Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think I need help with ransomware [Solved]


  • This topic is locked This topic is locked

#31
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-12-2023
Ran by Lin (administrator) on DESKTOP-TB9AP1R (Dell Inc. OptiPlex 790) (08-12-2023 13:51:37)
Running from C:\Users\Lin\Desktop\FRST64.exe
Loaded Profiles: Lin
Platform: Microsoft Windows 10 Home Version 22H2 19045.3758 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(explorer.exe ->) (Canon Inc. -> CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21752.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21752.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Lin\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (Canon Inc. -> CANON INC.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1976587878-1381545113-1953759822-1003\...\Run: [MicrosoftEdgeAutoLaunch_2A9AA68EC7A79356B9193EA1B23153EB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG2100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAQ.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2100 series: C:\Windows\system32\CNMLMAQ.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2100 series XPS: C:\Windows\system32\CNMXLMAQ.DLL [385536 2011-05-23] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {42C24B5D-993A-45F9-AD76-77B0B846AD17} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [256512 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{93de2c58-ffe8-42f6-9b9d-302fb1219e53}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{e5f92500-5178-4e85-a38d-e9d831f827d5}: [DhcpNameServer] 209.18.47.62 4.2.2.6 208.67.222.222
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lin\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-08]
Edge Extension: (Google Docs Offline) - C:\Users\Lin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-04]
Edge Extension: (Edge relevant text changes) - C:\Users\Lin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-12-06]
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.) [File not signed]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 GameInputSvc; C:\Windows\System32\GameInputSvc.exe [50168 2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9344352 2023-12-08] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2954424 2023-12-08] (Malwarebytes Inc. -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222784 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188008 2023-12-08] (Malwarebytes Inc. -> Malwarebytes)
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-08 13:06 - 2023-12-08 13:06 - 000188008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-12-08 11:29 - 2023-12-08 11:29 - 000001233 _____ C:\Users\Lin\Documents\mwb log file.txt
2023-12-08 08:35 - 2023-12-08 13:47 - 000000000 ____D C:\Users\Lin\AppData\Local\Malwarebytes
2023-12-08 08:35 - 2023-12-08 08:35 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-12-08 08:35 - 2023-12-08 08:35 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-12-08 08:34 - 2023-12-08 08:34 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-12-08 08:34 - 2023-12-08 08:34 - 000000000 ____D C:\Program Files\Malwarebytes
2023-12-08 08:31 - 2023-12-08 08:31 - 000001144 _____ C:\Users\Lin\Desktop\mb5setup-5.5-50000.50000.exe - Shortcut.lnk
2023-12-08 08:28 - 2023-12-08 08:28 - 002586176 _____ (Malwarebytes) C:\Users\Lin\Downloads\mb5setup-5.5-50000.50000.exe
2023-12-08 08:27 - 2023-12-08 08:23 - 000001780 _____ C:\Users\Lin\Desktop\AdwCleaner[S00].txt
2023-12-08 08:10 - 2023-12-08 08:10 - 000001018 _____ C:\Users\Lin\Desktop\AdwCleaner.exe - Shortcut.lnk
2023-12-08 08:08 - 2023-12-08 12:46 - 000000000 ____D C:\AdwCleaner
2023-12-08 08:07 - 2023-12-08 08:07 - 008791352 _____ (Malwarebytes) C:\Users\Lin\Downloads\AdwCleaner.exe
2023-12-07 18:03 - 2023-12-07 18:02 - 000001074 _____ C:\Users\Lin\Desktop\eset - Copy.txt
2023-12-07 18:02 - 2023-12-07 18:02 - 000001074 _____ C:\Users\Lin\Desktop\eset.txt
2023-12-07 13:32 - 2023-12-07 13:32 - 001798272 _____ C:\Users\Lin\Downloads\KeyScrambler_Setup.exe
2023-12-07 12:35 - 2023-12-07 12:35 - 000008440 _____ C:\Users\Lin\Downloads\Fixlog.txt
2023-12-07 11:44 - 2023-12-07 11:44 - 000001274 _____ C:\Users\Lin\Desktop\ESET Online Scanner.lnk
2023-12-07 11:43 - 2023-12-07 11:43 - 015274968 _____ (ESET) C:\Users\Lin\Downloads\esetonlinescanner (1).exe
2023-12-07 11:42 - 2023-12-07 11:42 - 015274968 _____ (ESET) C:\Users\Lin\Downloads\esetonlinescanner.exe
2023-12-07 11:30 - 2023-12-07 11:44 - 000001380 _____ C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-12-07 11:30 - 2023-12-07 11:30 - 000000000 ____D C:\Users\Lin\AppData\Local\ESET
2023-12-07 10:59 - 2023-12-07 10:59 - 000022748 _____ C:\Users\Lin\Downloads\Addition (1).txt
2023-12-07 10:56 - 2023-12-07 10:56 - 000036107 _____ C:\Users\Lin\Downloads\FRST (1).txt
2023-12-07 09:57 - 2023-12-08 13:28 - 000000000 ____D C:\Users\Lin\Desktop\FRST-OlderVersion
2023-12-07 09:57 - 2023-12-07 11:15 - 000008440 _____ C:\Users\Lin\Desktop\Fixlog.txt
2023-12-07 09:57 - 2023-12-07 09:57 - 000003093 _____ C:\Users\Lin\Desktop\ohrvhlotbd.txt
2023-12-06 14:24 - 2023-12-06 14:24 - 000022748 _____ C:\Users\Lin\Downloads\Addition.txt
2023-12-06 14:19 - 2023-12-06 14:19 - 000036107 _____ C:\Users\Lin\Downloads\FRST.txt
2023-12-06 14:04 - 2023-12-08 13:34 - 000023623 _____ C:\Users\Lin\Desktop\Addition.txt
2023-12-06 13:59 - 2023-12-08 13:52 - 000009295 _____ C:\Users\Lin\Desktop\FRST.txt
2023-12-06 13:55 - 2023-12-06 13:55 - 000000000 ____D C:\Users\Lin\Downloads\FRST-OlderVersion
2023-12-06 13:54 - 2023-12-08 13:52 - 000000000 ____D C:\FRST
2023-12-06 13:54 - 2023-12-08 13:28 - 002384896 _____ (Farbar) C:\Users\Lin\Desktop\FRST64.exe
2023-12-06 10:13 - 2023-12-06 10:13 - 000000000 ____D C:\Windows\InboxApps
2023-12-06 10:03 - 2023-12-06 10:03 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-12-06 09:42 - 2023-12-06 09:42 - 000000000 ___HD C:\$WinREAgent
2023-12-01 14:17 - 2023-12-01 14:17 - 000355203 _____ C:\Users\Lin\Downloads\[No Subject].zip
2023-12-01 14:16 - 2023-12-01 14:17 - 000513399 _____ C:\Users\Lin\Downloads\mail.eml
2023-11-22 11:55 - 2023-11-22 11:56 - 000000000 _____ C:\Users\Lin\Downloads\PrivacyPolicy.pdf
2023-11-21 13:09 - 2023-11-21 13:09 - 000841678 _____ C:\Users\Lin\Downloads\Used Sold 17″ x 45″ Clausing Metosa EL-1745CS CNC Tool Room Lathe W_Fagor 800T CNC Control at Mac....html
2023-11-21 13:09 - 2023-11-21 13:09 - 000000000 ____D C:\Users\Lin\Downloads\Used Sold 17″ x 45″ Clausing Metosa EL-1745CS CNC Tool Room Lathe W_Fagor 800T CNC Control at Mac..._files
2023-11-13 12:35 - 2023-11-13 12:35 - 004445075 _____ C:\Users\Lin\Downloads\Bridgeport-Vertical-Mill-Manual.pdf
2023-11-13 11:17 - 2023-12-05 07:35 - 000000022 _____ C:\Users\Lin\Downloads\MS532-18N.zip
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-08 13:21 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
2023-12-08 13:21 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-08 13:10 - 2021-10-21 06:26 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2023-12-08 13:10 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
2023-12-08 13:08 - 2021-10-27 08:04 - 000000000 ___RD C:\Users\Lin\OneDrive
2023-12-08 13:06 - 2021-10-21 06:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-12-08 13:06 - 2021-10-21 06:15 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-08 13:05 - 2021-10-27 07:58 - 000000000 ____D C:\Users\Lin
2023-12-08 13:05 - 2019-12-07 04:03 - 000786432 _____ C:\Windows\system32\config\BBI
2023-12-08 10:24 - 2022-09-22 11:15 - 000004164 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{74CF8895-A983-4CB3-AD47-5387A8A57C41}
2023-12-08 10:21 - 2021-10-21 06:15 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-12-08 08:35 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-12-07 09:58 - 2021-11-01 14:37 - 000000000 ____D C:\Users\Lin\AppData\LocalLow\Temp
2023-12-06 10:18 - 2021-10-27 08:02 - 000000000 ____D C:\Users\Lin\AppData\Local\Packages
2023-12-06 10:15 - 2021-10-21 06:15 - 000268824 _____ C:\Windows\system32\FNTCACHE.DAT
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\oobe
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\lv-LV
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\lt-LT
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\et-EE
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\es-MX
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Dism
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\Provisioning
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr
2023-12-06 10:13 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\servicing
2023-12-06 10:12 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
2023-12-06 10:11 - 2019-12-07 04:52 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-12-06 10:11 - 2019-12-07 04:52 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2023-12-06 10:02 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-06 09:38 - 2021-10-31 13:06 - 000000000 ____D C:\ProgramData\CanonIJPLM
2023-12-06 09:22 - 2021-10-21 06:16 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-12-06 09:05 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\NDF
2023-12-05 00:39 - 2021-10-21 06:17 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-05 00:39 - 2021-10-21 06:17 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-11-23 11:53 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-11-20 11:38 - 2021-12-11 06:23 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1976587878-1381545113-1953759822-1003
2023-11-20 11:38 - 2021-10-27 08:04 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1976587878-1381545113-1953759822-1003
2023-11-20 11:38 - 2021-10-27 08:04 - 000002377 _____ C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\UNP
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\F12
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Sysprep
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\setup
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Com
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2023-11-16 18:57 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-16 18:57 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellComponents
2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\IME
2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-16 14:31 - 2019-12-07 04:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2023-11-16 14:31 - 2019-12-07 04:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2023-11-16 14:06 - 2021-10-21 06:18 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-11-16 11:52 - 2021-10-27 19:38 - 000000000 ____D C:\Windows\system32\MRT
2023-11-16 11:48 - 2021-10-27 19:38 - 182871392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories ========
 
2023-06-11 11:27 - 2023-06-11 11:27 - 000007606 _____ () C:\Users\Lin\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

Advertisements


#32
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2023
Ran by Lin (08-12-2023 13:53:36)
Running from C:\Users\Lin\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3758 (X64) (2021-10-27 11:11:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1976587878-1381545113-1953759822-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1976587878-1381545113-1953759822-503 - Limited - Disabled)
Guest (S-1-5-21-1976587878-1381545113-1953759822-501 - Limited - Disabled)
Lin (S-1-5-21-1976587878-1381545113-1953759822-1003 - Administrator - Enabled) => C:\Users\Lin
WDAGUtilityAccount (S-1-5-21-1976587878-1381545113-1953759822-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - Canon Inc.)
Canon MG2100 series On-screen Manual (HKLM-x32\...\Canon MG2100 series On-screen Manual) (Version:  - )
Canon MG2100 series User Registration (HKLM-x32\...\Canon MG2100 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
H&R Block Premium + Efile + State 2022 (HKLM-x32\...\{69654063-D165-4494-A83B-C09105247E97}) (Version: 22.07.8401 - HRB Technology, LLC.)
H&R Block Virginia 2022 (HKLM-x32\...\{23B574C3-3A54-4645-932F-C0D40268B5B8}) (Version: 1.22.4601 - H&R Block, Inc.)
LazyCam 3.00.2 (HKLM-x32\...\LazyCam 3.00.2) (Version: 3.00.2 - ArtSoft Inc.)
Mach3 (HKLM-x32\...\Mach3) (Version: 3.043.062 - ArtSoft USA)
Malwarebytes version 5.0.14.89 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.14.89 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1976587878-1381545113-1953759822-1003\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Packages:
=========
HEIC Converter Pro -> C:\Program Files\WindowsApps\38526MediaLife.HeicConverterPro_1.0.3.0_neutral__1crh1k73ty8mg [2023-01-02] (Media Life)
HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2023-08-01] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-04] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-06] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0 [2023-12-06] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-10-31 13:04 - 2011-08-04 13:49 - 000045056 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll
2021-10-31 13:02 - 2011-03-14 21:09 - 000067584 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\BJMyRes.dll
2021-10-31 13:02 - 2011-03-14 21:09 - 000136704 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\cnmpu.dll
2021-10-31 13:04 - 2011-02-08 12:01 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
2022-01-05 17:29 - 2022-01-05 17:29 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKU\S-1-5-21-1976587878-1381545113-1953759822-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1976587878-1381545113-1953759822-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Lin\Pictures\IMG_2046.jpeg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{A0EE1F6F-88A8-4341-A2AB-216CE58164CA}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{8C58A3B2-5487-4ED9-B396-3A3701D4BC7F}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{5F44784E-9369-44CA-9D74-0F3CBBC9A909}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4DB0C574-E56F-4042-B593-15CFF7E1DB7E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2AEC85BD-902E-42B0-A52F-2E0A209D7BE3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E65A5D91-F9AF-4E98-9D3E-AE9EB33CD224}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E6784E10-A097-4BB4-AAE5-EB2814E90343}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DD512222-2BB1-49E7-BEF6-18091D930C4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7F8E123D-B5C9-44CA-9214-3A1B19B2960C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{35F14039-686B-4164-A5BC-BFB8DEC742D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{32E0DC40-C688-49D0-B6CA-F52FF3132A25}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{926B33B2-A683-41F3-BB93-C0591E5F4156}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E78A1666-631E-4A27-ADEF-4B13163FBF55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{706700D4-047C-4E5E-B98C-60DD6BC8EDC1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1DE5311D-8ABD-4099-9E43-AD614F6BEDE3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{30209692-2266-4B82-9F98-BBCCC65233E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{367B1359-5506-47E3-9A4E-5A0DA99DBC12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
 
==================== Restore Points =========================
 
25-11-2023 10:30:58 Scheduled Checkpoint
04-12-2023 14:15:34 Scheduled Checkpoint
06-12-2023 09:25:21 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/07/2023 08:07:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (12/07/2023 07:40:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (12/07/2023 07:24:16 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (12/07/2023 06:22:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (12/07/2023 05:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.19041.3636, time stamp: 0x122dc5a3
Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f
Exception code: 0xc0000008
Fault offset: 0x00000000000a0f3a
Faulting process id: 0x608
Faulting application start time: 0x01da2928c67aa7a8
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 76ea7fd4-d399-4c32-9cfa-3a2bda07b97f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/07/2023 11:31:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.3636, time stamp: 0x5ccf5c78
Exception code: 0xc0000005
Fault offset: 0x00313a68
Faulting process id: 0x564
Faulting application start time: 0x01da292ad203baa0
Faulting application path: C:\Users\Lin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\Windows\SYSTEM32\WININET.dll
Report Id: a4d88b6d-d3aa-423c-b1b0-fe9c42e86d41
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/07/2023 11:31:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.3636, time stamp: 0x5ccf5c78
Exception code: 0xc0000005
Fault offset: 0x00313a68
Faulting process id: 0xa90
Faulting application start time: 0x01da292ac24e2464
Faulting application path: C:\Users\Lin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\Windows\SYSTEM32\WININET.dll
Report Id: 227709b8-b811-4652-8e27-1d89956e0674
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/07/2023 11:13:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
 
System errors:
=============
Error: (12/08/2023 09:27:35 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (12/08/2023 07:59:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:47:17 AM on ‎12/‎8/‎2023 was unexpected.
 
Error: (12/08/2023 03:10:04 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (12/07/2023 08:09:51 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (12/07/2023 05:58:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.403.79.0) - Current Channel (Broad).
 
Error: (12/07/2023 05:58:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/07/2023 02:55:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (12/07/2023 11:48:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
 
Windows Defender:
================
Date: 2023-12-07 12:07:02
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUABundler:Win32/YTDVideoDownload
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\Lin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Security intelligence Version: AV: 1.403.92.0, AS: 1.403.92.0, NIS: 1.403.92.0
Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2
 
Date: 2023-12-07 11:20:00
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUABundler:Win32/YTDVideoDownload
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.403.92.0, AS: 1.403.92.0, NIS: 1.403.92.0
Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2
 
Date: 2023-12-07 10:34:53
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-12-06 14:04:14
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUABundler:Win32/YTDVideoDownload
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\Lin\Desktop\FRST64.exe
Security intelligence Version: AV: 1.403.43.0, AS: 1.403.43.0, NIS: 1.403.43.0
Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2
 
Date: 2023-12-06 10:17:17
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUABundler:Win32/YTDVideoDownload
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.403.30.0, AS: 1.403.30.0, NIS: 1.403.30.0
Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2
Event[0]:
 
Date: 2023-12-08 13:05:44
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.403.137.0;1.403.137.0
Engine Version: 1.1.23110.2
 
Date: 2023-11-27 12:42:18
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1290.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2023-06-14 09:03:23
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1305.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070050
Error description: The file exists. 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A22 07/03/2018
Motherboard: Dell Inc. 0NKW6Y
Processor: Intel® Core™ i5-2400S CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 8073.05 MB
Available physical RAM: 4263.5 MB
Total Virtual: 12681.05 MB
Available Virtual: 8943 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.21 GB) (Free:405.13 GB) (Model: TOSHIBA MQ01ACF050) NTFS
Drive d: (Nov 08 2021) (CDROM) (Total:4.37 GB) (Free:4.37 GB) UDF
 
\\?\Volume{000a8185-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{000a8185-0000-0000-0000-e05074000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 000A8185)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=508 MB) - (Type=27)
 
==================== End of Addition.txt =======================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

  • 0

#33
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

The computer seems to be running ok. I did have one issue this morning when I tried to wake up the computer it wouldn't wake up until I re-booted the machine.

I haven't really done much on it today other than work on this thread but while on it I don't think the tab bar has shut down but one time.

My main effort here is to figure out how to keep people from using my credit cards. They got me for a little over $5400.00 on my credit and debit card. Hopefully I'll get it back one day. They were picking the money out of my pay pal account. They tried to get another $4755.00 but USAA put a stop to that.

So far, I have changed the passwords on my pay pal, e-bay e-mail provider, and they have a hold on all my accounts until I can get this sorted out. I've got to figure out a way to keep this from happening. I'm pretty sure this happened one day last week when I downloaded an equipment manual online. I have used that site before a few times with no problems.

Oh, I won't be around until Monday, but I'll check in if I get a chance.


Edited by mx842, 08 December 2023 - 01:41 PM.

  • 0

#34
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hello.

 

I attached the logs you posted, since, as I told you, it's much easier for me to review them that way.

 

 

My main effort here is to figure out how to keep people from using my credit cards. They got me for a little over $5400.00 on my credit and debit card. Hopefully I'll get it back one day. They were picking the money out of my pay pal account. They tried to get another $4755.00 but USAA put a stop to that.

 
So far, I have changed the passwords on my pay pal, e-bay e-mail provider, and they have a hold on all my accounts until I can get this sorted out. I've got to figure out a way to keep this from happening. I'm pretty sure this happened one day last week when I downloaded an equipment manual online.

 

The most important thing, when something like this happens, is to change ALL your account passwords (bank accounts, Paypal accounts, email accounts etc.) from a clean system. And of course, be careful about the sites you visit, the links you click on, the things you download.

 

I'll need some time to review your fresh logs.

 

Have a nice weekend. 

 

Attached Files


  • 0

#35
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Your logs are clean now.
 
However, Windows Defender is disabled. Let's enable it.
 
1. Change a Malwarebytes Setting

  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.

 

 

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply please post:

  1. If you successfully changed the Malwarebytes setting
  2. The fixlog.txt

  • 0

#36
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

I removed this cut and paste and added an attachment below.


Edited by mx842, 11 December 2023 - 12:52 PM.

  • 0

#37
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Going back and looking in security it looks like defender is still disabled.


  • 0

#38
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Sorry

Attached Files


  • 0

#39
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Can you please take a screenshot of what you see at the Security window and attach it in your next reply? 


  • 0

#40
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

this is what I get when I click on MalwarebytesScreenshot (4).png


  • 0

Advertisements


#41
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

And you mean that you didn't change the setting I ask you to change here (step 1)? 


  • 0

#42
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

I did all accept the middle one I couldn't find it.


  • 0

#43
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Let me see what you see when you click on Malwarebytes settings (the little gear at the left).


  • 0

#44
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Screenshot (5).png

 

 

 


  • 0

#45
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

The updated Malwarebytes has a different environment indeed.

 

Click on Protection. What do you get? 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP