Malware F7p1x63 20230330

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

• Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important
• If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
• Right click on the icon and select Run as administrator
• Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
• Click Yes to the disclaimer
• Click Scan and allow the program to run
• Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
• 2 Notepad documents should now be open on your desktop.
• Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• FRST.txt
• Addition.txt

 

Posting report

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-04-2023
Ran by DELL (administrator) on DESKTOP-1ERNC95 (Dell Inc. Vostro 3888) (20-04-2023 23:28:47)
Running from C:\Users\DELL\Desktop\FRST64.exe
Loaded Profiles: DELL
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.202\GoogleCrashHandler.exe
(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.202\GoogleCrashHandler64.exe
(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{62218937-BB62-493E-A57B-2FD394191CE0}\112.0.5615.122_111.0.5563.147_chrome_updater.exe
(C:\Program Files (x86)\Google\Update\Install\{62218937-BB62-493E-A57B-2FD394191CE0}\112.0.5615.122_111.0.5563.147_chrome_updater.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{62218937-BB62-493E-A57B-2FD394191CE0}\CR_EBA79.tmp\setup.exe <2>
(C:\Program Files (x86)\iTop VPN\iTopVPN.exe ->) (Chengdu ShanHe Information Technology Co., Ltd. -> iTop Inc.) C:\Program Files (x86)\iTop VPN\iTopVPNMini.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Programme Files (x86)\Autorun Eater\oldmcdonald.exe ->) (Old McDonald's Farm) [File not signed] C:\Programme Files (x86)\Autorun Eater\billy.exe
(C:\Programme Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Programme Files\Avast Software\Avast\aswEngSrv.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(explorer.exe ->) (Microimage) [File not signed] C:\Program Files (x86)\SinhalaTamil IME\SinhalaTamil IME.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_e99a314c3593d5e7\WavesSvc64.exe
(Lanzhou Itanium Software Technology Co., Ltd. -> Zbshareware Lab) C:\Programme Files (x86)\USB Disk Security\USBGuard.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Old McDonald's Farm) [File not signed] C:\Programme Files (x86)\Autorun Eater\oldmcdonald.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Programme Files\CCleaner\CCleaner64.exe
(RuntimeBroker.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Programme Files\Avast Software\Avast\AvastUI.exe <4>
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Programme Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Programme Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Programme Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Programme Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Programme Files\COMODO\COMODO Internet Security\cmdagent.exe <2>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ffb22091d2be88a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_8a00302ff60aed46\LMS.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_ffd80069472091bc\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_e99a314c3593d5e7\WavesSysSvc64.exe
(svchost.exe ->) (Chengdu ShanHe Information Technology Co., Ltd. -> iTop Inc.) C:\Program Files (x86)\iTop VPN\iTopVPN.exe
(svchost.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Programme Files\COMODO\COMODO Internet Security\cavwp.exe
(svchost.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Programme Files\COMODO\COMODO Internet Security\cis.exe <2>
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <3>
(svchost.exe ->) (IObit CO., LTD -> IObit) C:\Programme Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21374.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21374.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21374.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.1271.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.1271.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23012.167.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (ORANGE VIEW LIMITED -> iTop Inc.) C:\Program Files\iTop Screen Recorder\iScrRec.exe
