Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-07-2020 Ran by Admin (22-07-2020 16:56:31) Running from D:\Users\Hari\Desktop Windows 10 Pro Version 1909 18363.959 (X64) (2020-07-14 04:48:42) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-3076391084-2480122960-4283986350-1002 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-3076391084-2480122960-4283986350-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3076391084-2480122960-4283986350-503 - Limited - Disabled) Guest (S-1-5-21-3076391084-2480122960-4283986350-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3076391084-2480122960-4283986350-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 4.12 (HKLM\...\{E9B4998F-85C5-4694-B95F-2390B6E63756}) (Version: 4.12.5.3670 - Open Media LLC) Avidemux VC++ 64bits (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\{af708a33-16c4-431e-a527-5237bee3c9fc}) (Version: 2.7.6 - Mean) Avidemux VC++ 64bits (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\{c19f96f9-3acc-497f-b620-d7e5fa9c90ee}) (Version: 2.7.6 - Mean) Backup and Sync from Google (HKLM\...\{01D33BEA-673C-439C-A7C7-DE5B236DB842}) (Version: 3.50.3166.0017 - Google, Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.0.0.35798 - Foxit Software Inc.) Free MPG Player (HKLM-x32\...\{254E7ACE-402F-4CA4-951F-9C5F0B00AF1A}) (Version: 1.0.0 - Free MPG Player) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.40 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - ) Microsoft OneDrive (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 78.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 78.0.2 (x64 en-US)) (Version: 78.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.2 - Mozilla) MP4Tools v3.8 (HKLM-x32\...\MP4Tools_is1) (Version: - Thüring IT-Consulting) OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation) qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.) Telegram Desktop version 2.1.13 (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.1.13 - Telegram FZ-LLC) VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN) Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-07-14] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-07-14] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.7162.0_x64__8wekyb3d8bbwe [2020-07-21] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-07-16] (Microsoft Corporation) [MS Ad] Vodafone Mobile Broadband -> C:\Program Files\WindowsApps\VodafoneGroupServices.VodafoneMobileBroadband_2.10.46.0_x64__cx08jceyq9bcp [2020-07-15] (Vodafone Group Services) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-06-15] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-06-15] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-06-15] (Google LLC -> Google) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-06-15] (Google LLC -> Google) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-06-15] (Google LLC -> Google) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2020-07-14 11:08 - 2012-10-16 14:45 - 000119296 _____ () [File not signed] C:\Program Files (x86)\MP4Tools\bin\libgcc_s_dw2-1.dll 2020-07-14 11:08 - 2015-07-25 14:33 - 001047802 _____ () [File not signed] C:\Program Files (x86)\MP4Tools\bin\libstdc++-6.dll 2020-07-14 11:08 - 2019-02-21 08:13 - 032130560 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\MP4Tools\bin\avcodec-58.dll 2020-07-14 11:08 - 2019-02-21 08:13 - 006251520 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\MP4Tools\bin\avformat-58.dll 2020-07-14 11:08 - 2019-02-21 08:13 - 000656896 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\MP4Tools\bin\avutil-56.dll 2020-07-14 11:08 - 2019-02-21 08:13 - 000311808 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\MP4Tools\bin\swresample-3.dll 2020-07-14 11:08 - 2019-02-21 08:13 - 000516608 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\MP4Tools\bin\swscale-5.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2020-07-14 22:45 - 2020-07-14 22:42 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\IrfanView\IrfanView_Wallpaper.png DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\StartupApproved\Run: => "GoogleDriveSync" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{EC61361A-AF7E-4542-A63C-2070ECF7EADE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{897EA980-C35F-4857-B374-763F719E859F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{0E084088-F027-4C13-9A9D-C92059A68098}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] FirewallRules: [UDP Query User{C08B304D-896F-4937-8611-9884F04C29F8}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] FirewallRules: [TCP Query User{AB464DC2-7FF6-462B-9BE1-9939E5F60462}C:\program files\qbittorrent\qbittorrent.exe] => (Block) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] FirewallRules: [UDP Query User{82056258-88FA-4750-9727-D3D20F110219}C:\program files\qbittorrent\qbittorrent.exe] => (Block) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] ==================== Restore Points ========================= 20-07-2020 16:26:44 Scheduled Checkpoint 22-07-2020 13:17:21 Installed Free MPG Player ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (07/22/2020 04:40:18 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9468,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/22/2020 04:28:05 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7444,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/22/2020 04:18:48 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8752,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/22/2020 04:18:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: asrrealtimesrv.exe, version: 1.9.3.2, time stamp: 0x5f0dbdb3 Faulting module name: combase.dll, version: 10.0.18362.900, time stamp: 0x9e152c40 Exception code: 0xc0000005 Fault offset: 0x0011034c Faulting process id: 0x23e8 Faulting application start time: 0x01d66012cca3a18f Faulting application path: C:\Program Files (x86)\Advanced System Repair Pro 1.9.3.2.0\asrrealtimesrv.exe Faulting module path: C:\WINDOWS\System32\combase.dll Report Id: c532c3fa-075e-4f1e-9d33-e6ec19f46add Faulting package full name: Faulting package-relative application ID: Error: (07/22/2020 04:05:58 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9836,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/22/2020 03:57:30 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6524,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/22/2020 03:37:06 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8308,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (07/22/2020 03:24:14 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4712,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. System errors: ============= Error: (07/22/2020 10:45:51 AM) (Source: TPM) (EventID: 15) (User: ) Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer. Error: (07/21/2020 02:25:40 PM) (Source: TPM) (EventID: 15) (User: ) Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer. Error: (07/21/2020 09:05:42 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY) Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer. Error: (07/20/2020 09:02:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (07/20/2020 09:02:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (07/20/2020 09:02:31 PM) (Source: DCOM) (EventID: 10010) (User: PINKYPC) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (07/20/2020 02:53:38 PM) (Source: TPM) (EventID: 15) (User: ) Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer. Error: (07/20/2020 10:38:14 AM) (Source: DCOM) (EventID: 10010) (User: PINKYPC) Description: The server {0134A8B2-3407-4B45-AD25-E9F7C92A80BC} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2020-07-22 14:47:57.219 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Ransom:Win32/Sodinokibi.SK!MSR&threatid=2147760158&enterprise=0 Name: Ransom:Win32/Sodinokibi.SK!MSR ID: 2147760158 Severity: Severe Category: Ransomware Path: file:_D:\Users\Hari\Desktop\movie_75095_1080p_MPEG2\75095_VTS_tmp.srt Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.319.2024.0, AS: 1.319.2024.0, NIS: 1.319.2024.0 Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2 Date: 2020-07-22 14:43:49.338 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Ransom:Win32/Sodinokibi.SK!MSR&threatid=2147760158&enterprise=0 Name: Ransom:Win32/Sodinokibi.SK!MSR ID: 2147760158 Severity: Severe Category: Ransomware Path: file:_D:\Users\Hari\Desktop\movie_75095_1080p_MPEG2\75095_VTS_tmp.srt Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\System32\certutil.exe Security intelligence Version: AV: 1.319.2024.0, AS: 1.319.2024.0, NIS: 1.319.2024.0 Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2 Date: 2020-07-21 16:02:09.210 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {356B7C38-9094-42A3-96F8-3AC61AE83361} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-07-17 11:23:14.831 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {91B29CE0-077A-42AC-9359-BF77D91E0963} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-07-17 10:21:47.320 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {0C7A2B63-48AD-4F87-B920-090D8B689072} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-07-22 10:56:02.116 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.319.1939.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17200.2 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2020-07-19 10:39:04.153 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.319.1706.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17200.2 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2020-07-19 09:51:05.910 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.319.1706.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17200.2 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2020-07-14 12:44:48.925 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.319.1375.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17200.2 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. ==================== Memory info =========================== BIOS: Insyde Corp. V1.37 02/16/2016 Motherboard: Acer ZORO_BH Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 89% Total physical RAM: 4016.42 MB Available physical RAM: 405.16 MB Total Virtual: 6523.15 MB Available Virtual: 951.24 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:243.65 GB) (Free:129.48 GB) NTFS Drive d: (Data) (Fixed) (Total:341.8 GB) (Free:171.26 GB) NTFS Drive e: () (Fixed) (Total:345.57 GB) (Free:98.89 GB) NTFS \\?\Volume{f7b2add7-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F7B2ADD7) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=243.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================