    The location is listed in the 3rd line of the Farbar log you have submitted.
     
    Run FRST and click Fix only once and wait.
     
    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===
     
    How is it now?

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #19 chrisling

    chrisling

      Advanced Member

    • Helper Trainee+
    • PipPipPip
    • 118 posts

    Posted 03 September 2020 - 02:04 AM

    Hi nasdaq,

     

    The browser is still acting the same.

     

    Here's the new log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2020
    Ran by Administrator (administrator) on CAPS-Q3DEMO-A (03-09-2020 15:43:57)
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    
    ==================== Processes (Whitelisted) =================
    
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    
    () [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <2>
    (CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\ConfigService\OPIConfigService.exe
    (CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\OPI\bin\OPIService.exe
    (CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\OPI\bin\UtilityService.exe
    (DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe
    (D-LINK CORPORATION -> D-Link Corp.) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    (Oracle America, Inc. -> MICROS Systems Inc.) C:\Program Files (x86)\MICROS\McrsCAL\McrsCal.exe
    (Oracle America, Inc. -> MICROS Systems Inc.) C:\Program Files (x86)\MICROS\McrsCAL\WIN7CALStart.exe
    (Oracle America, Inc. -> Oracle) C:\Micros\Simphony\WebServer\ServiceHost.exe <2>
    (philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <3>
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    (TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    (TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    (TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    
    ==================== Registry (Whitelisted) ===================
    
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [DpTsClnt] => Regsvr32.exe /s "C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpTsClnt.dll"
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [156808 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-06] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [MAKEN OPEN DRAWER] => D:\POS SYSTEM\????(??)\DrawTest.exe start
    HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1095984 2014-03-18] (D-LINK CORPORATION -> D-Link Corp.) [File not signed]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2019-08-21]
    ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    
    ==================== Scheduled Tasks (Whitelisted) ============
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    Task: {1DB5DA09-C167-4D0F-AD68-F51CBD502750} - System32\Tasks\Microsoft POS for .NET SQM Uploader => C:\Program Files (x86)\Microsoft Point Of Service\SqmUploader.exe [147704 2017-08-08] (Microsoft Corporation -> )
    Task: {4576D400-3CFD-4748-832C-04BAE9CBE76D} - System32\Tasks\{1B0F8D77-A354-4DDA-8E75-ABE69A60EDF1} => C:\Windows\system32\pcalua.exe -a "D:\POS SYSTEM\KPOS_Printer_DriverInstall_Graph(附安装说明)(3)(1)\KPOS_Printer_DriverInstall_Graphú¿╕╜░▓╫░╦╡├≈ú⌐\KPOS_Printer_DriverInstall_Graph_20190426\POS104Install.exe" -d "D:\POS SYSTEM\KPOS_Printer_DriverInstall_Graph(附安装说明)(3)(1)\KPOS_Printer_DriverInstall_Graphú¿╕╜░▓╫░╦╡├≈ú⌐\KPOS_Printer_Driv (the data entry has 25 more characters).
    Task: {E6EAD99D-BDCA-457E-83E7-EFC7AB6AABC8} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3858056 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    Task: {FFD2951F-2AD3-4B0D-8401-D3C98AFE7A47} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1792136 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies)
    
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    
    
    ==================== Internet (Whitelisted) ====================
    
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    
    Hosts: 192.168.1.15 simapp.q3aurelia.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8
    Tcpip\..\Interfaces\{49D3160E-9769-4443-8845-529949E72514}: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8
    Tcpip\..\Interfaces\{F26F6D75-F8F7-413A-A510-67DF5E6A3839}: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8
    
    Internet Explorer:
    ==================
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> {f283e7fa-8226-404a-b8f5-f55694b1edce} URL = hxxps://www.so.com/s?src=lm&ls=sm2330541&lm_extend=ctype:31&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2582853694-2877760415-371799054-500 -> DefaultScope {79fc4e3c-8838-4344-bcd7-be78bcbbfe3e} URL = 
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
    
    FireFox:
    ========
    FF DefaultProfile: gzwsyfsw.default
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gzwsyfsw.default [2020-09-01]
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dflktbnx.default-release-1598927750487 [2020-09-03]
    FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    
    ==================== Services (Whitelisted) ===================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    "{74712200-2132-494a-BD2F-D9CFE8900378}" => service could not be unlocked. <==== ATTENTION
    HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378} => C:\Windows\System32\drivers\zokng.sys [11470256 2019-07-25] () [File not signed] <==== ATTENTION (Rootkit!/Locked Service)
    
    R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3668944 2020-08-08] (philandro Software GmbH -> philandro Software GmbH)
    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [354272 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7823296 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 DpHost; C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe [473424 2014-12-15] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
    R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-08-25] (Malwarebytes Inc -> Malwarebytes)
    R2 MICROS CAL Client; C:\Program Files (x86)\Micros\McrsCAL\McrsCal.exe [76624 2019-09-02] (Oracle America, Inc. -> MICROS Systems Inc.)
    R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [163008 2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
    R2 OPIConfigService; C:\OraclePaymentInterface\v19.1\Services\ConfigService\OPIConfigService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
    R2 OPIService; C:\OraclePaymentInterface\v19.1\Services\OPI\bin\OPIService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
    R2 Oracle Hospitality Simphony Service Host; C:\Micros\Simphony\WebServer\ServiceHost.exe [18440 2020-01-09] (Oracle America, Inc. -> Oracle)
    S4 POSPerformanceCounters; C:\Program Files (x86)\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [37624 2017-08-08] (Microsoft Corporation -> )
    R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13599288 2020-08-24] (Adlice -> )
    S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [448704 2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
    R2 UtilityService; C:\OraclePaymentInterface\v19.1\Services\OPI\bin\UtilityService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
    S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
    
    ===================== Drivers (Whitelisted) ===================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] (Microsoft Windows Hardware Compatibility Publisher -> )
    R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37208 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [205952 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [235656 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [195720 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [61064 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42840 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [175264 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [515600 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2020-08-25] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [109336 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [84912 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [851664 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [466816 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [217392 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [323848 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 bhound7; C:\Windows\System32\DRIVERS\bhound7.sys [68064 2009-03-02] (Perisoft -> Perisoft)
    S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [48648 2011-06-22] (Cypress -> Cypress Semiconductor)
    S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [71904 2017-07-05] (Cypress Semiconductor Technology India Pvt Ltd. -> Cypress Semiconductor)
    S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65408 2013-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
    S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2013-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
    S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [94208 2013-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217088 2020-09-03] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-28] (Malwarebytes Inc -> Malwarebytes)
    S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [2225808 2014-12-08] (MEDIATEK INC. -> MediaTek Inc.)
    S3 rusb3hub; C:\Windows\system32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
    S3 rusb3xhc; C:\Windows\system32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
    R3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [89600 2007-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2020-09-03] (Adlice -> )
    S3 VUSB3HUB; C:\Windows\system32\DRIVERS\ViaHub3.sys [221696 2016-02-03] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
    S3 xhcdrv; C:\Windows\system32\DRIVERS\xhcdrv.sys [294912 2016-02-03] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
    
