Malware- Katana Sphi Desktop Pc1mmp3p

manilka835 · Dec 9, 2025

This Desktop was receivedafter Servicing due to malfunction.

I have run READ & RUN ME FIRST- Malware Removal Guide to make sure there are no Malware. The relevant logs are attached.

I would also value any suggestions which may streamline the function of this computer

Dr. K.D.J.H. Manilka Jayawardena,
Medical Officer of Health,
Katana.
Proud to be a Sri Lankan!

Oh My! · Dec 10, 2025

Welcome back.

Did you create this User Profile or want it?

Please do this.

===================================================

Please rerun AdwCleaner and choose to Quarantine all items. Copy and paste the report in your reply.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

Download Revo Uninstaller Free Portable and save it to your Desktop
Right click on the folder and select Extract All..., then click Extract
Double click on the RevoUninstaller-Portable folder
Right click on RevoUPort and select Run as administrator
Click OK on the License Agreement
From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)

Code:

Smart Defrag 11

If the program's uninstaller appears work through the steps to remove the program(s)
Be sure the Advanced option is selected then click Scan
For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
Once done click Finish
Reboot your computer

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Code:

Start::
CreateRestorePoint:
CloseProcesses:
2025-12-09 01:29 - 2025-12-09 01:32 - 000000000 ____D C:\ProgramData\TEMP
HKU\S-1-5-21-2233526817-3955136932-3051605101-500\...\MountPoints2: {2573aca4-6044-11ef-9389-2cf05d4cac7d} - "J:\LaunchU3.exe" -a
GroupPolicy: Restriction - Chrome <==== ATTENTION 
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION 
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION 
2023-09-27 13:49 - 2023-09-27 13:49 - 000000000 _____ () C:\Users\Administrator\AppData\Local\{1BEE5D80-DC5F-44D7-AA8E-8C0A64A276E9}
Task: {30039BF5-058D-4058-B7B2-94D2CC31A7D3} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2233526817-3955136932-3051605101-1001 -> No File <==== ATTENTION 
FirewallRules: [TCP Query User{A23C2B48-EC11-4D91-A8D0-7F560E12EDB9}C:\users\who\desktop\anydesk.exe] => (Allow) C:\users\who\desktop\anydesk.exe => No File 
FirewallRules: [UDP Query User{E1282CDB-1E38-4493-8AB2-EBC1E1BC7EC4}C:\users\who\desktop\anydesk.exe] => (Allow) C:\users\who\desktop\anydesk.exe => No File 
FirewallRules: [{204D87FF-FE20-45A3-A59F-44ED9F75E3E0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{B682A591-3656-47D8-878B-017535884D5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{6224E1B9-490C-41ED-A062-919C69D4F0F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{3CC5C09A-C10A-4295-AC7E-65321A1A992F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{7FDEB4C3-3C99-43E6-B045-9030B5C022D3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{8DD91680-29BA-4DE2-BD50-632B7C76AD2C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{5D13D423-9227-4DF5-9CFE-32302C3513D7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{9DBC062D-14C8-4A78-9C5E-3775F0DF9272}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{08167B0C-C2FD-40EC-A4AB-364F63639C40}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{C3C032E8-1C19-46EF-A963-47D3D3BAE888}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{B896861E-B9AA-406F-90B8-F3393A2DDE21}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{750995D8-5DCC-4D6D-A08F-9C7DB806441D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{3124E864-9702-4201-9268-A97BA926295D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{BA71A4CC-FD72-4607-8500-97ADD6343CB6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{C2211976-4906-4E40-B34A-BBA1B454788B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{52684073-6BBB-479E-B935-489E0626C9AA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{2B8CCE70-38EE-4BB8-ACFF-1780DF671612}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{A9535965-61BA-4E66-8E52-BB6F724761BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{0F6BD367-2B15-48A0-861C-F745E9C38CE2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{4AA16A16-37F8-4762-84E9-1E0385369036}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{10C50150-F148-4290-8FA8-99308F439A50}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{6E8A3CAE-D320-456B-8C2F-D42B7EA2543F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{9FD865EC-A731-4FAC-AA55-847A52A7AEF1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{B743B884-BB42-4DD1-B71F-D6CD5D5FAF52}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
Task: {aa37c763-033a-4311-a2f0-7ff9180d8e56} - no filepath. <==== ATTENTION 
U3 aswBcc; no ImagePath 
U3 Avast Business Console Client Antivirus Service; no ImagePath 
U3 avast! Firewall; no ImagePath 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274] 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Reply to questions
AdwCleaner report
Fixlog

manilka835 · Dec 11, 2025

Greetings and nice to meet you again!

