Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

my machine is on the fritz.

Started by inprob , Mar 03 2024 09:58 AM

  • Please log in to reply
1 reply to this topic

#1 inprob

inprob

  • Avatar image
  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:07:58 PM

Posted 03 March 2024 - 09:58 AM

i really could use some help here. its getting messy lol
 
thank you

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by abc (administrator) on DESKTOP-7402ULO (Dell Inc. OptiPlex 5050) (03-03-2024 06:14:04)
Running from C:\Users\abc\Downloads\FRST64.exe
Loaded Profiles: abc
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3155 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\AnyViewer\RCService.exe ->) (AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AnyViewer\AVCore.exe
(C:\Program Files (x86)\AnyViewer\RCService.exe ->) (AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AnyViewer\RCClient.exe
(C:\Program Files (x86)\AnyViewer\RCService.exe ->) (AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AnyViewer\ScreanCap.exe
(C:\Program Files\WindowsApps\HaukeGtze.IntuneNetworkDriveMapping_1.2.22.0_x86__6bk20wvc8rfx2\NetworkShareMapper.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <88>
(C:\Program Files\WindowsApps\HaukeGtze.IntuneNetworkDriveMapping_1.2.22.0_x86__6bk20wvc8rfx2\NetworkShareMapperStart.exe ->) (BFF8D712-89E6-4205-9504-3AB824A94414 -> direkt-gruppe GmbH) C:\Program Files\WindowsApps\HaukeGtze.IntuneNetworkDriveMapping_1.2.22.0_x86__6bk20wvc8rfx2\NetworkShareMapper.exe <2>
(C:\Program Files\WindowsApps\Microsoft.SysinternalsSuite_2024.2.1.0_x64__8wekyb3d8bbwe\RunUnpackaged.exe ->) (Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\abc\AppData\Local\Temp\ZoomIt.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.59\msedgewebview2.exe <7>
(explorer.exe ->) (Dell Inc -> Dell Inc.) C:\Users\abc\Downloads\Dell-Command-Configure-Application_HW2H3_WIN_4.8.0.494_A00_02.EXE <2>
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.SysinternalsSuite_2024.2.1.0_x64__8wekyb3d8bbwe\RunUnpackaged.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2112.32.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Program Files\WindowsApps\Microsoft.SysinternalsSuite_2024.2.1.0_x64__8wekyb3d8bbwe\Tools\Desktops.exe
(explorer.exe ->) (Microsoft Corporation -> Sysinternals) C:\Program Files\WindowsApps\Microsoft.SysinternalsSuite_2024.2.1.0_x64__8wekyb3d8bbwe\Tools\Dbgview.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wusa.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(services.exe ->) (AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AnyViewer\RCService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(svchost.exe ->) (BFF8D712-89E6-4205-9504-3AB824A94414 -> Hauke Götze) C:\Program Files\WindowsApps\HaukeGtze.IntuneNetworkDriveMapping_1.2.22.0_x86__6bk20wvc8rfx2\NetworkShareMapperStart.exe <2>
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5336.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\abc\AppData\Local\Microsoft\OneDrive\24.040.0225.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall: Restriction <==== ATTENTION
HKU\S-1-5-21-2727444015-489431898-3368966626-1001\...\Run: [Sysinternals Desktops] => C:\Program Files\WindowsApps\Microsoft.SysinternalsSuite_2024.2.1.0_x64__8wekyb3d8bbwe\Tools\Desktops.exe [217992 2024-03-02] (Microsoft Corporation -> Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-2727444015-489431898-3368966626-1001\...\Run: [CloudSync] => C:\Program Files\FileCloud Sync\cloudsync.exe [136155280 2023-12-15] (CodeLathe Technologies Inc -> FileCloud)
HKU\S-1-5-21-2727444015-489431898-3368966626-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\abc\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [66845712 2024-03-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2727444015-489431898-3368966626-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\abc\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2727444015-489431898-3368966626-1001\...\RunOnce: [Uninstall 24.020.0128.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\abc\AppData\Local\Microsoft\OneDrive\24.020.0128.0003" [0 2024-03-02] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2727444015-489431898-3368966626-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2727444015-489431898-3368966626-1001\...\Policies\system: [LogonHoursAction] 1
HKU\S-1-5-21-2727444015-489431898-3368966626-1001\...\Policies\system: [ReportControllerMissing] 0
HKU\S-1-5-21-2727444015-489431898-3368966626-1001\Software\Policies\...\system: [DenyRsopToInteractiveUser] 0
IFEO\taskmgr.exe: [Debugger] "C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.SYSINTERNALSSUITE_2024.2.1.0_X64__8WEKYB3D8BBWE\TOOLS\PROCEXP.EXE"
AlternateShell: <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {658BFC73-AFFF-452B-9337-EA380A05B044} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0D588169-A8AA-4D75-AF08-B5BE7CF790E7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C104D124-194C-416E-9AA8-3E0B7439EC42} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C6A6F70B-07A1-4089-876D-C9F4A4C2A474} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.254 216.130.71.72
Tcpip\..\Interfaces\{8f8098e2-0c1d-4fce-9adc-4a22a22cd4dd}: [DhcpNameServer] 192.168.100.254 216.130.71.72
Tcpip\..\Interfaces\{8f8098e2-0c1d-4fce-9adc-4a22a22cd4dd}: [DhcpDomain] home