    ==================== NetSvcs (Whitelisted) ===================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    ==================== One month (created) ===================
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    2020-09-03 15:33 - 2020-09-03 15:33 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys
    2020-09-03 15:32 - 2020-09-03 15:32 - 020447232 ____N C:\Windows\system32\config\SYSTEM
    2020-09-03 15:22 - 2020-09-03 15:22 - 000217088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2020-09-01 22:41 - 2020-09-03 15:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2020-09-01 10:35 - 2020-09-01 10:35 - 000000000 ____D C:\Users\Administrator\Desktop\Old Firefox Data
    2020-08-31 12:12 - 2020-08-31 12:14 - 000006274 _____ C:\TDSSKiller.2.8.16.0_31.08.2020_12.12.34_log.txt
    2020-08-31 12:12 - 2020-08-31 12:12 - 000208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\15817820.sys
    2020-08-31 12:10 - 2020-08-31 12:10 - 000002940 _____ C:\Users\Administrator\Documents\ReportRogue.txt
    2020-08-31 02:08 - 2020-08-31 02:13 - 000000000 ____D C:\ProgramData\RogueKiller
    2020-08-31 02:08 - 2020-08-31 02:09 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
    2020-08-31 02:08 - 2020-08-31 02:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2020-08-31 02:08 - 2020-08-31 02:08 - 000000000 ____D C:\Program Files\RogueKiller
    2020-08-31 02:06 - 2020-08-31 02:06 - 040337176 _____ (Adlice Software ) C:\Users\Administrator\Downloads\RogueKiller_setup_ref3.exe
    2020-08-30 17:56 - 2020-09-03 15:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2020-08-30 17:56 - 2020-08-30 17:56 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2020-08-30 17:56 - 2020-08-30 17:56 - 000000924 _____ C:\Users\Public\Desktop\Firefox.lnk
    2020-08-30 17:56 - 2020-08-30 17:56 - 000000924 _____ C:\ProgramData\Desktop\Firefox.lnk
    2020-08-29 01:41 - 2020-08-29 01:42 - 000000000 ____D C:\Users\Administrator\.dotnet
    2020-08-29 01:40 - 2020-08-29 01:41 - 000000000 ____D C:\Program Files\dotnet
    2020-08-29 01:40 - 2020-08-29 01:41 - 000000000 ____D C:\Development
    2020-08-28 19:57 - 2020-08-28 19:57 - 000001463 _____ C:\Users\Administrator\Desktop\Internet Explorer (No Add-ons).lnk
    2020-08-28 18:44 - 2020-08-28 18:44 - 000000000 ____D C:\Users\Administrator\Documents\OPC TEST
    2020-08-27 15:47 - 2020-09-01 10:26 - 000000000 ____D C:\Users\Administrator\Downloads\FRST-OlderVersion
    2020-08-27 15:47 - 2020-08-27 15:47 - 000000000 ___HD C:\$AV_AVG
    2020-08-25 18:00 - 2020-09-03 15:42 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
    2020-08-25 17:42 - 2020-08-25 17:42 - 000046177 _____ C:\Users\Administrator\Downloads\Shortcut.txt
    2020-08-25 17:17 - 2020-08-25 17:17 - 008414384 _____ (Malwarebytes) C:\Users\Administrator\Downloads\adwcleaner_8.0.7.exe
    2020-08-25 17:14 - 2020-08-25 17:19 - 000000000 ____D C:\AdwCleaner
    2020-08-25 17:08 - 2020-09-03 15:27 - 000003039 _____ C:\Users\Administrator\Downloads\Fixlog.txt
    2020-08-25 15:56 - 2020-08-28 13:09 - 000030322 _____ C:\Users\Administrator\Downloads\Addition.txt
    2020-08-25 15:49 - 2020-09-03 15:45 - 000016902 _____ C:\Users\Administrator\Downloads\FRST.txt
    2020-08-25 15:49 - 2020-09-03 15:44 - 000000000 ____D C:\FRST
    2020-08-25 15:49 - 2020-09-01 10:25 - 002298880 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
    2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
    2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Avg
    2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2020-08-25 15:25 - 2020-08-25 15:25 - 000000000 ____D C:\Windows\system32\Tasks\AVG
    2020-08-25 15:24 - 2020-09-03 15:42 - 000003904 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
    2020-08-25 15:24 - 2020-08-25 15:24 - 000851664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000515600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000466816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000336520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2020-08-25 15:24 - 2020-08-25 15:24 - 000323848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000235656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000217392 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000205952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000195720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000175264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000109336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000084912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000061064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000042840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000037208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000029944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetNd6.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____D C:\Program Files\Common Files\AVG
    2020-08-25 15:23 - 2020-09-03 15:43 - 000000000 ____D C:\ProgramData\AVG
    2020-08-25 15:23 - 2020-08-25 15:23 - 000271696 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Administrator\Downloads\avg_antivirus_free_setup.exe
    2020-08-25 15:23 - 2020-08-25 15:23 - 000000000 ____D C:\Program Files\AVG
    2020-08-25 15:21 - 2020-08-28 12:12 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2020-08-24 16:03 - 2020-08-28 12:09 - 000896886 _____ C:\Windows\ntbtlog.txt
    2020-08-24 15:42 - 2020-08-24 16:16 - 000000000 ____D C:\Windows\pss
    2020-08-24 15:40 - 2020-09-03 15:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2020-08-24 14:57 - 2020-08-24 14:58 - 006455520 _____ (EnigmaSoft Limited) C:\Users\Administrator\Downloads\SpyHunter-Installer.exe
    2020-08-24 14:51 - 2020-08-24 14:51 - 000000000 ____D C:\Users\Administrator\Downloads\chc
    2020-08-24 14:50 - 2020-08-24 14:50 - 009047080 _____ C:\Users\Administrator\Downloads\chc.zip
    2020-08-24 11:48 - 2020-08-25 15:22 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2020-08-24 11:48 - 2020-08-25 15:22 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2020-08-24 11:48 - 2020-08-25 15:22 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
    2020-08-24 11:48 - 2020-08-24 11:48 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
    2020-08-24 11:47 - 2020-08-25 15:21 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2020-08-24 11:47 - 2020-08-24 11:47 - 000000000 ____D C:\ProgramData\Malwarebytes
    2020-08-24 11:47 - 2020-08-24 11:47 - 000000000 ____D C:\Program Files\Malwarebytes
    2020-08-24 11:45 - 2020-08-24 11:45 - 002040904 _____ (Malwarebytes) C:\Users\Administrator\Downloads\MBSetup.exe
    2020-08-24 11:45 - 2020-08-24 11:45 - 000388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis.exe
    2020-08-17 16:18 - 2020-08-27 15:30 - 000000000 ___HD C:\Windows\msdownld.tmp
    2020-08-17 16:13 - 2020-08-25 17:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
    2020-08-17 16:12 - 2020-08-25 17:15 - 000000000 ____D C:\Program Files (x86)\Google
    
    ==================== One month (modified) ==================
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    2020-09-03 15:44 - 2019-07-25 07:15 - 020447232 _____ C:\Windows\system32\C_32770.NLS
    2020-09-03 15:42 - 2019-08-13 17:27 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
    2020-09-03 15:37 - 2009-07-14 13:13 - 000910410 _____ C:\Windows\system32\PerfStringBackup.INI
    2020-09-03 15:37 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
    2020-09-03 15:33 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2020-09-03 15:31 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2020-09-03 15:31 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2020-09-02 15:54 - 2019-08-20 10:00 - 001523801 _____ C:\Journal.txt
    2020-08-30 17:56 - 2019-08-13 17:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
    2020-08-30 17:56 - 2019-08-13 17:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
    2020-08-30 17:54 - 2019-08-14 08:15 - 000000000 ____D C:\Users\admin\AppData\Roaming\Mozilla
    2020-08-30 17:54 - 2019-08-14 08:15 - 000000000 ____D C:\Users\admin\AppData\Local\Mozilla
    2020-08-29 01:41 - 2019-08-13 17:24 - 000000000 ____D C:\Users\Administrator
    2020-08-29 01:40 - 2019-07-25 09:11 - 000000000 ____D C:\ProgramData\Package Cache
    2020-08-28 13:41 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\rescache
    2020-08-27 04:20 - 2019-08-13 18:36 - 000000000 ____D C:\Windows\system32\MRT
    2020-08-27 04:15 - 2019-08-13 18:35 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2020-08-08 18:24 - 2019-08-21 11:53 - 000000000 ____D C:\Program Files (x86)\AnyDesk
    2020-08-05 10:17 - 2019-08-21 11:33 - 000001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
    2020-08-05 10:17 - 2019-08-21 11:33 - 000001090 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
    2020-08-05 10:17 - 2019-08-21 11:33 - 000001090 _____ C:\ProgramData\Desktop\TeamViewer 8.lnk
    
    ==================== SigCheck ============================
    
    (There is no automatic fix for files that do not pass verification.)
    
    
    LastRegBack: 2020-08-25 00:56
    ==================== End of FRST.txt ========================
    
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-08-2020
    Ran by Administrator (03-09-2020 15:47:48)
    Running from C:\Users\Administrator\Downloads
    Windows 7 Professional Service Pack 1 (X64) (2019-07-24 22:55:26)
    Boot Mode: Normal
    ==========================================================
    
    
    ==================== Accounts: =============================
    
    admin (S-1-5-21-2582853694-2877760415-371799054-1000 - Administrator - Disabled) => C:\Users\admin
    Administrator (S-1-5-21-2582853694-2877760415-371799054-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-2582853694-2877760415-371799054-501 - Limited - Disabled)
    
    ==================== Security Center ========================
    
    (If an entry is included in the fixlist, it will be removed.)
    
    AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    
    ==================== Installed Programs ======================
    
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    
    AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.0.7 - philandro Software GmbH)
    AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.6.3135 - AVG Technologies)
    Bus Hound (HKLM-x32\...\{7A19AACA-48DD-43E1-92BE-B12D78466C89}) (Version: 6.1.0 - Perisoft)
    DigitalPersona TouchChip Device Add-On for U.are.U SDK (HKLM\...\{20CB814D-73D5-422B-9E61-BE3F68E280DD}) (Version: 1.0.1.767 - DigitalPersona, Inc.)
    DigitalPersona U.are.U RTE (HKLM\...\{3FE5B696-9DA2-41AA-8414-58E3936169A6}) (Version: 2.3.1.767 - DigitalPersona, Inc.)
    D-Link DWA-125 (HKLM-x32\...\{E45CACFE-0576-4375-A84F-C34B99A7B652}) (Version:  - D-Link Corporation)
    Intel(R) Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel(R) Corporation) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
    Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
    Malwarebytes version 4.2.0.82 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.0.82 - Malwarebytes)
    Microsoft .NET Core SDK 3.1.300 (x64) (HKLM-x32\...\{c8867574-9c22-4807-9803-17387f3f6a85}) (Version: 3.1.300.15161 - Microsoft Corporation)
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft POS for .NET 1.14.1 (HKLM-x32\...\{9352A741-7648-46DA-806F-44ED64890BA4}) (Version: 1.14.1708.8001 - Microsoft Corporation)
    Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client  (HKLM\...\{B9274744-8BAE-4874-8E59-2610919CD419}) (Version: 11.4.7001.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{5B2CB8F5-3151-4B85-8EC7-E7BF1CFC8646}) (Version: 11.4.7001.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{18F346D2-4CE0-45C4-BCD9-BA054FE7CB91}) (Version: 11.4.7001.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
    Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.4.7001.0 - Microsoft Corporation)
    Mozilla Firefox 80.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 80.0.1 (x64 en-US)) (Version: 80.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0 - Mozilla)
    Oracle Payment Interface (HKLM-x32\...\{FDFB3AFE-1D8F-4145-BE5F-9466F5984455}) (Version: 19.1.0.0 - Oracle) Hidden
    Oracle Payment Interface (HKLM-x32\...\InstallShield_{FDFB3AFE-1D8F-4145-BE5F-9466F5984455}) (Version: 19.1.0.0 - Oracle)
    Printer Driver Setup v2.0 (HKLM-x32\...\{DEFC2352-70A5-433C-841D-5EC6527E2EA9}) (Version: 2.0 - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    RogueKiller version 14.7.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.7.0.0 - Adlice Software)
    Service Pack 4 for SQL Server 2012 (KB4018073) (HKLM-x32\...\KB4018073) (Version: 11.4.7001.0 - Microsoft Corporation)
    SQL Server 2012 Common Files (HKLM-x32\...\{124D51A1-F3C2-45AE-B812-D3CA71247093}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2012 Common Files (HKLM-x32\...\{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2012 Database Engine Services (HKLM-x32\...\{87D50333-E534-493A-8E98-0A49BC28F64B}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2012 Database Engine Services (HKLM-x32\...\{C22613C2-C7A4-4761-A906-116ECD4E7477}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2012 Database Engine Shared (HKLM-x32\...\{54F84805-0116-467F-8713-899DFC472235}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2012 Database Engine Shared (HKLM-x32\...\{D0F44C37-A22B-4733-BBA7-86C9F4988725}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.4.7001.0 - Microsoft Corporation)
    Sql Server Customer Experience Improvement Program (HKLM-x32\...\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.258861 - TeamViewer)
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    WIN32 CAL Client (HKLM-x32\...\{0B64324E-75FA-4A9C-8997-9C21F8777110}) (Version: 3.1.4.146 - ORACLE | Micros) Hidden
    WIN32 CAL Client (HKLM-x32\...\InstallShield_{0B64324E-75FA-4A9C-8997-9C21F8777110}) (Version: 3.1.4.146 - ORACLE | Micros)
    
    ==================== Custom CLSID (Whitelisted): ==============
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    CustomCLSID: HKU\S-1-5-21-2582853694-2877760415-371799054-500_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation)
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-24] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-03-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-03-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-24] (Malwarebytes Corporation -> Malwarebytes)
    
    ==================== Codecs (Whitelisted) ====================
    
    ==================== Shortcuts & WMI ========================
    
    (The entries could be listed to be restored or removed.)
    
    Shortcut: C:\Users\Administrator\Desktop\LaunchConfiguration - Shortcut.lnk -> C:\OraclePaymentInterface\v19.1\Config\LaunchConfiguration.bat ()
    
    ==================== Loaded Modules (Whitelisted) =============
    
    2019-08-27 10:32 - 2019-08-27 10:32 - 000315392 _____ () [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
    2019-08-27 10:32 - 2012-12-05 10:40 - 000303104 _____ () [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll
    2019-07-25 07:19 - 2014-03-06 10:08 - 000074240 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
    2020-09-03 15:33 - 2020-09-03 15:33 - 000198144 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jna-1840106495\jna2024589503656644179.dll
    2020-09-03 15:33 - 2020-09-03 15:33 - 000198144 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jna-1840106495\jna7209674124197520214.dll
    2019-08-27 10:32 - 2010-07-12 14:39 - 000413696 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\MSVCP60.dll
    2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    2020-01-09 14:16 - 2020-01-09 14:16 - 000796672 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\MSVCR80.dll
    2019-08-14 09:37 - 2019-08-14 09:37 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\ucrtbase.DLL
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\VCRUNTIME140.dll
    2019-08-27 10:32 - 2012-09-04 15:31 - 000278528 _____ (Wireless Service) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\wnicapi.dll
    
    ==================== Alternate Data Streams (Whitelisted) ========
    
    ==================== Safe Mode (Whitelisted) ==================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    
    ==================== Association (Whitelisted) =================
    
    ==================== Internet Explorer trusted/restricted ==========
    
    ==================== Hosts content: =========================
    
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    
    2009-07-14 10:34 - 2020-09-02 15:10 - 000000068 _____ C:\Windows\system32\drivers\etc\hosts
    192.168.1.15 simapp.q3aurelia.com
    
    ==================== Other Areas ===========================
    
    (Currently there is no automatic fix for this section.)
    
    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files\dotnet\
    HKU\S-1-5-21-2582853694-2877760415-371799054-500\Control Panel\Desktop\\Wallpaper -> 
    DNS Servers: 192.168.1.6 - 192.168.1.5
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.
    
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    
    ==================== FirewallRules (Whitelisted) ================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1297EBFA-CC40-4ADF-977D-B53779572C9B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FirewallRules: [{0873EE70-7511-4DC6-841E-5405239CB73F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FirewallRules: [{7C6A67BA-E686-436D-8AC8-8F384375C1AE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FirewallRules: [{6D12E4A1-ED74-46A6-9C44-A89B661D0D5D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FirewallRules: [{08A6814A-82B9-4D26-9132-7C82C28E05A8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FirewallRules: [{BB75412F-CAB9-4066-8CC2-714A4748AE72}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FirewallRules: [TCP Query User{EBFF85A1-346F-4154-B63B-A326E4B16795}C:\micros\simphony\webserver\servicehost.exe] => (Allow) C:\micros\simphony\webserver\servicehost.exe (Oracle America, Inc. -> Oracle)
    FirewallRules: [UDP Query User{EB784BEC-D865-49D5-BBC4-FCB8AF9DB2FF}C:\micros\simphony\webserver\servicehost.exe] => (Allow) C:\micros\simphony\webserver\servicehost.exe (Oracle America, Inc. -> Oracle)
    
    ==================== Restore Points =========================
    
    31-08-2020 00:00:03 Scheduled Checkpoint
    01-09-2020 10:26:25 Restore Point Created by FRST
    03-09-2020 15:26:29 Restore Point Created by FRST
    
    ==================== Faulty Device Manager Devices ============
    
    Name: Standard PS/2 Keyboard
    Description: Standard PS/2 Keyboard
    Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard keyboards)
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    
    Name: PS/2 Compatible Mouse
    Description: PS/2 Compatible Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    
    
    ==================== Event log errors: ========================
    
    Application errors:
    ==================
    Error: (09/03/2020 03:42:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
    Exception code: 0xc0000005
    Fault offset: 0x0000000000027a6d
    Faulting process id: 0x18cc
    Faulting application start time: 0x01d681c5bcac3141
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: fde88f94-edb8-11ea-85b6-68eda42b384e
    
    Error: (09/03/2020 03:26:28 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.
    
