Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

yRankNews [Solved]

Browser Extension

  • Please log in to reply

#1
sweepe

sweepe

    Member

  • Member
  • PipPip
  • 10 posts

I had installed TLauncher to play minecraft and the problem started since then. I have tried several and most of all the scanners, AVs, Tronscript, online scanners, etc. but nothing works. There is this extension that never goes away "yRankNews", it's located in C:\ProgramData\Dpopci which is hidden but the subfolder in it changes it's name every time I delete the folder. I am attaching my FRST, if anyone could help me i wouldn't feel miserable which i have been for few days. I even permanently disabled edge and uninstalled internet explorer but nothing happens, it's gone for 5-10 minutes and boom again it's back.

Thank You

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-06-2021
Ran by hp (administrator) on DESKTOP-ESKAMO (HP HP EliteBook 820 G3) (03-06-2021 14:19:11)
Running from C:\Users\hp\Downloads
Loaded Profiles: hp & DefaultAppPool
Platform: Windows 10 Pro Version 21H1 19043.1023 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\hp\AppData\Roaming\uTorrent\updates\3.5.5_46010\utorrentie.exe <2>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe
(Conexant Systems LLC -> Conexant) C:\Windows\System32\MicTray64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <23>
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <2>
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\fpCSEvtSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3>
(Synaptics Incorporated -> Conexant Systems, Inc) C:\Windows\CxSvc\CxMonSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321112 2020-06-30] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\Run: [uTorrent] => C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe [2132520 2021-05-09] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\Run: [Facebook.MessengerDesktop] => C:\Users\hp\AppData\Local\Programs\Messenger\Messenger.exe [110793432 2021-01-29] (Facebook, Inc. -> Facebook, Inc.)
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\Policies\Explorer: [NoInstrumentation] 1
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04556107-BE88-4B5C-A3F4-575022F5A61F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2367296 2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {06F7AFE8-E49D-43AB-AF33-ED5764210FE5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MpCmdRun.exe [644872 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1DF1C8D7-3684-48C0-91CC-C2C62A74722E} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [115280 2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B09CD2C-8F70-499E-BF49-110983D7D974} - no filepath
Task: {3485E6B5-89C9-4783-B364-83186327B19E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23949600 2019-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C210349-0802-45AD-8E9D-70FFF38AE05C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3821352 2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {513CA0E5-E6FA-49D0-83EF-422739A6328F} - System32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun => C:\Program Files (x86)\Advanced System Repair Pro 1.7.0.11\AdvancedSystemRepairPro.exe
Task: {A86A2C0F-BA47-4342-B38C-D4BA4BA4407E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MpCmdRun.exe [644872 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B87F12C4-4C8A-445B-9EE8-4F0A37CEB7C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-01] (Google LLC -> Google LLC)
Task: {BE0D4585-FE7C-420F-A80B-C0AE6E68A256} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2367296 2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC88242B-D99A-4B31-99B4-42816A2BB5AD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23949600 2019-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {D9D89AC6-4ACD-4F2D-8531-D493D384FD5C} - System32\Tasks\Microsoft\Windows\Device Information\CHxReadingStriook => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe "C:\Program Files (x86)\Common Files\CommandDeveloper\UbilsBzuetooth\rdwsing_l1_17_0.dll"
Task: {DCBAAC95-C84A-45D8-B5EC-695CE62B0192} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3821352 2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4FAEF16-358C-4878-9911-4F5C55DCA29E} - System32\Tasks\Microsoft\Windows\Conexant\SA3 => C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {EAF7B668-5618-4CC0-A64F-CFFEC04DB42D} - no filepath
Task: {F13F69E7-3ED4-44BC-BF52-DF700FBE9F18} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {F3E2D8FF-4339-4788-8FE6-41F692A046BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-01] (Google LLC -> Google LLC)
Task: {F8001016-E6A6-469D-9303-46D550BAE990} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2938448 2020-07-02] (Conexant Systems LLC -> Conexant)
Task: {F8E31E9C-9661-49B5-9111-19A26077C437} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MpCmdRun.exe [644872 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/
AutoConfigURL: [{4E59E86F-97EC-4B8F-89BD-98375AE1E5A5}] => hxxp://127.0.0.1:86/
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d87f1634-45a9-4d0b-adbc-b27bde739366}: [DhcpNameServer] 192.168.0.1
 