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\abc\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-03]
Edge Extension: (Google Docs Offline) - C:\Users\abc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-02]
Edge Extension: (Edge relevant text changes) - C:\Users\abc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-02]
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\abc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2024-03-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apache2.4; C:\xampp\apache\bin\httpd.exe [30720 2023-10-27] (Apache Software Foundation) [File not signed]
R2 RCService; C:\Program Files (x86)\AnyViewer\RCService.exe [966640 2024-01-25] (AOMEI International Network Limited -> AOMEI International Network Limited)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534592 2023-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2023-12-21] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [933432 2023-12-21] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MpKsl7765e467; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF6F6561-C80F-4029-87C5-9463BF3F181B}\MpKslDrv.sys [272664 2024-03-02] (Microsoft Windows -> Microsoft Corporation)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [80408 2024-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21040 2024-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [608648 2024-03-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-03 06:16 - 2024-03-03 06:16 - 002585496 _____ (Malwarebytes) C:\Users\abc\Downloads\MBSetup.exe
2024-03-03 06:14 - 2024-03-03 06:14 - 000013210 _____ C:\Users\abc\Downloads\FRST.txt
2024-03-03 06:13 - 2024-03-03 06:14 - 000000000 ____D C:\FRST
2024-03-03 06:13 - 2024-03-03 06:13 - 002386944 _____ (Farbar) C:\Users\abc\Downloads\FRST64.exe
2024-03-03 05:46 - 2024-03-03 05:46 - 000000000 ___HT C:\Windows\wusa.lock
2024-03-03 05:46 - 2024-03-03 05:46 - 000000000 ____D C:\8cb4623ff2e8d314f25c3a9443
2024-03-03 04:52 - 2024-03-03 04:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2024-03-03 04:51 - 2024-03-03 04:51 - 000000000 ____D C:\Users\abc\AppData\Roaming\Samsung
2024-03-03 04:51 - 2024-03-03 04:51 - 000000000 ____D C:\ProgramData\Samsung
2024-03-03 04:51 - 2024-03-03 04:51 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2024-03-03 04:51 - 2022-01-25 11:29 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2024-03-03 04:49 - 2024-03-03 04:51 - 000000000 ____D C:\Program Files (x86)\Samsung
2024-03-03 04:49 - 2024-03-03 04:49 - 043226944 _____ (Samsung Electronics) C:\Users\abc\Downloads\Smart.Switch.PC_setup.exe
2024-03-03 04:41 - 2024-03-03 04:41 - 046078440 _____ (Dell Inc.) C:\Users\abc\Downloads\Dell-Command-Configure-Application_HW2H3_WIN_4.8.0.494_A00_02.EXE
2024-03-03 03:48 - 2024-03-03 03:48 - 000605255 _____ C:\Users\abc\Downloads\Win-Debloat-Tools-main.zip
2024-03-03 03:48 - 2024-03-03 03:48 - 000000000 ____D C:\Users\abc\Downloads\Win-Debloat-Tools-main
2024-03-03 03:42 - 2024-03-03 03:56 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-03-02 17:00 - 2024-03-02 17:00 - 000000550 _____ C:\Users\abc\OneDrive\Desktop\ok.bat
2024-03-02 16:59 - 2024-03-02 16:59 - 000000000 _____ C:\Users\abc\OneDrive\Desktop\ok.txt
2024-03-02 16:38 - 2024-03-02 16:38 - 000000000 ____D C:\ProgramData\AomeiBR
2024-03-02 16:37 - 2024-03-02 16:38 - 000000000 ____D C:\ProgramData\AnyViewer
2024-03-02 16:37 - 2024-03-02 16:38 - 000000000 ____D C:\Program Files (x86)\AnyViewer
2024-03-02 16:37 - 2024-03-02 16:37 - 043975000 _____ (AOMEI International Network Limited ) C:\Users\abc\Downloads\AnyViewerSetup.exe
2024-03-02 16:37 - 2024-03-02 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyViewer
2024-03-02 15:51 - 2024-03-02 15:51 - 000024723 _____ C:\Users\abc\Downloads\OIP.jfif
2024-03-02 14:29 - 2024-03-02 14:29 - 000000804 _____ C:\Users\abc\Downloads\license (1).xml
2024-03-02 14:25 - 2024-03-02 14:25 - 000001674 _____ C:\Users\abc\Downloads\jon (1).pem
2024-03-02 14:21 - 2024-03-02 14:21 - 000000804 _____ C:\Users\abc\Downloads\license.xml
2024-03-02 14:16 - 2024-03-02 14:16 - 000000000 ____D C:\Users\abc\.ssh
2024-03-02 14:15 - 2024-03-02 14:15 - 000001674 _____ C:\Users\abc\Downloads\jon.pem
2024-03-02 13:49 - 2024-03-02 13:49 - 000000000 ____D C:\Users\abc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileCloud
2024-03-02 13:43 - 2024-03-02 13:43 - 000000000 ____D C:\Users\abc\AppData\Roaming\FileCloudSync
2024-03-02 13:43 - 2024-03-02 13:43 - 000000000 ____D C:\Users\abc\AppData\Roaming\CloudSyncExplorerIntegration
2024-03-02 13:43 - 2024-03-02 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileCloud Sync
