Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop hangs often [Solved]

Firefox Chrome Kaspersky CCleaner

  • This topic is locked This topic is locked

#1
Hari Prahlad

Hari Prahlad

    Member

  • Member
  • PipPipPip
  • 274 posts

My laptop hangs often.  I use Chrome or Firefox as my browsers.  The problem exists no matter what browser I use.  I recently changed my existing RAM because of rust; I live near the beach.  I'm attaching FRST and Addition.txt files.  Kindly go through at your earliest opportunity.

Thanks in advance for your time and expertise.

Hari

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by Admin (administrator) on PINKYPC (Acer Aspire E5-573) (09-03-2021 09:38:14)
Running from D:\Users\Hari\Desktop
Loaded Profiles: Admin & HKP
Platform: Windows 10 Pro Version 2004 19041.508 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe <2>
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\plugins_nms.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksdeui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.740_none_e752aa59261f271f\TiWorker.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14049536 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe [659976 2020-08-24] (Kaspersky Lab -> AO Kaspersky Lab)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.82\Installer\chrmstp.exe [2021-03-07] (Google LLC -> Google LLC)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Desktop.lnk [2020-11-11]
ShortcutTarget: Facebook Desktop.lnk -> C:\Program Files (x86)\facebook\Facebook.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Internet Security.lnk [2020-09-23]
ShortcutTarget: Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\avpui.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-09-23]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23BB1C95-11C8-4569-86B0-E37C0807DC2A} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2020-11-07] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {697FC4F7-25D7-40D1-AC40-B71C0DA3495F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-17] (Google LLC -> Google LLC)
Task: {82599E7F-D9D0-4E63-8A31-BB3039439681} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
Task: {86FC3E9E-4270-4B9B-A0C6-05E4285690E4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8D373100-8521-4F1F-A140-3C208AD0F6F9} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [6977272 2020-10-30] (Ratiborus MSFree Inc. -> MSFree Inc.) [File not signed]
Task: {A20EAE08-5CF3-437F-B5FA-2D094B490F84} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {A3E106E5-6FB5-4DBC-A095-9046A04338EE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {D8E8C76C-2743-4EE3-8119-747CEB56D454} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-17] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{204c116b-6fd7-4c3b-9e48-c2e7e4617036}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{81111830-bb22-49f9-aff4-e32e13b38852}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{c23d7450-894e-4fc3-bf70-ee1640bd876d}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-03]
Edge Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-02-07]
Edge Extension: (myTube! Companion) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cbfmaiojcgociaafdiagpdhhhflgmnch [2020-12-07]
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2021-03-03]
Edge HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKU\S-1-5-21-3076391084-2480122960-4283986350-1004\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