The User Profile: I did not create it neither do I want it.

AdwCleaner report

# -------------------------------
# Malwarebytes AdwCleaner 8.6.0.613
# -------------------------------
# Build: 08-19-2025
# Database: 2025-08-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-11-2025
# Duration: 00:00:10
# OS: Windows 10 (Build 19045.6466)
# Cleaned: 10
# Failed: 1

***** [ Services ] *****

Deleted IBuddyService

***** [ Folders ] *****

Deleted C:\Program Files (x86)\IBuddy
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Users\Administrator\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\IBuddy
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|YixSpeedup
Deleted HKLM\Software\Wow6432Node\IBuddy
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}

***** [ Chromium (and derivatives) ] *****

Not Deleted mallpejgeafdahhflmliiahjdpgbegpk

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoServiceBridge Folder C:\Users\Lenovo\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Deleted Preinstalled.LenovoUpdate Folder C:\Program Files (x86)\LENOVO\SYSTEM UPDATE

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2378 octets] - [09/12/2025 21:36:38]
AdwCleaner[S01].txt - [2245 octets] - [11/12/2025 18:55:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-11-2025
Ran by Administrator (11-12-2025 19:40:45) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
2025-12-09 01:29 - 2025-12-09 01:32 - 000000000 ____D C:\ProgramData\TEMP
HKU\S-1-5-21-2233526817-3955136932-3051605101-500\...\MountPoints2: {2573aca4-6044-11ef-9389-2cf05d4cac7d} - "J:\LaunchU3.exe" -a
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
2023-09-27 13:49 - 2023-09-27 13:49 - 000000000 _____ () C:\Users\Administrator\AppData\Local\{1BEE5D80-DC5F-44D7-AA8E-8C0A64A276E9}
Task: {30039BF5-058D-4058-B7B2-94D2CC31A7D3} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2233526817-3955136932-3051605101-1001 -> No File <==== ATTENTION
FirewallRules: [TCP Query User{A23C2B48-EC11-4D91-A8D0-7F560E12EDB9}C:\users\who\desktop\anydesk.exe] => (Allow) C:\users\who\desktop\anydesk.exe => No File
FirewallRules: [UDP Query User{E1282CDB-1E38-4493-8AB2-EBC1E1BC7EC4}C:\users\who\desktop\anydesk.exe] => (Allow) C:\users\who\desktop\anydesk.exe => No File
FirewallRules: [{204D87FF-FE20-45A3-A59F-44ED9F75E3E0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{B682A591-3656-47D8-878B-017535884D5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6224E1B9-490C-41ED-A062-919C69D4F0F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3CC5C09A-C10A-4295-AC7E-65321A1A992F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7FDEB4C3-3C99-43E6-B045-9030B5C022D3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8DD91680-29BA-4DE2-BD50-632B7C76AD2C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{5D13D423-9227-4DF5-9CFE-32302C3513D7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9DBC062D-14C8-4A78-9C5E-3775F0DF9272}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{08167B0C-C2FD-40EC-A4AB-364F63639C40}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C3C032E8-1C19-46EF-A963-47D3D3BAE888}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{B896861E-B9AA-406F-90B8-F3393A2DDE21}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{750995D8-5DCC-4D6D-A08F-9C7DB806441D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3124E864-9702-4201-9268-A97BA926295D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{BA71A4CC-FD72-4607-8500-97ADD6343CB6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C2211976-4906-4E40-B34A-BBA1B454788B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{52684073-6BBB-479E-B935-489E0626C9AA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{2B8CCE70-38EE-4BB8-ACFF-1780DF671612}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{A9535965-61BA-4E66-8E52-BB6F724761BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{0F6BD367-2B15-48A0-861C-F745E9C38CE2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{4AA16A16-37F8-4762-84E9-1E0385369036}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{10C50150-F148-4290-8FA8-99308F439A50}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6E8A3CAE-D320-456B-8C2F-D42B7EA2543F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9FD865EC-A731-4FAC-AA55-847A52A7AEF1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{B743B884-BB42-4DD1-B71F-D6CD5D5FAF52}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
Task: {aa37c763-033a-4311-a2f0-7ff9180d8e56} - no filepath. <==== ATTENTION
U3 aswBcc; no ImagePath
U3 Avast Business Console Client Antivirus Service; no ImagePath
U3 avast! Firewall; no ImagePath
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************

Restore point was successfully created.
Processes closed successfully.

"C:\ProgramData\TEMP" Folder move:

C:\ProgramData\TEMP => moved successfully
HKU\S-1-5-21-2233526817-3955136932-3051605101-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2573aca4-6044-11ef-9389-2cf05d4cac7d} => removed successfully

"C:\Windows\system32\GroupPolicy\Machine" Folder move:

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
C:\Users\Administrator\AppData\Local\{1BEE5D80-DC5F-44D7-AA8E-8C0A64A276E9} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30039BF5-058D-4058-B7B2-94D2CC31A7D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30039BF5-058D-4058-B7B2-94D2CC31A7D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-2233526817-3955136932-3051605101-1001" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A23C2B48-EC11-4D91-A8D0-7F560E12EDB9}C:\users\who\desktop\anydesk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E1282CDB-1E38-4493-8AB2-EBC1E1BC7EC4}C:\users\who\desktop\anydesk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{204D87FF-FE20-45A3-A59F-44ED9F75E3E0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B682A591-3656-47D8-878B-017535884D5D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6224E1B9-490C-41ED-A062-919C69D4F0F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CC5C09A-C10A-4295-AC7E-65321A1A992F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FDEB4C3-3C99-43E6-B045-9030B5C022D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DD91680-29BA-4DE2-BD50-632B7C76AD2C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D13D423-9227-4DF5-9CFE-32302C3513D7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DBC062D-14C8-4A78-9C5E-3775F0DF9272}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08167B0C-C2FD-40EC-A4AB-364F63639C40}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3C032E8-1C19-46EF-A963-47D3D3BAE888}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B896861E-B9AA-406F-90B8-F3393A2DDE21}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{750995D8-5DCC-4D6D-A08F-9C7DB806441D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3124E864-9702-4201-9268-A97BA926295D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA71A4CC-FD72-4607-8500-97ADD6343CB6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2211976-4906-4E40-B34A-BBA1B454788B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52684073-6BBB-479E-B935-489E0626C9AA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B8CCE70-38EE-4BB8-ACFF-1780DF671612}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9535965-61BA-4E66-8E52-BB6F724761BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F6BD367-2B15-48A0-861C-F745E9C38CE2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4AA16A16-37F8-4762-84E9-1E0385369036}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10C50150-F148-4290-8FA8-99308F439A50}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E8A3CAE-D320-456B-8C2F-D42B7EA2543F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FD865EC-A731-4FAC-AA55-847A52A7AEF1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B743B884-BB42-4DD1-B71F-D6CD5D5FAF52}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{aa37c763-033a-4311-a2f0-7ff9180d8e56}" => removed successfully
HKLM\System\CurrentControlSet\Services\aswBcc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Avast Business Console Client Antivirus Service => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avast! Firewall => could not remove, key could be protected
"C:\ProgramData\TEMP" => ":5C321E34" ADS not found.

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.19041.3636

Image Version: 10.0.19045.6466

No component store corruption detected.
The operation completed successfully.

========= End of CMD: =========

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-12-2025 20:06:45)

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswBcc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Avast Business Console Client Antivirus Service => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avast! Firewall => could not remove, key could be protected

==== End of Fixlog 20:07:06 ====

manilka835 · Dec 11, 2025

Is it all right to install Comodo Firewall?

Oh My! · Dec 11, 2025

Yes, feel free to install Comodo Firewall.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST64 will do it for you
Code:
Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\WHO
C:\Program Files (x86)\EffectVehaha
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Farbar Recovery Scan Tool SearchAll

--------------------

Launch FRST

Copy and paste the following in the Search: box
Code:
SearchAll: mallpejgeafdahhflmliiahjdpgbegpk;IBuddy;IObit;"Advanced SystemCare";"Who";"EffectVehaha"
Click the Search Files button

When completed click OK and a Search.txt document will open on your desktop

Attach the report to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog

Attached Search.txt

manilka835 · Dec 12, 2025

Fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-11-2025
Ran by Administrator (12-12-2025 17:31:03) Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\WHO
C:\Program Files (x86)\EffectVehaha
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
End::
*****************

Restore point was successfully created.
Processes closed successfully.