2024-03-02 13:43 - 2024-03-02 13:43 - 000000000 ____D C:\Program Files\FileCloud Sync
2024-03-02 13:42 - 2024-03-02 13:49 - 000000000 ____D C:\xampp
2024-03-02 07:07 - 2024-03-02 07:08 - 128609888 _____ (CodeLathe Technologies Inc ) C:\Users\abc\Downloads\FileCloudSync2Setup.exe
2024-03-02 07:07 - 2024-03-02 07:08 - 116042368 _____ (CodeLathe Technologies Inc ) C:\Users\abc\Downloads\FileCloudDrive2eSetup.exe
2024-03-02 07:06 - 2024-03-02 07:10 - 1214917208 _____ C:\Users\abc\Downloads\FileCloudSetup.exe
2024-03-02 04:11 - 2024-03-02 13:54 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2024-03-02 04:11 - 2024-03-02 13:54 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2024-03-02 04:11 - 2024-03-02 04:11 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2024-03-02 04:09 - 2024-03-02 04:09 - 000163917 _____ C:\Users\abc\Downloads\ReleaseNotes_Win7_1RTMSDK.Htm
2024-03-02 04:06 - 2024-03-02 13:54 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2024-03-02 04:06 - 2024-03-02 04:06 - 000000000 ____D C:\Users\abc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
2024-03-02 04:06 - 2024-03-02 04:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
2024-03-02 04:06 - 2024-03-02 04:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier (x64)
2024-03-02 04:06 - 2024-03-02 04:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier
2024-03-02 04:06 - 2024-03-02 04:06 - 000000000 ____D C:\Program Files\Microsoft Windows Performance Toolkit
2024-03-02 04:06 - 2024-03-02 04:06 - 000000000 ____D C:\Program Files\Debugging Tools for Windows (x64)
2024-03-02 04:06 - 2024-03-02 04:06 - 000000000 ____D C:\Program Files\Application Verifier (x64)
2024-03-02 04:05 - 2024-03-02 04:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
2024-03-02 04:05 - 2024-03-02 04:05 - 000000000 ____D C:\Program Files\Microsoft SDKs
2024-03-02 04:05 - 2024-03-02 04:05 - 000000000 ____D C:\Program Files (x86)\MSBuild
2024-03-02 03:48 - 2024-03-02 03:48 - 007633408 _____ C:\Users\abc\OneDrive\Desktop\AccessEnum.txt
2024-03-02 03:00 - 2024-03-02 03:01 - 000014386 _____ C:\Users\abc\OneDrive\Documents\tcpview.csv
2024-03-02 03:00 - 2024-03-02 03:00 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2727444015-489431898-3368966626-1001
2024-03-02 03:00 - 2024-03-02 03:00 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2727444015-489431898-3368966626-1001
2024-03-02 03:00 - 2024-03-02 03:00 - 000000000 ___HD C:\OneDriveTemp
2024-03-02 02:55 - 2024-03-02 03:00 - 3787576832 _____ C:\Windows\system32\DESKTOP-7402ULO.VHD
2024-03-02 02:24 - 2024-03-02 02:24 - 000000000 ____D C:\Users\abc\AppData\Local\DBG
2024-03-02 02:19 - 2024-03-02 03:04 - 000000000 ____D C:\Users\abc\AppData\Local\Sysinternals
2024-03-02 02:13 - 2024-03-02 02:14 - 069494047 _____ C:\Users\abc\OneDrive\Documents\msedgewebview2.dmp
2024-03-02 02:02 - 2024-03-02 02:02 - 000000000 ____D C:\Users\abc\AppData\Local\OneDrive
2024-03-02 01:58 - 2024-03-02 01:58 - 000000000 ____D C:\Windows\system32\Tasks\Intel
2024-03-02 01:18 - 2024-03-02 01:42 - 000000000 ____D C:\Users\abc\OneDrive\Documents\Windows Imaging and Configuration Designer (WICD)
2024-03-02 01:10 - 2024-03-02 14:50 - 000000000 ____D C:\Users\abc\AppData\Local\PlaceholderTileLogoFolder
2024-03-02 01:04 - 2024-03-02 01:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-03-02 01:02 - 2024-03-02 13:54 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-02 01:02 - 2024-03-02 01:02 - 000019222 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-02 01:02 - 2024-03-02 01:02 - 000019222 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-03-02 01:02 - 2024-03-02 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2024-03-02 01:02 - 2024-03-02 01:02 - 000000000 ____D C:\ProgramData\Dell
2024-03-02 01:02 - 2024-03-02 01:02 - 000000000 ____D C:\Program Files (x86)\Dell
2024-03-02 01:01 - 2024-03-02 01:02 - 023890352 _____ (Dell Inc.) C:\Users\abc\Downloads\Dell-USB-Recovery-Tool-Application_6FTD1_WIN_2.3.2.7523_A00.EXE
2024-03-02 00:57 - 2024-03-02 00:59 - 000000000 ___HD C:\$WinREAgent
2024-03-02 00:57 - 2024-03-02 00:57 - 000006214 __RSH C:\ProgramData\ntuser.pol
2024-03-02 00:56 - 2024-03-02 00:56 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-03-02 00:50 - 2024-03-02 00:50 - 000000000 ____D C:\Windows\Firmware
2024-03-02 00:42 - 2024-03-02 00:42 - 000000000 ___RD C:\Users\abc\Downloads\WavesAudio.WavesMaxxAudioProforDell_fh4rh281wavaa!App
2024-03-02 00:37 - 2024-03-02 00:37 - 000000000 ____D C:\Windows\Microsoft Antimalware
2024-03-02 00:34 - 2024-03-02 00:36 - 000000000 ____D C:\Windows\system32\MRT

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-03 04:52 - 2022-05-06 21:22 - 000000000 ____D C:\Windows\INF
2024-03-03 04:51 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SystemTemp
2024-03-03 04:42 - 2022-05-06 21:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-03 03:52 - 2022-05-06 21:17 - 000000000 ____D C:\Windows\CbsTemp
2024-03-03 03:50 - 2023-12-12 09:11 - 000000000 ____D C:\Users\abc\AppData\Local\D3DSCache
2024-03-03 03:41 - 2023-12-12 08:47 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-03-02 14:55 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\AppReadiness
2024-03-02 14:50 - 2023-12-12 09:08 - 000000000 ____D C:\Users\abc\AppData\Local\Packages
2024-03-02 14:50 - 2023-12-12 08:53 - 000000000 ____D C:\ProgramData\Packages
2024-03-02 14:50 - 2022-05-06 21:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-02 14:16 - 2023-12-12 09:08 - 000000000 ____D C:\Users\abc
2024-03-02 07:01 - 2023-12-12 09:10 - 000000000 ___RD C:\Users\abc\OneDrive
2024-03-02 04:05 - 2022-05-06 21:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-03-02 03:00 - 2023-12-12 09:10 - 000002373 _____ C:\Users\abc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-02 02:11 - 2023-12-12 08:57 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-03-02 02:07 - 2023-12-13 04:17 - 000000000 __SHD C:\Users\abc\IntelGraphicsProfiles
2024-03-02 02:07 - 2023-12-13 04:17 - 000000000 ____D C:\Intel
2024-03-02 02:07 - 2023-12-12 08:47 - 000012288 ___SH C:\DumpStack.log.tmp
2024-03-02 02:07 - 2023-12-12 08:47 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-03-02 02:06 - 2022-05-06 21:17 - 000262144 _____ C:\Windows\system32\config\BBI
2024-03-02 01:58 - 2023-12-12 08:47 - 000295328 _____ C:\Windows\system32\FNTCACHE.DAT
2024-03-02 01:57 - 2023-12-03 22:30 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-03-02 01:57 - 2022-05-06 23:39 - 000000000 ___SD C:\Windows\system32\AppV
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\UUS
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\SystemResources
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\setup
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\oobe
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\ShellComponents
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\Provisioning
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\BrowserCore
2024-03-02 01:57 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\bcastdvr
2024-03-02 01:03 - 2023-12-12 08:55 - 003212800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-03-02 00:53 - 2023-12-12 09:08 - 000000000 ____D C:\Users\abc\AppData\Local\ConnectedDevicesPlatform
2024-03-02 00:41 - 2023-12-13 04:17 - 000000000 ____D C:\ProgramData\Intel
2024-03-02 00:41 - 2023-12-12 08:46 - 000000000 ____D C:\Windows\Panther
2024-03-02 00:40 - 2022-05-06 21:24 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2024-03-02 00:36 - 2023-12-12 08:47 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-03-02 00:36 - 2022-05-06 21:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-03-02 00:36 - 2022-05-06 21:17 - 000000000 ____D C:\Windows\servicing
2024-03-02 00:34 - 2023-12-12 09:08 - 000000000 ____D C:\Users\abc\AppData\Roaming\Microsoft\Spelling

