|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Bing redirect virus
On duckduckgo when I click a link in the "shopping" section on the search-results page it redirects to a link that starts with "https://www.bing.com/aclick?ld=". The page fails to load anyway. This happens on all three browsers I use (brave, firefox, epic). I searched this and I know "bring redirect virus" is common, except with other people it seems not restricted to just the "shopping" section.
Thankyou. |
#2
|
||||
|
||||
Hi marmites,
Let's take a look. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
|
#3
|
|||
|
|||
FRST.xtx
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022 Ran by asldkjf (administrator) on DESKTOP-D59TRQN (07-02-2022 08:37:20) Running from C:\Users\asldkjf\Downloads Loaded Profiles: asldkjf Platform: Microsoft Windows 10 Enterprise LTSC Version 1809 17763.1757 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AIRVPN -> ) C:\Program Files\AirVPN\Eddie-Service-Elevated.exe (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <13> (F.lux Software LLC -> f.lux Software LLC) C:\Users\asldkjf\AppData\Local\FluxSoftware\Flux\f lux.exe (Henry++) [File not signed] C:\Program Files\simplewall\simplewall.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms .inf_amd64_b93ea7bff86fc280\LMS.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaa hcic.inf_amd64_48973fc6c96c696a\RstMwService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.1750_no ne_56c6269799364882\TiWorker.exe (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe (Nextcloud GmbH -> Nextcloud GmbH) C:\Program Files\QloudData\qlouddata.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2> ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\Focusriteusb\Focusrite Notifier.exe [5029376 2020-06-03] (Focusrite Audio Engineering, Ltd.) [File not signed] HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [500936 2015-04-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL (No File) HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE* [29776 2018-08-14] () [File not signed] HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed] HKLM-x32\...\Run: [HuionTablet] => C:\Program Files\HuionTablet\HuionTablet.exe [1659888 2021-10-28] (Shenzhen Huion Animation Technology Co.,LTD -> ShenZhen Huion Animation Technology Co.Ltd.) HKLM\...\Policies\Explorer: [NoAutorun] 1 HKLM\...\Policies\Explorer: [AllowOnlineTips] 0 HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1 HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1 HKLM\...\Policies\Explorer: [NoPublishingWizard] 1 HKLM\...\Policies\Explorer: [NoWebServices] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\Run: [QloudData] => C:\Program Files\QloudData\qlouddata.exe [2482496 2021-11-04] (Nextcloud GmbH -> Nextcloud GmbH) HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\Run: [f.lux] => C:\Users\asldkjf\AppData\Local\FluxSoftware\Flux\f lux.exe [1515848 2021-06-18] (F.lux Software LLC -> f.lux Software LLC) HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\Run: [simplewall] => C:\Program Files\simplewall\simplewall.exe [749056 2021-12-03] (Henry++) [File not signed] HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\asldkjf\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2021-10-26] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed] HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2471880 2022-02-02] (Brave Software, Inc. -> Brave Software, Inc.) HKU\S-1-5-21-461047945-4258226643-924543775-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [571904 2021-02-13] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\98.1.35.100\Installer\chrmstp. exe [2022-02-03] (Brave Software, Inc. -> Brave Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2021-10-26] ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> ) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2365D515-3974-4430-A6C3-514F85044E8B} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-19] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {6B434463-D1E5-43DC-8525-2753DB5BC0ED} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {8D99A90D-A6BA-4396-B2AA-4305BAB399A2} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-19] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {A3315324-9992-4B6C-89C4-F0B5E6A6FCD9} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\icl sclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKR ecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {C87A10C5-F385-4394-8ADD-045C5D2587C5} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-09-17] () [File not signed] Task: {E17B68FF-4234-4C81-A636-FF92701C7371} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump :5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\ba ckgroundupdate.moz_log --backgroundtask backgroundupdate Task: {E1FC423A-EDAD-4B1C-9C6F-9517301F0BFA} - System32\Tasks\Microsoft\Windows\PowerShell\Schedu ledJobs\Chocolatey Daily Upgrade => powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -Command "Import-Module PSScheduledJob; $jobDef = [Microsoft.PowerShell.ScheduledJob.ScheduledJobDefi nition]::LoadFromStore('Chocolatey Daily Upgrade', 'C:\Users\asldkjf\AppData\Local\Microsoft\Windows\ PowerShell\ScheduledJobs'); $jobDef.Run()" Task: {FBB8CDAE-BFAF-4E27-B7D0-590EDE2F7934} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{15ba3c92-8379-498a-b7e0-95965184f679}: [DhcpNameServer] 192.168.1.1 HKLM\System\...\Parameters\PersistentRoutes: [104.96.147.3,255.255.255.255,0.0.0.0,1] HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.177,255.255.255.255,0.0.0.0,1] HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.253,255.255.255.255,0.0.0.0,1] HKLM\System\...