FireFox:
========
FF DefaultProfile: utnvbqjy.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\utnvbqjy.default [2020-09-23]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bk6gdjjl.default-release-1612322717294 [2021-03-09]
FF Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bk6gdjjl.default-release-1612322717294\Extensions\[email protected] [2021-02-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\utnvbqjy.default\extensions\staged\[email protected]
FF Extension: (SaveFrom.net helper) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\utnvbqjy.default\extensions\staged\[email protected] [2020-01-14] [UpdateUrl:hxxps://download.sf-helper.com/mozilla/updates.json]
FF HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\Firefox\Extensions: [[email protected]] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\utnvbqjy.default\extensions\staged\[email protected]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-25] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-09-24] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-09-24] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2021-03-09]
CHR DownloadDir: D:\Users\Hari\Desktop\Downloads Chrome
CHR Notifications: Default -> hxxps://babylonbee.com; hxxps://deadstate.org; hxxps://listenmusic.fun; hxxps://matswhyask.cam; hxxps://mewe.com; hxxps://nypost.com; hxxps://thepiratebay.org; hxxps://thewire.in; hxxps://web.whatsapp.com; hxxps://www.accuweather.com; hxxps://www.hindustantimes.com; hxxps://www.ndtv.com; hxxps://www.rawstory.com; hxxps://www.telegraphindia.com; hxxps://www.thenewsminute.com; hxxps://www.thewrap.com
CHR HomePage: Default -> hxxps://homepage-web.com/?s=acer&m=home
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://homepage-web.com/?s=acer&m=start"
CHR DefaultSearchURL: Default -> hxxps://192.168.1.240/bahmni/favicon.ico
CHR Extension: (Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-23]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-02-21]
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-23]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-02-04]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-23]
CHR Extension: (OpenERP) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapopdbfnfhcgfdldoielojfiidmecaj [2020-10-31]
CHR Extension: (Volume Booster) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkiikneibegknkgimmihdpcbcedgmpo [2021-03-07]
CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2021-01-22]
CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-23]
CHR Extension: (Sound Booster) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fncadplkibohomhpfeefbcohaooabokm [2020-10-31]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-02-27]
CHR Extension: (Ultimate Volume Booster) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcfnhafpadfnabbnjnhdfdacolpmdbjo [2020-12-26]
CHR Extension: (Save to Facebook) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2020-10-31]
CHR Extension: (Anti-Phishing & Authenticity Checker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggehmlfnempkheebgikhmemhnnpacle [2020-10-31]
CHR Extension: (Video Downloader PLUS) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgehaondchbmjmajphnhlojfnbfokng [2021-02-20]
CHR Extension: (Bahmni Home) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlejgcccohmalhjkncfcbnbekihgnnmg [2020-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Smallpdf - Edit, Compress and Convert PDF) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfgljdgelakfkefopgklcohadegdpjf [2021-02-10]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-07]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo]
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-09] (philandro Software GmbH -> philandro Software GmbH)
R2 AVP21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\avp.exe [381928 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 klvssbridge64_21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\x64\vssbridge64.exe [467352 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [351424 2020-12-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe [644264 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5097896 2020-09-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\ProgramData\Kingsoft\office6\wpscloudsvr.exe [1482496 2020-10-28] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [251608 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110392 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [212280 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [127288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37496 2020-10-21] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [523576 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [659768 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1341232 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.2\Bases\klids.sys [245280 2021-02-16] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1025336 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [95544 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [97080 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2020-10-21] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [257208 2020-10-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2020-09-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [310232 2021-01-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116888 2021-01-14] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [207352 2020-10-28] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [153400 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [250168 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300856 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2020-05-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [55904 2019-06-26] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [20496 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49552 2021-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [419040 2021-02-15] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-15] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
U1 aswbdisk; no ImagePath
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
S2 MsLldp; system32\drivers\mslldp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-09 08:16 - 2021-03-09 08:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-05 11:29 - 2021-03-05 11:29 - 000001366 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2021-03-05 11:29 - 2021-03-05 11:29 - 000001366 _____ C:\ProgramData\Desktop\YTD Video Downloader.lnk
2021-03-05 11:29 - 2021-03-05 11:29 - 000000000 ____D C:\ProgramData\YTD Video Downloader
2021-03-05 11:29 - 2021-03-05 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2021-03-05 11:29 - 2021-03-05 11:29 - 000000000 ____D C:\Program Files (x86)\GreenTree Applications
2021-02-20 12:05 - 2021-02-27 08:33 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-20 10:52 - 2021-02-20 10:52 - 000001155 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2021-02-20 10:52 - 2021-02-20 10:52 - 000001155 _____ C:\ProgramData\Desktop\Kaspersky VPN.lnk
2021-02-20 10:52 - 2021-02-20 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-09 09:56 - 2019-12-07 14:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-09 09:42 - 2020-01-11 18:17 - 000000000 ____D C:\FRST
2021-03-09 08:59 - 2020-07-22 15:32 - 000000000 ___HD C:\$WinREAgent
2021-03-09 08:59 - 2019-12-07 14:33 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-09 08:50 - 2020-08-25 10:32 - 000000000 ____D C:\Program Files\CCleaner
2021-03-09 08:46 - 2020-07-14 10:45 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-09 08:45 - 2019-06-10 08:10 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2021-03-09 08:41 - 2020-10-18 11:07 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-09 08:41 - 2020-07-23 10:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-09 08:41 - 2020-07-23 10:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-09 08:41 - 2020-07-14 09:45 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-03-09 08:41 - 2019-06-09 20:01 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2021-03-09 08:26 - 2020-07-23 10:14 - 000000000 ____D C:\Users\Admin
2021-03-09 08:25 - 2020-09-02 06:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-09 08:25 - 2020-07-14 10:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-09 08:16 - 2020-07-14 10:45 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-09 08:09 - 2020-09-23 15:03 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2021-03-08 09:07 - 2020-10-18 09:06 - 000000000 ____D C:\Users\HKP
2021-03-08 08:30 - 2019-12-07 14:44 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-08 08:30 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-07 11:09 - 2020-07-23 11:00 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-07 11:09 - 2020-07-23 11:00 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-03-07 11:09 - 2020-07-23 11:00 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-03-07 08:52 - 2020-07-21 09:06 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-07 08:52 - 2020-07-21 09:06 - 000002259 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-03-07 08:52 - 2020-07-21 09:06 - 000002259 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-06 20:03 - 2020-08-25 10:32 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-06 07:43 - 2018-11-14 22:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-03-05 20:34 - 2019-12-07 14:33 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-05 18:53 - 2020-07-18 07:49 - 000000000 ____D C:\Users\Admin\AppData\Roaming\qBittorrent
2021-03-05 17:38 - 2020-07-14 12:44 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2021-03-05 10:46 - 2020-10-28 10:29 - 000000794 _____ C:\Users\Public\Desktop\Bandicut.lnk
2021-03-05 10:46 - 2020-10-28 10:29 - 000000794 _____ C:\ProgramData\Desktop\Bandicut.lnk
2021-03-05 10:45 - 2020-10-28 10:29 - 000000000 ____D C:\Program Files\Bandicut
2021-03-05 10:36 - 2019-12-07 14:43 - 000000000 ____D C:\WINDOWS\INF
2021-03-05 09:05 - 2021-01-14 19:14 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Signal
2021-03-04 18:18 - 2020-07-23 10:34 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 18:18 - 2020-07-23 10:34 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-03 18:48 - 2020-07-17 15:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-03 18:41 - 2020-07-17 15:52 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-03 10:12 - 2020-07-25 14:38 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2021-03-02 12:30 - 2019-12-07 14:33 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-02 10:02 - 2020-11-02 16:47 - 000000000 ____D C:\ProgramData\KMSAutoS
2021-02-28 16:35 - 2020-07-23 10:34 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3076391084-2480122960-4283986350-1002
2021-02-28 16:35 - 2020-07-23 10:14 - 000002367 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-28 16:35 - 2019-06-10 08:09 - 000000000 ___RD C:\Users\Admin\OneDrive
2021-02-28 16:33 - 2020-08-24 12:47 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-27 15:39 - 2020-07-14 11:25 - 000000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2021-02-27 09:07 - 2020-08-25 10:32 - 000000823 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-02-27 09:07 - 2020-08-25 10:32 - 000000823 _____ C:\ProgramData\Desktop\CCleaner.lnk
2021-02-27 09:07 - 2020-07-21 09:52 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Telegram Desktop
2021-02-27 09:07 - 2020-07-21 09:52 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2021-02-24 06:14 - 2020-07-23 10:24 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-22 18:30 - 2020-12-07 10:47 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-20 10:52 - 2020-09-23 20:41 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-02-20 10:52 - 2020-08-18 10:04 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-02-20 10:52 - 2020-07-24 07:48 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2021-02-16 12:47 - 2020-08-24 12:45 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-02-15 09:01 - 2020-07-14 10:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-14 10:29 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-12 08:19 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-10 15:33 - 2020-08-24 12:49 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories ========

2020-09-17 11:19 - 2020-09-17 12:52 - 000000716 ____H () C:\Users\Admin\AppData\Roaming\{B9E01A73-D7B6-12D6-F7C5-24046901C3E8}
2020-11-01 15:38 - 2020-11-01 15:38 - 000000000 _____ () C:\Users\Admin\AppData\Local\{B1B51752-1266-41A0-A4B0-AC72333324DC}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Admin (09-03-2021 09:59:21)
Running from D:\Users\Hari\Desktop
Windows 10 Pro Version 2004 19041.508 (X64) (2020-07-23 05:05:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-3076391084-2480122960-4283986350-1002 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3076391084-2480122960-4283986350-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3076391084-2480122960-4283986350-503 - Limited - Disabled)
Guest (S-1-5-21-3076391084-2480122960-4283986350-501 - Limited - Disabled)
HKP (S-1-5-21-3076391084-2480122960-4283986350-1004 - Administrator - Enabled) => C:\Users\HKP
WDAGUtilityAccount (S-1-5-21-3076391084-2480122960-4283986350-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
FW: Kaspersky Internet Security (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20142 - Adobe Systems Incorporated)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.3 - philandro Software GmbH)
Avidemux VC++ 64bits (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\{af708a33-16c4-431e-a527-5237bee3c9fc}) (Version: 2.7.6 - Mean)
Bandicut (HKLM-x32\...\Bandicut) (Version: 3.6.3.652 - Bandicam.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.1.37576 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.82 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
HandBrake 1.3.3 (HKLM-x32\...\HandBrake) (Version: 1.3.3 - )
IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan)
Kaspersky Internet Security (HKLM-x32\...\{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky VPN (HKLM-x32\...\{221FA56C-0A92-4E58-98FD-CAF82237540C}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{221FA56C-0A92-4E58-98FD-CAF82237540C}) (Version: 21.2.16.590 - Kaspersky)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 en-US) (HKLM\...\Mozilla Firefox 86.0 (x64 en-US)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.2 - Mozilla)
MP4Tools v3.8 (HKLM-x32\...\MP4Tools_is1) (Version:  - Thüring IT-Consulting)
qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Signal 1.40.1 (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 1.40.1 - Open Whisper Systems)
Telegram Desktop version 2.6.1 (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.6.1 - Telegram FZ-LLC)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
YTD Video Downloader 5.9.18 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.9.18 - GreenTree Applications SRL) <==== ATTENTION

Packages:
=========
7-Zip File Manager (Unofficial) -> C:\Program Files\WindowsApps\HaukeGtze.7-ZipFileManagerUnofficial_1.1900.3.0_x64__6bk20wvc8rfx2 [2020-09-17] (Hauke Hasselberg)
freda epub ebook reader -> C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.38.0.0_x64__ypmq2qh89vmny [2021-01-15] (Turnipsoft)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-09] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-01-11] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-21] (Microsoft Corporation)
Vodafone Mobile Broadband -> C:\Program Files\WindowsApps\VodafoneGroupServices.VodafoneMobileBroadband_2.10.46.0_x64__cx08jceyq9bcp [2020-07-15] (Vodafone Group Services)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3076391084-2480122960-4283986350-1002_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\x64\shellex.dll [2020-11-07] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\x64\shellex.dll [2020-11-07] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\x64\shellex.dll [2020-11-07] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\x64\shellex.dll [2020-11-07] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1_S-1-5-21-3076391084-2480122960-4283986350-1002: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-3076391084-2480122960-4283986350-1002: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-07-14 22:45 - 2020-09-21 17:08 - 000000828 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\IrfanView\IrfanView_Wallpaper.png
HKU\S-1-5-21-3076391084-2480122960-4283986350-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\StartupApproved\StartupFolder: => "startup.exe"
HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\StartupApproved\Run: => "kpm.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{897EA980-C35F-4857-B374-763F719E859F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EC61361A-AF7E-4542-A63C-2070ECF7EADE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2BCE7B29-2AEE-4A62-88FC-A23671F697F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C231C83A-44A6-448B-8DAE-B4313014E25E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{212D1384-9932-4514-8EEE-4CC89F0034D8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C03AFBAE-0E58-43C6-A47B-25384B579B0B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{26E996A4-5F15-48EA-BA31-D7A8FBBC51C9}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{9336D091-4568-417F-B800-D94165BF9C97}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{6C8BC830-2543-4BF5-BAA4-8A001051DAC1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{7B082CFA-892C-4C3F-95FB-CCC01A3FCDD2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{B627FF28-6B36-41B9-AFF6-1153353B8128}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{39FB9652-45C0-4158-B2C3-6F75BB90EE6B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{4F5950D9-669E-4FDD-82CD-7BC5E76135B9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{769D80C9-AD59-4103-A763-510B1518ED56}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{0405A4F8-9B7D-415A-BD83-0DC35CB8C72B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{F0BC19B3-C32F-4770-9E93-BE8940F081B0}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{E18A98DA-BCE8-417E-9A59-6CF67E149B9C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================

06-03-2021 14:05:46 Windows Modules Installer
07-03-2021 08:55:00 Windows Modules Installer
07-03-2021 16:47:33 Windows Modules Installer
08-03-2021 08:57:33 Windows Modules Installer
08-03-2021 16:07:39 Windows Modules Installer
09-03-2021 09:00:28 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HD WebCam
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/09/2021 08:16:50 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (3980,G,0) An attempt to open the file "C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (03/09/2021 08:14:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.77.0.8448 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4f8

Start Time: 01d7148db3afad55

Termination Time: 11

Application Path: C:\Program Files\CCleaner\CCleaner64.exe

Report Id: 39324329-cc8a-438e-affc-501db6bc8114

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-thread

Error: (03/08/2021 12:32:31 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (03/08/2021 09:41:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.488 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1bec

Start Time: 01d713c704d0bc5f

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 7578f41d-d84b-4af0-b52d-d48b475b395c

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (03/08/2021 09:25:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.19041.508, time stamp: 0x5c5723e6
Faulting module name: ntdll.dll, version: 10.0.19041.488, time stamp: 0x70e69bad
Exception code: 0xc0000005
Fault offset: 0x0000000000045e16
Faulting process id: 0x1880
Faulting application start time: 0x01d713c7a2a34c0a
Faulting application path: C:\WINDOWS\system32\wuauclt.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8037e11d-beb4-41a8-8308-32e6d9f87620
Faulting package full name:
Faulting package-relative application ID:

Error: (03/08/2021 09:23:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program svchost.exe version 10.0.19041.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: b60

Start Time: 01d713c6e6ec1a62

Termination Time: 4294967295

Application Path: C:\Windows\System32\svchost.exe

Report Id: 9133c251-c24f-48d3-9243-4401d7f56477

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (03/07/2021 10:58:19 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (03/07/2021 10:58:19 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (03/09/2021 09:37:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f081f: Feature update to Windows 10, version 20H2.

Error: (03/09/2021 08:54:27 AM) (Source: DCOM) (EventID: 10010) (User: PINKYPC)
Description: The server {94269C4E-071A-4116-90E6-52E557067E4E} did not register with DCOM within the required timeout.

Error: (03/09/2021 08:43:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MsLldp service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/09/2021 08:41:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MsLldp service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/09/2021 08:41:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MsLldp service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/09/2021 08:41:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MsLldp service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/09/2021 08:41:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/09/2021 08:41:04 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.


Windows Defender:
================
Date: 2021-02-24 17:07:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-15 10:09:48
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-09-23 18:13:40
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-04 07:50:54
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.2296.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-02-15 08:26:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1746.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17500.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-02-15 08:09:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1746.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17500.4
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2021-02-15 08:09:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1746.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17500.4
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2021-02-14 11:04:30
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1746.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17500.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2021-03-09 08:47:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2021-03-09 08:45:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.37 02/16/2016
Motherboard: Acer ZORO_BH
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 78%
Total physical RAM: 4016.42 MB
Available physical RAM: 872.18 MB
Total Virtual: 7744.67 MB
Available Virtual: 2460.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:243.65 GB) (Free:50.03 GB) NTFS
Drive d: (Data) (Fixed) (Total:341.8 GB) (Free:135.5 GB) NTFS
Drive e: () (Fixed) (Total:345.57 GB) (Free:45.51 GB) NTFS
Drive g: () (Removable) (Total:0 GB) (Free:0 GB)

\\?\Volume{f7b2add7-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F7B2ADD7)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt =======================

Attached Files


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, Hari Prahlad.
 