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by abc (03-03-2024 06:18:03)
Running from C:\Users\abc\Downloads
Microsoft Windows 11 Pro Version 23H2 22631.3155 (X64) (2023-12-12 16:53:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

abc (S-1-5-21-2727444015-489431898-3368966626-1001 - Administrator - Enabled) => C:\Users\abc
Administrator (S-1-5-21-2727444015-489431898-3368966626-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2727444015-489431898-3368966626-503 - Limited - Disabled)
Guest (S-1-5-21-2727444015-489431898-3368966626-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2727444015-489431898-3368966626-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AnyViewer 4.3 (HKLM-x32\...\{3FCBAE69-8C96-4FBC-BD80-D4C1EFA9A629}_is1) (Version: 4.3.0.0 - AOMEI International Network Limited)
Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation)
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Dell OS Recovery Tool (HKLM-x32\...\{42CDF1C4-3AFB-4D61-AB44-6C546CB8F6D3}) (Version: 2.3.7523.0 - Dell) Hidden
Dell OS Recovery Tool (HKLM-x32\...\{ec511941-5de6-4266-9760-731f1afcf477}) (Version: 2.3.7523 - Dell Inc.)
FileCloud (HKLM\...\FileCloud) (Version: - )
FileCloudSync2 23.232.0.8722 (HKLM\...\{C1FAB5F1-7E1C-4410-8ED8-D2777E70FF96}_is1) (Version: 23.232.0.8722 - CodeLathe Technologies Inc)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9434.5 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 4.8.1 SDK (HKLM-x32\...\{BD4C49AC-2A45-48B0-B3F7-0C6043987AD0}) (Version: 4.8.09032 - Microsoft Corporation)
Microsoft .NET Framework 4.8.1 Targeting Pack (HKLM-x32\...\{94DDB521-CDD4-4A83-BBE0-D3C856FE9420}) (Version: 4.8.09032 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2727444015-489431898-3368966626-1001\...\OneDriveSetup.exe) (Version: 24.040.0225.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8555 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.61.0 - Samsung Electronics Co., Ltd.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23123.1 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23123.1 - Samsung Electronics Co., Ltd.)

Packages:
=========

46907iKECIN.WebSocketDebugAssistant -> C:\Program Files\WindowsApps\46907iKECIN.WebSocketDebugAssistant_1.2.1.0_x64__bt5z3yda11xf8 [2024-03-02] (YH Software)
Advanced Recovery Companion -> C:\Program Files\WindowsApps\Microsoft.AdvancedRecoveryCompanion_1.20040.1221.0_x86__8wekyb3d8bbwe [2024-03-02] (Microsoft Corporation)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5336.0_x64__8j3eq9eme6ctt [2023-12-13] (INTEL CORP) [Startup Task]
Fixdows -> C:\Program Files\WindowsApps\31542Odyssey346.Fixdows_1.0.0.0_x64__bv15twgde6ade [2024-03-02] (Odyssey346)
HaukeGtze.IntuneNetworkDriveMapping -> C:\Program Files\WindowsApps\HaukeGtze.IntuneNetworkDriveMapping_1.2.22.0_x86__6bk20wvc8rfx2 [2024-03-02] (<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<Package IgnorableNamespaces="build uap rescap rescap3 desktop" xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:build="http://schemas.microsoft.com/developer/appx/2015/build" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" xmlns:rescap3="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities/3" xmlns:desktop="http://schemas.microsoft.com/appx/manifest/desktop/windows10" xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest">
<Identity Name="HaukeGtze.IntuneNetworkDriveMapping" ProcessorArchitecture="x86" Publisher="CN=BFF8D712-89E6-4205-9504-3AB824A94414" Version="1.2.22.0"/>
<Resources>
<Resource uap:Scale="100"/>
<Resource Language="en-US"/>
<Resource Language="de-DE"/>
</Resources>
<Capabilities>
<rescap:Capability Name="runFullTrust"/>
</Capabilities>
<Properties>
<PublisherDisplayName>ms-resource:PublisherDisplayName</PublisherDisplayName>
<DisplayName>ms-resource:DisplayName</DisplayName>
<Logo>Assets\Store50x50Logo.png</Logo>
</Properties>
<Applications>
<Application EntryPoint="Windows.FullTrustApplication" Executable="NetworkShareMapperStart.exe" Id="NetworkShareMapper.exe">
<uap:VisualElements BackgroundColor="black" Description="ms-resource:StartMenuDescription" DisplayName="ms-resource:StartMenuDisplayName" Square150x150Logo="Assets\NetworkShareMapper.exeSquare150x150Logo.png" Square44x44Logo="Assets\NetworkShareMapper.exeSquare44x44Logo.png">
<uap:InitialRotationPreference>
<uap:Rotation Preference="portrait"/>
<uap:Rotation Preference="landscape"/>
</uap:InitialRotationPreference>
<uap:DefaultTile Square71x71Logo="Assets\NetworkShareMapper.exeSquare71x71Logo.png"/>
</uap:VisualElements>
<Extensions>
<rescap3:Extension Category="windows.desktopAppMigration" EntryPoint="Windows.FullTrustApplication" Executable="NetworkShareMapperStart.exe">
<rescap3:DesktopAppMigration>
<rescap3:DesktopApp ShortcutPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Intune Network Drive Mapping\NetworkShareMapper.exe.lnk"/>
<rescap3:DesktopApp ShortcutPath="%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Intune Network Drive Mapping\NetworkShareMapper.exe.lnk"/>
</rescap3:DesktopAppMigration>
</rescap3:Extension>
<desktop:Extension Category="windows.startupTask" EntryPoint="Windows.FullTrustApplication" Executable="NetworkShareMapper.exe">
<desktop:StartupTask DisplayName="ms-resource:StartupTaskDisplayName" Enabled="true" TaskId="NetworkShareMapper.exe"/>
</desktop:Extension>
</Extensions>
</Application>
</Applications>
<Dependencies>
<TargetDeviceFamily MaxVersionTested="10.0.18363.0" MinVersion="10.0.10240.0" Name="Windows.Desktop"/>
</Dependencies>
<build:Metadata>
<build:Item Name="OperatingSystem" Version="10.0.18362.718"/>
<build:Item Name="AdvancedInstaller" Version="16.9 (d24925f7)"/>
<build:Item Name="ProjectLicenseType" Version="express"/>
<build:Item Name="SignTool.exe" Version="10.0.18362.1"/>
<build:Item Name="MakePri.exe" Version="10.0.18362.1"/>
</build:Metadata>
<mp:PhoneIdentity PhoneProductId="8e197890-f9c5-43d5-92be-fdcd218edd6b" PhonePublisherId="e1da3dd1-b49e-434e-92f9-889385a3613c"/>
</Package>) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2024-03-02] (INTEL CORP)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2023-12-12] (Microsoft Studios) [MS Ad]
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-12-12] (Microsoft Corporation)
Mozilla Firefox -> C:\Program Files\WindowsApps\Mozilla.Firefox_123.0.0.0_x64__n80bbvh6b1yt2 [2024-03-02] (Mozilla)
Sysinternals Suite -> C:\Program Files\WindowsApps\Microsoft.SysinternalsSuite_2024.2.1.0_x64__8wekyb3d8bbwe [2024-03-02] (Microsoft Corporation)
System Internals -> C:\Program Files\WindowsApps\58380Millionerd.55815960D4FD3_2.4.24.0_neutral__gvk782kz518e0 [2024-03-02] (Million)
Tools for Windows Desktop -> C:\Program Files\WindowsApps\23413DevendraTewari.ToolsforWindowsDesktop_1.0.5.0_x64__bjr9m3qec8pzj [2024-03-02] (Devendra Tewari)
Windows Configuration Designer -> C:\Program Files\WindowsApps\Microsoft.WindowsConfigurationDesigner_2024.206.0.0_x86__8wekyb3d8bbwe [2024-03-02] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-02] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2727444015-489431898-3368966626-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [ aaaOverlayExtension] -> {23bdb33a-ff54-4a5a-bdf1-91dabd642612} => C:\Program Files\FileCloud Sync\CloudSyncExtension40.DLL [2023-12-15] (CodeLathe) [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ aaaOverlayExtensionConflict] -> {68815609-53af-4e6a-902d-63f57aa693d4} => C:\Program Files\FileCloud Sync\CloudSyncExtension40.DLL [2023-12-15] (CodeLathe) [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ aaaOverlayExtensionModified] -> {504e947f-d821-4753-9c9a-c9bf10e08c15} => C:\Program Files\FileCloud Sync\CloudSyncExtension40.DLL [2023-12-15] (CodeLathe) [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ aaaOverlayLockExtension] -> {25b3e405-9550-4079-b5e2-e67c7213dc5c} => C:\Program Files\FileCloud Sync\CloudSyncExtension40.DLL [2023-12-15] (CodeLathe) [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers1: [RightClickExtension] -> {6dfda274-5f93-4434-91fd-4a2d1355bb0f} => C:\Program Files\FileCloud Sync\CloudSyncExtension40.DLL [2023-12-15] (CodeLathe) [File not signed] [File is in use]
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers6: [RightClickExtensionDir] -> {1e38c430-23bf-48e0-9d9a-71561ce5c2f6} => C:\Program Files\FileCloud Sync\CloudSyncExtension40.DLL [2023-12-15] (CodeLathe) [File not signed] [File is in use]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2024-03-02 16:37 - 2021-03-17 14:19 - 000074752 _____ () [File not signed] C:\Program Files (x86)\AnyViewer\zlib1.dll
2024-03-02 16:37 - 2020-08-31 05:13 - 036237838 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\AnyViewer\avcodec-58.dll
2024-03-02 16:37 - 2020-08-31 05:13 - 001676814 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\AnyViewer\avdevice-58.dll
2024-03-02 16:37 - 2020-08-31 05:13 - 010947598 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\AnyViewer\avfilter-7.dll
2024-03-02 16:37 - 2020-08-31 05:13 - 011410958 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\AnyViewer\avformat-58.dll
2024-03-02 16:37 - 2020-08-31 05:13 - 000927758 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\AnyViewer\avutil-56.dll
2024-03-02 16:37 - 2020-08-31 05:13 - 000129038 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\AnyViewer\postproc-55.dll
2024-03-02 16:37 - 2020-08-31 05:13 - 000350222 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\AnyViewer\swresample-3.dll
2024-03-02 16:37 - 2020-08-31 05:13 - 000592398 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\AnyViewer\swscale-5.dll
2024-03-02 16:37 - 2021-07-05 11:09 - 000352768 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\AnyViewer\MFPlat.DLL
2024-03-02 16:37 - 2023-05-14 17:09 - 000223744 _____ (R. Ierusalimschy, L. H. de Figueiredo, W. Celes) [File not signed] C:\Program Files (x86)\AnyViewer\lua.dll
2024-03-02 16:37 - 2021-10-21 16:22 - 000413696 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\AnyViewer\libcurl.dll
2024-03-02 16:37 - 2016-11-24 11:36 - 001214976 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\AnyViewer\LIBEAY32.dll
2024-03-02 16:37 - 2016-11-24 11:37 - 000275456 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\AnyViewer\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-06 21:24 - 2022-05-06 21:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2727444015-489431898-3368966626-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\abc\AppData\Local\Temp\BGInfo.bmp
DNS Servers: 192.168.100.254 - 216.130.71.72
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{65831B13-5412-421D-AD18-978C14F35FE6}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B64893E3-2CE9-449F-839B-53542DCD41F7}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D49378C8-9AE8-42ED-8663-85072D331507}C:\program files\windowsapps\23413devendratewari.toolsforwindowsdesktop_1.0.5.0_x64__bjr9m3qec8pzj\sniffertool\sniffertool.exe] => (Allow) C:\program files\windowsapps\23413devendratewari.toolsforwindowsdesktop_1.0.5.0_x64__bjr9m3qec8pzj\sniffertool\sniffertool.exe (45EE7F3F-ED2B-45A2-91C7-7AC934F26DC4 -> )
FirewallRules: [UDP Query User{90E5AA30-62D3-401D-908D-82617E7CA33A}C:\program files\windowsapps\23413devendratewari.toolsforwindowsdesktop_1.0.5.0_x64__bjr9m3qec8pzj\sniffertool\sniffertool.exe] => (Allow) C:\program files\windowsapps\23413devendratewari.toolsforwindowsdesktop_1.0.5.0_x64__bjr9m3qec8pzj\sniffertool\sniffertool.exe (45EE7F3F-ED2B-45A2-91C7-7AC934F26DC4 -> )
FirewallRules: [TCP Query User{33DDBD69-171A-4C2B-A467-0C09104D21AF}C:\program files\windowsapps\23413devendratewari.toolsforwindowsdesktop_1.0.5.0_x64__bjr9m3qec8pzj\smtpservertool\smtpservertool.exe] => (Allow) C:\program files\windowsapps\23413devendratewari.toolsforwindowsdesktop_1.0.5.0_x64__bjr9m3qec8pzj\smtpservertool\smtpservertool.exe (45EE7F3F-ED2B-45A2-91C7-7AC934F26DC4 -> )
FirewallRules: [UDP Query User{7F68D96D-D5D3-4935-BD11-1B4725AB1FF0}C:\program files\windowsapps\23413devendratewari.toolsforwindowsdesktop_1.0.5.0_x64__bjr9m3qec8pzj\smtpservertool\smtpservertool.exe] => (Allow) C:\program files\windowsapps\23413devendratewari.toolsforwindowsdesktop_1.0.5.0_x64__bjr9m3qec8pzj\smtpservertool\smtpservertool.exe (45EE7F3F-ED2B-45A2-91C7-7AC934F26DC4 -> )
FirewallRules: [TCP Query User{3148311E-C342-401B-9CE5-30B8272FE64B}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{882146D1-7A1D-403C-B36B-CE06B09F2CF7}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [{F8902BE1-698B-4704-B230-D03F92CEF38F}] => (Allow) C:\Program Files (x86)\AnyViewer\RCClient.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{CB0B1FAE-5EFB-44E3-A99E-AEA6B91710A4}] => (Allow) C:\Program Files (x86)\AnyViewer\RCClient.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{437840BB-F570-49BD-AF98-85CF63BA32FE}] => (Allow) C:\Program Files (x86)\AnyViewer\avcore.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{BD6AEB6F-FC9B-420F-A699-F8FF27F5D751}] => (Allow) C:\Program Files (x86)\AnyViewer\avcore.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{E35FE15A-1DF8-4090-9837-FBBB5FC1D2C8}] => (Block) LPort=30197
FirewallRules: [{B27477BE-8FB3-4042-AFCB-17EFAF1FFD54}] => (Block) c:windowssystem32WindowsPowerShellv1.0powershell.exe => No File

==================== Restore Points =========================

02-03-2024 04:45:53 kk
03-03-2024 04:51:00 Installed Smart Switch

==================== Faulty Device Manager Devices ============

Name: Microsoft Print to PDF
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/03/2024 06:19:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AnyViewer\RCClient.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_6eb991c088050a06.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_270c5ae97388e100.manifest.

Error: (03/03/2024 05:27:17 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-7402ULO)
Description: Faulting application name: winget.exe, version: 1.17.2203.10001, time stamp: 0x622a8652
Faulting module name: WindowsPackageManager.dll, version: 1.17.2203.10001, time stamp: 0x622a8613
Exception code: 0xc0000005
Fault offset: 0x0000000000089bf3
Faulting process id: 0x0x460c
Faulting application start time: 0x0x1da6d6e82cb001f
Faulting application path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\winget.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\WindowsPackageManager.dll
Report Id: 46c3f8f2-5aa4-43bd-b82b-e249d88075f8
Faulting package full name: Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: winget

Error: (03/03/2024 05:04:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AnyViewer\RCClient.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_6eb991c088050a06.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_270c5ae97388e100.manifest.

Error: (03/03/2024 04:53:01 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-7402ULO)
Description: Faulting application name: SmartSwitchPC.exe, version: 4.3.23123.1, time stamp: 0x658002a3
Faulting module name: SmartSwitchPC.exe, version: 4.3.23123.1, time stamp: 0x658002a3
Exception code: 0xc000041d
Fault offset: 0x0001af43
Faulting process id: 0x0x1044
Faulting application start time: 0x0x1da6d6998acc29c
Faulting application path: C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPC.exe
Faulting module path: C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPC.exe
Report Id: 385a56ee-1792-40f1-9f52-0bf518d29ed0
Faulting package full name:
Faulting package-relative application ID:

Error: (03/03/2024 03:42:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AnyViewer\RCClient.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_6eb991c088050a06.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_270c5ae97388e100.manifest.

Error: (03/03/2024 03:42:41 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-7402ULO)
Description: Faulting application name: winget.exe, version: 1.17.2203.10001, time stamp: 0x622a8652
Faulting module name: WindowsPackageManager.dll, version: 1.17.2203.10001, time stamp: 0x622a8613
Exception code: 0xc0000005
Fault offset: 0x0000000000089bf3
Faulting process id: 0x0x2c5c
Faulting application start time: 0x0x1da6d5fe5d919ef
Faulting application path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\winget.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\WindowsPackageManager.dll
Report Id: e0cb7bb3-505a-43fa-b242-86cbc735cd47
Faulting package full name: Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: winget

Error: (03/03/2024 03:42:22 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-7402ULO)
Description: Faulting application name: winget.exe, version: 1.17.2203.10001, time stamp: 0x622a8652
Faulting module name: WindowsPackageManager.dll, version: 1.17.2203.10001, time stamp: 0x622a8613
Exception code: 0xc0000005
Fault offset: 0x0000000000089bf3
Faulting process id: 0x0x3544
Faulting application start time: 0x0x1da6d5fdb0c2067
Faulting application path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\winget.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\WindowsPackageManager.dll
Report Id: 574e8e0a-27b3-4a92-b817-66a099d55dfc
Faulting package full name: Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: winget

Error: (03/03/2024 03:42:16 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-7402ULO)
Description: Faulting application name: winget.exe, version: 1.17.2203.10001, time stamp: 0x622a8652
Faulting module name: WindowsPackageManager.dll, version: 1.17.2203.10001, time stamp: 0x622a8613
Exception code: 0xc0000005
Fault offset: 0x0000000000089bf3
Faulting process id: 0x0x3b70
Faulting application start time: 0x0x1da6d5fd6e57798
Faulting application path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\winget.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\WindowsPackageManager.dll
Report Id: cb50e00a-b973-4c54-b2ea-e71425d13fa0
Faulting package full name: Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: winget


System errors:
=============
Error: (03/03/2024 04:58:34 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000fe) failed due to a hardware error.

Error: (03/03/2024 04:58:33 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000fe) failed due to a hardware error.

Error: (03/03/2024 04:58:29 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 37@01010008

Error: (03/03/2024 04:58:17 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000f9) failed due to a hardware error.

Error: (03/03/2024 04:58:17 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000f9) failed due to a hardware error.

Error: (03/03/2024 04:57:55 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000f6) failed due to a hardware error.

Error: (03/03/2024 04:57:54 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000f6) failed due to a hardware error.

Error: (03/03/2024 04:57:46 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000f3) failed due to a hardware error.


Windows Defender:
================
Date: 2024-03-03 05:02:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2024-03-03 01:35:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-02 03:28:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: Dell Inc. 1.28.0 12/12/2023
Motherboard: Dell Inc. 0FDY5C
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 53%
Total physical RAM: 16247.47 MB
Available physical RAM: 7528.16 MB
Total Virtual: 19191.47 MB
Available Virtual: 6729.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.38 GB) (Free:39.98 GB) (Model: SAMSUNG MZNLN128HCGR-000H1) NTFS

\\?\Volume{07231d1d-0775-49fa-88ee-b752b4655ea9}\ () (Fixed) (Total:0.75 GB) (Free:0.08 GB) NTFS
\\?\Volume{43b0f3b4-e486-445e-96e3-c2e7d483bbad}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 119.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files


Edited by Oh My!, 03 March 2024 - 10:42 AM.

BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 03 March 2024 - 10:45 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

The first thing you need to do is back up all of your data files (documents, music, photos, etc.) if you have not done so already. There is a possible issue with your hard drive and we need to deal with that first. Once you have safely backed up your data do this.

===================================================

GSmartControl for Windows - Portable

-------------------
  • Download GSmartControl for Windows - Portable and save it to your desktop
  • Right click on gsmartcontrol.zip icon and select Extract All... then Extract
  • Double click on the gsmartcontrol folder
  • Right click on gsmartcontrol.exe (not .manifest) and select Run as administrator
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the Self-tests tab
  • Make sure that the Test Type is set to Short Self-test
  • Click the Execute button
  • After the test completes, click the View Output button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Data backed up?
  • GSmart report

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·