\Parameters\PersistentRoutes: [131.253.40.37,255.255.255.255,0.0.0.0,1] HKLM\System\...\Parameters\PersistentRoutes: [134.170.115.60,255.255.255.255,0.0.0.0,1] HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.248,255.255.255.255,0.0.0.0,1] HKLM\System\...\Parameters\PersistentRoutes: [134.170.185.70,255.255.255.255,0.0.0.0,1] HKLM\System\...\Parameters\PersistentRoutes: [131.253.40.109,255.255.255.255,0.0.0.0,1] HKLM\System\...\Parameters\PersistentRoutes: [134.170.30.202,255.255.255.255,0.0.0.0,1] HKLM\System\...\Parameters\PersistentRoutes: [137.116.81.24,255.255.255.255,0.0.0.0,1] PersistentRoutes: There are 175 PersistentRoutes. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-461047945-4258226643-924543775-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION FireFox: ======== FF DefaultProfile: pptwjx4v.default FF DefaultProfile: rv6gjf1g.default FF ProfilePath: C:\Users\asldkjf\AppData\Roaming\Mozilla\Firefox\P rofiles\pptwjx4v.default [2021-10-20] FF ProfilePath: C:\Users\asldkjf\AppData\Roaming\Mozilla\Firefox\P rofiles\3vvplmou.default-release [2022-02-06] FF user.js: detected! => C:\Users\asldkjf\AppData\Roaming\Mozilla\Firefox\P rofiles\3vvplmou.default-release\user.js [2022-02-06] FF Homepage: Mozilla\Firefox\Profiles\3vvplmou.default-release -> about:blank FF NetworkProxy: Mozilla\Firefox\Profiles\3vvplmou.default-release -> type", 0 FF Extension: (HTTPS Everywhere) - C:\Users\asldkjf\AppData\Roaming\Mozilla\Firefox\P rofiles\3vvplmou.default-release\Extensions\https-everywhere@eff.org.xpi [2021-10-21] FF Extension: (uBlock Origin) - C:\Users\asldkjf\AppData\Roaming\Mozilla\Firefox\P rofiles\3vvplmou.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-10-21] FF Extension: (NoScript) - C:\Users\asldkjf\AppData\Roaming\Mozilla\Firefox\P rofiles\3vvplmou.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-10-21] FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\asldkjf\AppData\Roaming\Mozilla\Firefox\P rofiles\3vvplmou.default-release\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2021-10-24] FF ProfilePath: C:\Users\asldkjf\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rv6gjf1g.default [2021-11-24] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect64.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin HKU\S-1-5-21-461047945-4258226643-924543775-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\asldkjf\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [2021-10-26] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed] FF Plugin HKU\S-1-5-21-461047945-4258226643-924543775-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\asldkjf\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [2021-10-26] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed] Brave: ======= BRA Profile: C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-02-07] BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=braveed BRA DefaultSearchKeyword: Default -> :d BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list BRA Extension: (Dark Mode - Night Eye) - C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\alncdjedloppbablonallfbkei knmkdi [2022-01-20] BRA Extension: (uBlock Origin) - C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjb keiagm [2022-01-14] BRA Extension: (NoScript) - C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\doojmbjmlfjjnbmnoijecmcbfe oakpjm [2022-02-04] BRA Extension: (HTTPS Everywhere) - C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonp mejbdp [2021-10-21] BRA Extension: (Brave Local Data Files Updater) - C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-02-06] BRA Extension: (Brave NTP background images) - C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2021-12-15] BRA Extension: (Wallet Data Files Updater) - C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2021-12-01] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-02-07] BRA Extension: (Brave NTP sponsored images) - C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\hlcinbnbfgoealjpgmoacabdkapmjjfj [2022-02-06] BRA Extension: (Brave SpeedReader Updater) - C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-10-19] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\asldkjf\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-02-02] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-19] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-19] (Brave Software, Inc. -> BraveSoftware Inc.) R2 EddieElevationService; C:\Program Files\AirVPN\Eddie-Service-Elevated.exe [872680 2021-03-11] (AIRVPN -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-02-06] (Malwarebytes Inc -> Malwarebytes) S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6270832 2021-02-13] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 Focusriteusb; C:\WINDOWS\System32\drivers\Focusriteusb.sys [123456 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.) R3 FocusriteusbSwRoot; C:\WINDOWS\System32\drivers\FocusriteusbSwRoot.sys [92568 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.) R3 Focusriteusb_AUDIO; C:\WINDOWS\system32\drivers\FocusriteusbAudio.sys [87912 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.) R3 Focusriteusb_MIDI; C:\WINDOWS\system32\drivers\FocusriteusbMidi.sys [49808 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-02-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-02-06] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-02-06] (Malwarebytes Inc -> Malwarebytes) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) U4 