Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2023 Ran by Lin (07-12-2023 11:12:51) Run:2 Running from C:\Users\Lin\Desktop Loaded Profiles: Lin Boot Mode: Normal ============================================== fixlist content: ***************** YTDownloader is considered as a Potentially Unwanted Software (See here). Since the tools we are going to use detect it, I'll include it in the fix to be uninstalled. So, let's begin. 1. FRST fix Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-1976587878-1381545113-1953759822-1003\...\MountPoints2: {379f5904-6e44-11ec-8bc0-18037334bed0} - "J:\LaunchU3.exe" -a Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1rbbpxua1so.lnk [2023-11-22] <==== ATTENTION ShortcutTarget: 1rbbpxua1so.lnk -> C:\Users\Lin\AppData\Roaming\4jdssrxmart.jesp3sezani () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23urk41kcq3.lnk [2023-11-22] <==== ATTENTION ShortcutTarget: 23urk41kcq3.lnk -> C:\Users\Lin\AppData\Roaming\2fugt50fm2v.nepsbmwrmva () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\454anxo3zs4.lnk [2023-11-22] <==== ATTENTION ShortcutTarget: 454anxo3zs4.lnk -> C:\Users\Lin\AppData\Roaming\agjrvwdmgju.w0iiciae4y5 () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fy03yvfx4js.lnk [2023-11-22] <==== ATTENTION ShortcutTarget: fy03yvfx4js.lnk -> C:\Users\Lin\AppData\Roaming\qrwrm1e3ctm.1xvgaifxcpg () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nexdzsmtige.lnk [2023-11-22] <==== ATTENTION ShortcutTarget: nexdzsmtige.lnk -> C:\Users\Lin\AppData\Roaming\bs0rttvrjv3.hdt5t1vd1bx () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p02kspk5miu.lnk [2023-11-22] <==== ATTENTION ShortcutTarget: p02kspk5miu.lnk -> C:\Users\Lin\AppData\Roaming\jaauutkoqqw.2jednkntrjj () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qpankyg5qrs.lnk [2023-11-22] <==== ATTENTION ShortcutTarget: qpankyg5qrs.lnk -> C:\Users\Lin\AppData\Roaming\nkdbw5xeoxb.e4idopyldds () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syirve3ptmu.lnk [2023-11-22] <==== ATTENTION ShortcutTarget: syirve3ptmu.lnk -> C:\Users\Lin\AppData\Roaming\fxcojpk0ods.cxr5mylbpcz () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wxaw0rbu5jj.lnk [2023-11-22] <==== ATTENTION ShortcutTarget: wxaw0rbu5jj.lnk -> C:\Users\Lin\AppData\Roaming\emdorsisnmw.tx1i5yt5beg () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION 2023-11-22 12:04 - 2023-11-22 12:04 - 000000093 _____ () C:\Users\Lin\AppData\Roaming\7EcHqckoSNxx1XM84RCbez0QNT8PTctu9tGchKfyqeUR1840HXGlRaNT5HQamI7H DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} EmptyTemp: End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply. 2. Eset Online Scan Download ESET Online Scanner and save it to your desktop. Right-click on esetonlinescanner_enu.exe and select Run as Administrator. When the tool opens, click Get Started. Read and accept the license agreement. At the Welcome to ESET Online Scanner window, click Get Started. Select whether you would like to send anonymous data to ESET. Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan. Click on the Full Scan option. Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan. ESET will now begin scanning your computer. This may take some time. When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue. ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue. On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback. Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply. In your next reply please post: The fixlog.txt The eset.txt ***************** Restore point was successfully created. Processes closed successfully. HKU\S-1-5-21-1976587878-1381545113-1953759822-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379f5904-6e44-11ec-8bc0-18037334bed0} => not found "C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1rbbpxua1so.lnk" => not found "C:\Users\Lin\AppData\Roaming\4jdssrxmart.jesp3sezani" => not found "C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23urk41kcq3.lnk" => not found "C:\Users\Lin\AppData\Roaming\2fugt50fm2v.nepsbmwrmva" => not found "C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\454anxo3zs4.lnk" => not found "C:\Users\Lin\AppData\Roaming\agjrvwdmgju.w0iiciae4y5" => not found "C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fy03yvfx4js.lnk" => not found "C:\Users\Lin\AppData\Roaming\qrwrm1e3ctm.1xvgaifxcpg" => not found "C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nexdzsmtige.lnk" => not found "C:\Users\Lin\AppData\Roaming\bs0rttvrjv3.hdt5t1vd1bx" => not found "C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p02kspk5miu.lnk" => not found "C:\Users\Lin\AppData\Roaming\jaauutkoqqw.2jednkntrjj" => not found "C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qpankyg5qrs.lnk" => not found "C:\Users\Lin\AppData\Roaming\nkdbw5xeoxb.e4idopyldds" => not found "C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syirve3ptmu.lnk" => not found "C:\Users\Lin\AppData\Roaming\fxcojpk0ods.cxr5mylbpcz" => not found "C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wxaw0rbu5jj.lnk" => not found "C:\Users\Lin\AppData\Roaming\emdorsisnmw.tx1i5yt5beg" => not found HKLM\SOFTWARE\Policies\Microsoft\Edge => not found HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => not found "C:\Users\Lin\AppData\Roaming\7EcHqckoSNxx1XM84RCbez0QNT8PTctu9tGchKfyqeUR1840HXGlRaNT5HQamI7H" => not found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} => not found =========== EmptyTemp: ========== FlushDNS => completed BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6306792 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B Windows/system/drivers => 14104 B Edge => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B Lin => 431040194 B RecycleBin => 0 B EmptyTemp: => 417.1 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 11:15:16 ====