Edge: 
=======
DownloadDir: C:\Users\hp\Downloads
Edge Session Restore: HKU\S-1-5-21-2123003089-4285120140-3240528571-1001 -> is enabled.
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-02]
Edge HomePage: Default -> hxxp://www.google.com
Edge Session Restore: Default -> is enabled.
Edge Extension: (Popup Blocker (strict)) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ijhfkkgjgpcplfeajghagkcebakjcpge [2021-05-28]
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-06-02]
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2021-06-02]
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2021-06-02]
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2021-06-02]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2021-06-03]
CHR Notifications: Default -> hxxps://linkvertise.com
CHR Extension: (Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-01]
CHR Extension: (Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-06-01]
CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-06-01]
CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-06-01]
CHR Extension: (Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-01]
CHR Extension: (Avast Online Security) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-01]
CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9662544 2019-05-30] (Microsoft Corporation -> Microsoft Corporation)
R2 CxMonSvc; C:\WINDOWS\CxSvc\CxMonSvc.exe [56496 2020-09-09] (Synaptics Incorporated -> Conexant Systems, Inc)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-05-27] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 Everything; C:\Program Files\Everything\Everything.exe [2260560 2021-01-25] (voidtools -> voidtools)
R2 fpCsEvtSvc; C:\WINDOWS\System32\fpCSEvtSvc.exe [23912 2019-03-17] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-05-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\NisSrv.exe [2644776 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.3-0\MsMpEng.exe [136648 2021-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 asrdmon; C:\WINDOWS\system32\drivers\asrdmon.sys [18024 2021-06-02] (Advance System Care, Inc. -> )
S3 BTCFilterService; C:\WINDOWS\System32\drivers\motfilt.sys [6144 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc)
S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [32768 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 MotoSwitchService; C:\WINDOWS\System32\drivers\motswch.sys [8832 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 Motousbnet; C:\WINDOWS\System32\drivers\Motousbnet.sys [27648 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Mobility Inc)
R3 MpKslcdb7e621; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E693F4C-8296-40A1-A9B3-FDC054F66E56}\MpKslDrv.sys [107744 2021-06-03] (Microsoft Windows -> Microsoft Corporation)
S3 nfcgpiomanager; C:\WINDOWS\System32\drivers\nfcgpiomanager.sys [31232 2017-12-27] (NXP Semiconductors -> Nfc GPIO Driver)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tesrsdt; C:\WINDOWS\system32\drivers\tesrsdt.sys [442128 2019-10-12] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [555064 2019-10-23] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425208 2021-06-02] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76024 2021-06-02] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-03 14:20 - 2021-06-03 14:20 - 000000000 ____D C:\Users\hp\AppData\Local\BitTorrentHelper
2021-06-03 14:19 - 2021-06-03 14:20 - 000020943 _____ C:\Users\hp\Downloads\FRST.txt
2021-06-03 14:18 - 2021-06-03 14:19 - 000000000 ____D C:\FRST
2021-06-03 14:16 - 2021-06-03 14:17 - 002300416 _____ (Farbar) C:\Users\hp\Downloads\FRST64.exe
2021-06-03 13:40 - 2021-06-03 14:09 - 000000000 ____D C:\Users\hp\AppData\Roaming\Code
2021-06-03 13:40 - 2021-06-03 13:40 - 000000000 ____D C:\Users\hp\.vscode
2021-06-03 13:39 - 2021-06-03 13:39 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-06-03 12:28 - 2021-06-03 12:28 - 000000000 ___HD C:\ProgramData\Dpopci
2021-06-03 12:24 - 2021-06-03 12:24 - 000000000 ____D C:\Users\hp\AppData\Local\AMSDK
2021-06-03 12:19 - 2021-06-03 12:19 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-06-03 12:19 - 2021-06-03 12:19 - 000000000 ____D C:\Intel
2021-06-03 12:18 - 2021-06-03 12:23 - 000070283 _____ C:\WINDOWS\ZAM.krnl.trace
2021-06-03 11:54 - 2021-06-03 11:54 - 000000000 ____D C:\Users\hp\AppData\Local\D3DSCache
2021-06-03 07:11 - 2021-06-03 07:11 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-06-02 21:58 - 2021-06-03 11:57 - 000306994 _____ C:\WINDOWS\ntbtlog.txt
2021-06-02 20:48 - 2021-06-02 20:51 - 462712387 _____ (Igor Pavlov) C:\Users\hp\Downloads\Tron+v11.2.0+(2021-05-04).exe
2021-06-02 18:57 - 2021-06-03 07:22 - 000000000 ____D C:\ProgramData\TSRProSettings
2021-06-02 18:57 - 2021-06-02 18:57 - 000018024 _____ C:\WINDOWS\system32\Drivers\asrdmon.sys
2021-06-02 18:57 - 2021-06-02 18:57 - 000003486 _____ C:\WINDOWS\system32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun
2021-06-02 18:57 - 2021-06-02 18:57 - 000000000 ____D C:\Users\hp\AppData\Local\Everything
2021-06-02 18:27 - 2021-06-02 18:27 - 014793017 _____ C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar
2021-06-02 18:27 - 2021-06-02 18:27 - 000000000 ____D C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full
2021-06-02 18:26 - 2021-06-02 18:26 - 000000000 ____D C:\ProgramData\McAfee
2021-06-02 18:25 - 2021-06-02 18:25 - 002712352 _____ ( ) C:\Users\hp\Downloads\Restoro Advanced Cleaner - Linkvertise Downloader_M1tqu-1.exe
2021-06-02 17:43 - 2021-06-02 18:57 - 000000000 ____D C:\Users\hp\AppData\Roaming\Everything
2021-06-02 17:43 - 2021-06-02 17:43 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everything.lnk
2021-06-02 17:43 - 2021-06-02 17:43 - 000001066 _____ C:\Users\Public\Desktop\Everything.lnk
2021-06-02 17:43 - 2021-06-02 17:43 - 000001066 _____ C:\ProgramData\Desktop\Everything.lnk
2021-06-02 17:43 - 2021-06-02 17:43 - 000000000 ____D C:\Program Files\Everything
2021-06-02 17:15 - 2021-06-02 17:15 - 040488656 _____ (Adlice Software ) C:\Users\hp\Downloads\RogueKiller_setup.exe
2021-06-02 16:57 - 2021-06-02 16:57 - 000000000 ____D C:\Users\hp\AppData\Local\Zemana
2021-06-02 16:43 - 2021-06-02 16:56 - 000000000 ____D C:\Users\hp\Downloads\Zemana AntiMalware Premium 3.2.15 incl Patch [CrackingPatching]
2021-06-02 16:18 - 2021-06-02 16:18 - 000000000 ____D C:\Users\hp\Downloads\SpyHunter.Malware.Security.Suite.v4.25.6.4782.E.Portable.Multilingua-iCV-CreW
2021-06-02 16:01 - 2021-06-03 12:22 - 000000000 ____D C:\Program Files\HitmanPro
2021-06-02 16:01 - 2021-06-02 16:18 - 000000000 ____D C:\ProgramData\HitmanPro
2021-06-02 15:58 - 2021-06-02 16:01 - 120830415 ____R C:\Users\hp\Downloads\SpyHunter.Malware.Security.Suite.v4.25.6.4782.E.Portable.Multilingua-iCV-CreW.rar
2021-06-02 15:58 - 2021-06-02 16:01 - 000000000 ____D C:\Users\hp\Downloads\HitmanPro v3.8.15 Build 306 + Crack
2021-06-02 14:25 - 2021-06-02 14:25 - 000000000 ____D C:\Users\hp\Desktop\Autoruns
2021-06-02 14:21 - 2021-06-03 12:20 - 000000000 ____D C:\Users\hp\AppData\LocalLow\uTorrent
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Users\hp\Downloads\IBM SPSS Statistics 25.0 (x64) Multilingual + Crack [SadeemPC]-20210602T015440Z-001
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Users\hp\AppData\LocalLow\IObit
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Program Files (x86)\IObit
2021-06-02 07:39 - 2021-06-02 07:40 - 000000000 ____D C:\ProgramData\IObit
2021-06-02 04:08 - 2021-06-02 04:08 - 000000000 ____D C:\Users\hp\AppData\Local\OO Software
2021-06-01 23:39 - 2021-06-01 23:39 - 000000000 ____D C:\ProgramData\Sophos
2021-06-01 23:30 - 2021-06-03 11:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-01 22:03 - 2021-02-12 23:09 - 000205552 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2021-06-01 20:42 - 2021-06-01 20:42 - 002728616 _____ (Google LLC) C:\Users\hp\Desktop\chrmstp.exe
2021-06-01 20:42 - 2021-06-01 20:42 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-01 20:42 - 2021-06-01 20:42 - 000002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-01 20:42 - 2021-06-01 20:42 - 000002284 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-06-01 20:42 - 2021-06-01 20:42 - 000000000 ____D C:\Program Files\Google
2021-06-01 20:41 - 2021-06-01 20:41 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-06-01 20:41 - 2021-06-01 20:41 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-06-01 11:53 - 2021-06-02 17:28 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2021-06-01 11:53 - 2021-06-01 11:53 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2021-06-01 11:47 - 2021-06-01 11:47 - 000752296 _____ C:\Users\hp\Downloads\adware-removal-tool-by-tsa.exe
2021-06-01 11:46 - 2021-06-01 11:50 - 011697056 _____ (ESET) C:\Users\hp\Downloads\esetonlinescanner.exe
2021-06-01 10:33 - 2021-06-01 10:33 - 000000000 ____D C:\WINDOWS\ERUNT
2021-06-01 09:14 - 2021-06-01 09:14 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-06-01 07:21 - 2021-06-01 07:21 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2123003089-4285120140-3240528571-1001
2021-06-01 07:21 - 2021-06-01 07:21 - 000002358 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-31 22:31 - 2021-06-03 11:58 - 112459776 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-05-31 21:53 - 2021-05-27 11:53 - 000002675 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2021-05-31 21:47 - 2021-06-01 07:08 - 000000000 ____D C:\Users\hp\Documents\RegRun2
2021-05-31 21:46 - 2021-06-01 07:11 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2021-05-31 21:46 - 2021-06-01 07:11 - 000000000 ____D C:\ProgramData\Documents\RegRunInfo
2021-05-31 21:45 - 2021-06-01 07:19 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2021-05-31 20:52 - 2021-05-31 20:52 - 000000000 ____D C:\Users\hp\Documents\recovery regedit
2021-05-31 20:48 - 2021-06-02 08:39 - 000000000 ____D C:\Program Files\Defraggler
2021-05-31 20:48 - 2021-05-31 20:48 - 000001771 _____ C:\Users\Public\Desktop\Defraggler.lnk
2021-05-31 20:48 - 2021-05-31 20:48 - 000001771 _____ C:\ProgramData\Desktop\Defraggler.lnk
2021-05-31 20:48 - 2021-05-31 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2021-05-31 19:36 - 2021-05-31 19:36 - 000000000 ____D C:\ProgramData\VS Revo Group
2021-05-31 15:18 - 2021-06-01 13:53 - 000000000 ____D C:\Users\hp\AppData\Roaming\SysInfoTool
2021-05-31 11:01 - 2021-05-31 11:01 - 000001128 _____ C:\Users\Public\Desktop\Inside.lnk
2021-05-31 11:01 - 2021-05-31 11:01 - 000001128 _____ C:\ProgramData\Desktop\Inside.lnk
2021-05-31 11:01 - 2021-05-31 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inside
2021-05-31 11:00 - 2021-05-31 11:01 - 000000000 ____D C:\Program Files (x86)\Inside