"C:\Users\WHO" Folder move:

C:\Users\WHO => moved successfully

"C:\Program Files (x86)\EffectVehaha" Folder move:

C:\Program Files (x86)\EffectVehaha => moved successfully
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"Default"="%SystemDrive%\Users\Default"
"ProfilesDirectory"="%SystemDrive%\Users"
"ProgramData"="%SystemDrive%\ProgramData"
"Public"="%SystemDrive%\Users\Public"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"="12"
"ProfileImagePath"="%systemroot%\system32\config\systemprofile"
"RefCount"="1"
"Sid"="010100000000000512000000"
"State"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"Flags"="0"
"ProfileImagePath"="%systemroot%\ServiceProfiles\LocalService"
"State"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"Flags"="0"
"ProfileImagePath"="%systemroot%\ServiceProfiles\NetworkService"
"State"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2233526817-3955136932-3051605101-1001]
"ProfileImagePath"="C:\Users\Lenovo"
"Flags"="0"
"FullProfile"="1"
"State"="0"
"Sid"="01050000000000051500000021ea2085a499beeb6dcce3b5e9030000"
"LocalProfileLoadTimeLow"="-1305985558"
"LocalProfileLoadTimeHigh"="30850252"
"ProfileAttemptedProfileDownloadTimeLow"="0"
"ProfileAttemptedProfileDownloadTimeHigh"="0"
"ProfileLoadTimeLow"="0"
"ProfileLoadTimeHigh"="0"
"LocalProfileUnloadTimeLow"="1800172715"
"LocalProfileUnloadTimeHigh"="30850259"
"RunLogonScriptSync"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2233526817-3955136932-3051605101-1003]
"ProfileImagePath"="C:\Users\hjvg"
"Flags"="0"
"FullProfile"="1"
"State"="0"
"Sid"="01050000000000051500000021ea2085a499beeb6dcce3b5eb030000"
"LocalProfileLoadTimeLow"="1713758139"
"LocalProfileLoadTimeHigh"="30850276"
"ProfileAttemptedProfileDownloadTimeLow"="0"
"ProfileAttemptedProfileDownloadTimeHigh"="0"
"ProfileLoadTimeLow"="0"
"ProfileLoadTimeHigh"="0"
"LocalProfileUnloadTimeLow"="-2074716855"
"LocalProfileUnloadTimeHigh"="30850276"
"RunLogonScriptSync"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2233526817-3955136932-3051605101-1005.bak]
"ProfileImagePath"="C:\Users\WHO"
"Flags"="0"
"FullProfile"="1"
"State"="32768"
"Sid"="01050000000000051500000021ea2085a499beeb6dcce3b5ed030000"
"LocalProfileLoadTimeLow"="-1780429379"
"LocalProfileLoadTimeHigh"="30952401"
"ProfileAttemptedProfileDownloadTimeLow"="0"
"ProfileAttemptedProfileDownloadTimeHigh"="0"
"ProfileLoadTimeLow"="0"
"ProfileLoadTimeHigh"="0"
"LocalProfileUnloadTimeLow"="-1018010741"
"LocalProfileUnloadTimeHigh"="30952243"
"RunLogonScriptSync"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2233526817-3955136932-3051605101-500]
"ProfileImagePath"="C:\Users\Administrator"
"Flags"="0"
"FullProfile"="1"
"State"="256"
"Sid"="01050000000000051500000021ea2085a499beeb6dcce3b5f4010000"
"LocalProfileLoadTimeLow"="-761397849"
"LocalProfileLoadTimeHigh"="31222621"
"ProfileAttemptedProfileDownloadTimeLow"="0"
"ProfileAttemptedProfileDownloadTimeHigh"="0"
"ProfileLoadTimeLow"="0"
"ProfileLoadTimeHigh"="0"
"RunLogonScriptSync"="0"
"LocalProfileUnloadTimeLow"="-1118425868"
"LocalProfileUnloadTimeHigh"="31222478"

=== End of ExportKey ===

The system needed a reboot.

==== End of Fixlog 17:45:31 ====

Oh My! · Dec 12, 2025

Thank you.

Now this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST64 will do it for you
Code:
Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\Tasks\IObit XM2025Sale (One-time)
C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\D__Programme Files_IObit_Smart Defrag_SmartDefrag_exe
C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___www_iobit_com_en_iobitsmartdefrag_php
C:\ProgramData\IObit\iobitpromotion.ini
2025-09-27 12:34 - 2025-12-11 19:26 _____ C:\Users\Administrator\AppData\Roaming\IObit
2025-11-10 13:53 - 2025-11-10 13:53 _____ C:\Users\Administrator\AppData\Roaming\IObit\IObit Uninstaller
2025-09-27 12:35 - 2025-09-27 12:36 _____ C:\Users\Administrator\AppData\LocalLow\IObit
2025-09-27 12:34 - 2025-12-11 19:26 _____ C:\ProgramData\IObit
2025-09-27 12:35 - 2025-09-27 12:35 _____ C:\Program Files (x86)\Common Files\IObit
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0B80B6D2-246B-4A6B-AEA1-66F1DF0F4211}\1.0|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0B80B6D2-246B-4A6B-AEA1-66F1DF0F4211}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{189F1E63-33A7-404B-B2F6-8C76A452CC54}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E3E650F-231A-4D25-A458-817BB10996F0}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IObit XM2025Sale (One-time)
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2233526817-3955136932-3051605101-1005.bak
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

ESET Online Scanner

--------------------

Note: You can expect this process to take a long time, up to several hours or more.

Download ESET Free Online Scanner and save it to your Desktop

Right click on esetonlinescanner.exe and select Run as administrator

Click Computer Scan

Click Full scan

Select Enable ESET to detect and quarantine potentially unwanted applications

Click Start scan

Once completed click View detailed results

Review the list of detected items for things you don't want to remove (sometimes Potentially Unwanted Applications)

If there entries you would like to keep click Restore cleaned files

Place a check mark in each entry you would like to restore then click Restore files then confirm the action

Click Finish

Save scan log and save it to your Desktop as ESETScan.txt

Click Continue then finally click Close

Copy and paste the ESETScan.txt file contents in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog

ESET report

manilka835 · Dec 12, 2025

Fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-11-2025
Ran by Administrator (12-12-2025 23:31:08) Run:5
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\Tasks\IObit XM2025Sale (One-time)
C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\D__Programme Files_IObit_Smart Defrag_SmartDefrag_exe
C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___www_iobit_com_en_iobitsmartdefrag_php
C:\ProgramData\IObit\iobitpromotion.ini
2025-09-27 12:34 - 2025-12-11 19:26 _____ C:\Users\Administrator\AppData\Roaming\IObit
2025-11-10 13:53 - 2025-11-10 13:53 _____ C:\Users\Administrator\AppData\Roaming\IObit\IObit Uninstaller
2025-09-27 12:35 - 2025-09-27 12:36 _____ C:\Users\Administrator\AppData\LocalLow\IObit
2025-09-27 12:34 - 2025-12-11 19:26 _____ C:\ProgramData\IObit
2025-09-27 12:35 - 2025-09-27 12:35 _____ C:\Program Files (x86)\Common Files\IObit
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0B80B6D2-246B-4A6B-AEA1-66F1DF0F4211}\1.0|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0B80B6D2-246B-4A6B-AEA1-66F1DF0F4211}\1.0\0\win64|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{189F1E63-33A7-404B-B2F6-8C76A452CC54}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E3E650F-231A-4D25-A458-817BB10996F0}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IObit XM2025Sale (One-time)
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2233526817-3955136932-3051605101-1005.bak
End::
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Tasks\IObit XM2025Sale (One-time) => moved successfully
C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\D__Programme Files_IObit_Smart Defrag_SmartDefrag_exe => moved successfully
C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___www_iobit_com_en_iobitsmartdefrag_php => moved successfully
C:\ProgramData\IObit\iobitpromotion.ini => moved successfully

"C:\Users\Administrator\AppData\Roaming\IObit" Folder move:

C:\Users\Administrator\AppData\Roaming\IObit => moved successfully
"C:\Users\Administrator\AppData\Roaming\IObit\IObit Uninstaller" => not found

"C:\Users\Administrator\AppData\LocalLow\IObit" Folder move:

C:\Users\Administrator\AppData\LocalLow\IObit => moved successfully

"C:\ProgramData\IObit" Folder move:

C:\ProgramData\IObit => moved successfully

"C:\Program Files (x86)\Common Files\IObit" Folder move:

C:\Program Files (x86)\Common Files\IObit => moved successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54}\InprocServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0B80B6D2-246B-4A6B-AEA1-66F1DF0F4211}\1.0\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0B80B6D2-246B-4A6B-AEA1-66F1DF0F4211}\1.0\0\win64\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{189F1E63-33A7-404B-B2F6-8C76A452CC54}" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E3E650F-231A-4D25-A458-817BB10996F0}" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IObit XM2025Sale (One-time)" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2233526817-3955136932-3051605101-1005.bak => removed successfully

The system needed a reboot.

==== End of Fixlog 23:31:32 ====

ESET report
13/12/2025 07:16:53
Scanned files: 518239
Detected files: 11
Cleaned files: 13
Total scan time 03:00:04
Scan status: Finished
C:\AdwCleaner\Quarantine\v1\20251211.185928\6\IBuddy\trzFE93.tmp#830D9E3F7BF22A05 a variant of Win64/CoinMiner.ADZ trojan cleaned by deleting

C:\FRST\Quarantine\C\Users\WHO\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000115 a variant of MSIL/Microsoft.Bing.C potentially unwanted application cleaned by deleting

C:\FRST\Quarantine\C\Users\WHO\AppData\Local\Programs\Taskbar system\sdk.dll a variant of WinGo/Globalhop.A potentially unwanted application cleaned by deleting

C:\FRST\Quarantine\C\Users\WHO\Downloads\BingWallpaper (1).exe a variant of MSIL/Microsoft.Bing.C potentially unwanted application cleaned by deleting

C:\FRST\Quarantine\C\Users\WHO\Downloads\BingWallpaper (2).exe a variant of MSIL/Microsoft.Bing.C potentially unwanted application cleaned by deleting

C:\FRST\Quarantine\C\Users\WHO\Downloads\BingWallpaper (3).exe a variant of MSIL/Microsoft.Bing.C potentially unwanted application cleaned by deleting

C:\FRST\Quarantine\C\Users\WHO\Downloads\BingWallpaper.exe a variant of MSIL/Microsoft.Bing.C potentially unwanted application cleaned by deleting

C:\MGtools\mgtproc.exe Win32/PrcView potentially unsafe application cleaned by deleting

C:\Program Files\Avast Software\Browser\AvastBrowserUninstall.exe a variant of Win32/Avast.AVGSecureBrowser.A potentially unwanted application,a variant of Win32/CCleaner.A potentially unsafe application cleaned by deleting

C:\Program Files (x86)\AVAST Software\Browser\AvastBrowserUninstall.exe a variant of Win32/Avast.AVGSecureBrowser.A potentially unwanted application,a variant of Win32/CCleaner.A potentially unsafe application cleaned by deleting

C:\MGtools.exe a variant of Generik.EYRBKTT trojan cleaned by deleting

Oh My! · Dec 12, 2025

Thank you.

Everything looks fine now. How is the system running?

manilka835 · Dec 13, 2025

No malware were detected on running Malwarebytes and Avast Antivirus. The Computer Boot Time has improved.

Oh My! · Dec 13, 2025

Would you say is performing reasonably?

manilka835 · Dec 14, 2025

It is functioning normally without any problems.

Oh My! · Dec 14, 2025

Perfect, thank you.

Here is our final step and some additional information to consider.

===================================================

KpRm by Kernel-panik

--------------

Download KpRm and save it to your Desktop (see here if you must use Chrome)

Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.

Right click on the icon and select Run as administrator

Click Yes on the Disclaimer

Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days

Click Run

Click OK on All operations are completed

KpRm will delete itself from you Desktop and you can either save or remove the report that is generated

You are free to remove any other tools/reports still remaining

===================================================

All Clean!

--------------

Your computer is now clean. Please consider this going forward.

===================================================

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

Have you Been Hacked? 10 Indicators That Say Yes

So How did I get infected?

How to Spot the Real Download Button on Websites

Pirated Software is All Fun and Games Until Your Data is Stolen

Do You Need Anti-Ransomware Software for Your PC?

How Browser Extensions Turn Into Malware

Why You Should Update All Your Software

How Safe Are Password Managers?

Whats the Best Way to Back Up My Computer?

Why Is My Internet So Slow?

Thank you for placing your trust in Major Geeks. It was a pleasure serving you.

manilka835 · Dec 15, 2025

Your welcome. All the best for the future and wishing you a Merry Christmas and a Malware free New Year!

Till we meet again, Goodbye!

Log in or Sign up

Malware- Katana Sphi Desktop Pc1mmp3p

manilka835 Specialist

Attached Files:

FRST.txt

Addition.txt

AdwCleaner[S00].txt

HitmanPro_20251209_2325.log

Malwarebytes 7 min, 10 sec.txt

Oh My! Malware Expert Staff Member

manilka835 Specialist

manilka835 Specialist

Oh My! Malware Expert Staff Member

manilka835 Specialist

Attached Files:

Search.txt

Oh My! Malware Expert Staff Member

manilka835 Specialist

Oh My! Malware Expert Staff Member

manilka835 Specialist

Oh My! Malware Expert Staff Member

manilka835 Specialist

Oh My! Malware Expert Staff Member

manilka835 Specialist