diagnosticshub.standardcollector.service; no ImagePath U4 DiagTrack; no ImagePath U4 dmwappushservice; no ImagePath U4 dmwappushsvc; no ImagePath U4 lfsvc; no ImagePath U4 PcaSvc; no ImagePath U4 WbioSrvc; no ImagePath U4 WdBoot; no ImagePath U4 WdFilter; no ImagePath U4 WdNisDrv; no ImagePath U4 WdNisSvc; no ImagePath U4 WinDefend; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-02-07 08:37 - 2022-02-07 08:37 - 000017663 _____ C:\Users\asldkjf\Downloads\FRST.txt 2022-02-07 08:36 - 2022-02-07 08:37 - 000000000 ____D C:\FRST 2022-02-07 08:36 - 2022-02-07 08:36 - 002311680 _____ (Farbar) C:\Users\asldkjf\Downloads\FRST64.exe 2022-02-06 22:39 - 2022-02-06 22:39 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2022-02-06 22:39 - 2022-02-06 22:39 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2022-02-06 22:39 - 2022-02-06 22:39 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2022-02-06 22:37 - 2022-02-06 22:37 - 000000000 ____D C:\Users\asldkjf\AppData\Local\mbam 2022-02-06 22:36 - 2022-02-06 22:37 - 000000000 ____D C:\AdwCleaner 2022-02-06 22:36 - 2022-02-06 22:36 - 008540344 _____ (Malwarebytes) C:\Users\asldkjf\Downloads\adwcleaner_8.3.1.exe 2022-02-06 22:33 - 2022-02-06 22:33 - 000000080 ___SH C:\bootTel.dat 2022-02-06 22:05 - 2022-02-06 22:05 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2022-02-06 22:05 - 2022-02-06 22:05 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2022-02-06 22:04 - 2022-02-06 22:04 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2022-02-06 22:04 - 2022-02-06 22:04 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2022-02-06 22:04 - 2022-02-06 22:04 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2022-02-06 22:04 - 2022-02-06 22:04 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2022-02-06 22:03 - 2022-02-06 22:03 - 000000000 ____D C:\ProgramData\Malwarebytes 2022-02-06 22:03 - 2022-02-06 22:03 - 000000000 ____D C:\Program Files\Malwarebytes 2022-02-06 22:02 - 2022-02-06 22:02 - 002911928 _____ (Malwarebytes) C:\Users\asldkjf\Downloads\MBSetup.exe 2022-02-05 12:40 - 2022-02-05 12:40 - 048670739 _____ C:\Users\asldkjf\Desktop\health-biology books combined.txt 2022-02-05 12:29 - 2022-02-05 12:29 - 000000000 ____D C:\Users\asldkjf\AppData\Roaming\Bluefive software 2022-02-05 12:29 - 2022-02-05 12:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TXTcollector 2022-02-05 12:29 - 2022-02-05 12:29 - 000000000 ____D C:\Program Files (x86)\TXTcollector 2022-02-05 12:29 - 2000-07-09 19:15 - 000106496 _____ (Marco Bellinaso) C:\WINDOWS\SysWOW64\mbprgbar.ocx 2022-02-05 12:29 - 2000-05-02 00:02 - 000110592 _____ (Common Controls Replacement Project (CCRP)) C:\WINDOWS\SysWOW64\ccrpbds6.dll 2022-02-04 09:54 - 2022-02-04 09:54 - 000000000 ____D C:\Users\asldkjf\AppData\Local\calibre-parallel 2022-01-28 08:53 - 2022-01-29 08:09 - 000000000 ____D C:\Program Files\Mozilla Firefox 2022-01-23 21:15 - 2022-01-23 21:15 - 000001298 _____ C:\Users\asldkjf\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\qbittorrent.lnk 2022-01-23 14:59 - 2022-01-23 14:59 - 000000000 ____D C:\Program Files\qBittorrent 2022-01-17 09:44 - 2022-01-28 11:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-02-07 08:23 - 2021-10-19 18:38 - 000000000 ____D C:\Users\asldkjf\AppData\LocalLow\Mozilla 2022-02-07 08:20 - 2021-10-19 19:20 - 000000000 ___SD C:\Users\asldkjf\nextcloud 2022-02-06 23:04 - 2021-10-20 12:22 - 000033800 _____ C:\WINDOWS\system32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000008-10241102}.rfx 2022-02-06 23:04 - 2021-10-20 12:22 - 000033800 _____ C:\WINDOWS\system32\BMXState-{00000004-00000000-00000000-00001102-00000008-10241102}.rfx 2022-02-06 23:04 - 2021-10-20 12:22 - 000029040 _____ C:\WINDOWS\system32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000008-10241102}.rfx 2022-02-06 23:04 - 2021-10-20 12:22 - 000029040 _____ C:\WINDOWS\system32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000008-10241102}.rfx 2022-02-06 23:04 - 2021-10-20 12:22 - 000011564 _____ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000000-00001102-00000008-10241102}.rfx 2022-02-06 23:04 - 2021-10-19 19:16 - 000000000 ____D C:\Users\asldkjf\AppData\Roaming\QloudData 2022-02-06 23:03 - 2021-10-20 18:02 - 000000000 ____D C:\Users\asldkjf\AppData\Local\Eddie 2022-02-06 22:49 - 2021-10-20 12:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-02-06 22:44 - 2021-10-20 12:13 - 000000000 ____D C:\WINDOWS\INF 2022-02-06 22:44 - 2021-10-19 18:27 - 000795992 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-02-06 22:39 - 2021-10-20 12:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-02-06 22:38 - 2021-10-20 12:09 - 000032768 _____ C:\WINDOWS\system32\config\BBI 2022-02-06 22:35 - 2021-10-30 11:38 - 000000000 ____D C:\Users\asldkjf\AppData\Local\Spotify 2022-02-06 22:34 - 2021-10-30 11:35 - 000000000 ____D C:\Users\asldkjf\AppData\Roaming\Spotify 2022-02-06 22:34 - 2021-10-20 12:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-02-06 22:32 - 2021-10-19 21:30 - 000000000 ____D C:\Users\asldkjf\AppData\Roaming\MusicBee 2022-02-06 22:13 - 2021-10-20 15:36 - 000000000 ____D C:\Program Files\Monero GUI Wallet 2022-02-06 22:04 - 2021-10-20 12:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2022-02-05 20:49 - 2021-12-19 19:17 - 000000000 ____D C:\Users\asldkjf\Calibre Library 2022-02-04 16:41 - 2021-10-19 18:31 - 000000000 ____D C:\Users\asldkjf 2022-02-03 11:58 - 2021-10-19 18:42 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2022-02-01 19:06 - 2021-12-19 19:17 - 000000000 ____D C:\Users\asldkjf\AppData\Roaming\calibre 2022-02-01 17:59 - 2021-12-19 19:17 - 000000000 ____D C:\Users\asldkjf\AppData\Local\calibre-cache 2022-02-01 17:52 - 2021-10-20 17:59 - 000000000 ____D C:\Users\asldkjf\AppData\Roaming\Ledger Live 2022-01-29 08:09 - 2021-10-20 14:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-01-28 11:44 - 2021-10-22 11:39 - 000001026 _____ C:\Users\asldkjf\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\firefox.lnk 2022-01-28 11:44 - 2021-10-20 14:07 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-01-24 08:09 - 2021-12-08 16:13 - 000000000 ____D C:\Users\asldkjf\AppData\Roaming\audacity 2022-01-23 15:44 - 2021-11-22 11:22 - 000000000 ____D C:\Users\asldkjf\AppData\Roaming\qBittorrent ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== |
#4
|
|||
|
|||
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022 Ran by asldkjf (07-02-2022 08:37:44) Running from C:\Users\asldkjf\Downloads Microsoft Windows 10 Enterprise LTSC Version 1809 17763.1757 (X64) (2021-10-19 07:23:58) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-461047945-4258226643-924543775-500 - Administrator - Disabled) asldkjf (S-1-5-21-461047945-4258226643-924543775-1001 - Administrator - Enabled) => C:\Users\asldkjf DefaultAccount (S-1-5-21-461047945-4258226643-924543775-503 - Limited - Disabled) Guest (S-1-5-21-461047945-4258226643-924543775-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-461047945-4258226643-924543775-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Stogram (HKLM\...\{2D1D79D2-5890-4F1E-98F8-482910FF4A70}) (Version: 4.2.1.4000 - Open Media LLC) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) Audacity 3.0.5 (HKLM\...\Audacity_is1) (Version: 3.0.5 - Audacity Team) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 98.1.35.100 - Brave Software Inc) calibre (HKLM-x32\...\{2E4F4E6C-9196-4A8B-AA7B-5462E2DC4E40}) (Version: 5.29.0 - Kovid Goyal) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.) Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited) Dynamic Application Loader Host Interface Service (HKLM\...\{E7365856-8EFD-47D8-AFE4-0627FDA221B5}) (Version: 1.0.0.0 - Intel Corporation) Hidden Eddie - OpenVPN UI (HKLM-x32\...\AirVPN) (Version: - AirVPN - hxxps://airvpn.org) Epic Privacy Browser (HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\Epic Privacy Browser) (Version: 91.0.4472.124 - Epic) f.lux (HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\Flux) (Version: - f.lux Software LLC) Firefly 1.2.0 (HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\5892dd0c-8983-51d7-b337-6e1d1da9ad4b) (Version: 1.2.0 - IOTA Foundation) FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line) Focusrite Usb 4.65.5.658 (HKLM\...\Focusrite Usb_is1) (Version: 4.65.5.658 - Focusrite Audio Engineering, Ltd.) FormatFactory 5.9.0.0 (HKLM-x32\...\FormatFactory) (Version: 5.9.0.0 - Free Time) Ghost Desktop 2.0.11 (HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\64e6a2da-bfec-5ed6-bebf-c46eea19ac90) (Version: 2.0.11 - Ghost contributors) GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.28 - The GnuPG Project) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden Gpg4win (3.1.16) (HKLM-x32\...\Gpg4win) (Version: 3.1.16 - The Gpg4win Project) HuionTablet (HKLM-x32\...\HuionTablet) (Version: 15.4.1.354 - Shenzhen Huion Animation Technology Co.,LTD) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Intel(R) Chipset Device Software (HKLM-x32\...\{b666e502-9089-483b-9816-0774ccc9cb61}) (Version: 10.1.18295.8201 - Intel(R) Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2011.14.0.1511 - Intel Corporation) IrfanView 4.58 (64-bit) (HKLM\...\IrfanView64) (Version: 4.58 - Irfan Skiljan) K-Lite Codec Pack 16.4.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.4.6 - KLCP) Ledger Live 2.34.3 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.34.3 - Ledger Live Team) LibreOffice 7.2.2.2 (HKLM\...\{51F1B587-D4A5-41C0-A4E8-A64BBD343F23}) (Version: 7.2.2.2 - The Document Foundation) LPD8 Editor (HKLM-x32\...\LPD8Editor) (Version: - ) Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation) Monero GUI Wallet version 0.17.2.3 (HKLM\...\Monero GUI Wallet_is1) (Version: 0.17.2.3 - The Monero Developer Community) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 96.0.3 (x64 en-US)) (Version: 96.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 93.0 - Mozilla) MusicBee 3.4.7805 (HKLM-x32\...\MusicBee) (Version: 3.4.7805 - Steven Mayall) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.1.5 - Notepad++ Team) Novation USB Midi 2.22.0.10 (HKLM\...\Novation USB Midi Driver_is1) (Version: 2.22.0.10 - Novation DMS, Ltd.) NVIDIA Graphics Driver 359.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.21 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) qBittorrent 4.4.0 (HKLM-x32\...\qBittorrent) (Version: 4.4.0 - The qBittorrent project) QloudData (HKLM\...\{3B8C53BC-A0AF-4156-838E-76D00A1FB9EC}) (Version: 3.3.6.20211104 - Nextcloud GmbH) Shotcut (HKLM\...\Shotcut) (Version: 21.09.20 - Meltytech, LLC) simplewall (HKLM\...\simplewall) (Version: 3.6.1 - Henry++) SoulseekQt version 2019.7.22 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2019.7.22 - Soulseek LLC) Sound Blaster Audigy 5_Audigy Rx (HKLM-x32\...\{81440118-F1CE-4C87-BC8B-F1EB8D3FA190}) (Version: 1.0 - Creative Technology Limited) Spotify (HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\Spotify) (Version: 1.1.78.765.g5ea20b00 - Spotify AB) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.3.3 - Krzysztof Kowalczyk) Sync 1.3.1 (HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\e2300f21-b4fa-51fc-b56b-9fe4494aa9a7) (Version: 1.3.1 - vechain.org) TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.) Trezor Suite 21.10.2 (HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\978be57b-9286-5cd7-a60b-54c81352a986) (Version: 21.10.2 - SatoshiLabs) TXTcollector (HKLM-x32\...\TXTcollector_is1) (Version: 2.0.2 - Bluefive software) Waves.Exchange 1.0.0 (HKLM\...\{f9a1fbd2-842d-5f6a-98a9-d3cc73527c2a}) (Version: 1.0.0 - Elfronus Company LTD) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-461047945-4258226643-924543775-1001_Classes\CLSID\{c22e92cd-6dc5-4b86-aaf5-544f972d58e8} -> [QloudData] => C:\Users\asldkjf\nextcloud [2021-10-19 19:20] ShellIconOverlayIdentifiers: [ QloudDataError] -> {ECED25DF-4C43-4C3D-9DF2-2DD4A34264BB} => C:\Program Files\QloudData\shellext\NCOverlays.dll [2021-11-04] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ QloudDataOK] -> {85B0E8DF-011A-4C8C-9F71-044F664AB689} => C:\Program Files\QloudData\shellext\NCOverlays.dll [2021-11-04] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ QloudDataOKShared] -> {233AEF17-DC5E-46AF-ADA0-CA44CEA852B2} => C:\Program Files\QloudData\shellext\NCOverlays.dll [2021-11-04] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ QloudDataSync] -> {75B6942D-C993-456A-B634-D6B4902587E5} => C:\Program Files\QloudData\shellext\NCOverlays.dll [2021-11-04] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ QloudDataWarning] -> {050838D8-07CC-499A-9DC2-8027CAAE3FE7} => C:\Program Files\QloudData\shellext\NCOverlays.dll [2021-11-04] (Nextcloud GmbH -> Nextcloud GmbH) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-09-27] (Notepad++ -> ) ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-06] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [QloudDataContextMenuHandler] -> {5ED47245-050C-4BB9-923B-6CC8D74F1C1D} => C:\Program Files\QloudData\shellext\NCContextMenu.dll [2021-11-04] (Nextcloud GmbH -> Nextcloud GmbH) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2015-12-17] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-06] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\asldkjf\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com Shortcut: C:\Users\asldkjf\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://diagnostic.image-line.com Shortcut: C:\Users\asldkjf\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com Shortcut: C:\Users\asldkjf\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk ==================== Loaded Modules (Whitelisted) ============= 2021-11-04 15:21 - 2021-11-04 15:21 - 000099328 _____ () [File not signed] C:\Program Files\QloudData\qlouddatasync_vfs_cfapi.dll 2021-11-04 15:21 - 2021-11-04 15:21 - 000030208 _____ () [File not signed] C:\Program Files\QloudData\qlouddatasync_vfs_suffix.dll 2021-10-20 20:34 - 2015-09-02 17:48 - 000010240 _____ (Creative Technology Ltd) [File not signed] C:\WINDOWS\system32\CTDCRES.DLL 2020-08-04 20:46 - 2020-08-04 20:46 - 000341504 _____ (Free Time) [File not signed] C:\Program Files (x86)\FormatFactory\ShellEx_108.dll 2021-10-19 19:30 - 2019-02-22 03:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2021-11-04 15:21 - 2021-11-04 15:21 - 005972464 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Program Files\QloudData\Qt5Core.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2022-01-01 12:56 - 2022-01-01 12:56 - 000008582 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 nullroute 0.0.0.0 fe2.update.microsoft.com.akadns.net 0.0.0.0 survey.watson.microsoft.com 0.0.0.0 watson.microsoft.com 0.0.0.0 watson.ppe.telemetry.microsoft.com 0.0.0.0 vortex.data.microsoft.com 0.0.0.0 vortex-win.data.microsoft.com 0.0.0.0 telecommand.telemetry.microsoft.com 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 0.0.0.0 oca.telemetry.microsoft.com 0.0.0.0 sqm.telemetry.microsoft.com 0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 0.0.0.0 watson.telemetry.microsoft.com 0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 0.0.0.0 redir.metaservices.microsoft.com 0.0.0.0 choice.microsoft.com 0.0.0.0 choice.microsoft.com.nsatc.net 0.0.0.0 wes.df.telemetry.microsoft.com 0.0.0.0 services.wes.df.telemetry.microsoft.com 0.0.0.0 sqm.df.telemetry.microsoft.com 0.0.0.0 telemetry.microsoft.com 0.0.0.0 telemetry.appex.bing.net 0.0.0.0 telemetry.urs.microsoft.com 0.0.0.0 settings-sandbox.data.microsoft.com 0.0.0.0 watson.live.com 0.0.0.0 statsfe2.ws.microsoft.com 0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 0.0.0.0 www.windowssearch.com 0.0.0.0 ssw.live.com 0.0.0.0 sls.update.microsoft.com.akadns.net There are 198 more lines. ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-461047945-4258226643-924543775-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\asldkjf\AppData\Roaming\Microsoft\Windows \Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: Off) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\StartupFolder: => "TREZOR Bridge.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "Focusrite Notifier" HKLM\...\StartupApproved\Run: => "KeePass 2 PreLoad" HKLM\...\StartupApproved\Run32: => "HuionTablet" HKU\S-1-5-21-461047945-4258226643-924543775-1001\...\StartupApproved\Run: => "Epic Privacy Browser Installer" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{064D30C5-441C-4D75-A54A-96D3A7158861}] => (Block) C:\WINDOWS\System32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C5827F51-B380-4198-8B48-1AD0CCE5E2A8}] => (Block) C:\WINDOWS\System32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C4654763-BD63-4714-A64C-7A7494CCF8F9}] => (Block) C:\WINDOWS\System32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{FAD7E063-628B-4ADA-963E-6B6148291292}] => (Block) C:\WINDOWS\System32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{0AC03FED-6B74-4532-8059-31E8E2AB50D6}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{47CD861C-3D89-4C7E-8D0D-3BA95D374C4A}] => (Block) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{691C114F-3404-4063-88F8-C7AB388AC03A}] => (Block) C:\Windows\System32\backgroundTaskHost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{126AA00B-243E-4CB0-BEE2-3166AE0139E3}] => (Block) C:\Windows\System32\BackgroundTransferHost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{B1BE97F9-914B-4904-8BBA-5D881822A069}] => (Block) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{B7BA4B27-D7B4-4AD7-A927-30CAD40EA140}] => (Block) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{87E41525-ED52-4192-A864-401469987223}] => (Block) C:\Windows\System32\dmclient.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7EAC99D0-9B11-4E40-9C1D-AE8B9E4DB282}] => (Block) C:\Windows\System32\lsass.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{24AD7227-CB3B-407B-8C6D-F13C005AAF02}] => (Block) C:\Windows\System32\msfeedssync.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{00DE1F75-FAC5-4863-AC24-D7AA90DBFF6E}] => (Block) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{D953C15E-0930-4F3E-B53D-5E44FC7B6945}] => (Block) C:\Windows\System32\SettingSyncHost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7058AFA6-E959-4368-A127-7961100399DC}] => (Block) C:\Windows\System32\SIHClient.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2A1FB7DD-D050-4391-B643-93EB1C59BE64}] => (Block) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{BD5195A7-3B31-4628-8845-644B487CBC60}] => (Block) C:\Windows\System32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8FE2430F-5B53-4102-957D-83F8EB0B2C60}] => (Block) C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{08158578-D3A6-4475-9673-5734046BFA25}] => (Block) C:\Windows\System32\WerFault.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DFF09363-BB63-4A36-9584-11E724B37A0A}] => (Block) C:\Windows\System32\wermgr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{A7DCC5CF-E1D0-4A53-9A44-457699D6A84E}] => (Block) C:\Windows\System32\wsqmcons.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E7AFDB25-A464-4794-A3D2-0F1EE3D5E207}] => (Block) C:\Windows\System32\WWAHost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E4E9E0C8-142C-4D4B-AB2E-0170FD173E47}] => (Block) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe => No File FirewallRules: [{94F91AB0-6273-4446-A117-113BBFC9CA80}] => (Block) C:\Windows\SysWOW64\backgroundTaskHost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{BB84B7C4-A9D9-4145-BEE0-D67F1F7D31D1}] => (Block) C:\Windows\SysWOW64\BackgroundTransferHost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{BE7F2A61-0DD3-4CC2-9339-8386C55D60A4}] => (Block) C:\Windows\SysWOW64\msfeedssync.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{D98B4B92-7F28-48F7-B61C-2E551D42840C}] => (Block) C:\Windows\SysWOW64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{655B2D75-B672-4647-B42D-F1D4FA10F6F1}] => (Block) C:\Windows\SysWOW64\SettingSyncHost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{4BB99F80-BA47-48CD-8382-2A322342FAB6}] => (Block) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F8798E32-911C-4ECC-A64B-59E6DC32848B}] => (Block) C:\Windows\SysWOW64\WerFault.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{BB25C72A-3A54-4DE3-A680-E8BF182F863E}] => (Block) C:\Windows\SysWOW64\wermgr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{ED94336D-640B-412F-AAD6-13FF02F00493}] => (Block) C:\Windows\SysWOW64\WWAHost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{71E6592B-D1CD-489D-A74C-00865E16E17F}] => (Block) C:\WINDOWS\SystemApps\Microsoft.PPIProjection_cw5n 1h2txyewy\Receiver.exe => No File FirewallRules: [{058D42A2-2F15-4382-9DBB-9A0B63F59F74}] => (Block) C:\WINDOWS\SystemApps\Microsoft.PPIProjection_cw5n 1h2txyewy\Receiver.exe => No File FirewallRules: [{59EDB8D5-6E0D-4549-9B90-54E1FE214E1B}] => (Block) C:\WINDOWS\SystemApps\ContactSupport_cw5n1h2txyewy \ContactSupport.exe => No File FirewallRules: [{6F290C31-7776-442C-8D6A-84DDEFEADC15}] => (Block) C:\WINDOWS\SystemApps\ContactSupport_cw5n1h2txyewy \ContactSupport.exe => No File FirewallRules: [{D8416323-3018-476B-B56F-3C70A00B6989}] => (Block) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe => No File FirewallRules: [{A14D61D5-AFF1-40C8-8695-65161CC64188}] => (Block) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe => No File FirewallRules: [{A2007C19-F6BA-43B1-BF5E-9D97E32784A9}] => (Block) C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1 708.2831.0_x64__8wekyb3d8bbwe\PilotshubApp.exe => No File FirewallRules: [{6B8B9BCA-5563-480F-961A-1451BBA2FFE7}] => (Block) C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1 708.2831.0_x64__8wekyb3d8bbwe\PilotshubApp.exe => No File FirewallRules: [{0B405E1D-246C-4C24-9F7C-D46D90B28E55}] => (Block) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8625 .21151.0_x64__8wekyb3d8bbwe\onenoteim.exe => No File FirewallRules: [{1A61DCC9-5ED9-4B0C-8B54-D886F9595269}] => (Block) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8625 .21151.0_x64__8wekyb3d8bbwe\onenoteim.exe => No File FirewallRules: [{B3EE049B-9872-4FC0-B706-DF6503F029DF}] => (Block) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39 091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.ex e => No File FirewallRules: [{44899B09-9782-481A-933D-9E2089D9A2FD}] => (Block) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39 091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.ex e => No File FirewallRules: [TCP Query User{1E66D613-C357-4997-AEF0-B222414F1DFC}C:\users\asldkjf\appdata\roaming\spot ify\spotify.exe] => (Allow) C:\users\asldkjf\appdata\roaming\spotify\spotify.e xe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{35732775-865C-484F-8895-AE797352AFFB}C:\users\asldkjf\appdata\roaming\spot ify\spotify.exe] => (Allow) C:\users\asldkjf\appdata\roaming\spotify\spotify.e xe (Spotify AB -> Spotify Ltd) FirewallRules: [{9631CC41-4FE2-4D21-A78F-B8400ECAAB52}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3CDC1F88-413C-4BBC-BE59-C8F09F7345A9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{4F7C0222-AA5D-47DB-AA23-C35201914FFE}] => (Allow) C:\Users\asldkjf\AppData\Local\Epic Privacy Browser\Application\epic.exe (Hidden Reflex Authors) [File not signed] FirewallRules: [{641FE2CA-19F9-458A-BE31-FCA0F4A87FE5}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{1BA12319-F3FC-4CB5-A138-506DC2C0D62F}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{F0CAD873-81B7-4539-BFAB-527EC360AC11}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [{B2F31D38-6A11-4F95-B601-2D0B250FF68A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [{9B7B2953-BCB6-4D4D-853A-2CC4B9E6FBBE}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (02/07/2022 08:42:09 AM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (02/07/2022 08:42:09 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (02/07/2022 08:37:25 AM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator Error: (02/07/2022 08:37:25 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator Error: (02/07/2022 08:37:25 AM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Check If Volume Is Supported by Provider Add a Volume to a Shadow Copy Set Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 29 Snapshot Context: 29 Execution Context: Coordinator Provider ID: {00000000-0000-0000-0000-000000000000} Volume Name: \\?\Volume{a1fad4da-0000-0000-0000-501f00000000}\ Execution Context: Coordinator Error: (02/07/2022 08:37:25 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Check If Volume Is Supported by Provider Add a Volume to a Shadow Copy Set Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 29 Snapshot Context: 29 Execution Context: Coordinator Provider ID: {00000000-0000-0000-0000-000000000000} Volume Name: \\?\Volume{a1fad4da-0000-0000-0000-501f00000000}\ Execution Context: Coordinator Error: (02/07/2022 08:37:25 AM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator Error: (02/07/2022 08:37:25 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator System errors: ============= Error: (02/07/2022 08:42:04 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D59TRQN) Description: The server {4BD3E4E1-7BD4-4A2B-9964-496400DE5193} did not register with DCOM within the required timeout. Error: (02/07/2022 08:40:04 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D59TRQN) Description: The server {4575438F-A6C8-4976-B0FE-2F26B80D959E} did not register with DCOM within the required timeout. Error: (02/07/2022 08:21:55 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D59TRQN) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-D59TRQN\asldkjf SID (S-1-5-21-461047945-4258226643-924543775-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/07/2022 08:21:09 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-D59TRQN) Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neu tral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error: "0" Happened while starting this command: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_c w5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m 3btvepj.mca Error: (02/07/2022 08:21:05 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-D59TRQN) Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neu tral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error: "0" Happened while starting this command: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_c w5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m 3btvepj.mca Error: (02/07/2022 08:21:01 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-D59TRQN) Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neu tral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error: "0" Happened while starting this command: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_c w5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m 3btvepj.mca Error: (02/07/2022 08:20:57 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-D59TRQN) Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neu tral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error: "0" Happened while starting this command: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_c w5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m 3btvepj.mca Error: (02/07/2022 08:20:53 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-D59TRQN) Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neu tral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error: "0" Happened while starting this command: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_c w5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m 3btvepj.mca ==================== Memory info =========================== BIOS: American Megatrends Inc. P1.00 04/07/2020 Motherboard: ASRock Z490 Extreme4 Processor: Intel(R) Core(TM) i7-10700KF CPU @ 3.80GHz Percentage of memory in use: 18% Total physical RAM: 16288.97 MB Available physical RAM: 13221.51 MB Total Virtual: 18720.97 MB Available Virtual: 15579.03 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:445.85 GB) (Free:131.24 GB) NTFS Drive e: (asldkjf) (Fixed) (Total:1863 GB) (Free:476.78 GB) NTFS \\?\Volume{a1fad4da-0000-0000-0000-100000000000}\ (gfhg) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS \\?\Volume{a1fad4da-0000-0000-0000-b0956f000000}\ () (Fixed) (Total:0.8 GB) (Free:0.34 GB) NTFS ==================== MBR & Partition Table ==================== ================================================== ======== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: A1FAD4DA) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=445.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=819 MB) - (Type=27) ================================================== ======== Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ======================= |
#5
|
||||
|
||||
Quote:
|
#6
|
|||
|
|||
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by asldkjf (08-02-2022 11:51:47) Run:1 Running from C:\Users\asldkjf\Downloads Loaded Profiles: asldkjf Boot Mode: Normal ============================================== fixlist content: ***************** start: Hosts HKLM\...\Policies\Explorer: [NoAutorun] 1 HKLM\...\Policies\Explorer: [AllowOnlineTips] 0 HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1 HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1 HKLM\...\Policies\Explorer: [NoPublishingWizard] 1 HKLM\...\Policies\Explorer: [NoWebServices] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-461047945-4258226643-924543775-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION U4 diagnosticshub.standardcollector.service; no ImagePath U4 DiagTrack; no ImagePath U4 dmwappushservice; no ImagePath U4 dmwappushsvc; no ImagePath U4 lfsvc; no ImagePath U4 PcaSvc; no ImagePath U4 WbioSrvc; no ImagePath U4 WdBoot; no ImagePath U4 WdFilter; no ImagePath U4 WdNisDrv; no ImagePath U4 WdNisSvc; no ImagePath U4 WinDefend; no ImagePath HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = ***************** Hosts => Error: No automatic fix found for this entry. "HKLM\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\\NoAutorun" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\\AllowOnlineTips" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\\NoInternetOpenWith" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\\NoOnlinePrintsWizard" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\\NoPublishingWizard" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\\NoWebServices" => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\ProgramData\NTUSER.pol => moved successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully HKU\S-1-5-21-461047945-4258226643-924543775-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully HKLM\System\CurrentControlSet\Services\diagnostics hub.standardcollector.service => removed successfully diagnosticshub.standardcollector.service => service removed successfully HKLM\System\CurrentControlSet\Services\DiagTrack => removed successfully DiagTrack => service removed successfully HKLM\System\CurrentControlSet\Services\dmwappushse rvice => removed successfully dmwappushservice => service removed successfully HKLM\System\CurrentControlSet\Services\dmwappushsv c => removed successfully dmwappushsvc => service removed successfully HKLM\System\CurrentControlSet\Services\lfsvc => removed successfully lfsvc => service removed successfully HKLM\System\CurrentControlSet\Services\PcaSvc => removed successfully PcaSvc => service removed successfully HKLM\System\CurrentControlSet\Services\WbioSrvc => removed successfully WbioSrvc => service removed successfully HKLM\System\CurrentControlSet\Services\WdBoot => removed successfully WdBoot => service removed successfully HKLM\System\CurrentControlSet\Services\WdFilter => removed successfully WdFilter => service removed successfully HKLM\System\CurrentControlSet\Services\WdNisDrv => removed successfully WdNisDrv => service removed successfully HKLM\System\CurrentControlSet\Services\WdNisSvc => removed successfully WdNisSvc => service removed successfully HKLM\System\CurrentControlSet\Services\WinDefend => removed successfully WinDefend => service removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully The system needed a reboot. ==== End of Fixlog 11:51:47 ==== |
#7
|
||||
|
||||
I made a mistake so I need you to run a new fixlist.txt fix, using the following script:
Start: Hosts: Finish: |
#8
|
||||
|
||||
Be sure to reboot after.
|
#9
|
|||
|
|||
Here it is. Thanks.
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022 Ran by asldkjf (09-02-2022 09:40:58) Run:2 Running from C:\Users\asldkjf\Downloads Loaded Profiles: asldkjf Boot Mode: Normal ============================================== fixlist content: ***************** Start: Hosts: Finish: ***************** C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. Finish: => Error: No automatic fix found for this entry. ==== End of Fixlog 09:40:58 ==== |
#10
|
|||
|
|||
Wow it seems to be fixed now. Thanks a lot I love this website.
|
#11
|
||||
|
||||
Very good. You can delete FRST and all the files we created to remove our work there.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
redirect virus | excelsior07 | Malware Removal | 28 | November 27th, 2012 07:55 AM |
Redirect virus | excelsior07 | Windows Vista | 1 | November 17th, 2012 12:06 AM |
Redirect virus has me | garenzo | Malware Removal | 20 | June 17th, 2010 12:23 AM |
redirect to Bing, can't download programs from net | silentsnow | Windows 7 | 4 | January 20th, 2010 03:07 AM |
Possible Redirect virus | aspall | Malware Removal | 9 | November 16th, 2007 05:42 PM |
All times are GMT +1. The time now is 11:55 PM.