2021-05-30 13:40 - 2021-05-30 13:40 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-30 13:40 - 2021-05-30 13:40 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-05-30 13:39 - 2021-05-30 13:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-30 13:39 - 2021-05-30 13:39 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-30 13:39 - 2021-05-30 13:39 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-05-30 13:39 - 2021-05-30 13:39 - 000011327 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-30 13:38 - 2021-05-30 13:38 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-05-30 13:38 - 2021-05-30 13:38 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-05-30 13:38 - 2021-05-30 13:38 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-05-30 13:38 - 2021-05-30 13:38 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-05-30 13:37 - 2021-05-30 13:37 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-30 13:37 - 2021-05-30 13:37 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-30 13:36 - 2021-05-30 13:36 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-05-30 13:36 - 2021-05-30 13:36 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-05-30 13:36 - 2021-05-30 13:36 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-05-30 13:36 - 2021-05-30 13:36 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-05-30 13:36 - 2021-05-30 13:36 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-05-30 13:36 - 2021-05-30 13:36 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-05-29 21:56 - 2021-05-29 21:56 - 000000335 _____ C:\Users\hp\Desktop\computer.lnk
2021-05-29 21:30 - 2021-05-29 21:30 - 000018997 _____ C:\WINDOWS\system32\energy-report.html
2021-05-26 00:05 - 2021-05-26 00:05 - 000000000 ____D C:\Program Files\Common Files\Intel Corporation
2021-05-24 23:07 - 2021-05-28 03:59 - 000000000 ____D C:\Users\hp\Documents\VlcpVideoV1.0.1
2021-05-24 22:50 - 2021-06-03 12:19 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-24 22:50 - 2021-05-31 21:13 - 000000000 ____D C:\WINDOWS\Minidump
2021-05-24 19:30 - 2021-05-24 19:30 - 000020853 _____ C:\Users\hp\Downloads\Ratio-Analysis-Template.xlsx
2021-05-24 19:26 - 2021-05-24 19:26 - 000033557 _____ C:\Users\hp\Downloads\Assignment - Ratios and Financials.xlsx
2021-05-22 23:09 - 2021-05-23 04:19 - 000000000 ____D C:\Users\hp\Downloads\win7-starter-eng
2021-05-22 23:06 - 2021-05-22 23:06 - 000000000 ____D C:\Users\hp\Downloads\Windows 7 Ultimate SP1 (32 Bit)
2021-05-21 10:37 - 2021-05-21 10:37 - 000000000 ____D C:\Users\hp\Documents\My Games
2021-05-21 10:37 - 2021-05-21 10:37 - 000000000 ____D C:\Users\hp\AppData\Local\LumaEmu_SteamCloud
2021-05-20 14:45 - 2021-05-20 14:45 - 000001288 _____ C:\Users\hp\Desktop\NFS14_x86 - Shortcut.lnk
2021-05-19 10:12 - 2021-05-20 13:42 - 000000000 ____D C:\Users\hp\Downloads\Need.For.Speed.Rivals-RELOADED
2021-05-13 15:27 - 2021-05-13 15:27 - 000000000 ____D C:\Users\hp\Desktop\Share files
2021-05-13 15:04 - 2021-05-13 15:04 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2021-05-13 15:04 - 2021-05-13 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-05-13 14:53 - 2021-06-01 23:13 - 000000000 ____D C:\Program Files\Microsoft Office
2021-05-13 14:53 - 2021-05-13 14:53 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-05-12 07:56 - 2021-05-12 11:37 - 000000000 ____D C:\Users\hp\Downloads\Dragon Ball XenoVerse PC full game + DLC ^^nosTEAM^^
2021-05-12 07:45 - 2021-06-02 16:33 - 000000000 ____D C:\Games
2021-05-12 07:06 - 2021-05-12 07:42 - 000000000 ____D C:\ProgramData\TrackmaniaTurbo
2021-05-12 07:06 - 2021-05-12 07:08 - 000000000 ____D C:\Users\hp\Documents\TrackmaniaTurbo
2021-05-11 23:42 - 2021-05-11 23:42 - 000000000 ____D C:\Users\hp\AppData\Roaming\RenPy
2021-05-11 21:48 - 2021-05-11 23:20 - 000000000 ____D C:\Users\hp\Downloads\Saints Row The Third The Full Package - [DODI Repack]
2021-05-11 21:43 - 2021-05-11 21:43 - 000106496 _____ (PCGameBenchmark) C:\Users\hp\Downloads\PCGameBenchmark_Detector (1).exe
2021-05-10 22:53 - 2021-05-10 22:53 - 000000000 ____D C:\Users\hp\Documents\OpenIV
2021-05-10 22:50 - 2021-05-11 07:15 - 000000000 ____D C:\Users\hp\AppData\Local\New Technology Studio
2021-05-10 18:17 - 2021-05-10 18:17 - 000000000 ____D C:\ProgramData\Steam
2021-05-10 18:17 - 2021-05-10 18:17 - 000000000 ____D C:\ProgramData\Socialclub
2021-05-10 16:53 - 2021-05-18 14:52 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-05-10 14:38 - 2021-06-01 23:21 - 000000000 ____D C:\ProgramData\Intel Package Cache {05BC4EEB-70E9-4FDB-9A33-72482B0B128E}
2021-05-10 14:21 - 2021-06-01 23:21 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-03 14:24 - 2019-01-21 22:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\uTorrent
2021-06-03 13:40 - 2020-10-16 06:40 - 000000000 ____D C:\Users\hp
2021-06-03 13:39 - 2020-10-16 06:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-03 12:58 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-03 12:57 - 2019-12-07 14:59 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-03 12:52 - 2020-05-18 13:35 - 000000000 ____D C:\ProgramData\Oracle
2021-06-03 12:26 - 2020-10-16 12:55 - 000777600 _____ C:\WINDOWS\system32\perfh007.dat
2021-06-03 12:26 - 2020-10-16 12:55 - 000159232 _____ C:\WINDOWS\system32\perfc007.dat
2021-06-03 12:26 - 2020-10-16 06:53 - 001805662 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-03 12:26 - 2019-12-07 14:58 - 000000000 ____D C:\WINDOWS\INF
2021-06-03 12:20 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\Registration
2021-06-03 12:19 - 2020-10-16 07:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-03 12:19 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-03 12:19 - 2019-01-21 21:15 - 000000000 ____D C:\ProgramData\Synaptics
2021-06-03 12:19 - 2018-11-04 16:28 - 000000000 __SHD C:\Users\hp\IntelGraphicsProfiles
2021-06-03 11:58 - 2019-12-07 14:48 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-03 11:52 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\System
2021-06-03 11:47 - 2019-07-15 21:46 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Temp
2021-06-03 10:24 - 2019-12-07 14:48 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-03 07:08 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-02 21:57 - 2019-12-07 14:59 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-02 21:38 - 2020-10-16 06:39 - 000000000 ____D C:\Users\DefaultAppPool
2021-06-02 19:12 - 2021-04-12 19:52 - 000000000 ____D C:\Users\hp\Desktop\New folder (3)
2021-06-02 19:12 - 2020-11-05 20:44 - 000000000 ____D C:\Users\hp\AppData\Local\Messenger
2021-06-02 19:12 - 2020-08-07 10:01 - 000000000 ____D C:\Users\hp\AppData\Roaming\Spotify
2021-06-02 19:12 - 2020-07-31 12:26 - 000000000 ____D C:\Users\hp\AppData\Roaming\Movavi Video Editor Plus 2020
2021-06-02 19:12 - 2020-07-01 23:08 - 000000000 ____D C:\Users\hp\AppData\Roaming\SafeExamBrowser
2021-06-02 19:12 - 2020-06-04 14:00 - 000000000 ____D C:\Users\hp\AppData\Roaming\Telegram Desktop
2021-06-02 19:12 - 2020-05-23 15:54 - 000000000 ____D C:\Users\hp\AppData\Local\DiskDrill
2021-06-02 19:12 - 2020-02-12 21:41 - 000000000 ____D C:\Users\hp\Downloads\vcomp100
2021-06-02 19:12 - 2019-12-09 21:09 - 000000000 ____D C:\Users\hp\AppData\Roaming\WhatsApp
2021-06-02 19:12 - 2019-12-09 21:09 - 000000000 ____D C:\Users\hp\AppData\Local\WhatsApp
2021-06-02 19:12 - 2019-12-09 21:09 - 000000000 ____D C:\Users\hp\AppData\Local\SquirrelTemp
2021-06-02 19:12 - 2019-12-07 14:59 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-06-02 19:12 - 2019-11-21 19:55 - 000000000 ____D C:\Users\hp\AppData\Roaming\EasyAntiCheat
2021-06-02 19:12 - 2019-05-05 22:10 - 000000000 ____D C:\Users\hp\AppData\Local\Warframe
2021-06-02 19:12 - 2019-04-12 22:30 - 000000000 ____D C:\Users\hp\AppData\Local\CrashDumps
2021-06-02 19:12 - 2019-02-12 20:17 - 000000000 ____D C:\Users\hp\Documents\Adobe
2021-06-02 19:12 - 2019-01-21 22:06 - 000000000 ____D C:\Users\hp\AppData\Roaming\hpqLog
2021-06-02 16:58 - 2020-10-16 07:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2021-06-02 07:08 - 2019-01-21 21:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-02 04:02 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SystemApps
2021-06-01 23:30 - 2019-01-21 21:36 - 000000000 ____D C:\Users\hp\AppData\Local\Packages
2021-06-01 23:30 - 2018-11-04 16:09 - 000000000 ___RD C:\Users\hp\OneDrive
2021-06-01 23:21 - 2019-01-26 21:49 - 000000000 ____D C:\Program Files (x86)\Intel
2021-06-01 23:21 - 2019-01-22 10:50 - 000000000 ____D C:\Program Files (x86)\HP
2021-06-01 23:21 - 2019-01-21 21:13 - 000000000 ____D C:\ProgramData\Intel
2021-06-01 23:21 - 2018-11-04 21:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-06-01 23:14 - 2019-01-21 22:07 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-06-01 23:14 - 2019-01-21 22:03 - 000000000 ____D C:\Users\hp\AppData\Local\Hewlett-Packard
2021-06-01 23:14 - 2019-01-21 22:03 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-06-01 23:13 - 2019-12-07 14:59 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-06-01 22:15 - 2020-12-14 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-06-01 22:15 - 2018-11-04 22:08 - 000000000 ____D C:\Users\hp\Intel
2021-06-01 21:09 - 2019-01-21 22:04 - 000000000 ____D C:\Users\hp\AppData\Local\Opera Software
2021-06-01 21:02 - 2019-01-21 22:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\Opera Software
2021-06-01 20:41 - 2019-01-28 18:19 - 000000000 ____D C:\Program Files (x86)\Google
2021-06-01 19:44 - 2020-04-15 12:36 - 000000000 ____D C:\Users\hp\AppData\Local\ESET
2021-06-01 13:55 - 2018-11-04 16:20 - 000000000 ____D C:\Users\hp\Desktop\BACKUP
2021-06-01 11:33 - 2019-01-28 18:17 - 000000000 ____D C:\Users\hp\AppData\Local\Google
2021-06-01 09:11 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-06-01 09:11 - 2019-01-22 10:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-05-31 22:31 - 2019-10-12 12:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-05-31 21:13 - 2020-05-18 22:03 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2021-05-31 21:13 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\ModemLogs
2021-05-30 14:56 - 2019-12-07 14:59 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-30 14:48 - 2020-10-16 06:29 - 000491192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-30 14:44 - 2019-12-07 15:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-30 14:44 - 2019-12-07 14:59 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-29 21:43 - 2019-12-07 14:59 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-26 00:04 - 2020-05-18 14:58 - 000000000 ____D C:\Program Files\Common Files\Intel
2021-05-26 00:04 - 2019-01-21 21:13 - 000000000 ____D C:\Program Files\Intel
2021-05-21 08:40 - 2019-09-04 21:33 - 000000000 ____D C:\Users\hp\Documents\Sound recordings
2021-05-20 14:09 - 2020-06-16 08:07 - 000000000 ____D C:\Program Files (x86)\Mr DJ
2021-05-20 13:34 - 2021-02-06 18:55 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks
2021-05-13 15:42 - 2019-01-26 15:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-13 15:35 - 2019-01-26 15:48 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-13 15:30 - 2018-11-04 20:32 - 000000000 ____D C:\Users\hp\Desktop\Momma files
2021-05-13 15:20 - 2019-07-01 19:19 - 000000000 ____D C:\R.G. Catalyst
2021-05-13 15:16 - 2020-05-08 11:07 - 000000000 ____D C:\Program Files\YouTube Downloader
2021-05-13 15:14 - 2019-02-02 09:57 - 000000000 ____D C:\ProgramData\Adobe
2021-05-13 15:11 - 2020-08-07 10:01 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidify
2021-05-13 15:11 - 2020-08-07 10:01 - 000000000 ____D C:\Program Files (x86)\Sidify
2021-05-10 18:02 - 2019-01-26 20:48 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-10 15:08 - 2019-01-21 21:36 - 000000000 ____D C:\Users\hp\AppData\Local\Intel
2021-05-10 14:46 - 2020-05-20 10:36 - 000043632 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\pmxdrv.sys
2021-05-10 14:46 - 2019-01-26 20:28 - 000000000 ____D C:\Swsetup
2021-05-10 13:49 - 2020-05-18 14:59 - 005533024 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelWLANdriver.dll
2021-05-10 13:49 - 2020-05-18 11:45 - 000000000 ____D C:\ProgramData\HP
2021-05-10 00:57 - 2018-11-04 20:33 - 000000000 ____D C:\Users\hp\Documents\Rockstar Games
 
==================== Files in the root of some directories ========
 
2020-05-27 20:44 - 2020-05-27 20:44 - 000001536 _____ () C:\Users\hp\AppData\Local\GfxMetrics.cfg
2019-01-28 20:50 - 2019-05-30 21:29 - 000007598 _____ () C:\Users\hp\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2021
Ran by hp (03-06-2021 14:25:24)
Running from C:\Users\hp\Downloads
Windows 10 Pro Version 21H1 19043.1023 (X64) (2020-10-16 01:43:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2123003089-4285120140-3240528571-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2123003089-4285120140-3240528571-503 - Limited - Disabled)
Guest (S-1-5-21-2123003089-4285120140-3240528571-501 - Limited - Disabled)
hp (S-1-5-21-2123003089-4285120140-3240528571-1001 - Administrator - Enabled) => C:\Users\hp
WDAGUtilityAccount (S-1-5-21-2123003089-4285120140-3240528571-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\uTorrent) (Version: 3.5.5.46010 - BitTorrent Inc.)
Bang & Olufsen Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.232.70 - Conexant)
Brother MFL-Pro Suite DCP-1510 series (HKLM-x32\...\{90C24B16-9C28-44AB-8C63-BB9822218E18}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Documentation Manager (HKLM\...\{0203C24C-452D-4344-871F-DE3C7B49C328}) (Version: 22.40.0.7 - Intel Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Everything 1.4.1.1005 (x64) (HKLM\...\Everything) (Version: 1.4.1.1005 - voidtools)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.77 - Google LLC)
HP Universal Camera Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1114.25_RS2_WHQL - Sonix)
Inside (HKLM-x32\...\{9BD4503F-F711-491D-984A-AB4ABD66B8C2}_is1) (Version:  - Playdead)
Intel® Chipset Device Software (HKLM-x32\...\{f3b1c211-1159-4262-bb97-84150cda9096}) (Version: 10.1.18243.8188 - Intel® Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2044.15.0.1951 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1007 - Intel Corporation)
Intel® Trusted Connect Services Client (HKLM-x32\...\{c3964069-17c1-45dd-85a5-949576ceeaa3}) (Version: 1.62.321.1 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000040-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.40.0.2 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{cf961541-ca37-4826-a285-3a9cb22cd5a2}) (Version: 21.40.2 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{3933e30f-0de2-4fee-8a5e-28c71ea7f121}) (Version: 22.40.0.7 - Intel Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Messenger 88.7.120 (HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 88.7.120 - Facebook, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20348 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.56.2 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.3.0.0 - Electronic Arts)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 3.100140.10443.10 - NXP Semiconductors)
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.151 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.70 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\WhatsApp) (Version: 2.2114.9 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports  (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports  (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
 
Packages:
=========
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2021-02-05] (Fitbit)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxDTCM.dll [2020-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-05-18 12:24 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-05-18 12:51 - 2017-11-07 19:55 - 000137728 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2020-05-18 12:51 - 2017-08-18 11:23 - 000087552 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2020-05-18 12:51 - 2017-08-18 11:23 - 017974784 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2020-05-18 12:51 - 2017-11-07 20:04 - 000087040 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLEng.dll
2020-05-18 13:27 - 2017-11-07 19:55 - 000440832 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll
2020-05-18 12:51 - 2008-08-18 18:27 - 000122880 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2020-05-18 12:51 - 2012-07-13 13:09 - 000385024 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2020-12-01 09:05 - 2018-07-03 11:14 - 001348608 _____ (Conexant Systems, Inc.) [File not signed] C:\Program Files\Conexant\SA3\HP-NB-AIO\CxHDAudioAPI.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\w32time => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WUAUSERV => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-13] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2020-10-02 16:34 - 2021-06-03 10:55 - 000004642 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 media-match.com
127.0.0.1 adclick.g.doublecklick.net
127.0.0.1 www.googleadservices.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 pubads.g.doubleclick.net
127.0.0.1 securepubads.g.doubleclick.net
127.0.0.1 www.omaze.com
127.0.0.1 omaze.com
127.0.0.1 bounceexchange.com
127.0.0.1 core.insightexpressai.com
127.0.0.1 content.bitsontherun.com
127.0.0.1 s0.2mdn.net
127.0.0.1 v.jwpcdn.com
127.0.0.1 d2gi7ultltnc2u.cloudfront.net
127.0.0.1 cs283.wpc.teliasoneracdn.net
127.0.0.1 cs126.wpc.teliasoneracdn.net
127.0.0.1 u.scdn.co
127.0.0.1 cs126.wpc.edgecastcdn.net
127.0.0.1 pagead46.l.doubleclick.net
127.0.0.1 pagead.l.doubleclick.net
127.0.0.1 video-ad-stats.googlesyndication.com
127.0.0.1 pagead-googlehosted.l.google.com
127.0.0.1 partnerad.l.doubleclick.net
127.0.0.1 prod.spotify.map.fastlylb.net
127.0.0.1 adserver.adtechus.com
127.0.0.1 na.gmtdmp.com
127.0.0.1 anycast.pixel.adsafeprotected.com
127.0.0.1 ads.pubmatic.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\Pictures\wallpaper.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "DisplayLinkUI"
HKLM\...\StartupApproved\Run: => "UrbanVPN"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "FreeYouTubeDownloader"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "electron.app.Pi Network"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Facebook.MessengerDesktop"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "waupdat3"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{4DDF6874-5570-49B5-8583-8FC3A763217B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{57252589-F5ED-459C-9B3E-FC37E0C3CC54}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09FAECEC-76F4-4E71-873B-461F6C7DD353}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0B5B4923-EE05-441C-93A2-6AECC5F63511}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{C3DB02B0-8F3E-4E1B-B515-3F3FA60014EB}C:\users\hp\downloads\anydesk.exe] => (Allow) C:\users\hp\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [TCP Query User{4C9AB791-63C2-4831-A181-09BC7784739E}C:\users\hp\downloads\anydesk.exe] => (Allow) C:\users\hp\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{ABD2A3B4-0EC3-4E37-819C-5BF4B84F921D}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{69A3DDE0-DE26-461D-BC77-CF9448EB47D2}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{DCCDAB03-6BF3-4E4D-9C2D-6036D3BBC510}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{4125549A-90C9-420C-A621-F6B13A06CD9F}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{743A70F2-6F8A-42A5-84E3-D2D29DAF2C91}] => (Allow) C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{FD9B5B77-F649-4922-9EAC-521C1EC69772}] => (Allow) C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{24BE4400-0CFE-49C1-8B72-99672C090E55}] => (Block) E:\Super Meat Boy\SuperMeatBoy.exe () [File not signed]
FirewallRules: [TCP Query User{2C9A4775-3AA0-4442-A729-8FF8BAA8C85D}C:\users\hp\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\hp\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [UDP Query User{61C66CEA-D795-4C31-B69E-5055004F6059}C:\users\hp\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\hp\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [{A060BD33-EA28-448B-B1ED-E706A66008F3}] => (Allow) LPort=5900
FirewallRules: [{B7BED451-CFBE-4A74-9989-D27243FFE60F}] => (Allow) LPort=5800
FirewallRules: [{CF7C7A01-73E9-414F-8321-D9F758DB0162}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{FADB8A20-0C04-4D22-AA32-700EE21F84A3}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [TCP Query User{88646A3F-A6DF-477B-822E-7BF9BA91D838}C:\program files\uvnc bvba\ultravnc\repeater.exe] => (Block) C:\program files\uvnc bvba\ultravnc\repeater.exe (uvnc bvba -> )
FirewallRules: [UDP Query User{F94947A2-A080-4135-B1D5-61548B6DCB93}C:\program files\uvnc bvba\ultravnc\repeater.exe] => (Block) C:\program files\uvnc bvba\ultravnc\repeater.exe (uvnc bvba -> )
FirewallRules: [{81CCE2E1-F521-4565-A355-F1994DC6FC52}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6EC93D95-40D4-4EC5-9981-60211C2DE5B4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2676546E-FE30-4EB5-98C2-D0EC40F451F2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14CD2B8F-A801-4E03-BF09-AAA1E10FC269}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8B0FC86-D1AF-4983-A71D-1960677B0DAE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2B7D9D93-6C08-4D70-B191-36D26AD05288}] => (Allow) C:\Games\Need for Speed Rivals\NFS14_x86.exe (Electronic Arts) [File not signed]
FirewallRules: [{546EB478-F1F0-42A7-83F0-3742580BDD15}] => (Allow) C:\Games\Need for Speed Rivals\NFS14_x86.exe (Electronic Arts) [File not signed]
FirewallRules: [{09A48E68-98C8-470B-8C2C-0A53D8A81696}] => (Allow) C:\Games\Need for Speed Rivals\NFS14.exe (Electronic Arts) [File not signed]
FirewallRules: [{ED94F034-8B54-4E78-B54D-F6B5A8E8989A}] => (Allow) C:\Games\Need for Speed Rivals\NFS14.exe (Electronic Arts) [File not signed]
FirewallRules: [TCP Query User{D107B5AA-D456-4AE5-AA65-5BF3DD582A5A}C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe] => (Allow) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [UDP Query User{FB83D1B1-7562-4588-845E-9067C4656E9A}C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe] => (Allow) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [{99E7DB49-8B17-462F-BADB-95303760C6D8}] => (Block) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [{409AAD36-52EB-4CAC-BB3E-83FBB184B2AA}] => (Block) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [{EEE0D7A6-BFB3-4FC3-92F6-812049B32631}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/03/2021 07:05:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
 
System errors:
=============
Error: (06/03/2021 12:33:23 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (06/03/2021 12:32:42 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-ESKAMO)
Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1023.0_neutral__8wekyb3d8bbwe!MicrosoftEdge as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
 
Error: (06/03/2021 12:31:52 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-ESKAMO)
Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1023.0_neutral__8wekyb3d8bbwe!MicrosoftEdge as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
 
Error: (06/03/2021 12:27:53 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/03/2021 12:27:49 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/03/2021 12:27:44 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/03/2021 12:27:41 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/03/2021 12:27:37 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
Windows Defender:
================
Date: 2021-06-02 18:27:11
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/PCClean
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar; file:_C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar->Setup.exe; webfile:_C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar|https://mega.nz/|pid...671113270369810
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.339.1874.0, AS: 1.339.1874.0, NIS: 1.339.1874.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-02 14:05:20
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/MpTamperSrvDisableAV.D
Severity: Severe
Category: Trojan
Path: CmdLine:_C:\Windows\System32\sc.exe stop Diagtrack
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.339.1853.0, AS: 1.339.1853.0, NIS: 1.339.1853.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-02 04:08:13
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/MpTamperSrvDisableAV.D
Severity: Severe
Category: Trojan
Path: CmdLine:_C:\Windows\System32\sc.exe stop Diagtrack
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.339.1822.0, AS: 1.339.1822.0, NIS: 1.339.1822.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-01 20:24:35
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: App:Utorrent_BundleInstaller
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\hp\AppData\Roaming\uTorrent\updates\3.5.5_45988.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.339.1822.0, AS: 1.339.1822.0, NIS: 1.339.1822.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-01 20:17:02
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Custom Scan
 
Date: 2021-06-03 10:55:34
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.1889.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18200.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
 
Date: 2021-06-03 07:11:09
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2021-06-02 21:09:57
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2021-06-02 21:03:19
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2021-06-02 20:22:51
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
CodeIntegrity:
===============
Date: 2021-05-29 21:43:02
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: HP N75 Ver. 01.49 07/12/2020
Motherboard: HP 807C
Processor: Intel® Core™ i5-6300U CPU @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 7975.67 MB
Available physical RAM: 3854.3 MB
Total Virtual: 8487.67 MB
Available Virtual: 4033.6 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:524.74 GB) (Free:378.19 GB) NTFS
Drive e: (All) (Fixed) (Total:405.42 GB) (Free:274.96 GB) NTFS
 
\\?\Volume{dee8ee0f-bf5b-4efe-9179-2ffeaadd76c9}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{05f6a5fd-2967-4dc5-a263-2ddfe33d06c8}\ () (Fixed) (Total:0.75 GB) (Free:0.14 GB) NTFS
\\?\Volume{35c31eec-d925-42ed-9bb0-fb06a7706106}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 04CA5994)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


Edited by sweepe, 03 June 2021 - 03:27 AM.

  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,776 posts

Hi, sweepe.

Welcome to GTG Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.
 
Before we start...


Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
======================================
 
There are a lot of things to say regarding your logs.
 
Your computer is infected, but you should already know this: many signs of cracked programs (even though you uninstalled them, the damage is done), manipulated hosts file, μTorrent installed... Have in mind that using pirated/cracked software is an easy way to infect your computer. Almost as easy as intentionally downloading malware. We don't want that, right?
 
In addition, there are signs of a system corruption and hard disk's failure.
 
I strongly recommend you to backup your personal files before we start, in case there is an urgent need of replacing the disk.
 
Meanwhile...

 
Stop using P2P programs

You have μΤorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision. [/font]

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 1 below.

 

 

After backup...

 

 

1. Uninstall programs
 
Uninstall any pirated/cracked program you have installed in your computer.
 
Also uninstall Defraggler.
 
To do that:

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Defraggler
μTorrent (it's up to you)
PIRATED/CRACKED PROGRAMS
  • Select the above programs, one by one and click Uninstall.
  • Restart the computer.

 

2. Uninstall a Chrome extension

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find Avast Online Security, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

 

3. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Start::
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
IE trusted site: HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine.lnk" 
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "FreeYouTubeDownloader"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "electron.app.Pi Network"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "waupdat3"
FirewallRules: [UDP Query User{C3DB02B0-8F3E-4E1B-B515-3F3FA60014EB}C:\users\hp\downloads\anydesk.exe] => (Allow) C:\users\hp\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [TCP Query User{4C9AB791-63C2-4831-A181-09BC7784739E}C:\users\hp\downloads\anydesk.exe] => (Allow) C:\users\hp\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{ABD2A3B4-0EC3-4E37-819C-5BF4B84F921D}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{69A3DDE0-DE26-461D-BC77-CF9448EB47D2}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{DCCDAB03-6BF3-4E4D-9C2D-6036D3BBC510}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{4125549A-90C9-420C-A621-F6B13A06CD9F}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{CF7C7A01-73E9-414F-8321-D9F758DB0162}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{FADB8A20-0C04-4D22-AA32-700EE21F84A3}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [TCP Query User{88646A3F-A6DF-477B-822E-7BF9BA91D838}C:\program files\uvnc bvba\ultravnc\repeater.exe] => (Block) C:\program files\uvnc bvba\ultravnc\repeater.exe (uvnc bvba -> )
FirewallRules: [UDP Query User{F94947A2-A080-4135-B1D5-61548B6DCB93}C:\program files\uvnc bvba\ultravnc\repeater.exe] => (Block) C:\program files\uvnc bvba\ultravnc\repeater.exe (uvnc bvba -> )
FirewallRules: [TCP Query User{D107B5AA-D456-4AE5-AA65-5BF3DD582A5A}C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe] => (Allow) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [UDP Query User{FB83D1B1-7562-4588-845E-9067C4656E9A}C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe] => (Allow) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [{99E7DB49-8B17-462F-BADB-95303760C6D8}] => (Block) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [{409AAD36-52EB-4CAC-BB3E-83FBB184B2AA}] => (Block) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar
C:\Windows\System32\sc.exe stop Diagtrack
C:\Users\hp\AppData\Roaming\uTorrent\updates\3.5.5_45988.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {2B09CD2C-8F70-499E-BF49-110983D7D974} - no filepath
Task: {513CA0E5-E6FA-49D0-83EF-422739A6328F} - System32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun => C:\Program Files (x86)\Advanced System Repair Pro 1.7.0.11\AdvancedSystemRepairPro.exe
Task: {EAF7B668-5618-4CC0-A64F-CFFEC04DB42D} - no filepath
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
R1 asrdmon; C:\WINDOWS\system32\drivers\asrdmon.sys [18024 2021-06-02] (Advance System Care, Inc. -> )
C:\WINDOWS\system32\drivers\asrdmon.sys
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S3 tesrsdt; C:\WINDOWS\system32\drivers\tesrsdt.sys [442128 2019-10-12] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [555064 2019-10-23] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
C:\WINDOWS\system32\drivers\tesrsdt.sys
C:\WINDOWS\system32\TesSafe.sys
2021-06-03 13:40 - 2021-06-03 13:40 - 000000000 ____D C:\Users\hp\.vscode
2021-06-03 13:39 - 2021-06-03 13:39 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-06-03 12:28 - 2021-06-03 12:28 - 000000000 ___HD C:\ProgramData\Dpopci
2021-06-03 12:18 - 2021-06-03 12:23 - 000070283 _____ C:\WINDOWS\ZAM.krnl.trace
2021-06-02 20:48 - 2021-06-02 20:51 - 462712387 _____ (Igor Pavlov) C:\Users\hp\Downloads\Tron+v11.2.0+(2021-05-04).exe
2021-06-02 18:57 - 2021-06-03 07:22 - 000000000 ____D C:\ProgramData\TSRProSettings
2021-06-02 18:57 - 2021-06-02 18:57 - 000018024 _____ C:\WINDOWS\system32\Drivers\asrdmon.sys
2021-06-02 18:57 - 2021-06-02 18:57 - 000003486 _____ C:\WINDOWS\system32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun
2021-06-02 18:27 - 2021-06-02 18:27 - 014793017 _____ C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar
2021-06-02 18:27 - 2021-06-02 18:27 - 000000000 ____D C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full
2021-06-02 18:26 - 2021-06-02 18:26 - 000000000 ____D C:\ProgramData\McAfee
2021-06-02 18:25 - 2021-06-02 18:25 - 002712352 _____ ( ) C:\Users\hp\Downloads\Restoro Advanced Cleaner - Linkvertise Downloader_M1tqu-1.exe
2021-06-02 17:15 - 2021-06-02 17:15 - 040488656 _____ (Adlice Software ) C:\Users\hp\Downloads\RogueKiller_setup.exe
2021-06-02 16:57 - 2021-06-02 16:57 - 000000000 ____D C:\Users\hp\AppData\Local\Zemana
2021-06-02 16:43 - 2021-06-02 16:56 - 000000000 ____D C:\Users\hp\Downloads\Zemana AntiMalware Premium 3.2.15 incl Patch [CrackingPatching]
2021-06-02 16:18 - 2021-06-02 16:18 - 000000000 ____D C:\Users\hp\Downloads\SpyHunter.Malware.Security.Suite.v4.25.6.4782.E.Portable.Multilingua-iCV-CreW
2021-06-02 16:01 - 2021-06-03 12:22 - 000000000 ____D C:\Program Files\HitmanPro
2021-06-02 16:01 - 2021-06-02 16:18 - 000000000 ____D C:\ProgramData\HitmanPro
2021-06-02 15:58 - 2021-06-02 16:01 - 120830415 ____R C:\Users\hp\Downloads\SpyHunter.Malware.Security.Suite.v4.25.6.4782.E.Portable.Multilingua-iCV-CreW.rar
2021-06-02 15:58 - 2021-06-02 16:01 - 000000000 ____D C:\Users\hp\Downloads\HitmanPro v3.8.15 Build 306 + Crack
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Users\hp\Downloads\IBM SPSS Statistics 25.0 (x64) Multilingual + Crack [SadeemPC]-20210602T015440Z-001
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Users\hp\AppData\LocalLow\IObit
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Program Files (x86)\IObit
2021-06-02 07:39 - 2021-06-02 07:40 - 000000000 ____D C:\ProgramData\IObit
2021-06-02 04:08 - 2021-06-02 04:08 - 000000000 ____D C:\Users\hp\AppData\Local\OO Software
2021-06-01 23:39 - 2021-06-01 23:39 - 000000000 ____D C:\ProgramData\Sophos
2021-06-01 23:30 - 2021-06-03 11:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-01 11:53 - 2021-06-01 11:53 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2021-06-01 11:47 - 2021-06-01 11:47 - 000752296 _____ C:\Users\hp\Downloads\adware-removal-tool-by-tsa.exe
2021-06-01 11:46 - 2021-06-01 11:50 - 011697056 _____ (ESET) C:\Users\hp\Downloads\esetonlinescanner.exe
2021-05-31 21:47 - 2021-06-01 07:08 - 000000000 ____D C:\Users\hp\Documents\RegRun2
2021-05-31 21:46 - 2021-06-01 07:11 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2021-05-31 21:46 - 2021-06-01 07:11 - 000000000 ____D C:\ProgramData\Documents\RegRunInfo
2021-05-31 21:45 - 2021-06-01 07:19 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2021-05-31 20:52 - 2021-05-31 20:52 - 000000000 ____D C:\Users\hp\Documents\recovery regedit
2021-05-31 19:36 - 2021-05-31 19:36 - 000000000 ____D C:\ProgramData\VS Revo Group
2021-05-31 15:18 - 2021-06-01 13:53 - 000000000 ____D C:\Users\hp\AppData\Roaming\SysInfoTool
2021-05-12 07:56 - 2021-05-12 11:37 - 000000000 ____D C:\Users\hp\Downloads\Dragon Ball XenoVerse PC full game + DLC ^^nosTEAM^^
2021-05-12 07:45 - 2021-06-02 16:33 - 000000000 ____D C:\Games
2021-05-12 07:06 - 2021-05-12 07:42 - 000000000 ____D C:\ProgramData\TrackmaniaTurbo
2021-05-12 07:06 - 2021-05-12 07:08 - 000000000 ____D C:\Users\hp\Documents\TrackmaniaTurbo
2021-05-11 23:42 - 2021-05-11 23:42 - 000000000 ____D C:\Users\hp\AppData\Roaming\RenPy
2021-05-11 21:48 - 2021-05-11 23:20 - 000000000 ____D C:\Users\hp\Downloads\Saints Row The Third The Full Package - [DODI Repack]
2021-05-11 21:43 - 2021-05-11 21:43 - 000106496 _____ (PCGameBenchmark) C:\Users\hp\Downloads\PCGameBenchmark_Detector (1).exe
2021-05-10 22:50 - 2021-05-11 07:15 - 000000000 ____D C:\Users\hp\AppData\Local\New Technology Studio
2021-05-10 18:17 - 2021-05-10 18:17 - 000000000 ____D C:\ProgramData\Steam
2021-05-10 18:17 - 2021-05-10 18:17 - 000000000 ____D C:\ProgramData\Socialclub
2021-06-02 19:12 - 2020-07-31 12:26 - 000000000 ____D C:\Users\hp\AppData\Roaming\Movavi Video Editor Plus 2020
2021-06-01 22:15 - 2020-12-14 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-06-01 21:09 - 2019-01-21 22:04 - 000000000 ____D C:\Users\hp\AppData\Local\Opera Software
2021-06-01 21:02 - 2019-01-21 22:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\Opera Software
2021-06-01 19:44 - 2020-04-15 12:36 - 000000000 ____D C:\Users\hp\AppData\Local\ESET
2021-05-31 21:13 - 2020-05-18 22:03 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2021-05-31 21:13 - 2020-05-18 22:03 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2021-05-30 14:56 - 2019-12-07 14:59 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-13 15:16 - 2020-05-08 11:07 - 000000000 ____D C:\Program Files\YouTube Downloader
2021-05-13 15:14 - 2019-02-02 09:57 - 000000000 ____D C:\ProgramData\Adobe
2021-05-13 15:11 - 2020-08-07 10:01 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidify
2021-05-13 15:11 - 2020-08-07 10:01 - 000000000 ____D C:\Program Files (x86)\Sidify
Task: {D9D89AC6-4ACD-4F2D-8531-D493D384FD5C} - System32\Tasks\Microsoft\Windows\Device Information\CHxReadingStriook => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe "C:\Program Files (x86)\Common Files\CommandDeveloper\UbilsBzuetooth\rdwsing_l1_17_0.dll"
C:\Program Files (x86)\Common Files\CommandDeveloper
C:\Program Files (x86)\Common Files\Adobe
C:\users\hp\downloads\anydesk.exe
C:\Users\hp\AppData\Roaming\Tencent
C:\Program Files\uvnc bvba
C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) 
C:\Program Files (x86)\Advanced System Repair Pro 1.7.0.11\AdvancedSystemRepairPro.exe
Hosts:
EmptyTemp: 
End::
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

In your next reply please post:

  • What did you uninstall
  • The fixlog.txt

  • 0

#3
sweepe

sweepe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi DR M,
Thank you for guiding me through this. I have read each and everything and thank you for those information as well. Should I be concerned in replacing my recent hardware with a new one?

Things uninstalled:
torrent
Defraggler
NFS: Rivals
Inside

The Fixlog
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-06-2021
Ran by hp (03-06-2021 22:04:39) Run:1
Running from C:\Users\hp\Downloads
Loaded Profiles: hp
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
IE trusted site: HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine.lnk" 
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "FreeYouTubeDownloader"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "electron.app.Pi Network"
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\...\StartupApproved\Run: => "waupdat3"
FirewallRules: [UDP Query User{C3DB02B0-8F3E-4E1B-B515-3F3FA60014EB}C:\users\hp\downloads\anydesk.exe] => (Allow) C:\users\hp\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [TCP Query User{4C9AB791-63C2-4831-A181-09BC7784739E}C:\users\hp\downloads\anydesk.exe] => (Allow) C:\users\hp\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{ABD2A3B4-0EC3-4E37-819C-5BF4B84F921D}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{69A3DDE0-DE26-461D-BC77-CF9448EB47D2}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{DCCDAB03-6BF3-4E4D-9C2D-6036D3BBC510}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{4125549A-90C9-420C-A621-F6B13A06CD9F}] => (Allow) C:\Users\hp\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe => No File
FirewallRules: [{CF7C7A01-73E9-414F-8321-D9F758DB0162}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{FADB8A20-0C04-4D22-AA32-700EE21F84A3}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [TCP Query User{88646A3F-A6DF-477B-822E-7BF9BA91D838}C:\program files\uvnc bvba\ultravnc\repeater.exe] => (Block) C:\program files\uvnc bvba\ultravnc\repeater.exe (uvnc bvba -> )
FirewallRules: [UDP Query User{F94947A2-A080-4135-B1D5-61548B6DCB93}C:\program files\uvnc bvba\ultravnc\repeater.exe] => (Block) C:\program files\uvnc bvba\ultravnc\repeater.exe (uvnc bvba -> )
FirewallRules: [TCP Query User{D107B5AA-D456-4AE5-AA65-5BF3DD582A5A}C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe] => (Allow) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [UDP Query User{FB83D1B1-7562-4588-845E-9067C4656E9A}C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe] => (Allow) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [{99E7DB49-8B17-462F-BADB-95303760C6D8}] => (Block) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
FirewallRules: [{409AAD36-52EB-4CAC-BB3E-83FBB184B2AA}] => (Block) C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe => No File
C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar
C:\Windows\System32\sc.exe stop Diagtrack
C:\Users\hp\AppData\Roaming\uTorrent\updates\3.5.5_45988.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {2B09CD2C-8F70-499E-BF49-110983D7D974} - no filepath
Task: {513CA0E5-E6FA-49D0-83EF-422739A6328F} - System32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun => C:\Program Files (x86)\Advanced System Repair Pro 1.7.0.11\AdvancedSystemRepairPro.exe
Task: {EAF7B668-5618-4CC0-A64F-CFFEC04DB42D} - no filepath
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
R1 asrdmon; C:\WINDOWS\system32\drivers\asrdmon.sys [18024 2021-06-02] (Advance System Care, Inc. -> )
C:\WINDOWS\system32\drivers\asrdmon.sys
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S3 tesrsdt; C:\WINDOWS\system32\drivers\tesrsdt.sys [442128 2019-10-12] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [555064 2019-10-23] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
C:\WINDOWS\system32\drivers\tesrsdt.sys
C:\WINDOWS\system32\TesSafe.sys
2021-06-03 13:40 - 2021-06-03 13:40 - 000000000 ____D C:\Users\hp\.vscode
2021-06-03 13:39 - 2021-06-03 13:39 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-06-03 12:28 - 2021-06-03 12:28 - 000000000 ___HD C:\ProgramData\Dpopci
2021-06-03 12:18 - 2021-06-03 12:23 - 000070283 _____ C:\WINDOWS\ZAM.krnl.trace
2021-06-02 20:48 - 2021-06-02 20:51 - 462712387 _____ (Igor Pavlov) C:\Users\hp\Downloads\Tron+v11.2.0+(2021-05-04).exe
2021-06-02 18:57 - 2021-06-03 07:22 - 000000000 ____D C:\ProgramData\TSRProSettings
2021-06-02 18:57 - 2021-06-02 18:57 - 000018024 _____ C:\WINDOWS\system32\Drivers\asrdmon.sys
2021-06-02 18:57 - 2021-06-02 18:57 - 000003486 _____ C:\WINDOWS\system32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun
2021-06-02 18:27 - 2021-06-02 18:27 - 014793017 _____ C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar
2021-06-02 18:27 - 2021-06-02 18:27 - 000000000 ____D C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full
2021-06-02 18:26 - 2021-06-02 18:26 - 000000000 ____D C:\ProgramData\McAfee
2021-06-02 18:25 - 2021-06-02 18:25 - 002712352 _____ ( ) C:\Users\hp\Downloads\Restoro Advanced Cleaner - Linkvertise Downloader_M1tqu-1.exe
2021-06-02 17:15 - 2021-06-02 17:15 - 040488656 _____ (Adlice Software ) C:\Users\hp\Downloads\RogueKiller_setup.exe
2021-06-02 16:57 - 2021-06-02 16:57 - 000000000 ____D C:\Users\hp\AppData\Local\Zemana
2021-06-02 16:43 - 2021-06-02 16:56 - 000000000 ____D C:\Users\hp\Downloads\Zemana AntiMalware Premium 3.2.15 incl Patch [CrackingPatching]
2021-06-02 16:18 - 2021-06-02 16:18 - 000000000 ____D C:\Users\hp\Downloads\SpyHunter.Malware.Security.Suite.v4.25.6.4782.E.Portable.Multilingua-iCV-CreW
2021-06-02 16:01 - 2021-06-03 12:22 - 000000000 ____D C:\Program Files\HitmanPro
2021-06-02 16:01 - 2021-06-02 16:18 - 000000000 ____D C:\ProgramData\HitmanPro
2021-06-02 15:58 - 2021-06-02 16:01 - 120830415 ____R C:\Users\hp\Downloads\SpyHunter.Malware.Security.Suite.v4.25.6.4782.E.Portable.Multilingua-iCV-CreW.rar
2021-06-02 15:58 - 2021-06-02 16:01 - 000000000 ____D C:\Users\hp\Downloads\HitmanPro v3.8.15 Build 306 + Crack
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Users\hp\Downloads\IBM SPSS Statistics 25.0 (x64) Multilingual + Crack [SadeemPC]-20210602T015440Z-001
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Users\hp\AppData\LocalLow\IObit
2021-06-02 07:40 - 2021-06-02 07:40 - 000000000 ____D C:\Program Files (x86)\IObit
2021-06-02 07:39 - 2021-06-02 07:40 - 000000000 ____D C:\ProgramData\IObit
2021-06-02 04:08 - 2021-06-02 04:08 - 000000000 ____D C:\Users\hp\AppData\Local\OO Software
2021-06-01 23:39 - 2021-06-01 23:39 - 000000000 ____D C:\ProgramData\Sophos
2021-06-01 23:30 - 2021-06-03 11:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-01 11:53 - 2021-06-01 11:53 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2021-06-01 11:47 - 2021-06-01 11:47 - 000752296 _____ C:\Users\hp\Downloads\adware-removal-tool-by-tsa.exe
2021-06-01 11:46 - 2021-06-01 11:50 - 011697056 _____ (ESET) C:\Users\hp\Downloads\esetonlinescanner.exe
2021-05-31 21:47 - 2021-06-01 07:08 - 000000000 ____D C:\Users\hp\Documents\RegRun2
2021-05-31 21:46 - 2021-06-01 07:11 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2021-05-31 21:46 - 2021-06-01 07:11 - 000000000 ____D C:\ProgramData\Documents\RegRunInfo
2021-05-31 21:45 - 2021-06-01 07:19 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2021-05-31 20:52 - 2021-05-31 20:52 - 000000000 ____D C:\Users\hp\Documents\recovery regedit
2021-05-31 19:36 - 2021-05-31 19:36 - 000000000 ____D C:\ProgramData\VS Revo Group
2021-05-31 15:18 - 2021-06-01 13:53 - 000000000 ____D C:\Users\hp\AppData\Roaming\SysInfoTool
2021-05-12 07:56 - 2021-05-12 11:37 - 000000000 ____D C:\Users\hp\Downloads\Dragon Ball XenoVerse PC full game + DLC ^^nosTEAM^^
2021-05-12 07:45 - 2021-06-02 16:33 - 000000000 ____D C:\Games
2021-05-12 07:06 - 2021-05-12 07:42 - 000000000 ____D C:\ProgramData\TrackmaniaTurbo
2021-05-12 07:06 - 2021-05-12 07:08 - 000000000 ____D C:\Users\hp\Documents\TrackmaniaTurbo
2021-05-11 23:42 - 2021-05-11 23:42 - 000000000 ____D C:\Users\hp\AppData\Roaming\RenPy
2021-05-11 21:48 - 2021-05-11 23:20 - 000000000 ____D C:\Users\hp\Downloads\Saints Row The Third The Full Package - [DODI Repack]
2021-05-11 21:43 - 2021-05-11 21:43 - 000106496 _____ (PCGameBenchmark) C:\Users\hp\Downloads\PCGameBenchmark_Detector (1).exe
2021-05-10 22:50 - 2021-05-11 07:15 - 000000000 ____D C:\Users\hp\AppData\Local\New Technology Studio
2021-05-10 18:17 - 2021-05-10 18:17 - 000000000 ____D C:\ProgramData\Steam
2021-05-10 18:17 - 2021-05-10 18:17 - 000000000 ____D C:\ProgramData\Socialclub
2021-06-02 19:12 - 2020-07-31 12:26 - 000000000 ____D C:\Users\hp\AppData\Roaming\Movavi Video Editor Plus 2020
2021-06-01 22:15 - 2020-12-14 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-06-01 21:09 - 2019-01-21 22:04 - 000000000 ____D C:\Users\hp\AppData\Local\Opera Software
2021-06-01 21:02 - 2019-01-21 22:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\Opera Software
2021-06-01 19:44 - 2020-04-15 12:36 - 000000000 ____D C:\Users\hp\AppData\Local\ESET
2021-05-31 21:13 - 2020-05-18 22:03 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2021-05-31 21:13 - 2020-05-18 22:03 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2021-05-30 14:56 - 2019-12-07 14:59 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-13 15:16 - 2020-05-08 11:07 - 000000000 ____D C:\Program Files\YouTube Downloader
2021-05-13 15:14 - 2019-02-02 09:57 - 000000000 ____D C:\ProgramData\Adobe
2021-05-13 15:11 - 2020-08-07 10:01 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidify
2021-05-13 15:11 - 2020-08-07 10:01 - 000000000 ____D C:\Program Files (x86)\Sidify
Task: {D9D89AC6-4ACD-4F2D-8531-D493D384FD5C} - System32\Tasks\Microsoft\Windows\Device Information\CHxReadingStriook => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe "C:\Program Files (x86)\Common Files\CommandDeveloper\UbilsBzuetooth\rdwsing_l1_17_0.dll"
C:\Program Files (x86)\Common Files\CommandDeveloper
C:\Program Files (x86)\Common Files\Adobe
C:\users\hp\downloads\anydesk.exe
C:\Users\hp\AppData\Roaming\Tencent
C:\Program Files\uvnc bvba
C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) 
C:\Program Files (x86)\Advanced System Repair Pro 1.7.0.11\AdvancedSystemRepairPro.exe
Hosts:
EmptyTemp: 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   AccExtIco1 => removed successfully
HKLM\Software\Classes\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   AccExtIco2 => removed successfully
HKLM\Software\Classes\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   AccExtIco3 => removed successfully
HKLM\Software\Classes\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AccExt => removed successfully
HKLM\Software\Classes\CLSID\{2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\AccExt => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Avast SecureLine.lnk" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeGCInvoker-1.0" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeGCInvoker-1.0" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeAAMUpdater-1.0" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Adobe ARM" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\EaseUS EPM Tray Agent" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\EaseUS EPM Tray Agent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Wondershare Helper Compact.exe" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\RazerCortex" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RazerCortex" => not found
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\FreeYouTubeDownloader" => removed successfully
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FreeYouTubeDownloader" => not found
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Web Companion" => removed successfully
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Viber" => removed successfully
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Viber" => not found
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Steam" => removed successfully
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Steam" => not found
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\electron.app.Pi Network" => removed successfully
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\electron.app.Pi Network" => not found
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\waupdat3" => removed successfully
"HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\waupdat3" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C3DB02B0-8F3E-4E1B-B515-3F3FA60014EB}C:\users\hp\downloads\anydesk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4C9AB791-63C2-4831-A181-09BC7784739E}C:\users\hp\downloads\anydesk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ABD2A3B4-0EC3-4E37-819C-5BF4B84F921D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69A3DDE0-DE26-461D-BC77-CF9448EB47D2}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCCDAB03-6BF3-4E4D-9C2D-6036D3BBC510}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4125549A-90C9-420C-A621-F6B13A06CD9F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF7C7A01-73E9-414F-8321-D9F758DB0162}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FADB8A20-0C04-4D22-AA32-700EE21F84A3}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{88646A3F-A6DF-477B-822E-7BF9BA91D838}C:\program files\uvnc bvba\ultravnc\repeater.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F94947A2-A080-4135-B1D5-61548B6DCB93}C:\program files\uvnc bvba\ultravnc\repeater.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D107B5AA-D456-4AE5-AA65-5BF3DD582A5A}C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FB83D1B1-7562-4588-845E-9067C4656E9A}C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation) {crackshash}\activator fix\activator fix\licensemalwarebytes.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99E7DB49-8B17-462F-BADB-95303760C6D8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{409AAD36-52EB-4CAC-BB3E-83FBB184B2AA}" => not found
"C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar" => not found
"C:\Windows\System32\sc.exe stop Diagtrack" => not found
"C:\Users\hp\AppData\Roaming\uTorrent\updates\3.5.5_45988.exe" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B09CD2C-8F70-499E-BF49-110983D7D974}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B09CD2C-8F70-499E-BF49-110983D7D974}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{513CA0E5-E6FA-49D0-83EF-422739A6328F}" => not found
"C:\WINDOWS\System32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedSystemRepairPro-Maintenance-Autorun" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAF7B668-5618-4CC0-A64F-CFFEC04DB42D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAF7B668-5618-4CC0-A64F-CFFEC04DB42D}" => removed successfully
"HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08" => not found
"HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8" => not found
"HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824" => not found
"HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368" => not found
"HKLM\Software\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated" => not found
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
asrdmon => service not found.
"C:\WINDOWS\system32\drivers\asrdmon.sys" => not found
amsdk => service not found.
HKLM\System\CurrentControlSet\Services\tesrsdt => removed successfully
tesrsdt => service removed successfully
HKLM\System\CurrentControlSet\Services\TesSafe => removed successfully
TesSafe => service removed successfully
C:\WINDOWS\system32\drivers\tesrsdt.sys => moved successfully
C:\WINDOWS\system32\TesSafe.sys => moved successfully
C:\Users\hp\.vscode => moved successfully
C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code => moved successfully
C:\ProgramData\Dpopci => moved successfully
C:\WINDOWS\ZAM.krnl.trace => moved successfully
C:\Users\hp\Downloads\Tron+v11.2.0+(2021-05-04).exe => moved successfully
C:\ProgramData\TSRProSettings => moved successfully
"C:\WINDOWS\system32\Drivers\asrdmon.sys" => not found
"C:\WINDOWS\system32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun" => not found
"C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full.rar" => not found
"C:\Users\hp\Downloads\Advanced System Repair Pro 2020 Full" => not found
C:\ProgramData\McAfee => moved successfully
"C:\Users\hp\Downloads\Restoro Advanced Cleaner - Linkvertise Downloader_M1tqu-1.exe" => not found
"C:\Users\hp\Downloads\RogueKiller_setup.exe" => not found
C:\Users\hp\AppData\Local\Zemana => moved successfully
"C:\Users\hp\Downloads\Zemana AntiMalware Premium 3.2.15 incl Patch [CrackingPatching]" => not found
"C:\Users\hp\Downloads\SpyHunter.Malware.Security.Suite.v4.25.6.4782.E.Portable.Multilingua-iCV-CreW" => not found
"C:\Program Files\HitmanPro" => not found
C:\ProgramData\HitmanPro => moved successfully
"C:\Users\hp\Downloads\SpyHunter.Malware.Security.Suite.v4.25.6.4782.E.Portable.Multilingua-iCV-CreW.rar" => not found
"C:\Users\hp\Downloads\HitmanPro v3.8.15 Build 306 + Crack" => not found
"C:\Users\hp\Downloads\IBM SPSS Statistics 25.0 (x64) Multilingual + Crack [SadeemPC]-20210602T015440Z-001" => not found
C:\Users\hp\AppData\LocalLow\IObit => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Users\hp\AppData\Local\OO Software => moved successfully
C:\ProgramData\Sophos => moved successfully
C:\ProgramData\Malwarebytes => moved successfully
C:\Program Files (x86)\Adware Removal Tool by TSA => moved successfully
C:\Users\hp\Downloads\adware-removal-tool-by-tsa.exe => moved successfully
C:\Users\hp\Downloads\esetonlinescanner.exe => moved successfully
"C:\Users\hp\Documents\RegRun2" => not found
C:\Users\Public\Documents\RegRunInfo => moved successfully
"C:\ProgramData\Documents\RegRunInfo" => not found
C:\Program Files (x86)\UnHackMe => moved successfully
"C:\Users\hp\Documents\recovery regedit" => not found
C:\ProgramData\VS Revo Group => moved successfully
C:\Users\hp\AppData\Roaming\SysInfoTool => moved successfully
C:\Users\hp\Downloads\Dragon Ball XenoVerse PC full game + DLC ^^nosTEAM^^ => moved successfully
"C:\Games" => not found
C:\ProgramData\TrackmaniaTurbo => moved successfully
"C:\Users\hp\Documents\TrackmaniaTurbo" => not found
C:\Users\hp\AppData\Roaming\RenPy => moved successfully
C:\Users\hp\Downloads\Saints Row The Third The Full Package - [DODI Repack] => moved successfully
C:\Users\hp\Downloads\PCGameBenchmark_Detector (1).exe => moved successfully
C:\Users\hp\AppData\Local\New Technology Studio => moved successfully
C:\ProgramData\Steam => moved successfully
C:\ProgramData\Socialclub => moved successfully
C:\Users\hp\AppData\Roaming\Movavi Video Editor Plus 2020 => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio => moved successfully
C:\Users\hp\AppData\Local\Opera Software => moved successfully
C:\Users\hp\AppData\Roaming\Opera Software => moved successfully
C:\Users\hp\AppData\Local\ESET => moved successfully
C:\ProgramData\BlueStacksSetup => moved successfully
"C:\ProgramData\BlueStacksSetup" => not found
C:\WINDOWS\ImmersiveControlPanel => moved successfully
C:\Program Files\YouTube Downloader => moved successfully
C:\ProgramData\Adobe => moved successfully
C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidify => moved successfully
C:\Program Files (x86)\Sidify => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D9D89AC6-4ACD-4F2D-8531-D493D384FD5C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9D89AC6-4ACD-4F2D-8531-D493D384FD5C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Device Information\CHxReadingStriook => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Device Information\CHxReadingStriook" => removed successfully
C:\Program Files (x86)\Common Files\CommandDeveloper => moved successfully
C:\Program Files (x86)\Common Files\Adobe => moved successfully
C:\users\hp\downloads\anydesk.exe => moved successfully
"C:\Users\hp\AppData\Roaming\Tencent" => not found
"C:\Program Files\uvnc bvba" => not found
"C:\users\hp\downloads\malwarebytes premium v4.2.0.82 + fix (lifetime activation)" => not found
"C:\Program Files (x86)\Advanced System Repair Pro 1.7.0.11\AdvancedSystemRepairPro.exe" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15839362 B
Java, Flash, Steam htmlcache => 101402936 B
Windows/system/drivers => 214560 B
Edge => 0 B
Chrome => 106876527 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 6656 B
NetworkService => 14046 B
hp => 298004198 B
DefaultAppPool => 298004198 B
 
RecycleBin => 0 B
EmptyTemp: => 788.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:07:42 ====

Thank you again,DR M, I am sending this as soon as reboot, so I don't really know if this fixed but I will let you know as soon as I get something.

  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,776 posts

Hi, sweepe.
 
You are very welcome.
 
Good decision to uninstall those programs. 
 
As for the system and the disk, we will make additional tests after the cleaning procedure, so we will have more clear evidence. 
 
The fixlog is good.
 
Let's move on.
 
1. Completely uninstall and reinstall Malwarebytes
 
You don't have Malwarebytes right now installed, but the program is listed as enabled in the Security Center part of the logs. Let's fix this using the Malwarebytes Support Tool in order to do a clean reinstall.
 
See Uninstall and reinstall using the Malwarebytes Support Tool at  https://support.malw...m/docs/DOC-2674

1. Download and run the Malwarebytes Support Tool.
2. Accept the License Agreement and click Next.
3. Select Advanced on the left and then choose Clean.
4. Click Yes to remove all Malwarebytes products and then click OK to reboot your computer.
5. After restarting the computer, reboot, install Malwarebytes .


2. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

3. Run Malwarebytes (Scan mode)

  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:

  • If everything went fine with Malwarebytes
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#5
sweepe

sweepe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi,

 

Thank you, the extension is finally removed and isn't showing up again.