You have KMSAutoS installed on your computer. This is used to illegally activate Microsoft's products, such as Windows or Office. If the case is regarding the operating system, I cannot help you, unless you legally activate your Windows. If the case is regarding Office, my instructions will remove it, and this means that your Office will stop being activated and therefore it will stop working properly. You will have to agree with this in order to proceed.

 

Let's check the operating system first.

  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.

  • 0

#3
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 274 posts

 

Hi, Hari Prahlad.
 
You have KMSAutoS installed on your computer. This is used to illegally activate Microsoft's products, such as Windows or Office. If the case is regarding the operating system, I cannot help you, unless you legally activate your Windows. If the case is regarding Office, my instructions will remove it, and this means that your Office will stop being activated and therefore it will stop working properly. You will have to agree with this in order to proceed.

 

Let's check the operating system first.

  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.

 

Thanks.  Will do as instructed.  All software products are installed by my comp guy.  If something is illegally installed, I have no hassles in having it removed.  I can always find another comp guy if something conks out.


  • 0

#4
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 274 posts

 

Hi, Hari Prahlad.
 
You have KMSAutoS installed on your computer. This is used to illegally activate Microsoft's products, such as Windows or Office. If the case is regarding the operating system, I cannot help you, unless you legally activate your Windows. If the case is regarding Office, my instructions will remove it, and this means that your Office will stop being activated and therefore it will stop working properly. You will have to agree with this in order to proceed.

 

Let's check the operating system first.

  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.

 

Hi,

Is this it?
 

Attached Thumbnails

  • gtg1.JPG

  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, Hari P.
 
Yes, this is the screenshot. It seems that the operating system is OK, so possibly the issue is with your Microsoft Office Professional Plus 2010. Therefore, my instructions below may affect its activation.
 
Since you are fine with the procedure, let's start.

 
First, some guidelines I would like you to have in mind.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
=================================
 
My comments/instructions regarding your logs:

1. P2P programs

You have qBittorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 2 below.

 

2. Uninstall programs
 
YTD Video Downloader is detected by some tools as PUP, meaning potentially unwanted program which behaves like adware. These adware applications display advertisements not originating from the sites you are browsing. I recommend you to uninstall it.
 
Note: Here is some information about this program.

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
YTD Video Downloader
  • Select the above program and click Uninstall.
  • Restart the computer.

 

3. Notifications from Chrome
 
Did you intentionally enable notifications from these sites?

hxxps://babylonbee.com; 
hxxps://deadstate.org; 
hxxps://listenmusic.fun; 
hxxps://matswhyask.cam; 
hxxps://mewe.com; 
hxxps://nypost.com; 
hxxps://thepiratebay.org; 
hxxps://thewire.in; 
hxxps://web.whatsapp.com; 
hxxps://www.accuweather.com; 
hxxps://www.hindustantimes.com; 
hxxps://www.ndtv.com; 
hxxps://www.rawstory.com; 
hxxps://www.telegraphindia.com; 
hxxps://www.thenewsminute.com; 
hxxps://www.thewrap.com

 
4. Preferences
 
You have homepage-web.com as your default Chrome Home page. Have you intentionally set it as such? Although homepage-web.com is presented as a legitimate website that can be used as a homepage or default search engine, it is distributed using a deceptive free software marketing method called 'bundling' - stealth installation of third-party apps together with the chosen software.
 
Also, your default search engine is bahmni/favicon.ico. Is this intentionally set?
 
 
5. FRST fix


NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1_S-1-5-21-3076391084-2480122960-4283986350-1002: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-3076391084-2480122960-4283986350-1002: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} =>  -> No File
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
U1 aswbdisk; no ImagePath
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
S2 MsLldp; system32\drivers\mslldp.sys [X]
C:\ProgramData\KMSAutoS
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Desktop.lnk [2020-11-11]
ShortcutTarget: Facebook Desktop.lnk -> C:\Program Files (x86)\facebook\Facebook.exe (No File)
Task: {8D373100-8521-4F1F-A140-3C208AD0F6F9} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [6977272 2020-10-30] (Ratiborus MSFree Inc. -> MSFree Inc.) [File not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-09-24] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-09-24] <==== ATTENTION
C:\Users\Public\Desktop\YTD Video Downloader.lnk
C:\ProgramData\Desktop\YTD Video Downloader.lnk
C:\ProgramData\YTD Video Downloader
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
C:\Program Files (x86)\GreenTree Applications
C:\Users\Admin\AppData\Roaming\{B9E01A73-D7B6-12D6-F7C5-24046901C3E8}
C:\Users\Admin\AppData\Local\{B1B51752-1266-41A0-A4B0-AC72333324DC}
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please attach the log in your next reply.

 

 

In your next reply please post:

 

1. Your reply about the Chrome notifications

2. Your reply about the default home page and search engine

3. The fixlog.txt

 

 


  • 0

#6
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 274 posts

Hi DR M, many thanks for your reply.

1. I would prefer to retain QBittorrent.  When not in use, I end the process via Task Manager.  Is that okay or would you recommend removal?
2. The notifications from Chrome are intentional.
3. I have NOT set the default Chrome home page or search engine.  Can I reset it to Google?
4. YTD Videodownloader has been uninstalled.
5. I have only 3 Firefox windows open, yet Task Manger shows 6.  Please see attachment.
5. Fixlog.txt is yet to appear in spite of following your instructions verbatim. Please see attachment. Am I doing something wrong?  I still maintain my fixlog.txt file from February last year. 

Attached Thumbnails

  • Capture.JPG
  • fixlist.JPG

  • 0

#7
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 274 posts

Apologies. FRST has now woken up.  I'll attach the fixlog.txt presently.


  • 0

#8
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 274 posts

Fixlog.txt attached, please.

Attached Files


  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hello, Hari P.
 
I would never recommend a user to keep a P2P program like qBittorrent, for the reasons I explained in my previous post. But as I also said, it is your computer, so your decision. Please, do not use it during the cleaning procedure.
 
No need to do anything about Chrome home page. We will take care of it in a next fix.
 
For now:

1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Scan mode)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#10
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 274 posts

Hi DR M

Hope this is what you desired.

Attached Files


  • 0

Advertisements


#11
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 274 posts

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/13/21
Scan Time: 4:46 PM
Log File: 8549f762-83ed-11eb-ac1e-5c93a27a9186.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1217
Update Package Version: 1.0.38097
License: Trial

-System Information-
OS: Windows 10 (Build 19041.508)
CPU: x64
File System: NTFS
User: PinkyPC\Admin

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 331679
Threats Detected: 8
Threats Quarantined: 0
Time Elapsed: 11 min, 27 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
PUP.Optional.Restoro, HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\SOFTWARE\Local AppWizard-Generated Applications\Restoro, No Action By User, 818, 551612, 1.0.38097, , ame, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, No Action By User, 818, 551614, 1.0.38097, , ame, , ,
PUP.Optional.Restoro, HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\SOFTWARE\Restoro, No Action By User, 818, 551610, 1.0.38097, , ame, , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.GetMyDrivers, C:\Users\Admin\AppData\Roaming\GetMyDrivers\InstallerLogs, No Action By User, 1277, 665595, , , , , ,
PUP.Optional.GetMyDrivers, C:\USERS\ADMIN\APPDATA\ROAMING\GETMYDRIVERS, No Action By User, 1277, 665595, 1.0.38097, , ame, , ,

File: 3
PUP.Optional.GetMyDrivers, C:\Users\Admin\AppData\Roaming\GetMyDrivers\InstallerLogs\StatusLog2020_10_20_10_17.log, No Action By User, 1277, 665595, , , , , ,
PUP.Optional.GetMyDrivers, C:\Users\Admin\AppData\Roaming\GetMyDrivers\InstallerLogs\StatusLog2020_10_20_9_55.log, No Action By User, 1277, 665595, , , , , ,
PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, No Action By User, 818, 551609, 1.0.38097, , ame, , E0386F5A53DF4359355F9B58F1AB742D, D500D502AE545882EB7789B8D2DA90EE7F7B3BC6AEFE6E1C65C7FF4DF5EF897C

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Yes, thank you, Hari P.
 
The two tools found several things needing removal.

1. AdwCleaner (Clean mode)

The findings in Files, Registry and Chromium/Firefox parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it (no preinstalled software in your machine, so this step is not needed).
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Eset online
 
This will help us ensure that the computer is clean from malware, before dealing with any other issues.

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

4. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

 

 

In your next reply, please post:

  • The AdwCleaner[C0*].txt
  • The Malwarebytes report
  • The Eset report
  • The fresh FRST logs, FRST.txt and Addition.txt

  • 0

#13
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 274 posts

Hi DR M

I had second thoughts and removed QBittorrent from the laptop.  I realized there must be compelling reasons for you to recommend doing it.  I attach the logs desired by you here.  Thanks for your assistance.  ESET took quite a while or else I would have uploaded the whole lot earlier.

Attached Files


  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, Hari P.
 
Thank you for the logs. It seems that now the computer is clean. As for your decision to remove qBittorrent, it is a wise decision. :)
 

 

1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
FirewallRules: [{26E996A4-5F15-48EA-BA31-D7A8FBBC51C9}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => No File
FirewallRules: [{9336D091-4568-417F-B800-D94165BF9C97}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => No File
FirewallRules: [{6C8BC830-2543-4BF5-BAA4-8A001051DAC1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => No File
FirewallRules: [{7B082CFA-892C-4C3F-95FB-CCC01A3FCDD2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => No File
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {C70BCC36-0443-4DBE-9BB7-33D2A02C6387} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Users\Hari\Desktop\esetonlinescanner.exe [15019488 2021-03-14] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {FF86E1A9-FCA5-4150-8FDC-45DD0EDA2890} - System32\Tasks\EOSv3 Scheduler onTime => D:\Users\Hari\Desktop\esetonlinescanner.exe [15019488 2021-03-14] (ESET, spol. s r.o. -> ESET spol. s r.o.)
CHR DefaultSearchURL: Default -> hxxps://192.168.1.240/bahmni/favicon.ico
cmd: type kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Feedback

 

How is the computer running now? Please report any question/concern/remaining issue.


  • 0

#15
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 274 posts

Hi, Hari P.
 
Thank you for the logs. It seems that now the computer is clean. As for your decision to remove qBittorrent, it is a wise decision. :)
 

 

1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
FirewallRules: [{26E996A4-5F15-48EA-BA31-D7A8FBBC51C9}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => No File
FirewallRules: [{9336D091-4568-417F-B800-D94165BF9C97}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => No File
FirewallRules: [{6C8BC830-2543-4BF5-BAA4-8A001051DAC1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => No File
FirewallRules: [{7B082CFA-892C-4C3F-95FB-CCC01A3FCDD2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => No File
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {C70BCC36-0443-4DBE-9BB7-33D2A02C6387} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Users\Hari\Desktop\esetonlinescanner.exe [15019488 2021-03-14] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {FF86E1A9-FCA5-4150-8FDC-45DD0EDA2890} - System32\Tasks\EOSv3 Scheduler onTime => D:\Users\Hari\Desktop\esetonlinescanner.exe [15019488 2021-03-14] (ESET, spol. s r.o. -> ESET spol. s r.o.)
CHR DefaultSearchURL: Default -> hxxps://192.168.1.240/bahmni/favicon.ico
cmd: type kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Feedback

 

How is the computer running now? Please report any question/concern/remaining issue.

Comp considerably faster than before.  Here's the fixlog file.  Thanks a million for your time.

Attached Files


  • 0






Similar Topics


Also tagged with one or more of these keywords: Firefox, Chrome, Kaspersky, CCleaner

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP