Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 10

Notices

Reply
 
Topic Tools
  #1  
Old June 16th, 2020, 02:40 PM
Jez93 Jez93 is offline
New Member
 
Join Date: Jun 2020
Posts: 8
Exclamation How to remove a virus from computer system permanently (Moved)

Hi! This is the first time I am posting in this forum.I am suspecting my computer is affected by virus since my laptop is behaving strangely.I have already installed Avast antivirus in my laptop.Recently I scanned my computer system and detected it has been infected by viruses and quarantined them using the quarantine options.after quarantine these viruses have been moved to the virus chest and there after I have scanned my entire PC using Avast and no viruses were detected.I had installed Malwarebytes software too.but my computer is behaving strangely even though no viruses are being detected through scans.When I click on one desktop icon another icon is selected and automatically several icons are selected.In word documents and notepad etc..the cursor is moving automatically and I am unable to do what I want to do.I want to know if my PC is still infected or not and How do I remove these viruses from my computer system permanently and the best antivirus software to remove these viruses permanently.
Reply With Quote


  #2  
Old June 16th, 2020, 08:25 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,037
Welcome to CTH Jez93,

I am not quite sure what is happening there, but let's take a look.


For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.

Use extra posts here as needed.
Reply With Quote
  #3  
Old June 24th, 2020, 05:57 PM
Jez93 Jez93 is offline
New Member
 
Join Date: Jun 2020
Posts: 8
Smile

Thanks for your advice.I was unable to reply soon as my wifi package has been finished.I will download the software soon and send the two log files along.
Reply With Quote
  #4  
Old June 24th, 2020, 06:00 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,037
Okay. Do it when you're ready.
Reply With Quote
  #5  
Old June 25th, 2020, 08:27 PM
Jez93 Jez93 is offline
New Member
 
Join Date: Jun 2020
Posts: 8
Hi! I have installed and scanned my computer using farbar recovery scan tool.I am sorry.but can you explain how to send the log files.I am unable to find the option for sending files in this post.
Reply With Quote
  #6  
Old June 25th, 2020, 09:17 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,037
You have to copy and paste the log files in this thread. Copy and paste in your reply. The logs are big, so you must use extra posts as needed.
Reply With Quote
  #7  
Old June 26th, 2020, 08:07 PM
Jez93 Jez93 is offline
New Member
 
Join Date: Jun 2020
Posts: 8
Question log files -FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2020
Ran by Hamza (administrator) on DESKTOP-A5C4H9U (Dell Inc. Inspiron 3521) (26-06-2020 00:29:44)
Running from C:\Users\Hamza\Downloads
Loaded Profiles: Hamza
Platform: Windows 10 Pro 10240.17443 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Computer, Inc.) [File not signed] C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler. exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler6 4.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Massive Computing, Inc. -> Massive Computing, Inc.) C:\Users\Hamza\AppData\Local\Programs\Massive\Mass ive.exe
(Massive Computing, Inc. -> Massive Computing, Inc.) C:\Users\Hamza\AppData\Local\Programs\TimeBucks\Ti meBucks.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Hamza\AppData\Local\Microsoft\OneDrive\On eDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\$WINDOWS.~BT\Sources\setuphost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\823cfafe0 310f98fda6d599f38ac3308\WindowsUpdateBox.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [108136 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2019-10-31] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2019-10-31] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\Run: [TimeBucks] => C:\Users\Hamza\AppData\Local\Programs\TimeBucks\Ti meBucks.exe [5830840 2020-05-18] (Massive Computing, Inc. -> Massive Computing, Inc.)
HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2016-10-25] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Hamza\AppData\Local\Microsoft\OneDrive\U pdate\OneDriveSetup.exe"
HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Hamza\AppData\Local\Microsoft\OneDrive\S tandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\RunOnce: [Uninstall 20.064.0329.0008\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hamza\AppData\Local\Microsoft\OneDrive\2 0.064.0329.0008\amd64"
HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\RunOnce: [Uninstall 20.064.0329.0008] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hamza\AppData\Local\Microsoft\OneDrive\2 0.064.0329.0008"
HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\MountPoints2: {21c40d2f-fb32-11e9-9bc4-342387e0575f} - "G:\AutoRun.exe"
HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\MountPoints2: {21c40d78-fb32-11e9-9bc4-342387e0575f} - "G:\AutoRun.exe"
HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\MountPoints2: {c2f08a0e-ff40-11e9-9bc8-342387e05760} - "H:\Setup.exe" /s
HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\MountPoints2: {c2f08a94-ff40-11e9-9bc8-342387e05760} - "G:\Setup.exe" /s
HKLM\...\Print\Monitors\Adobe PDF Port: C:\Windows\system32\AdobePDF64.dll [35928 2007-03-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Inst aller\chrmstp.exe [2020-06-26] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\Windows\system32\FaceCredentialProvider.dll [2016-10-25] (Microsoft Windows -> )
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\Windows\system32\FaceCredentialProvider.dll [2016-10-25] (Microsoft Windows -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2019-10-29]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2260B518-53DE-4515-8740-0AEF679DB1B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {6B7D2012-3EB0-4AAA-85A5-23A1A311FB83} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {72C16D17-D91B-4AB7-9029-48ACD969C819} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {99AD6F68-85EF-454B-A992-65C27A4A7E27} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952832 2019-10-31] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {9A998EBA-9CD4-45C8-917C-9F2A917C5FDA} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2019-10-31] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {A7187126-F55D-4926-B66E-3EC1AD5876F7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-03-02] (Avast Software s.r.o. -> Avast Software)
Task: {B1FD5808-1950-48B3-9C90-BF64D3391E8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-11-04] (Google Inc -> Google Inc.)
Task: {B217CB9A-0E30-4491-9291-7DCC7CEC8077} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3314272 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
Task: {D351D163-0D1E-4BE7-BE3A-249AEB070B37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-11-04] (Google Inc -> Google Inc.)
Task: {FD239DDB-3895-4026-ABFD-43E277B5E532} - System32\Tasks\Avast Driver Updater Startup => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe [30244064 2020-04-14] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Avast Driver Updater Startup.job => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-708561520-1147990301-2211931877-1001] => 192.168.1.106:106
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.) [File not signed]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{78e9f605-5beb-4dce-9a7a-35574d9b2411}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.) [File not signed]

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-30] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default [2020-06-26]
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://surveytime.io; hxxps://www.facebook.com; hxxps://www.squadhelp.com
CHR NewTab: Default -> Not-active:"chrome-extension://hbjhefldjfgkphfeebophakakjlobofj/newtab.html"
CHR Extension: (Slides) - C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2019-11-04]
CHR Extension: (Docs) - C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2019-11-04]
CHR Extension: (Google Drive) - C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2019-11-04]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck [2020-06-16]
CHR Extension: (Google Docs Offline) - C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-06-01]
CHR Extension: (Avast Online Security) - C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2020-06-07]
CHR Extension: (Plain Tab - A clean new tab) - C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjhefldjfgkphfeebophakakj lobofj [2020-03-10]
CHR Extension: (Email Extractor) - C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdianbbpnakhcmfkcckaboohfg nngfcc [2020-06-13]
CHR Extension: (Google Input Tools) - C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijm pgbhab [2019-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2019-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2020-06-01]
CHR Profile: C:\Users\Hamza\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6392728 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [348968 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2019-10-29] (Macrovision Europe Ltd.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2020-04-05] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-03] (Malwarebytes Inc -> Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2019-10-31] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-03] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205896 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [235088 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [178768 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60496 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [16304 2020-03-10] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42784 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175208 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [506152 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [462592 2020-06-15] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216824 2020-06-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [322256 2020-06-13] (Avast Software s.r.o. -> AVAST Software)
S3 huawei_enumerator; C:\Windows\System32\drivers\ew_jubusenum.sys [86016 2019-10-31] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [221312 2019-10-31] (Huawei Technologies Co., Ltd.) [File not signed]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-06-03] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-06-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-03] (Malwarebytes Inc -> Malwarebytes)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2019-10-31] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [25608 2020-06-26] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] (Microsoft Windows -> )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 ewusbmbb; \SystemRoot\System32\drivers\ewusbwwan.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-26 00:29 - 2020-06-26 00:33 - 000021720 _____ C:\Users\Hamza\Downloads\FRST.txt
2020-06-26 00:28 - 2020-06-26 00:31 - 000000000 ____D C:\FRST
2020-06-26 00:27 - 2020-06-26 00:28 - 000000000 ___HD C:\$WINDOWS.~BT
2020-06-26 00:24 - 2020-06-26 00:28 - 002290688 _____ (Farbar) C:\Users\Hamza\Downloads\FRST64.exe
2020-06-26 00:22 - 2020-06-26 00:34 - 000000000 ____D C:\Users\Hamza\AppData\LocalLow\IGDump
2020-06-26 00:15 - 2020-06-26 00:15 - 000016148 _____ C:\Windows\system32\DESKTOP-A5C4H9U_Hamza_HistoryPrediction.bin
2020-06-15 23:31 - 2020-06-15 23:32 - 000000000 _____ C:\Windows\system32\last.dump
2020-06-15 22:10 - 2020-06-15 22:10 - 000000000 ____D C:\Windows\%LOCALAPPDATA%
2020-06-13 19:33 - 2020-06-13 20:00 - 023375804 _____ C:\Users\Hamza\Downloads\Siren.2018.S01E01.480p.mp 4.crdownload
2020-06-13 17:34 - 2020-06-13 17:35 - 000000000 ____D C:\Users\Hamza\Downloads\avast_free_antivirus_setu p (By E Tube)
2020-06-13 17:31 - 2020-06-13 17:33 - 087529808 _____ C:\Users\Hamza\Downloads\avast_free_antivirus_setu p (By E Tube).zip
2020-06-07 23:25 - 2020-06-07 23:25 - 001020824 _____ C:\Users\Hamza\Downloads\J.K._Rowling_-_Fantastic_Beasts_and_Wher.pdf
2020-06-07 21:44 - 2020-06-07 21:44 - 000000000 ____D C:\$SysReset
2020-06-07 21:11 - 2020-06-07 21:11 - 000066477 _____ C:\Users\Hamza\Downloads\favicon_io.zip
2020-06-07 19:25 - 2020-06-07 19:25 - 000000000 ____D C:\Users\Hamza\Downloads\Rose-Blog
2020-06-07 19:23 - 2020-06-07 19:23 - 000000000 ____D C:\Users\Hamza\Downloads\Photonic-Free-Version
2020-06-07 19:20 - 2020-06-07 19:20 - 000000000 ____D C:\Users\Hamza\Downloads\OmMag
2020-06-07 19:18 - 2020-06-07 19:18 - 000000000 ____D C:\Users\Hamza\Downloads\Olivia-Dark-Header
2020-06-07 19:16 - 2020-06-07 19:16 - 000000000 ____D C:\Users\Hamza\Downloads\Nubia
2020-06-07 18:36 - 2020-06-07 18:36 - 000000000 ____D C:\Users\Hamza\Downloads\Maverick-Free-Version
2020-06-07 18:34 - 2020-06-07 18:34 - 000000000 ____D C:\Users\Hamza\Downloads\Malina (1)
2020-06-07 18:32 - 2020-06-07 18:32 - 000000000 ____D C:\Users\Hamza\Downloads\Animo
2020-06-07 18:29 - 2020-06-07 18:29 - 000000000 ____D C:\Users\Hamza\Downloads\Fabel
2020-06-07 18:26 - 2020-06-07 18:26 - 000000000 ____D C:\Users\Hamza\Downloads\Blush
2020-06-04 23:14 - 2020-06-04 23:14 - 000000000 ___HD C:\OneDriveTemp
2020-06-04 22:49 - 2020-06-04 22:49 - 000103966 _____ C:\Users\Hamza\Downloads\Rose-Blog.zip
2020-06-04 22:47 - 2020-06-04 22:47 - 000047903 _____ C:\Users\Hamza\Downloads\Olivia-Dark-Header.zip
2020-06-04 22:43 - 2020-06-04 22:43 - 000031601 _____ C:\Users\Hamza\Downloads\Simple-Grid-dengan-Sidebar.zip
2020-06-04 22:42 - 2020-06-04 22:42 - 001130720 _____ C:\Users\Hamza\Downloads\Maverick-Free-Version.zip
2020-06-04 22:40 - 2020-06-04 22:40 - 000102920 _____ C:\Users\Hamza\Downloads\Photonic-Free-Version.zip
2020-06-04 22:38 - 2020-06-04 22:38 - 000108722 _____ C:\Users\Hamza\Downloads\Animo.zip
2020-06-04 22:36 - 2020-06-04 22:36 - 000103450 _____ C:\Users\Hamza\Downloads\OmMag.zip
2020-06-03 19:26 - 2020-06-03 19:26 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-06-03 19:26 - 2020-06-03 19:26 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-06-03 19:26 - 2020-06-03 19:26 - 000002039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-03 19:26 - 2020-06-03 19:26 - 000002027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-03 19:26 - 2020-06-03 19:26 - 000002027 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-03 19:26 - 2020-06-03 19:26 - 000000000 ____D C:\Users\Hamza\AppData\Local\mbam
2020-06-03 19:26 - 2020-06-03 19:25 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-06-03 19:26 - 2020-06-03 19:25 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-06-03 19:25 - 2020-06-03 19:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-03 19:24 - 2020-06-03 19:24 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-03 19:23 - 2020-06-03 19:24 - 001980016 _____ (Malwarebytes) C:\Users\Hamza\Downloads\MBSetup.exe
2020-06-03 16:09 - 2020-06-03 16:09 - 000335976 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-06-03 16:09 - 2020-06-03 16:09 - 000216824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-06-03 16:09 - 2020-06-03 16:09 - 000175208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-06-02 11:21 - 2020-06-26 00:15 - 000025608 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2020-06-02 11:21 - 2020-06-26 00:15 - 000000514 _____ C:\Windows\Tasks\Avast Driver Updater Startup.job
2020-06-02 11:21 - 2020-06-02 11:21 - 000003012 _____ C:\Windows\system32\Tasks\Avast Driver Updater Startup
2020-06-02 11:21 - 2020-06-02 11:21 - 000000000 ____D C:\Users\Hamza\AppData\Local\AVAST Software
2020-06-02 11:20 - 2020-06-02 11:22 - 000000000 ____D C:\Program Files (x86)\Avast Driver Updater
2020-06-02 11:20 - 2020-06-02 11:20 - 000002517 _____ C:\Users\Public\Desktop\Avast Driver Updater.lnk
2020-06-02 11:20 - 2020-06-02 11:20 - 000002517 _____ C:\ProgramData\Desktop\Avast Driver Updater.lnk
2020-06-02 11:20 - 2020-06-02 11:20 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2020-06-02 11:20 - 2020-06-02 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater
2020-06-02 11:20 - 2020-06-02 11:20 - 000000000 ____D C:\ProgramData\Documents\Downloaded Installers
2020-05-29 17:00 - 2015-09-15 09:01 - 000812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-05-29 17:00 - 2015-09-15 09:01 - 000178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-05-29 16:50 - 2020-05-29 16:50 - 000000000 ____D C:\Program Files\CMAK
2020-05-29 16:50 - 2020-05-29 16:50 - 000000000 ____D C:\Program Files (x86)\CMAK
2020-05-27 23:39 - 2020-05-27 23:39 - 000007845 _____ C:\Users\Hamza\Downloads\Unconfirmed 822335.crdownload
2020-05-27 23:29 - 2020-05-27 23:29 - 000007845 _____ C:\Users\Hamza\Downloads\Unconfirmed 375202.crdownload
2020-05-27 22:31 - 2020-05-27 22:31 - 000055499 _____ C:\Users\Hamza\Downloads\Blush.zip
2020-05-27 22:25 - 2020-05-27 22:26 - 000099421 _____ C:\Users\Hamza\Downloads\Fabel.zip
2020-05-27 22:23 - 2020-05-27 22:23 - 000091454 _____ C:\Users\Hamza\Downloads\Nubia.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-26 00:32 - 2019-10-29 05:11 - 000000000 ____D C:\Windows\Panther
2020-06-26 00:28 - 2019-11-04 20:46 - 000002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-26 00:28 - 2019-11-04 20:46 - 000002226 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-26 00:28 - 2019-11-04 20:46 - 000002226 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-26 00:24 - 2020-04-03 08:19 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronizatio n-{05A15784-826C-4093-B184-5F30CD4A2FAD}
2020-06-26 00:22 - 2019-10-29 05:33 - 000000000 ___RD C:\Users\Hamza\OneDrive
2020-06-26 00:18 - 2019-11-05 01:57 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-708561520-1147990301-2211931877-1001
2020-06-26 00:18 - 2019-10-29 22:33 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-06-26 00:18 - 2019-10-29 05:33 - 000002369 _____ C:\Users\Hamza\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\OneDrive.lnk
2020-06-26 00:17 - 2019-10-29 22:31 - 000000000 ____D C:\ProgramData\AVAST Software
2020-06-26 00:15 - 2019-10-31 01:26 - 000000000 __SHD C:\Users\Hamza\IntelGraphicsProfiles
2020-06-24 00:01 - 2020-04-02 14:46 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2020-06-23 23:54 - 2020-04-02 14:46 - 000000000 ____D C:\Users\Hamza\Documents\Wondershare Filmora 9
2020-06-23 23:29 - 2019-10-29 22:36 - 000000000 ____D C:\Users\Hamza\AppData\Roaming\vlc
2020-06-16 21:53 - 2015-07-10 17:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-16 21:53 - 2015-07-10 14:35 - 000131072 ___SH C:\Windows\system32\config\BBI
2020-06-15 23:07 - 2019-10-29 22:33 - 000462592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-06-15 22:11 - 2019-10-31 00:26 - 000000000 ____D C:\Users\Hamza\AppData\Local\CrashDumps
2020-06-13 20:02 - 2020-04-11 20:48 - 000005718 _____ C:\Windows\diagwrn.xml
2020-06-13 20:02 - 2020-04-11 20:48 - 000005718 _____ C:\Windows\diagerr.xml
2020-06-13 18:15 - 2015-07-10 16:32 - 000000000 ____D C:\Windows\INF
2020-06-13 17:40 - 2019-10-29 05:48 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2020-06-13 17:20 - 2019-10-29 22:33 - 000322256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-06-07 22:47 - 2019-11-04 20:45 - 000003348 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineU A
2020-06-07 22:47 - 2019-11-04 20:45 - 000003124 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineC ore
2020-06-07 22:47 - 2019-10-31 00:49 - 000002242 _____ C:\Windows\system32\Tasks\Synaptics TouchPad Enhancements
2020-06-07 22:47 - 2019-10-31 00:45 - 000002304 _____ C:\Windows\system32\Tasks\RtHDVBg_PushButton
2020-06-07 22:47 - 2019-10-29 22:34 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-06-07 21:35 - 2019-10-29 05:31 - 000000000 ____D C:\Users\Hamza
2020-06-07 16:53 - 2020-04-04 14:07 - 000000000 ____D C:\Users\Hamza\AppData\Roaming\Telegram Desktop
2020-06-04 20:02 - 2015-07-10 14:35 - 000032768 ___SH C:\Windows\system32\config\ELAM
2020-06-03 19:26 - 2015-07-10 16:34 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-06-03 16:09 - 2020-04-03 08:20 - 000506152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2020-06-03 16:09 - 2019-10-29 22:33 - 000205896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-06-03 16:09 - 2019-10-29 22:33 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-06-03 16:09 - 2019-10-29 22:33 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-06-03 16:09 - 2019-10-29 22:33 - 000042784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-06-03 16:09 - 2019-10-29 22:33 - 000037152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-06-03 16:08 - 2019-10-29 22:33 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-06-03 16:08 - 2019-10-29 22:33 - 000235088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-06-03 16:08 - 2019-10-29 22:33 - 000178768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-06-03 16:08 - 2019-10-29 22:33 - 000060496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-06-02 11:16 - 2020-04-05 10:06 - 000000000 ____D C:\Windows\system32\MRT
2020-06-02 11:10 - 2020-04-05 10:06 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-06-01 18:22 - 2020-04-04 14:13 - 000000000 ____D C:\Users\Hamza\Downloads\Telegram Desktop
2020-06-01 18:15 - 2020-03-10 15:00 - 000001286 _____ C:\Users\Hamza\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\TimeBucks.lnk
2020-05-31 14:37 - 2019-10-29 05:32 - 000830266 _____ C:\Windows\system32\PerfStringBackup.INI
2020-05-30 19:18 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\rescache
2020-05-29 17:01 - 2019-10-29 05:31 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-05-29 17:01 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\AppReadiness
2020-05-29 16:56 - 2019-10-29 22:34 - 000002094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-05-29 16:56 - 2019-10-29 22:34 - 000002082 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-05-29 16:56 - 2019-10-29 22:34 - 000002082 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-05-29 16:55 - 2015-07-10 17:50 - 002278448 _____ C:\Windows\system32\FNTCACHE.DAT
2020-05-29 16:51 - 2015-07-10 16:34 - 000000000 ___SD C:\Windows\SysWOW64\F12
2020-05-29 16:51 - 2015-07-10 16:34 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-05-29 16:51 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-05-29 16:51 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\SysWOW64\oobe
2020-05-29 16:51 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\system32\oobe
2020-05-29 16:51 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\system32\appraiser
2020-05-29 16:51 - 2015-07-10 16:34 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-05-29 16:51 - 2015-07-10 16:34 - 000000000 ____D C:\Program Files\Windows Defender
2020-05-29 16:51 - 2015-07-10 16:34 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-05-29 16:51 - 2015-07-10 16:34 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-05-29 16:51 - 2015-07-10 14:37 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2020-05-29 16:51 - 2015-07-10 14:35 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-05-29 16:51 - 2015-07-10 14:35 - 000000000 ____D C:\Windows\system32\Dism
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ___SD C:\Windows\system32\F12
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ___RD C:\Windows\PurchaseDialog
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ___RD C:\Windows\PrintDialog
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ___RD C:\Windows\DevicesFlow
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\system32\setup
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\system32\migwiz
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\Provisioning
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\L2Schemas
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ____D C:\Program Files\Windows Portable Devices
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2020-05-29 16:50 - 2015-07-10 16:34 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2020-05-29 16:50 - 2015-07-10 14:37 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2020-05-29 16:50 - 2015-07-10 14:35 - 000000000 ____D C:\Windows\system32\Sysprep

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-06-22 21:40
==================== End of FRST.txt ========================
Reply With Quote
  #8  
Old June 26th, 2020, 08:12 PM
Jez93 Jez93 is offline
New Member
 
Join Date: Jun 2020
Posts: 8
Question log file -Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2020
Ran by Hamza (26-06-2020 00:35:25)
Running from C:\Users\Hamza\Downloads
Windows 10 Pro 10240.17443 (X64) (2019-10-28 23:59:09)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-708561520-1147990301-2211931877-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-708561520-1147990301-2211931877-503 - Limited - Disabled)
Guest (S-1-5-21-708561520-1147990301-2211931877-501 - Limited - Disabled)
Hamza (S-1-5-21-708561520-1147990301-2211931877-1001 - Administrator - Enabled) => C:\Users\Hamza

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Illustrator CC 2018 (32 Bit) (HKLM-x32\...\ILST_22_1_32) (Version: 22.1 - Adobe Systems Incorporated)
Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (HKLM-x32\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden
Avast Driver Updater (HKLM-x32\...\{CEF7BA79-8A1C-4D04-BD38-2A30BD134681}) (Version: 2.5.9 - AVAST Software) Hidden
Avast Driver Updater (HKLM-x32\...\Avast Driver Updater) (Version: 2.5.9 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.4.2410 - Avast Software)
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.106 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Massive (HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\{07F54E47-DE08-486E-921C-D09624774BB6}_is1) (Version: 0.3.3 - Massive Computing, Inc.)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\OneDriveSetup.exe) (Version: 20.084.0426.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Tavultesoft Keyman (HKLM-x32\...\Tavultesoft Keyman) (Version: - )
Telegram Desktop version 2.1.6 (HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.1.6 - Telegram FZ-LLC)
TimeBucks (HKU\S-1-5-21-708561520-1147990301-2211931877-1001\...\{53084601-1ca6-4783-9b16-b6792a5ebfa1}_is1) (Version: 1.3.2 - Massive Computing, Inc.)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Wondershare Filmora9(Build 9.3.7) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

Packages:
=========
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.3 11.0_x64__8wekyb3d8bbwe [2019-11-07] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-11-07] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.3.193.0_ x86__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.3.193.0_x86 __8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x 86__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.3.193.0_ x86__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-708561520-1147990301-2211931877-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-06-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-06-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-06-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-06-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-04-02 14:48 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-04-02 14:48 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2019-11-12 23:02 - 2007-05-11 04:48 - 001560576 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll
2006-08-02 13:22 - 2006-08-02 13:22 - 000126976 ____R (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\asneu.dll
2006-09-15 04:50 - 2006-09-15 04:50 - 000212992 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll
2006-09-15 05:16 - 2006-09-15 05:16 - 000208896 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll
2006-09-15 04:50 - 2006-09-15 04:50 - 000346112 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll
2006-02-28 18:12 - 2006-02-28 18:12 - 000094208 _____ (Apple Computer, Inc.) [File not signed] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
2006-09-15 19:28 - 2006-09-15 19:28 - 000934400 ____R (Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll
2020-04-02 14:48 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 16:34 - 2015-07-10 16:32 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-708561520-1147990301-2211931877-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{671D7D16-62F2-43A0-831E-AE7824386ADE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3121C88D-E2CB-484B-A7EA-96BDDC71D95C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{85745E98-3C71-4957-A2A6-460CC754DC17}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9E214C10-C887-4B21-BC44-B2A9D927CB0A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE619499-8146-4B6E-A02E-E246FCFA9756}] => (Allow) LPort=3703
FirewallRules: [{F13D86E0-CBAD-4C94-AE56-7E77ED0BA3FA}] => (Allow) LPort=3704
FirewallRules: [{83B4D308-934B-4B6A-9665-242DF1E4A913}] => (Allow) LPort=50900
FirewallRules: [{D0B141EA-9FBA-4615-82AE-D0DB3CA2213A}] => (Allow) LPort=50901
FirewallRules: [{B7427A17-5914-4F20-873F-E74D8DD1E24A}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{4FD9530D-EA1C-4508-A164-6D184059DB2D}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [TCP Query User{773642B5-78AD-4A49-BBA7-689227F535B8}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{2BA77C8F-94DF-4E37-8DE9-BE3ED807C985}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{42179A08-AEB1-4B4A-9A3B-389E44ED44E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

01-06-2020 18:39:19 Scheduled Checkpoint
07-06-2020 18:40:44 Windows Update
13-06-2020 17:28:42 Windows Update
26-06-2020 00:32:30 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/26/2020 12:33:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/26/2020 12:15:45 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=Use rLogon;SessionId=5

Error: (06/26/2020 12:15:44 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Error: (06/26/2020 12:15:44 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

Error: (06/24/2020 05:55:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-A5C4H9U)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/24/2020 05:25:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE2
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=Net workAvailable

Error: (06/24/2020 05:25:33 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE2
Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Error: (06/24/2020 05:25:33 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE2


System errors:
=============
Error: (06/26/2020 12:35:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (06/26/2020 12:35:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (06/26/2020 12:35:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (06/26/2020 12:35:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (06/26/2020 12:35:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (06/26/2020 12:35:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (06/26/2020 12:35:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (06/26/2020 12:35:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.


==================== Memory info ===========================

BIOS: Dell Inc. A12 10/25/2013
Motherboard: Dell Inc. 06RYX8
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 70%
Total physical RAM: 3977.27 MB
Available physical RAM: 1163.38 MB
Total Virtual: 5193.27 MB
Available Virtual: 1464.02 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:145.93 GB) (Free:58.72 GB) NTFS
Drive d: (Data) (Fixed) (Total:163.03 GB) (Free:141.16 GB) NTFS
Drive e: (Softwares) (Fixed) (Total:156.25 GB) (Free:150.21 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{75426ca5-702e-427c-aa0f-0cd64928e453}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.14 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Size: 465.8 GB) (Disk ID: 15113B8C)

Partition: GPT.

==================== End of Addition.txt =======================
Reply With Quote
  #9  
Old June 26th, 2020, 08:14 PM
Jez93 Jez93 is offline
New Member
 
Join Date: Jun 2020
Posts: 8
Smile

I have sent the log files to you.Please see it.:
Reply With Quote
  #10  
Old June 28th, 2020, 01:00 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,037
I don't see any indication of malware in these logs (though good job getting them posted). Is that the paid version of Malwarebytes?
Reply With Quote
  #11  
Old June 28th, 2020, 05:51 PM
Jez93 Jez93 is offline
New Member
 
Join Date: Jun 2020
Posts: 8
Thank you! Yeah it was a bit difficult to post. I am sorry but couldn't it be another virus type?why is my cursor moving on it's own in word documents,play and volume button playing automatically and when I select one icon in desktop it doesn't get selected and another one gets selected?When that happens I am unable to shut down the laptop through the power option.
What is the best thing to do?formatting the computer or scan it using another antivirus?
No it is the unpaid version of malware bytes.
Reply With Quote
  #12  
Old June 29th, 2020, 12:02 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,037
Malicious software is created and distributed to make a profit for the persons passing it around. The issues you are describing do not sound like malware caused. Are you using a wired or wireless mouse?
Reply With Quote
  #13  
Old July 2nd, 2020, 12:20 PM
Jez93 Jez93 is offline
New Member
 
Join Date: Jun 2020
Posts: 8
I am using a wired mouse for my laptop since without it, it is difficult to navigate.
Reply With Quote
  #14  
Old July 3rd, 2020, 12:43 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,037
I'm on my phone right now, get to a computer later and when I do I'm going to move this thread to the Windows 10 forum. That way others can get involved and help you solve this problem.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 07:21 AM.