    
    Operation:
       Gathering Writer Data
    
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {eb4c65b4-4f19-41e7-8c9d-cac2baa3e7dc}
    
    Error: (09/01/2020 10:45:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
    Exception code: 0xc0000005
    Fault offset: 0x0000000000027a6d
    Faulting process id: 0x1938
    Faulting application start time: 0x01d68009ec42cefd
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: 2d4557c7-ebfd-11ea-86cc-68eda42b384e
    
    Error: (09/01/2020 10:44:41 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
    Exception code: 0xc0000005
    Fault offset: 0x0000000000027a6d
    Faulting process id: 0x548
    Faulting application start time: 0x01d68009d4f66ac8
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: 1538d512-ebfd-11ea-86cc-68eda42b384e
    
    Error: (09/01/2020 10:42:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19597, time stamp: 0x5df8146f
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb751
    Exception code: 0xc0000005
    Fault offset: 0x0002e136
    Faulting process id: 0x10dc
    Faulting application start time: 0x01d6800981771170
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report Id: c0ab3c15-ebfc-11ea-86cc-68eda42b384e
    
    Error: (09/01/2020 10:42:14 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19597, time stamp: 0x5df8146f
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb751
    Exception code: 0xc0000005
    Fault offset: 0x0002e136
    Faulting process id: 0x1710
    Faulting application start time: 0x01d680097e72c6d1
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report Id: bdc8f8e5-ebfc-11ea-86cc-68eda42b384e
    
    Error: (09/01/2020 10:41:53 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19597, time stamp: 0x5df8146f
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb751
    Exception code: 0xc0000005
    Fault offset: 0x0002e136
    Faulting process id: 0x1464
    Faulting application start time: 0x01d6800971aeeb88
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report Id: b0ea4237-ebfc-11ea-86cc-68eda42b384e
    
    Error: (09/01/2020 10:41:48 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19597, time stamp: 0x5df8146f
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb751
    Exception code: 0xc0000005
    Fault offset: 0x0002e136
    Faulting process id: 0x11c4
    Faulting application start time: 0x01d680096ebe0221
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report Id: ae01482f-ebfc-11ea-86cc-68eda42b384e
    
    
    System errors:
    =============
    Error: (09/03/2020 03:33:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load: 
    cdrom
    
    Error: (09/03/2020 03:29:33 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 
    An instance of the service is already running.
    
    Error: (09/03/2020 03:28:02 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
    An instance of the service is already running.
    
    Error: (09/03/2020 03:27:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).
    
    Error: (09/03/2020 03:27:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    
    Error: (09/03/2020 03:27:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    
    Error: (09/03/2020 03:27:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
    
    Error: (09/03/2020 03:27:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The OPI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    
    
    ==================== Memory info =========================== 
    
    BIOS: American Megatrends Inc. 5.6.5 05/07/2019
    Motherboard: AMI Corporation Aptio CRB
    Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
    Percentage of memory in use: 90%
    Total physical RAM: 1938.64 MB
    Available physical RAM: 191.77 MB
    Total Virtual: 5070.42 MB
    Available Virtual: 397.79 MB
    
    ==================== Drives ================================
    
    Drive c: () (Fixed) (Total:59.62 GB) (Free:9.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    
    
    ==================== MBR & Partition Table ====================
    
    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 59.6 GB) (Disk ID: 33217C0D)
    Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)
    
    ==================== End of Addition.txt =======================
    

    Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


    #20 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 03 September 2020 - 06:20 AM

    Hi,
     
    Let's run this rootkit removal tool.
     
    How to use Malwarebytes Anti-Rootkit to remove rootkits.
     
    Read the instructions on how to proceed on the link below.
    Download the program using this link on the page.
     
     
    Restart the computer when completed.
     
    Let me know if the problem is solved.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #21 chrisling

    chrisling

      Advanced Member

    • Helper Trainee+
    • PipPipPip
    • 118 posts

    Posted 07 September 2020 - 09:02 AM

    Hi nasdaq,

     

    The scanning found something and not able to be removed. I have proceed with the cleaning but after reboot, the issue persists and therefore I scan with mbar again, the same thing was found again.

     

    1st scan

    Malwarebytes Anti-Rootkit BETA 1.10.3.1001
    www.malwarebytes.org
    
    Database version:
      main:    v2020.09.07.03
      rootkit: v2020.09.07.03
    
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.19596
    Administrator :: CAPS-Q3DEMO-A [administrator]
    
    9/7/2020 6:22:32 PM
    mbar-log-2020-09-07 (18-22-32).txt
    
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: 
    Objects scanned: 212494
    Time elapsed: 38 minute(s), 20 second(s)
    
    Memory Processes Detected: 0
    (No malicious items detected)
    
    Memory Modules Detected: 0
    (No malicious items detected)
    
    Registry Keys Detected: 0
    (No malicious items detected)
    
    Registry Values Detected: 0
    (No malicious items detected)
    
    Registry Data Items Detected: 0
    (No malicious items detected)
    
    Folders Detected: 0
    (No malicious items detected)
    
    Files Detected: 6
    c:\users\admin\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [63ec6e0a28af1b1bd29730103dc38878]
    c:\users\administrator\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [ca8526527f58270f79f0e55b09f78977]
    c:\windows\system32\config\systemprofile\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [68e79cdc9f38171f6efb340c2ed23cc4]
    c:\windows\serviceprofiles\localservice\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [d6799bdd2fa816201653152bfe026898]
    c:\windows\serviceprofiles\networkservice\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [79d6bfb932a5cd6966033b05748cff01]
    c:\users\default\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [4f00a4d4b81f25119dcc82be817f18e8]
    
    Physical Sectors Detected: 0
    (No malicious items detected)
    
    (end)
    
    

    2nd scan

    Malwarebytes Anti-Rootkit BETA 1.10.3.1001
    www.malwarebytes.org
    
    Database version:
      main:    v2020.09.07.03
      rootkit: v2020.09.07.03
    
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.19596
    Administrator :: CAPS-Q3DEMO-A [administrator]
    
    9/7/2020 7:22:42 PM
    mbar-log-2020-09-07 (19-22-42).txt
    
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: 
    Objects scanned: 212012
    Time elapsed: 36 minute(s), 40 second(s)
    
    Memory Processes Detected: 0
    (No malicious items detected)
    
    Memory Modules Detected: 0
    (No malicious items detected)
    
    Registry Keys Detected: 0
    (No malicious items detected)
    
    Registry Values Detected: 0
    (No malicious items detected)
    
    Registry Data Items Detected: 0
    (No malicious items detected)
    
    Folders Detected: 0
    (No malicious items detected)
    
    Files Detected: 6
    c:\users\admin\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [232c077114c36ccaf57449f77c84916f]
    c:\users\administrator\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [fd52e296f8dfa3938edb80c0f60a30d0]
    c:\windows\system32\config\systemprofile\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [311ecaaeddfa81b5ce9bac948b759d63]
    c:\windows\serviceprofiles\localservice\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [27282c4cdcfb11253138a19fe11f0ff1]
    c:\windows\serviceprofiles\networkservice\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [17382157d0073501f47542fe55abc739]
    c:\users\default\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab (Adware.Elex) -> Delete on reboot. [87c817610dcad06691d8af91ec148977]
    
    Physical Sectors Detected: 0
    (No malicious items detected)
    
    (end)
    
    

    Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


    #22 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 08 September 2020 - 05:16 AM

    Hi,
     
    Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
    Type Notepad and and click the OK key.
    Please copy the entire contents of the code box below to the a new file.
     
     
    start::
     
    CreateRestorePoint:
    CloseProcesses:
     
    c:\users\admin\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab
    c:\users\administrator\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab
    c:\windows\system32\config\systemprofile\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab 
    c:\windows\serviceprofiles\localservice\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab
    c:\windows\serviceprofiles\networkservice\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab
    c:\users\default\appdata\roaming\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab
     
    EmptyTemp:
     
    End::
     
    Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
    The location is listed in the 3rd line of the Farbar log you have submitted.
     
    Run FRST and click Fix only once and wait.
     
    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===
     
    Is the problem fixed?

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #23 chrisling

    chrisling

      Advanced Member

    • Helper Trainee+
    • PipPipPip
    • 118 posts

    Posted 09 September 2020 - 04:02 AM

    Hi nasdaq,

     

    This looks pretty bad and my browser is still being compromised. FRST scanning as below:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-09-2020
    Ran by Administrator (administrator) on CAPS-Q3DEMO-A (09-09-2020 17:04:47)
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    
    ==================== Processes (Whitelisted) =================
    
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    
    () [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <2>
    (CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\ConfigService\OPIConfigService.exe
    (CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\OPI\bin\OPIService.exe
    (CodeSigning for The Apache Software Foundation -> Apache Software Foundation) C:\OraclePaymentInterface\v19.1\Services\OPI\bin\UtilityService.exe
    (DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe
    (D-LINK CORPORATION -> D-Link Corp.) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Oracle America, Inc. -> MICROS Systems Inc.) C:\Program Files (x86)\MICROS\McrsCAL\McrsCal.exe
    (Oracle America, Inc. -> MICROS Systems Inc.) C:\Program Files (x86)\MICROS\McrsCAL\WIN7CALStart.exe
    (Oracle America, Inc. -> Oracle) C:\Micros\Simphony\WebServer\ServiceHost.exe <2>
    (philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <3>
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    (TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    (TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    (TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    
    ==================== Registry (Whitelisted) ===================
    
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [DpTsClnt] => Regsvr32.exe /s "C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpTsClnt.dll"
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [156808 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-06] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [MAKEN OPEN DRAWER] => D:\POS SYSTEM\????(??)\DrawTest.exe start
    HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1095984 2014-03-18] (D-LINK CORPORATION -> D-Link Corp.) [File not signed]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2019-08-21]
    ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    
    ==================== Scheduled Tasks (Whitelisted) ============
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    Task: {1DB5DA09-C167-4D0F-AD68-F51CBD502750} - System32\Tasks\Microsoft POS for .NET SQM Uploader => C:\Program Files (x86)\Microsoft Point Of Service\SqmUploader.exe [147704 2017-08-08] (Microsoft Corporation -> )
    Task: {4576D400-3CFD-4748-832C-04BAE9CBE76D} - System32\Tasks\{1B0F8D77-A354-4DDA-8E75-ABE69A60EDF1} => C:\Windows\system32\pcalua.exe -a "D:\POS SYSTEM\KPOS_Printer_DriverInstall_Graph(附安装说明)(3)(1)\KPOS_Printer_DriverInstall_Graphú¿╕╜░▓╫░╦╡├≈ú⌐\KPOS_Printer_DriverInstall_Graph_20190426\POS104Install.exe" -d "D:\POS SYSTEM\KPOS_Printer_DriverInstall_Graph(附安装说明)(3)(1)\KPOS_Printer_DriverInstall_Graphú¿╕╜░▓╫░╦╡├≈ú⌐\KPOS_Printer_Driv (the data entry has 25 more characters).
    Task: {E6EAD99D-BDCA-457E-83E7-EFC7AB6AABC8} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3858056 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    Task: {FFD2951F-2AD3-4B0D-8401-D3C98AFE7A47} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1792136 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies)
    
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    
    
    ==================== Internet (Whitelisted) ====================
    
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    
    Hosts: 192.168.1.15 simapp.q3aurelia.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8
    Tcpip\..\Interfaces\{49D3160E-9769-4443-8845-529949E72514}: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8
    Tcpip\..\Interfaces\{F26F6D75-F8F7-413A-A510-67DF5E6A3839}: [DhcpNameServer] 192.168.1.6 192.168.1.5 8.8.4.4 8.8.8.8
    
    Internet Explorer:
    ==================
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> {f283e7fa-8226-404a-b8f5-f55694b1edce} URL = hxxps://www.so.com/s?src=lm&ls=sm2330541&lm_extend=ctype:31&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2582853694-2877760415-371799054-500 -> DefaultScope {79fc4e3c-8838-4344-bcd7-be78bcbbfe3e} URL = 
    SearchScopes: HKU\S-1-5-21-2582853694-2877760415-371799054-500 -> {f283e7fa-8226-404a-b8f5-f55694b1edce} URL = hxxps://www.so.com/s?src=lm&ls=sm2330541&lm_extend=ctype:31&q={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
    
    FireFox:
    ========
    FF DefaultProfile: gzwsyfsw.default
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gzwsyfsw.default [2020-09-01]
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dflktbnx.default-release-1598927750487 [2020-09-09]
    FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2020-03-31] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    
    ==================== Services (Whitelisted) ===================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    "{74712200-2132-494a-BD2F-D9CFE8900378}" => service could not be unlocked. <==== ATTENTION
    HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378} => C:\Windows\System32\drivers\zokng.sys [11470256 2019-07-25] () [File not signed] <==== ATTENTION (Rootkit!/Locked Service)
    
    R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3668944 2020-08-08] (philandro Software GmbH -> philandro Software GmbH)
    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [354272 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7823296 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 DpHost; C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe [473424 2014-12-15] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
    R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-08-25] (Malwarebytes Inc -> Malwarebytes)
    R2 MICROS CAL Client; C:\Program Files (x86)\Micros\McrsCAL\McrsCal.exe [76624 2019-09-02] (Oracle America, Inc. -> MICROS Systems Inc.)
    R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [163008 2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
    R2 OPIConfigService; C:\OraclePaymentInterface\v19.1\Services\ConfigService\OPIConfigService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
    R2 OPIService; C:\OraclePaymentInterface\v19.1\Services\OPI\bin\OPIService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
    R2 Oracle Hospitality Simphony Service Host; C:\Micros\Simphony\WebServer\ServiceHost.exe [18440 2020-01-09] (Oracle America, Inc. -> Oracle)
    S4 POSPerformanceCounters; C:\Program Files (x86)\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [37624 2017-08-08] (Microsoft Corporation -> )
    R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13599288 2020-08-24] (Adlice -> )
    S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [448704 2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
    R2 UtilityService; C:\OraclePaymentInterface\v19.1\Services\OPI\bin\UtilityService.exe [109696 2019-02-12] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
    S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
    
    ===================== Drivers (Whitelisted) ===================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] (Microsoft Windows Hardware Compatibility Publisher -> )
    R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37208 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [205952 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [235656 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [195720 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [61064 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42840 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [175264 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [515600 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2020-08-25] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [109336 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [84912 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [851664 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [466816 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [217392 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [323848 2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 bhound7; C:\Windows\System32\DRIVERS\bhound7.sys [68064 2009-03-02] (Perisoft -> Perisoft)
    S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [48648 2011-06-22] (Cypress -> Cypress Semiconductor)
    S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [71904 2017-07-05] (Cypress Semiconductor Technology India Pvt Ltd. -> Cypress Semiconductor)
    S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65408 2013-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
    S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2013-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
    S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [94208 2013-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217608 2020-09-06] (Malwarebytes Inc -> Malwarebytes)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\mbamswissarmy.sys [248968 2020-09-06] (Malwarebytes Inc -> Malwarebytes)
    S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [2225808 2014-12-08] (MEDIATEK INC. -> MediaTek Inc.)
    S3 rusb3hub; C:\Windows\system32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
    S3 rusb3xhc; C:\Windows\system32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
    R3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [89600 2007-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2020-09-09] (Adlice -> )
    S3 VUSB3HUB; C:\Windows\system32\DRIVERS\ViaHub3.sys [221696 2016-02-03] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
    S3 xhcdrv; C:\Windows\system32\DRIVERS\xhcdrv.sys [294912 2016-02-03] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
    
    ==================== NetSvcs (Whitelisted) ===================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    ==================== One month (created) ===================
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    2020-09-09 16:43 - 2020-09-09 16:43 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys
    2020-09-09 16:42 - 2020-09-09 16:42 - 020447232 ____N C:\Windows\system32\config\SYSTEM
    2020-09-07 19:22 - 2020-09-07 19:22 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6771C2CE.sys
    2020-09-07 18:22 - 2020-09-07 18:22 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\22634130.sys
    2020-09-07 18:20 - 2020-09-09 16:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2020-09-07 18:20 - 2020-09-07 22:46 - 000000000 ____D C:\Users\Administrator\Desktop\mbar
    2020-09-07 18:19 - 2020-09-07 18:19 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.10.3.1001.exe
    2020-09-06 10:50 - 2020-09-06 10:50 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2020-09-06 10:50 - 2020-09-06 10:50 - 000217608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2020-09-01 22:41 - 2020-09-03 15:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2020-09-01 10:35 - 2020-09-01 10:35 - 000000000 ____D C:\Users\Administrator\Desktop\Old Firefox Data
    2020-08-31 12:12 - 2020-08-31 12:14 - 000006274 _____ C:\TDSSKiller.2.8.16.0_31.08.2020_12.12.34_log.txt
    2020-08-31 12:12 - 2020-08-31 12:12 - 000208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\15817820.sys
    2020-08-31 12:10 - 2020-08-31 12:10 - 000002940 _____ C:\Users\Administrator\Documents\ReportRogue.txt
    2020-08-31 02:08 - 2020-08-31 02:13 - 000000000 ____D C:\ProgramData\RogueKiller
    2020-08-31 02:08 - 2020-08-31 02:09 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
    2020-08-31 02:08 - 2020-08-31 02:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2020-08-31 02:08 - 2020-08-31 02:08 - 000000000 ____D C:\Program Files\RogueKiller
    2020-08-31 02:06 - 2020-08-31 02:06 - 040337176 _____ (Adlice Software ) C:\Users\Administrator\Downloads\RogueKiller_setup_ref3.exe
    2020-08-30 17:56 - 2020-09-03 15:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2020-08-30 17:56 - 2020-08-30 17:56 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2020-08-30 17:56 - 2020-08-30 17:56 - 000000924 _____ C:\Users\Public\Desktop\Firefox.lnk
    2020-08-30 17:56 - 2020-08-30 17:56 - 000000924 _____ C:\ProgramData\Desktop\Firefox.lnk
    2020-08-29 01:41 - 2020-08-29 01:42 - 000000000 ____D C:\Users\Administrator\.dotnet
    2020-08-29 01:40 - 2020-08-29 01:41 - 000000000 ____D C:\Program Files\dotnet
    2020-08-29 01:40 - 2020-08-29 01:41 - 000000000 ____D C:\Development
    2020-08-28 19:57 - 2020-08-28 19:57 - 000001463 _____ C:\Users\Administrator\Desktop\Internet Explorer (No Add-ons).lnk
    2020-08-28 18:44 - 2020-08-28 18:44 - 000000000 ____D C:\Users\Administrator\Documents\OPC TEST
    2020-08-27 15:47 - 2020-09-09 17:04 - 000000000 ____D C:\Users\Administrator\Downloads\FRST-OlderVersion
    2020-08-27 15:47 - 2020-08-27 15:47 - 000000000 ___HD C:\$AV_AVG
    2020-08-25 18:00 - 2020-09-09 17:02 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
    2020-08-25 17:42 - 2020-08-25 17:42 - 000046177 _____ C:\Users\Administrator\Downloads\Shortcut.txt
    2020-08-25 17:17 - 2020-08-25 17:17 - 008414384 _____ (Malwarebytes) C:\Users\Administrator\Downloads\adwcleaner_8.0.7.exe
    2020-08-25 17:14 - 2020-08-25 17:19 - 000000000 ____D C:\AdwCleaner
    2020-08-25 17:08 - 2020-09-09 16:19 - 000003211 _____ C:\Users\Administrator\Downloads\Fixlog.txt
    2020-08-25 15:56 - 2020-09-03 15:50 - 000030106 _____ C:\Users\Administrator\Downloads\Addition.txt
    2020-08-25 15:49 - 2020-09-09 17:06 - 000017168 _____ C:\Users\Administrator\Downloads\FRST.txt
    2020-08-25 15:49 - 2020-09-09 17:05 - 000000000 ____D C:\FRST
    2020-08-25 15:49 - 2020-09-09 17:02 - 002297344 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
    2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
    2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Avg
    2020-08-25 15:27 - 2020-08-25 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2020-08-25 15:25 - 2020-08-25 15:25 - 000000000 ____D C:\Windows\system32\Tasks\AVG
    2020-08-25 15:24 - 2020-09-09 17:02 - 000004162 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
    2020-08-25 15:24 - 2020-08-25 15:24 - 000851664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000515600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000466816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000336520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2020-08-25 15:24 - 2020-08-25 15:24 - 000323848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000235656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000217392 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000205952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000195720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000175264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000109336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000084912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000061064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000042840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000037208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000029944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetNd6.sys
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____D C:\Program Files\Common Files\AVG
    2020-08-25 15:23 - 2020-09-09 16:53 - 000000000 ____D C:\ProgramData\AVG
    2020-08-25 15:23 - 2020-08-25 15:23 - 000271696 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Administrator\Downloads\avg_antivirus_free_setup.exe
    2020-08-25 15:23 - 2020-08-25 15:23 - 000000000 ____D C:\Program Files\AVG
    2020-08-24 16:03 - 2020-08-28 12:09 - 000896886 _____ C:\Windows\ntbtlog.txt
    2020-08-24 15:42 - 2020-08-24 16:16 - 000000000 ____D C:\Windows\pss
    2020-08-24 15:40 - 2020-09-03 15:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2020-08-24 14:57 - 2020-08-24 14:58 - 006455520 _____ (EnigmaSoft Limited) C:\Users\Administrator\Downloads\SpyHunter-Installer.exe
    2020-08-24 14:51 - 2020-08-24 14:51 - 000000000 ____D C:\Users\Administrator\Downloads\chc
    2020-08-24 14:50 - 2020-08-24 14:50 - 009047080 _____ C:\Users\Administrator\Downloads\chc.zip
    2020-08-24 11:48 - 2020-08-25 15:22 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2020-08-24 11:48 - 2020-08-25 15:22 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2020-08-24 11:48 - 2020-08-25 15:22 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
    2020-08-24 11:48 - 2020-08-24 11:48 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
    2020-08-24 11:47 - 2020-09-07 18:22 - 000000000 ____D C:\ProgramData\Malwarebytes
    2020-08-24 11:47 - 2020-08-25 15:21 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2020-08-24 11:47 - 2020-08-24 11:47 - 000000000 ____D C:\Program Files\Malwarebytes
    2020-08-24 11:45 - 2020-08-24 11:45 - 002040904 _____ (Malwarebytes) C:\Users\Administrator\Downloads\MBSetup.exe
    2020-08-24 11:45 - 2020-08-24 11:45 - 000388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis.exe
    2020-08-17 16:18 - 2020-08-27 15:30 - 000000000 ___HD C:\Windows\msdownld.tmp
    2020-08-17 16:13 - 2020-08-25 17:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
    2020-08-17 16:12 - 2020-08-25 17:15 - 000000000 ____D C:\Program Files (x86)\Google
    
    ==================== One month (modified) ==================
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    2020-09-09 17:06 - 2019-07-25 07:15 - 020447232 _____ C:\Windows\system32\C_32770.NLS
    2020-09-09 17:02 - 2019-08-13 17:27 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
    2020-09-09 16:49 - 2009-07-14 13:13 - 000910410 _____ C:\Windows\system32\PerfStringBackup.INI
    2020-09-09 16:49 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
    2020-09-09 16:43 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2020-09-09 16:42 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2020-09-09 16:42 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2020-09-08 16:46 - 2019-08-20 10:00 - 001549215 _____ C:\Journal.txt
    2020-09-07 19:01 - 2020-01-09 14:21 - 000000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
    2020-08-30 17:56 - 2019-08-13 17:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
    2020-08-30 17:56 - 2019-08-13 17:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
    2020-08-30 17:54 - 2019-08-14 08:15 - 000000000 ____D C:\Users\admin\AppData\Roaming\Mozilla
    2020-08-30 17:54 - 2019-08-14 08:15 - 000000000 ____D C:\Users\admin\AppData\Local\Mozilla
    2020-08-29 01:41 - 2019-08-13 17:24 - 000000000 ____D C:\Users\Administrator
    2020-08-29 01:40 - 2019-07-25 09:11 - 000000000 ____D C:\ProgramData\Package Cache
    2020-08-28 13:41 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\rescache
    2020-08-27 04:20 - 2019-08-13 18:36 - 000000000 ____D C:\Windows\system32\MRT
    2020-08-27 04:15 - 2019-08-13 18:35 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    
    ==================== SigCheck ============================
    
    (There is no automatic fix for files that do not pass verification.)
    
    
    LastRegBack: 2020-09-04 00:24
    ==================== End of FRST.txt ========================
    
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2020
    Ran by Administrator (09-09-2020 17:10:37)
    Running from C:\Users\Administrator\Downloads
    Windows 7 Professional Service Pack 1 (X64) (2019-07-24 22:55:26)
    Boot Mode: Normal
    ==========================================================
    
    
    ==================== Accounts: =============================
    
    admin (S-1-5-21-2582853694-2877760415-371799054-1000 - Administrator - Disabled) => C:\Users\admin
    Administrator (S-1-5-21-2582853694-2877760415-371799054-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-2582853694-2877760415-371799054-501 - Limited - Disabled)
    
    ==================== Security Center ========================
    
    (If an entry is included in the fixlist, it will be removed.)
    
    AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
    AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    
    ==================== Installed Programs ======================
    
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    
    AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.0.7 - philandro Software GmbH)
    AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.6.3135 - AVG Technologies)
    Bus Hound (HKLM-x32\...\{7A19AACA-48DD-43E1-92BE-B12D78466C89}) (Version: 6.1.0 - Perisoft)
    DigitalPersona TouchChip Device Add-On for U.are.U SDK (HKLM\...\{20CB814D-73D5-422B-9E61-BE3F68E280DD}) (Version: 1.0.1.767 - DigitalPersona, Inc.)
    DigitalPersona U.are.U RTE (HKLM\...\{3FE5B696-9DA2-41AA-8414-58E3936169A6}) (Version: 2.3.1.767 - DigitalPersona, Inc.)
    D-Link DWA-125 (HKLM-x32\...\{E45CACFE-0576-4375-A84F-C34B99A7B652}) (Version:  - D-Link Corporation)
    Intel(R) Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel(R) Corporation) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
    Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
    Malwarebytes version 4.2.0.82 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.0.82 - Malwarebytes)
    Microsoft .NET Core SDK 3.1.300 (x64) (HKLM-x32\...\{c8867574-9c22-4807-9803-17387f3f6a85}) (Version: 3.1.300.15161 - Microsoft Corporation)
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft POS for .NET 1.14.1 (HKLM-x32\...\{9352A741-7648-46DA-806F-44ED64890BA4}) (Version: 1.14.1708.8001 - Microsoft Corporation)
    Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client  (HKLM\...\{B9274744-8BAE-4874-8E59-2610919CD419}) (Version: 11.4.7001.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{5B2CB8F5-3151-4B85-8EC7-E7BF1CFC8646}) (Version: 11.4.7001.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{18F346D2-4CE0-45C4-BCD9-BA054FE7CB91}) (Version: 11.4.7001.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
    Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.4.7001.0 - Microsoft Corporation)
    Mozilla Firefox 80.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 80.0.1 (x64 en-US)) (Version: 80.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0 - Mozilla)
    Oracle Payment Interface (HKLM-x32\...\{FDFB3AFE-1D8F-4145-BE5F-9466F5984455}) (Version: 19.1.0.0 - Oracle) Hidden
    Oracle Payment Interface (HKLM-x32\...\InstallShield_{FDFB3AFE-1D8F-4145-BE5F-9466F5984455}) (Version: 19.1.0.0 - Oracle)
    Printer Driver Setup v2.0 (HKLM-x32\...\{DEFC2352-70A5-433C-841D-5EC6527E2EA9}) (Version: 2.0 - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    RogueKiller version 14.7.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.7.0.0 - Adlice Software)
    Service Pack 4 for SQL Server 2012 (KB4018073) (HKLM-x32\...\KB4018073) (Version: 11.4.7001.0 - Microsoft Corporation)
    SQL Server 2012 Common Files (HKLM-x32\...\{124D51A1-F3C2-45AE-B812-D3CA71247093}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2012 Common Files (HKLM-x32\...\{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2012 Database Engine Services (HKLM-x32\...\{87D50333-E534-493A-8E98-0A49BC28F64B}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2012 Database Engine Services (HKLM-x32\...\{C22613C2-C7A4-4761-A906-116ECD4E7477}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2012 Database Engine Shared (HKLM-x32\...\{54F84805-0116-467F-8713-899DFC472235}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2012 Database Engine Shared (HKLM-x32\...\{D0F44C37-A22B-4733-BBA7-86C9F4988725}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.4.7001.0 - Microsoft Corporation)
    Sql Server Customer Experience Improvement Program (HKLM-x32\...\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden
    TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.258861 - TeamViewer)
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    WIN32 CAL Client (HKLM-x32\...\{0B64324E-75FA-4A9C-8997-9C21F8777110}) (Version: 3.1.4.146 - ORACLE | Micros) Hidden
    WIN32 CAL Client (HKLM-x32\...\InstallShield_{0B64324E-75FA-4A9C-8997-9C21F8777110}) (Version: 3.1.4.146 - ORACLE | Micros)
    
    ==================== Custom CLSID (Whitelisted): ==============
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    CustomCLSID: HKU\S-1-5-21-2582853694-2877760415-371799054-500_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation)
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-24] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-03-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-03-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-24] (Malwarebytes Corporation -> Malwarebytes)
    
    ==================== Codecs (Whitelisted) ====================
    
    ==================== Shortcuts & WMI ========================
    
    (The entries could be listed to be restored or removed.)
    
    Shortcut: C:\Users\Administrator\Desktop\LaunchConfiguration - Shortcut.lnk -> C:\OraclePaymentInterface\v19.1\Config\LaunchConfiguration.bat ()
    
    ==================== Loaded Modules (Whitelisted) =============
    
    2019-08-27 10:32 - 2019-08-27 10:32 - 000315392 _____ () [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
    2019-08-27 10:32 - 2012-12-05 10:40 - 000303104 _____ () [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll
    2019-07-25 07:19 - 2014-03-06 10:08 - 000074240 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
    2020-09-09 16:43 - 2020-09-09 16:43 - 000198144 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jna-1840106495\jna2812890405328756988.dll
    2020-09-09 16:43 - 2020-09-09 16:43 - 000198144 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jna-1840106495\jna8655896608338430602.dll
    2019-08-27 10:32 - 2010-07-12 14:39 - 000413696 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\MSVCP60.dll
    2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    2020-01-09 14:16 - 2020-01-09 14:16 - 000796672 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\MSVCR80.dll
    2019-08-14 09:37 - 2019-08-14 09:37 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\ucrtbase.DLL
    2020-08-25 15:24 - 2020-08-25 15:24 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\VCRUNTIME140.dll
    2019-08-27 10:32 - 2012-09-04 15:31 - 000278528 _____ (Wireless Service) [File not signed] C:\Program Files (x86)\D-Link\DWA-125 revA\wnicapi.dll
    
    ==================== Alternate Data Streams (Whitelisted) ========
    
    ==================== Safe Mode (Whitelisted) ==================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    
    ==================== Association (Whitelisted) =================
    
    ==================== Internet Explorer trusted/restricted ==========
    
    ==================== Hosts content: =========================
    
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    
    2009-07-14 10:34 - 2020-09-02 15:10 - 000000068 _____ C:\Windows\system32\drivers\etc\hosts
    192.168.1.15 simapp.q3aurelia.com
    
    ==================== Other Areas ===========================
    
    (Currently there is no automatic fix for this section.)
    
    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files\dotnet\
    HKU\S-1-5-21-2582853694-2877760415-371799054-500\Control Panel\Desktop\\Wallpaper -> 
    DNS Servers: 192.168.1.6 - 192.168.1.5
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.
    
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    
    ==================== FirewallRules (Whitelisted) ================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [TCP Query User{EBFF85A1-346F-4154-B63B-A326E4B16795}C:\micros\simphony\webserver\servicehost.exe] => (Allow) C:\micros\simphony\webserver\servicehost.exe (Oracle America, Inc. -> Oracle)
    FirewallRules: [UDP Query User{EB784BEC-D865-49D5-BBC4-FCB8AF9DB2FF}C:\micros\simphony\webserver\servicehost.exe] => (Allow) C:\micros\simphony\webserver\servicehost.exe (Oracle America, Inc. -> Oracle)
    FirewallRules: [{8A215296-4993-4D1B-8D64-55888CDA39C6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FirewallRules: [{856862DB-E79B-4844-A25B-63883A780181}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FirewallRules: [{DC8B1D0D-8D08-4C98-8547-D5E216D0229B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FirewallRules: [{C593BB37-CAE4-4D3F-8CF9-B9484DE1E806}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FirewallRules: [{844F6FE9-C6F0-4810-8872-F2978495C417}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    FirewallRules: [{84CBA4E5-4724-4386-A575-84076D4C9B2E}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
    
    ==================== Restore Points =========================
    
    31-08-2020 00:00:03 Scheduled Checkpoint
    01-09-2020 10:26:25 Restore Point Created by FRST
    03-09-2020 15:26:29 Restore Point Created by FRST
    07-09-2020 19:00:57 Malwarebytes Anti-Rootkit Restore Point
    07-09-2020 22:46:00 Malwarebytes Anti-Rootkit Restore Point
    09-09-2020 16:18:19 Restore Point Created by FRST
    
    ==================== Faulty Device Manager Devices ============
    
    Name: Standard PS/2 Keyboard
    Description: Standard PS/2 Keyboard
    Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard keyboards)
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    
    Name: PS/2 Compatible Mouse
    Description: PS/2 Compatible Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    
    
    ==================== Event log errors: ========================
    
    Application errors:
    ==================
    Error: (09/09/2020 04:18:18 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.
    
    
    Operation:
       Gathering Writer Data
    
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {eaf113e0-b0e9-41f4-9b73-62f18f3ae143}
    
    Error: (09/03/2020 03:42:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
    Exception code: 0xc0000005
    Fault offset: 0x0000000000027a6d
    Faulting process id: 0x18cc
    Faulting application start time: 0x01d681c5bcac3141
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: fde88f94-edb8-11ea-85b6-68eda42b384e
    
    Error: (09/03/2020 03:26:28 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.
    
    
    Operation:
       Gathering Writer Data
    
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {eb4c65b4-4f19-41e7-8c9d-cac2baa3e7dc}
    
    Error: (09/01/2020 10:45:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
    Exception code: 0xc0000005
    Fault offset: 0x0000000000027a6d
    Faulting process id: 0x1938
    Faulting application start time: 0x01d68009ec42cefd
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: 2d4557c7-ebfd-11ea-86cc-68eda42b384e
    
    Error: (09/01/2020 10:44:41 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.19597, time stamp: 0x5df81503
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
    Exception code: 0xc0000005
    Fault offset: 0x0000000000027a6d
    Faulting process id: 0x548
    Faulting application start time: 0x01d68009d4f66ac8
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: 1538d512-ebfd-11ea-86cc-68eda42b384e
    
    Error: (09/01/2020 10:42:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19597, time stamp: 0x5df8146f
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb751
    Exception code: 0xc0000005
    Fault offset: 0x0002e136
    Faulting process id: 0x10dc
    Faulting application start time: 0x01d6800981771170
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report Id: c0ab3c15-ebfc-11ea-86cc-68eda42b384e
    
    Error: (09/01/2020 10:42:14 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19597, time stamp: 0x5df8146f
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb751
    Exception code: 0xc0000005
    Fault offset: 0x0002e136
    Faulting process id: 0x1710
    Faulting application start time: 0x01d680097e72c6d1
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report Id: bdc8f8e5-ebfc-11ea-86cc-68eda42b384e
    
    Error: (09/01/2020 10:41:53 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19597, time stamp: 0x5df8146f
    Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb751
    Exception code: 0xc0000005
    Fault offset: 0x0002e136
    Faulting process id: 0x1464
    Faulting application start time: 0x01d6800971aeeb88
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report Id: b0ea4237-ebfc-11ea-86cc-68eda42b384e
    
    
    System errors:
    =============
    Error: (09/09/2020 04:43:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load: 
    cdrom
    
    Error: (09/09/2020 04:37:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The OPI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    
    Error: (09/09/2020 04:31:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The OPI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    
    Error: (09/09/2020 04:25:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The OPI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    
    Error: (09/09/2020 04:21:03 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Software Protection service, but this action failed with the following error: 
    An instance of the service is already running.
    
    Error: (09/09/2020 04:19:33 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
    An instance of the service is already running.
    
    Error: (09/09/2020 04:19:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).
    
    Error: (09/09/2020 04:19:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    
    
    ==================== Memory info =========================== 
    
    BIOS: American Megatrends Inc. 5.6.5 05/07/2019
    Motherboard: AMI Corporation Aptio CRB
    Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
    Percentage of memory in use: 85%
    Total physical RAM: 1938.64 MB
    Available physical RAM: 290.08 MB
    Total Virtual: 5306.09 MB
    Available Virtual: 478.86 MB
    
    ==================== Drives ================================
    
    Drive c: () (Fixed) (Total:59.62 GB) (Free:5.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    
    
    ==================== MBR & Partition Table ====================
    
    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 59.6 GB) (Disk ID: 33217C0D)
    Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)
    
    ==================== End of Addition.txt =======================
    

    I have done a re-scan with mbar and the files apparently still are detected.

    2020-09-09-18-01-02.jpg


    Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


    #24 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 09 September 2020 - 06:13 AM

    Hi,
     
    Your computer is not compromised.
    The items reported by Malwarebytes are in a Cache and not doing any damage.
     
    Please run this fix and post the Fixlog.txt for my review.
     
    Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
    Type Notepad and and click the OK key.
    Please copy the entire contents of the code box below to the a new file.
     
    start
     
    CreateRestorePoint:
    CloseProcesses:
     
    DeleteKey: HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378}
    C:\Windows\System32\drivers\zokng.sys
     
    Restart:
     
    End
    
     
    Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
    The location is listed in the 3rd line of the Farbar log you have submitted.
     
    Run FRST and click Fix only once and wait.
     
    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===
     
    If the problem persists in Internet Explorer and you are using the Sync with other devices, disable the Sync.
     
    close IE.
     
    Restart the computer and re-sync you devices if you need them.
     
    Let me know if the items are still being reported by Malwarebytes.
    No need to include an Image.
     
    Also what problems are you having with this computer.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #25 chrisling

    chrisling

      Advanced Member

    • Helper Trainee+
    • PipPipPip
    • 118 posts

    Posted 10 September 2020 - 01:39 AM

    Hi nasdaq,

     

    The file looks failed to be removed. I had also mentioned I did try to remove this file in Safe Mode and once I restart, the file back in-place again.

     

    Here's the log from the fix.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 09-09-2020
    Ran by Administrator (10-09-2020 11:00:05) Run:8
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator
    Boot Mode: Normal
    ==============================================
    
    fixlist content:
    *****************
    start
     
    CreateRestorePoint:
    CloseProcesses:
     
    DeleteKey: HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378}
    C:\Windows\System32\drivers\zokng.sys
     
    Restart:
     
    End
    *****************
    
    Error: (0) Failed to create a restore point.
    Processes closed successfully.
    HKLM\SYSTEM\ControlSet001\Services\{74712200-2132-494a-BD2F-D9CFE8900378} => not found
    Could not move "C:\Windows\System32\drivers\zokng.sys" => Scheduled to move on reboot.
    
    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-09-2020 15:14:19)
    
    C:\Windows\System32\drivers\zokng.sys => Could not move
    
    ==== End of Fixlog 15:14:20 ====
    

    The issue of the PC is just whenever I open browser, the main page is being hijacked by the Chinese website. All browsers reacting the same and non of them is synchronizing any account.


    Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


    #26 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 10 September 2020 - 05:37 AM

    Let's try this way.
     
     
    Boot in the Recovery Environment WINDOWS 7 USERS
     
    To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    Restart the computer
    Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
     
    Look at this video if not familiar with it.
     
    Use the arrow keys to select Repair your computer, and press on Enter
    Select your keyboard layout (US, French, etc.) and click on Next
     
    Click on Command Prompt to open the command prompt
     
    In the command prompt, type CD C:\Users\Administrator\Downloads hit the Enter key.
     
    You should see the Farbar program and the Fixlist.txt.
     
    Run the Farbar program and click the Fix button.
     
    Restart the computer to return to the normal operating system.
     
    Post the Fixlog.txt for my review.
     
    ===
     
    p.s.
     
    I asked previously what difficulties you are having with this computer orthe than delete these items.
    Please explain.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #27 chrisling

    chrisling

      Advanced Member

    • Helper Trainee+
    • PipPipPip
    • 118 posts

    Posted 11 September 2020 - 02:25 AM

    Hi nasdaq,

     

    I will perform the steps once I am available.

     

    For your question, I have explained in the previous reply. I don't have any issue with the computer, it's just the problem on the browser.


    Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


    #28 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 11 September 2020 - 05:05 AM

    Hi,

     

    I would it it alone.

     

    Not causing any problems.

     

    Just left over from a previous infection.


    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #29 chrisling

    chrisling

      Advanced Member

    • Helper Trainee+
    • PipPipPip
    • 118 posts

    Posted 14 September 2020 - 03:53 AM

    After the file is removed, the browser is no longer acting weird.

     

    Thank you nasdaq! You helped a lot!  :good:


    Real life is tiring, yet it's interesting, just like involving myself in this forum  :8P:


    #30 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 14 September 2020 - 05:17 AM

    Glad we could help.


    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760




    Member of UNITE
    Support SpywareInfo Forum - click the button