Start::
O4 - HKUS\S-1-5-19\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000
O4 - HKUS\S-1-5-20\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000
IE Restricted Site Good: webcompanion.com
O4 - GS\CommonDesktop [Public]: File Magic.lnk . (.Solvusoft Corporation - FileMagic.) C:\Program Files\File Magic\FileMagic.exe  
O17 - HKLM\System\CCS\Services\Tcpip\..\{03d3df5e-2974-4002-a37c-69f709e775d5}: NameServer = 82.163.143.146,82.163.142.148
O17 - HKLM\System\CCS\Services\Tcpip\..\{07ed73fd-c258-4761-bdef-a6b8acc2253b}: NameServer = 82.163.143.146,82.163.142.148
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:Web Companion
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:AvastBrowserAutoLaunch_018BE0419A1FB51785C82A6408AC86F3
[HKEY_USERS\S-1-5-21-2155290971-1816436987-1419378802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:Web Companion
[HKEY_USERS\S-1-5-21-2155290971-1816436987-1419378802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:AvastBrowserAutoLaunch_018BE0419A1FB51785C82A6408AC86F3
HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\csastats
HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su
HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
HKCU\Software\Lavasoft\Web Companion
HKCU\Software\csastats
HKCU\Software\undefined
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
HKLM\SOFTWARE\Wow6432Node\IObit\RealTimeProtector
HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare
HKLM\SOFTWARE\Wow6432Node\IObit\ASC
HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion
HKLM\SOFTWARE\Lavasoft\Web Companion
HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
HKLM\SOFTWARE\IObit\RealTimeProtector
HKLM\SOFTWARE\IObit\Advanced SystemCare
HKLM\SOFTWARE\Iobit\ASC
HKLM\SOFTWARE\029c4619-0385-5543-9426-46f9987161d9
HKLM\SOFTWARE\WOW6432Node\Microleaves
HKCU\SOFTWARE\681da0eb-374d-5be1-94a8-a3b514928885
HKCU\SOFTWARE\DC3_FEXEC
HKCU\SOFTWARE\FastDataX
HKCU\SOFTWARE\Squeaky Wheel
HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\SOFTWARE\681da0eb-374d-5be1-94a8-a3b514928885
HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\SOFTWARE\DC3_FEXEC
HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\SOFTWARE\FastDataX
HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\SOFTWARE\Squeaky Wheel
HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\SOFTWARE\undefined
O90 - PUC: "436F6625D7B77354DBCD89DDC6CFAB1A" [HKLM] . (.Online Application.) -- C:\WINDOWS\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe
HKLM\SOFTWARE\Microsoft\Tracing\svchost_RASCHAP
C:\Users\couli\AppData\Roaming\Mozilla\Firefox\Profiles\kpwwegsq.default\searchplugins\bing-lavasoft-ff59.xml
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FastDataX_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastDataX_is1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn-Time
C:\Program Files\Homeville
C:\Program Files\KMSpico
C:\Program Files (x86)\FastDataX
C:\Program Files (x86)\Microleaves
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
C:\Users\couli\AppData\Roaming\dclogs
C:\Users\couli\AppData\Roaming\DiskDefrag
C:\Users\couli\AppData\Roaming\Microleaves
C:\Users\couli\AppData\Roaming\VirusMaker
C:\Users\couli\AppData\Local\Popcorn-Time
C:\Users\couli\AppData\Local\SlimWare Utilities Inc
C:\Users\couli\AppData\Local\Solvusoft_Corporation
C:\Users\couli\AppData\LocalLow\Squeaky Wheel
C:\Users\couli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}
HKLM\Software\Wow6432Node\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObit Malware Fighter
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUnstaler
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\IObitUnstaler
HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObit Malware Fighter
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUnstaler
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUnstaler
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\VMDiskMenuHandler
HKLM\Software\Classes\CLSID\{271DC252-6FE1-4D59-9053-E4CF50AB99DE}
C:\WINDOWS\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe
HKLM\SOFTWARE\Wow6432Node\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
HKLM\SOFTWARE\Wow6432Node\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
C:\WINDOWS\Installer\2c5b1ca.msi
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASCHAP
C:\Users\couli\AppData\Local\Temp\mat-debug-10172.log
C:\Users\couli\AppData\Local\Temp\mat-debug-20532.log
C:\Users\couli\AppData\Local\Temp\mat-debug-24100.log
C:\Users\couli\AppData\Local\Temp\mat-debug-24316.log
C:\Users\couli\AppData\Local\Temp\mat-debug-5724.log
ADS PrÃ©sent [:com.dropbox.attrs] C:\Users\couli\Downloads\20200310_221354.jpg:com.dropbox.attrs
ADS PrÃ©sent [:com.dropbox.attrs] C:\Users\couli\Downloads\20200310_221444.jpg:com.dropbox.attrs
ADS PrÃ©sent [:com.dropbox.attrs] C:\Users\couli\Downloads\20200310_221556.jpg:com.dropbox.attrs
ADS PrÃ©sent [:com.dropbox.attrs] C:\Users\couli\Downloads\PL.7z:com.dropbox.attrs
HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\csastats
HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su
HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
HKCU\Software\Lavasoft\Web Companion
HKCU\Software\csastats
HKCU\Software\undefined
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
HKLM\SOFTWARE\Wow6432Node\IObit\RealTimeProtector
HKLM\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare
HKLM\SOFTWARE\Wow6432Node\IObit\ASC
HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion
HKLM\SOFTWARE\Lavasoft\Web Companion
HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
HKLM\SOFTWARE\IObit\RealTimeProtector
HKLM\SOFTWARE\IObit\Advanced SystemCare
HKLM\SOFTWARE\Iobit\ASC
C:\Users\couli\AppData\Roaming\Mozilla\Firefox\Profiles\kpwwegsq.default\invalidprefs.js
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.ApplicationCompany
C:\Program Files\File Magic\FileMagic.exe
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files\File Magic\FileMagic.exe.FriendlyAppName =>SUP.Optional.Solvusoft
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files\File Magic\FileMagic.exe.ApplicationCompany =>SUP.Optional.Solvusoft
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:D:\BlueStacks\BlueStacks\Client\Bluestacks.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:D:\BlueStacks\BlueStacks\Client\Bluestacks.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\couli\AppData\Local\WhatsApp\app-2.2025.7\WhatsApp.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\couli\AppData\Local\WhatsApp\app-2.2025.7\WhatsApp.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\68.0.3618.173\opera.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\68.0.3618.173\opera.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\69.0.3686.95\opera.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\69.0.3686.95\opera.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\couli\Downloads\DpFileList Generator 2020 v1.0\DpFileList Generator 2020 v1.0\DpFileList Generator.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\71.0.3770.198\opera.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\71.0.3770.198\opera.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\71.0.3770.284\opera.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\71.0.3770.284\opera.exe.ApplicationCompany
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.FriendlyAppName
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.ApplicationCompany
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files\File Magic\FileMagic.exe.FriendlyAppName =>SUP.Optional.Solvusoft
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files\File Magic\FileMagic.exe.ApplicationCompany =>SUP.Optional.Solvusoft
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:D:\BlueStacks\BlueStacks\Client\Bluestacks.exe.FriendlyAppName
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:D:\BlueStacks\BlueStacks\Client\Bluestacks.exe.ApplicationCompany
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\couli\AppData\Local\WhatsApp\app-2.2025.7\WhatsApp.exe.FriendlyAppName
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\couli\AppData\Local\WhatsApp\app-2.2025.7\WhatsApp.exe.ApplicationCompany
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\68.0.3618.173\opera.exe.FriendlyAppName
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\68.0.3618.173\opera.exe.ApplicationCompany
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\69.0.3686.95\opera.exe.FriendlyAppName
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\69.0.3686.95\opera.exe.ApplicationCompany
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe.FriendlyAppName
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe.ApplicationCompany
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\couli\Downloads\DpFileList Generator 2020 v1.0\DpFileList Generator 2020 v1.0\DpFileList Generator.exe.FriendlyAppName
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\71.0.3770.198\opera.exe.FriendlyAppName
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\71.0.3770.198\opera.exe.ApplicationCompany
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\71.0.3770.284\opera.exe.FriendlyAppName
[HKU\S-1-5-21-2155290971-1816436987-1419378802-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\users\couli\appdata\local\programs\opera\71.0.3770.284\opera.exe.ApplicationCompany
C:\Windows\SysWOW64\SSL
C:\Users\couli\AppData\LocalLow\IObit\Advanced SystemCare
C:\Users\couli\AppData\Roaming\IObit\Advanced SystemCare
C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
C:\ProgramData\IObit\Advanced SystemCare
C:\ProgramData\Application Data\IObit\ASCDownloader
C:\ProgramData\IObit\ASCDownloader
trojan-fynloski/
[1121E1CE57747D3AA0E2D8A055EE1FA5696D] [22/02/2017] (.GOLD CLICK LIMITED.) - C:\Program Files (x86)\ProxyGate\MainService.exe
[1121E1CE57747D3AA0E2D8A055EE1FA5696D] [22/02/2017] (.GOLD CLICK LIMITED.) - C:\Program Files (x86)\ProxyGate\PGChk.exe
[1121E1CE57747D3AA0E2D8A055EE1FA5696D] [22/08/2016] (.GOLD CLICK LIMITED.) - C:\Program Files (x86)\ProxyGate\Cloud.exe
[59C83F99C96761FA39E5C07FDA2AC755] [04/06/2019] (.SOLVUSOFT CORPORATION.) - C:\Program Files\File Magic\FileMagic.exe
[59C83F99C96761FA39E5C07FDA2AC755] [28/03/2020] (.SOLVUSOFT CORPORATION.) - C:\Program Files\File Magic\unins000.exe
EmptyPrefetch
EmptyClsid