1. Yes the Uninstall and Re-install went properly

2. AdwCleaner [S00].txt
 

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-05-17.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-04-2021
# Duration: 00:00:22
# OS:       Windows 10 Pro
# Scanned:  31959
# Detected: 16
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.WebCompanion       C:\Program Files (x86)\Lavasoft\Web Companion
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Classes\AppID\{233F8F82-F91E-4E49-2222-BD21AB39D1BB}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Classes\tscmon.Gate
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Wow6432Node\\Classes\AppID\{233F8F82-F91E-4E49-2222-BD21AB39D1BB}
PUP.Optional.AdvancedSystemRepairPro HKLM\Software\Wow6432Node\\Classes\CLSID\{233F8F82-F91E-4E49-2222-BD21AB39D1BB}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe
PUP.Optional.Legacy             HKLM\Software\Classes\METNSD
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe
PUP.Optional.SpeedItupFree      HKLM\Software\Classes\AppID\{A245B088-41FA-478E-8DEA-86177F1394BB}
PUP.Optional.SpeedItupFree      HKLM\Software\Wow6432Node\\Classes\AppID\{A245B088-41FA-478E-8DEA-86177F1394BB}
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.HPCeement   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForHP 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\hp\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
3. Malwarebytes Report

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/4/21
Scan Time: 7:09 AM
Log File: 8a35f9d4-c4d3-11eb-80a3-a08cfd9b7f74.json
 
-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1318
Update Package Version: 1.0.41277
License: Trial
 
-System Information-
OS: Windows 10 (Build 19043.1023)
CPU: x64
File System: NTFS
User: DESKTOP-ESKAMO\hp
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 311786
Threats Detected: 12
Threats Quarantined: 0
Time Elapsed: 16 min, 25 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, 3885, -1, 0.0.0, , action, , , 
 
Registry Value: 11
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, No Action By User, 3885, 943647, 1.0.41277, , ame, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, No Action By User, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, No Action By User, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, No Action By User, 3885, 943647, 1.0.41277, , ame, , , 
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7028, 676881, 1.0.41277, , ame, , , 
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7028, 676881, 1.0.41277, , ame, , , 
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,776 posts

Thank you for the logs.
 
The scans were done in Scan mode, meaning that nothing is cleaned yet. Let's clean now.


1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I keep only the programs I need/use. But it's your computer, so your decision.
 
To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply (Choose More Reply Options at the bottom right corner of the reply area and then choose Attach Files)

 

 

In your next reply, please post:

  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. The fresh FRST logs, FRST and Addition

  • 0

#7
sweepe

sweepe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I have gone through and have done exactly as you have guided.

1. AdwCleaner[C01].txt
 

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-05-17.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-04-2021
# Duration: 00:00:06
# OS:       Windows 10 Pro
# Cleaned:  16
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Program Files (x86)\Lavasoft\Web Companion
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe
Deleted       HKLM\Software\Classes\AppID\{233F8F82-F91E-4E49-2222-BD21AB39D1BB}
Deleted       HKLM\Software\Classes\AppID\{A245B088-41FA-478E-8DEA-86177F1394BB}
Deleted       HKLM\Software\Classes\METNSD
Deleted       HKLM\Software\Classes\tscmon.Gate
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{233F8F82-F91E-4E49-2222-BD21AB39D1BB}
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{A245B088-41FA-478E-8DEA-86177F1394BB}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{233F8F82-F91E-4E49-2222-BD21AB39D1BB}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.HPCeement   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForHP
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\hp\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [2969 octets] - [04/06/2021 07:04:28]
AdwCleaner[S01].txt - [3030 octets] - [04/06/2021 11:33:48]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

2. Malwarebytes report

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/4/21
Scan Time: 11:45 AM
Log File: 2ffe6178-c4fa-11eb-aa4a-a08cfd9b7f74.json
 
-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1318
Update Package Version: 1.0.41285
License: Trial
 
-System Information-
OS: Windows 10 (Build 19043.1023)
CPU: x64
File System: NTFS
User: DESKTOP-ESKAMO\hp
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 311839
Threats Detected: 12
Threats Quarantined: 12
Time Elapsed: 17 min, 19 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, 3885, -1, 0.0.0, , action, , , 
 
Registry Value: 11
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Quarantined, 3885, 943647, 1.0.41285, , ame, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2123003089-4285120140-3240528571-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Quarantined, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Quarantined, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 3885, -1, 0.0.0, , action, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 3885, -1, 0.0.0, , action, , , 
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarantined, 7028, 676881, 1.0.41285, , ame, , , 
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Quarantined, 3885, 943647, 1.0.41285, , ame, , , 
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarantined, 7028, 676881, 1.0.41285, , ame, , , 
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

3. Please find attached.

Thank You

 

Attached Files


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,776 posts

Hi, sweepe.
 
I would like to remind you that no downloads are allowed during the cleaning procedure, since things become more complicated. I see, for example, that you have the following new download:
 
2021-06-04 07:17 - 2021-06-04 07:31 - 1162084241 _____ C:\Users\hp\Downloads\PixelExperience_Plus_oneplus3-10.0-20201226-1524-OFFICIAL.zip

 

Also, there are signs of Free Fixer, after we talked.
 

 

Regarding malware, the logs, seem much better now. 
 
Let's continue:
 
 
1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
2021-06-03 15:41 - 2018-10-04 12:08 - 000013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2021-06-03 15:15 - 2021-06-03 15:43 - 000000000 ____D C:\Users\hp\AppData\Local\FreeFixer
2021-06-03 15:15 - 2021-06-03 15:15 - 000000000 ____D C:\Users\hp\AppData\Roaming\FreeFixer
2021-06-03 14:20 - 2021-06-03 20:37 - 000000000 ____D C:\Users\hp\AppData\Local\BitTorrentHelper
2021-06-01 22:03 - 2021-02-12 23:09 - 000205552 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2021-06-03 21:01 - 2019-01-21 22:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\uTorrent
2021-06-03 12:52 - 2020-05-18 13:35 - 000000000 ____D C:\ProgramData\Oracle
[font=helvetica neue , Arial, Verdana, sans-serif]AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486][/font]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Eset Online Scan
 
Just to ensure that the system is clean, please do the following:

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time, perhaps several hours, so you can have your coffee meanwhile. ;)
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

In your next reply please post:

  1. The fixlog.txt
  2. The eset.txt
  3. Feedback: How is the computer running now? 

  • 0

#9
sweepe

sweepe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi,
I am sorry to download while doing these things, but i honestly didn't use free fixer as you've mentioned. As of those reports:

1. Fixlog.txt
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-06-2021
Ran by hp (04-06-2021 16:08:42) Run:3
Running from C:\Users\hp\Desktop
Loaded Profiles: hp
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
2021-06-03 15:41 - 2018-10-04 12:08 - 000013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2021-06-03 15:15 - 2021-06-03 15:43 - 000000000 ____D C:\Users\hp\AppData\Local\FreeFixer
2021-06-03 15:15 - 2021-06-03 15:15 - 000000000 ____D C:\Users\hp\AppData\Roaming\FreeFixer
2021-06-03 14:20 - 2021-06-03 20:37 - 000000000 ____D C:\Users\hp\AppData\Local\BitTorrentHelper
2021-06-01 22:03 - 2021-02-12 23:09 - 000205552 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2021-06-03 21:01 - 2019-01-21 22:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\uTorrent
2021-06-03 12:52 - 2020-05-18 13:35 - 000000000 ____D C:\ProgramData\Oracle
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
EmptyTemp: 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\ffnd.exe => moved successfully
C:\Users\hp\AppData\Local\FreeFixer => moved successfully
C:\Users\hp\AppData\Roaming\FreeFixer => moved successfully
C:\Users\hp\AppData\Local\BitTorrentHelper => moved successfully
C:\WINDOWS\system32\Drivers\SIVX64.sys => moved successfully
C:\Users\hp\AppData\Roaming\uTorrent => moved successfully
C:\ProgramData\Oracle => moved successfully
"[font=helvetica neue , Arial, Verdana, sans-serif]C:\Users\Public\Shared Files" => "[font=helvetica neue , Arial, Verdana, sans-serif]:VersionCache" ADS not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18006713 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 412252 B
Edge => 0 B
Chrome => 220571259 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7262 B
NetworkService => 18220 B
hp => 127023640 B
DefaultAppPool => 127023640 B
 
RecycleBin => 0 B
EmptyTemp: => 476 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:11:43 ====

2. Eset.txt

6/4/2021 20:15:16 PM
Files scanned: 291963
Detected files: 1
Cleaned files: 1
Total scan time 03:10:17
Scan status: Finished
 
 
C:\FRST\Quarantine\C\Program Files (x86)\Common Files\CommandDeveloper\UbilsBzuetooth\rdwsing_l1_17_0.dll a variant of MSIL/Agent.UNV trojan cleaned by deleting

3. The computer is working superb, all thanks to you. :D

  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,776 posts

 The computer is working superb, all thanks to you

 

I'm glad to hear this! Some good news from me too: The computer is clean from malware!  :yeah:

 

However, the initial logs had the following lines, indicating a system's corruption and disk failure. So, I would like you to do these tests now:
 

 
1. Run Deployment Image Servicing and Management (DISM)

  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got (it can be a screenshot).

 

2. When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:

  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Windows Resource Protection did not find any integrity violations
    Windows Resource Protection found corrupt files and successfully repaired them
    Windows Resource Protection found corrupt files but was unable to fix some of them
    Windows Resource Protection could not perform the requested operation
    
  • Please post the result you got (it can be a screenshot).

 

3. Check disk

  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
       chkdsk C: /r
    
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

 

In your next reply please post:

  1. The two screenshots for DISM/SFC
  2. The text file after checking disk

 

P.S. About Free Fixer, I was referring to these:

 

2021-06-03 15:41 - 2018-10-04 12:08 - 000013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2021-06-03 15:15 - 2021-06-03 15:43 - 000000000 ____D C:\Users\hp\AppData\Local\FreeFixer
2021-06-03 15:15 - 2021-06-03 15:15 - 000000000 ____D C:\Users\hp\AppData\Roaming\FreeFixer

  • 0

Advertisements


#11
sweepe

sweepe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi DR M,

Wow, that took like forever, sorry for being a little late. Disk checking took long because power went out and my battery died, another time the screen went black and didn't do anything for 15-20 mins and restarted and the last time it went fine, it was about 3 hrs ago i performed it. So, here are the things you asked.

1. I have attached the screenshot


2. Disk checking
 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 6/5/2021 9:44:59 AM >------
Category: 0
Computer Name: DESKTOP-ESKAMO
Event Code: 1001
Record Number: 161734
Source Name: Microsoft-Windows-Wininit
Time Written: 06-05-2021 @ 03:57:47
Event Type: Information
User: 
Message: 
 
Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
Stage 1: Examining basic file system structure ...
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x40.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x40.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1d.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1d.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1e.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x4b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x4b.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x24.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x24.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
  726528 file records processed.                                                        
 
 
File verification completed.
 Phase duration (File record verification): 1.27 minutes.
  17792 large file records processed.                                   
 
 
 Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                     
 
 
 Phase duration (Bad file record checking): 1.36 milliseconds.
 
Stage 2: Examining file name linkage ...
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x40.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x40.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1d.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1d.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1e.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x4b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x4b.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x24.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x24.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
  53761 reparse records processed.                                      
 
 
  908288 index entries processed.                                                       
 
 
Index verification completed.
 Phase duration (Index verification): 52.54 seconds.
  0 unindexed files scanned.                                        
 
 
 Phase duration (Orphan reconnection): 2.09 seconds.
  0 unindexed files recovered to lost and found.                    
 
 
 Phase duration (Orphan recovery to lost and found): 3.12 milliseconds.
  53761 reparse records processed.                                      
 
 
 Phase duration (Reparse point and Object ID verification): 133.33 milliseconds.
 
Stage 3: Examining security descriptors ...
Cleaning up 5 unused index entries from index $SII of file 0x9.
Cleaning up 5 unused index entries from index $SDH of file 0x9.
Cleaning up 5 unused security descriptors.
Security descriptor verification completed.
 Phase duration (Security descriptor verification): 244.06 milliseconds.
  90881 data files processed.                                           
 
 
 Phase duration (Data attribute verification): 1.41 milliseconds.
CHKDSK is verifying Usn Journal...
  39756840 USN bytes processed.                                                           
 
 
Usn Journal verification completed.
 Phase duration (USN journal verification): 1.11 seconds.
 
Stage 4: Looking for bad clusters in user file data ...
  726512 files processed.                                                               
 
 
File data verification completed.
 Phase duration (User file recovery): 40.45 minutes.
 
Stage 5: Looking for bad, free clusters ...
  104434885 free clusters processed.                                                       
 
 
Free space verification is complete.
 Phase duration (Free space recovery): 0.00 milliseconds.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 550232884 KB total disk space.
 131484444 KB in 231840 files.
    153296 KB in 90882 indexes.
        96 KB in bad sectors.
    855508 KB in use by the system.
     65536 KB occupied by the log file.
 417739540 KB available on disk.
 
      4096 bytes in each allocation unit.
 137558221 total allocation units on disk.
 104434885 allocation units available on disk.
Total duration: 42.67 minutes (2560429 ms).
 
Internal Info:
00 16 0b 00 9c ec 04 00 a3 89 06 00 00 00 00 00  ................
e0 01 00 00 21 d0 00 00 00 00 00 00 00 00 00 00  ....!...........
 
-----------------------------------------------------------------------
Category: 0
Computer Name: DESKTOP-ESKAMO
Event Code: 1001
Record Number: 160530
Source Name: Microsoft-Windows-Wininit
Time Written: 06-03-2021 @ 10:21:38
Event Type: Information
User: 
Message: 
 
Checking file system on C:
The type of the file system is NTFS.
 
The volume is dirty.
 
Stage 1: Examining basic file system structure ...
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x40.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x40.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1d.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1d.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1e.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x4b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x4b.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x24.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x24.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The multi-sector header signature in file 0xa810e is incorrect.
42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
Deleting corrupt file record segment A810E.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The multi-sector header signature in file 0xa811a is incorrect.
42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
Deleting corrupt file record segment A811A.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
  726528 file records processed.                                                        
 
 
File verification completed.
 Phase duration (File record verification): 8.62 minutes.
Deleting orphan file record segment A7FF0.
Deleting orphan file record segment A7FF1.
Deleting orphan file record segment A7FF2.
Deleting orphan file record segment A7FF3.
Deleting orphan file record segment A7FF4.
Deleting orphan file record segment A7FF5.
Deleting orphan file record segment A7FF6.
Deleting orphan file record segment A7FF7.
Deleting orphan file record segment A7FF8.
Deleting orphan file record segment A7FF9.
Deleting orphan file record segment A7FFA.
Deleting orphan file record segment A7FFB.
Deleting orphan file record segment A7FFC.
Deleting orphan file record segment A7FFD.
Deleting orphan file record segment A7FFE.
Deleting orphan file record segment A7FFF.
Deleting orphan file record segment A8000.
Deleting orphan file record segment A8001.
Deleting orphan file record segment A8002.
Deleting orphan file record segment A8003.
Deleting orphan file record segment A80E4.
Deleting orphan file record segment A80E5.
Deleting orphan file record segment A80E6.
Deleting orphan file record segment A80E7.
  17834 large file records processed.                                   
 
 
 Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                     
 
 
 Phase duration (Bad file record checking): 1.37 milliseconds.
 
Stage 2: Examining file name linkage ...
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x40.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x40.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1d.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1d.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1e.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x4b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x4b.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x24.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x24.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The reparse point index entry in file 0x1a points to file 0xa810e
but the file has no reparse point in it.
Deleting an index entry from index $R of file 1A.
The reparse point index entry in file 0x1a points to file 0xa811a
but the file has no reparse point in it.
Deleting an index entry from index $R of file 1A.
  53788 reparse records processed.                                      
 
 
Index entry wow64_microsoft-windows-ole-automation_31bf3856ad364e35_10.0.19041.985_none_a521e37e8ecb8aa3.manifest of index $I30 in file 0x8173a points to unused file 0xa7ff9.
Deleting index entry wow64_microsoft-windows-ole-automation_31bf3856ad364e35_10.0.19041.985_none_a521e37e8ecb8aa3.manifest in index $I30 of file 8173A.
Index entry AM12DF~2.MAN of index $I30 in file 0x8173e points to unused file 0xa801d.
Deleting index entry AM12DF~2.MAN in index $I30 of file 8173E.
Index entry AM1721~3.MAN of index $I30 in file 0x8173e points to unused file 0xa801c.
Deleting index entry AM1721~3.MAN in index $I30 of file 8173E.
Index entry AM2B11~1.MAN of index $I30 in file 0x8173e points to unused file 0xa80e4.
Deleting index entry AM2B11~1.MAN in index $I30 of file 8173E.
Index entry AM4B5E~1.MAN of index $I30 in file 0x8173e points to unused file 0xa8024.
Deleting index entry AM4B5E~1.MAN in index $I30 of file 8173E.
Index entry AM4DD3~1.MAN of index $I30 in file 0x8173e points to unused file 0xa8002.
Deleting index entry AM4DD3~1.MAN in index $I30 of file 8173E.
Index entry AM50C6~1.MAN of index $I30 in file 0x8173e points to unused file 0xa800c.
Deleting index entry AM50C6~1.MAN in index $I30 of file 8173E.
Index entry AM54DC~1.MAN of index $I30 in file 0x8173e points to unused file 0xa80e5.
Deleting index entry AM54DC~1.MAN in index $I30 of file 8173E.
Index entry AMA217~1.MAN of index $I30 in file 0x8173e points to unused file 0xa801f.
Deleting index entry AMA217~1.MAN in index $I30 of file 8173E.
Index entry AMAE97~1.MAN of index $I30 in file 0x8173e points to unused file 0xa8025.
Deleting index entry AMAE97~1.MAN in index $I30 of file 8173E.
Index entry AMC026~1.MAN of index $I30 in file 0x8173e points to unused file 0xa8003.
Deleting index entry AMC026~1.MAN in index $I30 of file 8173E.
Index entry AMCC17~1.MAN of index $I30 in file 0x8173e points to unused file 0xa800d.
Deleting index entry AMCC17~1.MAN in index $I30 of file 8173E.
  909858 index entries processed.                                                       
 
 
Index verification completed.
 Phase duration (Index verification): 9.61 minutes.
CHKDSK is scanning unindexed files for reconnect to their original directory.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
  2 unindexed files scanned.                                        
 
 
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
  0 unindexed files recovered to original directory.
 Phase duration (Orphan reconnection): 0.00 milliseconds.
CHKDSK is recovering remaining unindexed files.
  2 unindexed files recovered to lost and found.                    
 
 
    Lost and found is located at \found.000
 
 Phase duration (Orphan recovery to lost and found): 0.00 milliseconds.
  53788 reparse records processed.                                      
 
 
 Phase duration (Reparse point and Object ID verification): 11.86 seconds.
 
Stage 3: Examining security descriptors ...
Cleaning up 5219 unused index entries from index $SII of file 0x9.
Cleaning up 5219 unused index entries from index $SDH of file 0x9.
Cleaning up 5219 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
 Phase duration (Security descriptor verification): 20.21 seconds.
  91666 data files processed.                                           
 
 
 Phase duration (Data attribute verification): 1.50 milliseconds.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
 
Windows has made corrections to the file system.
No further action is required.
 
 550232884 KB total disk space.
 152481540 KB in 233571 files.
    153836 KB in 91670 indexes.
        96 KB in bad sectors.
    816432 KB in use by the system.
     65536 KB occupied by the log file.
 396780980 KB available on disk.
 
      4096 bytes in each allocation unit.
 137558221 total allocation units on disk.
  99195245 allocation units available on disk.
Total duration: 19.12 minutes (1147293 ms).
 
Internal Info:
00 16 0b 00 70 f6 04 00 9b 94 06 00 00 00 00 00  ....p...........
fb 01 00 00 21 d0 00 00 00 00 00 00 00 00 00 00  ....!...........
 
-----------------------------------------------------------------------
Category: 0
Computer Name: DESKTOP-ESKAMO
Event Code: 26226
Record Number: 160498
Source Name: Chkdsk
Time Written: 06-03-2021 @ 08:57:28
Event Type: Information
User: 
Message: Chkdsk was executed in scan mode on a volume snapshot.  
 
Checking file system on \Device\HarddiskVolume4
 
Stage 1: Examining basic file system structure ...
Read failure with status 0xc000009c at offset 0x190831a000 for 0x400 bytes.
    Found corrupt basic file structure for "<0,0xa7ffc>"
was not able to send command for self-healing due to lack of memory.
 
----------------------------------------------------------------------
 
 
Stage 1: Examining basic file system structure ...
File record segment A7FFC is unreadable.
"chkdsk /scan" is aborting due to self-healing command failure: 0xc0000102
"chkdsk /f" will be required to repair the volume.
 
-----------------------------------------------------------------------
Category: 0
Computer Name: DESKTOP-ESKAMO
Event Code: 26213
Record Number: 160392
Source Name: Chkdsk
Time Written: 06-03-2021 @ 05:10:13
Event Type: Information
User: 
Message: Chkdsk was executed in read-only mode.  A volume snapshot was not used. Extra errors and warnings may be reported as the volume may have changed during the chkdsk run.  
 
Checking file system on C:
The type of the file system is NTFS.
This service cannot be started in Safe Mode
 
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Read failure with status 0xc000009c at offset 0x1908317000 for 0x400 bytes.
                                                                                       
File record segment A7FF0 is unreadable.
Read failure with status 0xc000009c at offset 0x1908317400 for 0x400 bytes.
                                                                                       
File record segment A7FF1 is unreadable.
Read failure with status 0xc000009c at offset 0x1908317800 for 0x400 bytes.
                                                                                       
File record segment A7FF2 is unreadable.
Read failure with status 0xc000009c at offset 0x1908317c00 for 0x400 bytes.
                                                                                       
File record segment A7FF3 is unreadable.
Read failure with status 0xc000009c at offset 0x1908318000 for 0x400 bytes.
                                                                                       
File record segment A7FF4 is unreadable.
Read failure with status 0xc000009c at offset 0x1908318400 for 0x400 bytes.
                                                                                       
File record segment A7FF5 is unreadable.
Read failure with status 0xc000009c at offset 0x1908318800 for 0x400 bytes.
                                                                                       
File record segment A7FF6 is unreadable.
Read failure with status 0xc000009c at offset 0x1908318c00 for 0x400 bytes.
                                                                                       
File record segment A7FF7 is unreadable.
Read failure with status 0xc000009c at offset 0x190831a000 for 0x400 bytes.
                                                                                       
File record segment A7FFC is unreadable.
Read failure with status 0xc000009c at offset 0x190831a400 for 0x400 bytes.
                                                                                       
File record segment A7FFD is unreadable.
Read failure with status 0xc000009c at offset 0x190831a800 for 0x400 bytes.
                                                                                       
File record segment A7FFE is unreadable.
Read failure with status 0xc000009c at offset 0x190831ac00 for 0x400 bytes.
                                                                                       
File record segment A7FFF is unreadable.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x40.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x40.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1d.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1d.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x1e.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x3b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x4b.
The USA check value, 0x2e, at block 0x1 is incorrect.
The expected value is 0x4b.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x24.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x24.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The multi-sector header signature in file 0xa810e is incorrect.
42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
                                                                                       
File record segment A810E is corrupt.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x47.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
The multi-sector header signature in file 0xa811a is incorrect.
42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
File record segment A811A is corrupt.
The USA check value, 0x0, at block 0x1 is incorrect.
The expected value is 0x49.
  726528 file records processed.                                                        
 
File verification completed.
 Phase duration (File record verification): 19.70 minutes.
File record segment A7FF8 is an orphan.
File record segment A7FF9 is an orphan.
File record segment A7FFA is an orphan.
File record segment A7FFB is an orphan.
File record segment A8000 is an orphan.
File record segment A8001 is an orphan.
File record segment A8002 is an orphan.
File record segment A8003 is an orphan.
File record segment A80E4 is an orphan.
File record segment A80E5 is an orphan.
File record segment A80E6 is an orphan.
File record segment A80E7 is an orphan.
  17828 large file records processed.                                   
 
 Phase duration (Orphan file record recovery): 0.00 milliseconds.
 
Errors found.  CHKDSK cannot continue in read-only mode.
 
-----------------------------------------------------------------------
 

 

Attached Thumbnails

  • scrn.jpg

  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,776 posts

Hi, sweepe.
 
The results above show that some corruptions regarding the operating system (Windows) were found and fixed. However, the hard disk appears to have problems.
 
Let's perform two additional checks regarding the disk.
 
1. Disk's failure prediction

  • Press the Windows + R keys to open the Run dialog
  • Type powershell.exe , press at the same time Control and Shift keys and then Enter
  • Copy and paste the command below and press Enter
Get-WmiObject -namespace root\wmi –class MSStorageDriver_FailurePredictStatus
  • Report what is written beside the title PredictFailure (True or False) or take a screenshot of the result. 

 

2. CrystalDiskInfo check

  • Download CrystalDiskInfo from here and save it to your Desktop.
  • Run the installer to install the program.
  • When finished, open the installed program by double clicking on it.
  • If everything is working properly, you should see the status “Good“ displayed. Other statuses you might see include “Bad” (which usually indicates a drive that’s dead or near death), “Caution” (which indicates a drive that you should most likely be thinking about backing up and replacing), and “Unknown” (which just means that information could not be obtained).
  • Take a screenshot of the result.

 

In your next reply please post:

  1. The result/screenshot of the failure prediction command
  2. The CrystalDiskInfo screenshot

  • 0

#13
sweepe

sweepe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

The results were as follows:


1. PredictFailure   : False

2. I have attached the screenshot

Attached Thumbnails

  • status.png

  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,776 posts

Hi, sweepe.

 

The results seems good. However, it would be good to have a disk check now and from time to time using CrystalDiskInfo, so you can take precautions if there is a change regarding the disk's condition. Of course, making a back up of your documents regularly is always a priority. I recommend you to do so, if you haven't done this already.

 

So...

 

Do you have any other question regarding this computer?  :)

 

 


  • 0

#15
sweepe

sweepe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

No sir, absolutely not but I do want to thank you very very much. But if I do mess up in the future or have any queries, I will personally search for and contact you.

Thank you again for your wonderful guidance.


  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP