Laptop Reinfected - Freezes/Slow/Flickering then Win Colour Scheme Msg & more...
This is my first post; however, we have used this resource for many years whilst working on our various projects.
When we finally generate enough traction to break-through the censorship we endure, the reasons for our predicament will become apparent. Until then, we need help to fight the opposition against us.
Unfortunately my laptop is reinfected after previously being improved. The actual source of the problem was never found but, from all the evidence combined over a decade of interference on various machines, would appear to be Remote Access Trojans and as such seems to have gradually rendered the machine nearly useless.
My laptop specification details are noted below:
As mentioned above, I have had a similar issue in the past but nowhere near as interfering as this current problem. In case it may be of some use for you to know, the similarity is the appearance of a dialogue box for 'Windows' requesting an answer be chosen from one of three options to the question 'Do you want to change the colour scheme to improve performance?'. I have attached a screenshot of this Dialogue Box.
From the moment I boot-up the laptop and login, the problem now noticeably starts as the laptop is attempting to go through its 'normal' processes and getting things running, etc. the laptop screen starts flickering gently and quickly and when this flickering starts, I have found it is the start of the laptop essentially freezing, with me being unable to carry out any actions, except maybe minimising or maximising a program I was using or some other small task, but for the majority of actions, it will not react or do anything until eventually the Windows dialogue box appears with the question regarding the Windows Colour Scheme.
Overall it is not until that dialogue box appears that I can continue on with trying to do what I was doing on the laptop, however on occasion it will stop flickering and catch up to what I have been trying to do without the dialogue box appearing but I am not aware of why the dialogue box appears or not but thought I should mention that it is not always upon the dialogue box appearing that the laptop stops freezing.
The amount of time the laptop freezes for has been getting longer.
I use the word 'freeze' since I noticed earlier that the time on the taskbar did not change for some 10 minutes whilst I was waiting for it to let me starting using it again.
I have noticed a couple of 'unknown' processes in Windows Task Manager and have attached them as screenshots for info should they be relevant; briefly they are:
Please find pasted below the FRST Log details for 23.02.2022:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2022 01
Ran by user (administrator) on USER-PC (Sony Corporation VGN-NS10J_S) (23-02-2022 00:49:31)
Running from C:\Users\user\Desktop
Loaded Profiles: user
Platform: Microsoft Windows 7 Home PremiumService Pack 1 (X86) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files\BraveSoftware\Update\1.3.361.111\BraveCrashHandler.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <11>
(explorer.exe ->) (Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(services.exe ->) (Apple Computer, Inc.) [File not signed] C:\Program Files\Bonjour\mDNSResponder.exe
(taskeng.exe ->) (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\Run: [Opera Browser Assistant] => C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3085336 2020-10-20] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2022-01-03] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [29764224 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows NT x86\Print Processors\OneNotePrint2007: C:\Windows\System32\spool\prtprocs\W32X86\msonpppr.dll [33104 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Send To Microsoft OneNote Monitor: C:\Windows\system32\msonpmon.dll [31640 2009-02-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\98.1.35.103\Installer\chrmstp.exe [2022-02-17] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-07-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06BBCFBD-C088-4BCB-A79D-FC76E78016C4} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\user\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-09-21] (ESET, spol. s r.o. -> ESET)
Task: {555C4FAB-E137-43BA-861B-9EAE2C728E9E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-02-14] (Piriform Software Ltd -> Piriform)
Task: {81AE53BD-5C06-4487-AFAD-A68F90E81F91} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-29] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {8A0FDE3C-5E55-4B1C-95C9-4D8F61AE93F2} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-29] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9EAA20EC-4C5D-4E31-A60D-7B74FA93AC22} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\user\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-09-21] (ESET, spol. s r.o. -> ESET)
Task: {A9DFEA87-9095-4D16-A129-9AED8DE0E35D} - System32\Tasks\Opera scheduled Autoupdate 1596364635 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-10-14] (Opera Software AS -> Opera Software)
Task: {D0C17812-3984-42E9-A144-65FC6F7889CD} - System32\Tasks\Opera scheduled assistant Autoupdate 1596364679 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-10-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\user\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {E92E368D-0D5E-4B88-95F6-160410F641EE} - System32\Tasks\CCleanerSkipUAC - user => C:\Program Files\CCleaner\CCleaner.exe [29764224 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.) [File not signed]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{18E178C5-7B42-43E6-AA58-A2967A9167FE}: [NameServer] 10.0.4.0 10.0.4.1
Tcpip\..\Interfaces\{329EC835-9EFA-4F58-9528-737423215E5A}: [NameServer] 10.0.4.0 10.0.4.1
Tcpip\..\Interfaces\{3FF64C44-A50E-4560-B9DE-2EFC24EC0639}: [NameServer] 10.0.4.0 10.0.4.1
Tcpip\..\Interfaces\{56861393-0C9B-44DF-ABFB-1361B0BE1DE3}: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin HKU\S-1-5-21-3466160139-2617407507-2001755323-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [2022-01-03] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
FF Plugin HKU\S-1-5-21-3466160139-2617407507-2001755323-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [2022-01-03] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2022-02-20]
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-23]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-02]
Opera:
=======
OPR Profile: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable [2022-02-20]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-26]
Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-02-23]
BRA Notifications: Default -> hxxps://e.pcloud.com; hxxps://gab.com; hxxps://my.pcloud.com; hxxps://twitter.com; hxxps://www.pinterest.co.uk; hxxps://www.youtube.com
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (Google Translate) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-02-05]
BRA Extension: (One Click Full Page Screenshot) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dchfhilphcokdhfmikknmgdbmklbnnle [2020-07-28]
BRA Extension: (Brave NTP background images) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2021-12-21]
BRA Extension: (Wallet Data Files Updater) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2021-11-30]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-02-23]
BRA Extension: (Brave Ads Resources) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\cmdlemldhabgmejfognbhdejendfeikd [2022-02-10]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2021-01-10]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-16]
BRA Extension: (Brave NTP sponsored images) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2022-02-23]
BRA Extension: (Brave Ads Resources) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2022-02-05]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-02-23]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 brave; C:\Program Files\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-29] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-29] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2020-07-29] (Macrovision Europe Ltd.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2019-11-15] (Microsoft Windows -> Microsoft Corporation)
S4 wuauserv; C:\Windows\system32\wuaueng2.dll [2092032 2019-11-16] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [2228224 2011-12-13] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbdx.sys [483880 2012-01-24] (Broadcom Corporation -> Broadcom Corporation)
S3 b06diag; C:\Windows\system32\drivers\bxdiagx.sys [75816 2012-03-08] (Broadcom Corporation -> Broadcom Corporation)
S3 BFN7x86; C:\Windows\system32\drivers\Xeno7x86.sys [130152 2012-02-22] (Bigfoot Networks, Inc. -> Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [150568 2012-02-22] (Broadcom Corporation -> Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [435240 2012-02-22] (Broadcom Corporation -> Broadcom Corporation)
S3 IaNVMe; C:\Windows\system32\drivers\IaNVMe.sys [120816 2018-04-25] (Intel® NVMe Windows Driver -> Intel Corporation)
R0 IaNVMeF; C:\Windows\System32\drivers\IaNVMeF.sys [33768 2018-04-25] (Intel® NVMe Windows Driver -> Intel Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7522304 2011-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 nvme; C:\Windows\system32\drivers\nvme.sys [64688 2016-08-17] (Lite-On Technology Corporation -> Windows ® Win 7 DDK provider)
S3 ocznvme; C:\Windows\system32\drivers\ocznvme.sys [83624 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
R0 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [25936 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
R2 rimsptsk; C:\Windows\System32\DRIVERS\rimsptsk.sys [69120 2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S3 secnvme; C:\Windows\system32\drivers\secnvme.sys [75912 2016-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R0 secnvmeF; C:\Windows\System32\drivers\secnvmeF.sys [28568 2016-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [10752 2012-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
R3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Microsoft Windows -> Conexant Systems, Inc.)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [33280 2020-11-13] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [43944 2021-04-24] (Windscribe Limited -> The OpenVPN Project)
S3 windtun420; C:\Windows\System32\DRIVERS\windtun420.sys [35240 2021-04-24] (Windscribe Limited -> WireGuard LLC)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [319264 2012-03-27] (Marvell Semiconductor -> Marvell)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-02-20 05:28 - 2022-02-20 05:28 - 000000000 ____D C:\Windows\pss
2022-02-20 05:07 - 2022-02-22 23:56 - 000000000 ____D C:\Program Files\CCleaner
2022-02-20 05:07 - 2022-02-21 22:13 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-02-20 05:07 - 2022-02-20 05:07 - 000002804 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - user
2022-02-20 05:07 - 2022-02-20 05:07 - 000000929 _____ C:\Users\Public\Desktop\CCleaner.lnk
2022-02-20 05:07 - 2022-02-20 05:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-02-03 02:27 - 2022-02-03 02:27 - 000000000 ____D C:\Users\user\Documents\AA
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-02-23 00:50 - 2021-09-14 19:22 - 000014531 _____ C:\Users\user\Desktop\FRST.txt
2022-02-23 00:50 - 2021-08-06 18:43 - 000000000 ___DC C:\FRST
2022-02-23 00:49 - 2021-09-21 12:18 - 002020352 ____C (Farbar) C:\Users\user\Desktop\FRST.exe
2022-02-23 00:49 - 2021-09-12 13:58 - 000000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2022-02-23 00:01 - 2021-09-21 12:53 - 000000000 ___HD C:\Users\user\Downloads\.opera
2022-02-23 00:01 - 2020-11-02 11:34 - 000000000 ___HD C:\Users\user\.opera
2022-02-22 23:56 - 2010-11-20 21:01 - 000782184 _____ C:\Windows\system32\PerfStringBackup.INI
2022-02-22 23:56 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\inf
2022-02-22 23:49 - 2009-07-14 04:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-02-22 23:38 - 2021-09-21 12:50 - 000014112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-02-22 23:38 - 2021-09-21 12:50 - 000014112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-02-21 22:13 - 2020-07-09 22:59 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2022-02-20 02:22 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\system32\NDF
2022-02-17 00:51 - 2020-06-29 14:37 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-02-15 04:41 - 2021-09-21 13:53 - 000003756 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2022-02-15 04:41 - 2021-09-21 13:52 - 000003316 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2022-02-06 00:10 - 2021-10-18 11:48 - 000000000 ____D C:\ProgramData\Mozilla
2022-02-06 00:09 - 2021-10-18 11:49 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2022-02-05 18:14 - 2021-03-30 05:30 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc
2022-02-05 17:41 - 2020-06-29 01:36 - 000000000 ____D C:\Users\user\Documents\Admin
2022-01-31 17:06 - 2021-07-26 10:15 - 000000000 ____D C:\Windows\Minidump
2022-01-27 00:56 - 2020-06-29 02:03 - 000000000 ____D C:\Users\user\Documents\JAH
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2022-02-16 08:11
==================== End of FRST.txt ========================
.................................................................................................................................
Please also find pasted below the Addition Log details for 23.02.2022:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-02-2022 01
Ran by user (23-02-2022 00:51:03)
Running from C:\Users\user\Desktop
Microsoft Windows 7 Home PremiumService Pack 1 (X86) (2020-06-23 02:57:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3466160139-2617407507-2001755323-500 - Administrator - Disabled)
Guest (S-1-5-21-3466160139-2617407507-2001755323-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3466160139-2617407507-2001755323-1006 - Limited - Enabled)
user (S-1-5-21-3466160139-2617407507-2001755323-1000 - Administrator - Enabled) => C:\Users\user
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:- Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:- Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:- Microsoft) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Brave (HKLM\...\BraveSoftware Brave-Browser) (Version: 98.1.35.103 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.90 - Piriform)
Epic Privacy Browser (HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\Epic Privacy Browser) (Version: 91.0.4472.124 - Epic)
Getleft v1.2 (HKLM\...\Getleft_is1) (Version:- )
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{B29F8740-372B-312F-8EEE-18FF857CCBB8}) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual Basic/C++ Runtime (x86) (HKLM\...\{C5E3A69D-D391-45A6-A8FB-00B01E2B010D}) (Version: 1.1.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.5.0.8041 - Mozilla)
Mozilla Thunderbird (x86 en-GB) (HKLM\...\Mozilla Thunderbird 91.5.0 (x86 en-GB)) (Version: 91.5.0 - Mozilla)
Opera Stable 71.0.3770.271 (HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\Opera 71.0.3770.271) (Version: 71.0.3770.271 - Opera Software)
PDF Settings (HKLM\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Security Task Manager 2.4 (HKLM\...\Security Task Manager) (Version: 2.4 - Neuber Software)
Telegram Desktop version 3.1.8 (HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.1.8 - Telegram FZ-LLC)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VSDC Free Video Editor version 6.7.1.291 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.7.1.291 - Flash-Integro LLC)
WinRAR 5.91 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000_Classes\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\localserver32 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicUpdateOnDemand.exe (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
CustomCLSID: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Application\91.0.4472.124\notification_helper.exe (Hidden Reflex Authors) [File not signed]
CustomCLSID: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000_Classes\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\psuser.dll (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
CustomCLSID: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000_Classes\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\localserver32 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicUpdateOnDemand.exe (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
CustomCLSID: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000_Classes\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}\InprocServer32 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\psuser.dll (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
CustomCLSID: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000_Classes\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\localserver32 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicUpdateOnDemand.exe (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
CustomCLSID: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000_Classes\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\localserver32 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
CustomCLSID: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000_Classes\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\InprocServer32 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
CustomCLSID: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000_Classes\CLSID\{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}\localserver32 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicUpdateOnDemand.exe (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
CustomCLSID: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000_Classes\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] () [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2006-02-28 11:42 - 2006-02-28 11:42 - 000094208 _____ (Apple Computer, Inc.) [File not signed] C:\Program Files\Bonjour\mdnsNSP.dll
2022-01-03 17:17 - 2022-01-03 17:17 - 004748456 ____T (Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\goopdate.dll
2019-11-15 23:38 - 2019-02-22 19:46 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 11) (Whitelisted) ==========
HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
Filter: text/xml - No CLSID Value -
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:04 - 2021-07-26 18:13 - 000454574 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15603 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3466160139-2617407507-2001755323-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{58ADC0D7-1241-470D-95B4-92FDD36C8F23}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [UDP Query User{05F1777E-189B-4D1E-A41F-E004B735EA94}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{BC9066F9-54B7-44F3-A0E6-3F609566EB60}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Block) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [UDP Query User{654F3B89-6B6E-4B2B-8611-3EE81827DF9B}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Block) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{4C9975A5-A2D0-435A-A910-C1C5A6729BE1}C:\users\user\appdata\local\epic privacy browser\application\epic.exe] => (Block) C:\users\user\appdata\local\epic privacy browser\application\epic.exe (Hidden Reflex Authors) [File not signed]
FirewallRules: [UDP Query User{1ADC9478-EB2F-4A3F-AAD6-349F9562AD5A}C:\users\user\appdata\local\epic privacy browser\application\epic.exe] => (Block) C:\users\user\appdata\local\epic privacy browser\application\epic.exe (Hidden Reflex Authors) [File not signed]
FirewallRules: [{C15FF36A-A9F9-4AD3-B5E2-666F815E44CD}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Restore Points =========================
03-02-2022 05:56:36 Scheduled Checkpoint
10-02-2022 14:08:49 Scheduled Checkpoint
19-02-2022 17:13:44 Scheduled Checkpoint
20-02-2022 02:18:59 Windows Backup
20-02-2022 05:03:55 Removed CCleaner Update Helper
21-02-2022 21:59:54 Windows Backup
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/22/2022 11:51:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/21/2022 10:13:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ccleaner.exe, version: 5.90.0.9443, time stamp: 0x620a4259
Faulting module name: ccleaner.exe, version: 5.90.0.9443, time stamp: 0x620a4259
Exception code: 0x40000015
Fault offset: 0x00a0f92d
Faulting process id: 0x16a8
Faulting application start time: 0x01d8277031b23a6f
Faulting application path: C:\Program Files\CCleaner\ccleaner.exe
Faulting module path: C:\Program Files\CCleaner\ccleaner.exe
Report Id: 720c6a3b-9363-11ec-9410-001dba25ac5f
Error: (02/21/2022 09:51:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/20/2022 03:52:49 AM) (Source: ESENT) (EventID: 485) (User: )
Description: DllHost (4024) WebCacheLocal: An attempt to delete the file "C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".The delete file operation will fail with error -1032 (0xfffffbf8).
Error: (02/20/2022 03:52:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner.exe version 5.90.0.9443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e90
Start Time: 01d825fef0e979f9
Termination Time: 345
Application Path: C:\Program Files\CCleaner\CCleaner.exe
Report Id: eb5d9025-91f2-11ec-a101-001dba25ac5f
Error: (02/20/2022 02:29:20 AM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (1920) WebCacheLocal: Database recovery/restore failed with unexpected error -501.
Error: (02/20/2022 02:29:20 AM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (1920) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 309 (0x00000135). This logfile has been damaged and is unusable.
Error: (02/20/2022 02:29:20 AM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (1920) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 309 (0x00000135). This logfile has been damaged and is unusable.
System errors:
=============
Error: (02/23/2022 12:55:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
Error: (02/22/2022 11:49:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:47:47 on 22/02/2022 was unexpected.
Error: (02/22/2022 09:41:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (02/22/2022 09:40:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (02/22/2022 09:39:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (02/22/2022 09:38:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
Error: (02/22/2022 03:05:31 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (02/21/2022 10:08:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Windows Defender:
================
Date: 2021-09-14 18:24:06.130
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Full Scan
Date: 2021-07-22 17:34:40.277
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
Date: 2021-07-22 17:34:34.700
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
Event[0]:
Date: 2021-07-04 09:02:11.642
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.343.343.0
Previous Signature Version:1.341.1435.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.18300.4
Previous Engine Version:1.1.18200.4
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-07-04 09:02:11.642
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.18300.4
Previous Engine Version:1.1.18200.4
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-18 17:39:12.583
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0
Date: 2021-06-04 15:04:28.523
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.341.8.0
Previous Signature Version:1.339.1767.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.18200.4
Previous Engine Version:1.1.18100.6
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-04 15:04:28.523
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.18200.4
Previous Engine Version:1.1.18100.6
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
==================== Memory info ===========================
BIOS: American Megatrends Inc. R0190Y3 07/09/2008
Motherboard: Sony Corporation VAIO
Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 68%
Total physical RAM: 2939.04 MB
Available physical RAM: 925.48 MB
Total Virtual: 5876.44 MB
Available Virtual: 3752.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.56 GB) (Free:45.28 GB) NTFS
\\?\Volume{768ba92f-b4fc-11ea-86e8-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: A42D04A3)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
In addition I have attached the above FRST Log and Addition Log for 23.02.2022 as .txt files for completeness.
I would also like to point out in case it may be of some use that both the FRST Log and Addition Log for 23.02.2022 were produced and saved with the above content when the FRST program process had fully completed. Both Logs were automatically saved to my laptop's Desktop, since that is where I ran the FRST program itself and where I continue to have it located currently.
However, copies of both the same FRST Log and Addition Log .txt files for 23.02.2022 (full content pasted above), are also automatically produced and saved in the FRST Folder already existing on my C: Drive from past FRST program usage, and, only by chance, I noticed earlier something strange which I thought I should note here in case it is of some relevance; when opening the FRST folder on the C: Drive it shows the folder as most recently being Modified on 23.02.2022 which is correct since the logs would have been saved there.
However I noticed that it isn't just the Logs folder which is Modified as at 23.02.2022 but all of the files and folders contained within the entire FRST folder have got 23.02.2022 as the Modified date even thought they have not been touched or used in any way whatsoever.
I have attached an example screenshot to hopefully help show what I am trying to explain and that is a list of the folders and files contained within the 'Hives' folder in the FRST main folder. You will see that some of the files have Modified dates as e.g. 19.02.2022 or 22.02.2022 i.e. dates which are incorrect as I haven't Modified them I know for a fact on those dates since they are only over the last few days and so I would remember using the FRST program which I did not even go anywhere near using it for example click on the program by mistake, and therefore none of the files and folders contained and created as part of the FRST program should have had their properties information such as date Modified affected in anyway whatsoever.
What is even more strange is, as you will note in the screenshot as I kept open the 'components' Properties box which I opened when right clicking on the 'components' folder, to show the dates contained within it are that which are impossible to have occurred i.e. Created on 23.02.2022 but Modified on 19.02.2022 yet Accessed on 23.02.2022. The Created and Accessed dates also have exactly the same time next to the date. How could the file be Created today yet had some sort of Modified action done by 'someone' (or 'some-"thing"'), four days ago i.e. some thing which counted as a Modified action on the file done four days ago i.e. on the 19.02.2022 when the file itself is confirmed within the properties as not actually being in existence, not actually existing, as the file was not actually Created until today, 23.02.2022, and also is confirmed as last being Accessed in some way to have date stamped today's date, 23.02.2022 on the file properties Accessed date info.
I hope you can help and of course, should you require any further information or clarification, please do not hesitate to let me know.
Many thanks in advance,
Jenny
Edited by ILegacy, 23 February 2022 - 08:36 AM.
}})
George Washington
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Ducimus itaque, autem necessitatibus voluptate quod mollitia delectus aut, sunt placeat nam vero culpa sapiente consectetur similique, inventore eos fugit cupiditate numquam!