(svchost.exe ->) (ORANGE VIEW LIMITED -> iTop Inc.) C:\Program Files\iTop Screenshot\iScrShot.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_e99a314c3593d5e7\WavesSvc64.exe [4175056 2021-06-19] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe [1343072 2021-08-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Programme Files\Avast Software\Avast\AvLaunch.exe [220056 2023-03-31] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Programme Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [Autorun Eater] => C:\Programme Files (x86)\Autorun Eater\oldmcdonald.exe [522720 2012-02-17] (Old McDonald's Farm) [File not signed]
HKLM-x32\...\Run: [USB Security] => C:\Programme Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-01-31] (Lanzhou Itanium Software Technology Co., Ltd. -> Zbshareware Lab)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\Run: [MicrosoftEdgeAutoLaunch_6B770857D9B81538FA9524CBB2D560C5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056016 2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\Run: [CCleaner Smart Cleaning] => C:\Programme Files\CCleaner\CCleaner64.exe [39159608 2023-03-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\111.0.5563.147\Installer\chrmstp.exe [2023-03-30] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SinhalaTamil IME.lnk [2021-12-02]
ShortcutTarget: SinhalaTamil IME.lnk -> C:\Program Files (x86)\SinhalaTamil IME\SinhalaTamil IME.exe (Microimage) [File not signed]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00AD9669-DD0E-4FAC-8D99-1C7FF89E8F25} - System32\Tasks\iTop Screen Recorder Update => C:\Program Files\iTop Screen Recorder\AutoUpdate.exe [3279104 2023-02-21] (ORANGE VIEW LIMITED -> iTop Inc.)
Task: {03A58127-632C-4055-A2CD-51A28C702341} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Programme Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {06D862DC-05B1-4110-8691-79578C11369A} - System32\Tasks\iTop Screenshot Update => C:\Program Files\iTop Screenshot\AutoUpdate.exe [2900224 2023-02-24] (ORANGE VIEW LIMITED -> iTop Inc.)
Task: {07F9414D-2DBF-402D-97BA-03AEF01752AF} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Programme Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {1E05EBC0-9468-4ED9-B181-0DAA22BDBB49} - System32\Tasks\iTop Screen Recorder UAC => C:\Program Files\iTop Screen Recorder\iScrInit.exe [1387776 2023-02-22] (ORANGE VIEW LIMITED -> iTop Inc.)
Task: {1E8A8884-A428-4BD0-987D-10F57AF58179} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Programme Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit)
Task: {2533B011-F11C-46AC-80E7-B5B325029ACF} - System32\Tasks\iTop Screenshot SkipUAC (DELL) => C:\Program Files\iTop Screenshot\iScrShot.exe [7622400 2023-02-24] (ORANGE VIEW LIMITED -> iTop Inc.)
Task: {2A18808C-1633-4864-9041-8AFD058B9948} - System32\Tasks\CCleanerCrashReporting => C:\Programme Files\CCleaner\CCleanerBugReport.exe [4703544 2023-03-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Programme Files\CCleaner\LOG" --programpath "C:\Programme Files\CCleaner" --configpath "C:\Programme Files\CCleaner\Setup" --guid "4ceb591f-f155-4c10-b026-06beae9d3a38" --version "6.10.10347" --silent
Task: {2D02F117-53B0-4F5C-B1D2-FB2E33A25944} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-16] (Google LLC -> Google LLC)
Task: {35008569-1618-4BF0-B66B-6FF651594273} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {3847912D-8ED7-4CC0-98DC-678A5557BA84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-16] (Google LLC -> Google LLC)
Task: {3C7621B8-20BA-4FF6-BBA0-A8B115177D17} - System32\Tasks\iTop Screenshot SkipUAC (User Guest) => C:\Program Files\iTop Screenshot\iScrShot.exe [7622400 2023-02-24] (ORANGE VIEW LIMITED -> iTop Inc.)
Task: {48729FBF-F8CA-473C-A1A1-3FBEF65F3E90} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Programme Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {49E5B045-38FA-4777-8557-D3DF1D6000DE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5C8A721A-6353-483A-86F5-B6CE0770D5D7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F63E92D-0FE7-4AF0-961B-965A31607058} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2135448 2023-04-20] (Avast Software s.r.o. -> Avast Software)
Task: {7E2EE124-B3E0-46DA-A7E3-15452928A592} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Programme Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {7E38DE4D-9B70-4C58-9249-FE13E128A725} - System32\Tasks\iTop Screenshot Startup => C:\Program Files\iTop Screenshot\iScrShot.exe [7622400 2023-02-24] (ORANGE VIEW LIMITED -> iTop Inc.)
Task: {85C391B2-C639-4A4E-9B59-55A565B1F30C} - System32\Tasks\iTopVPN_Update_DELL => C:\Program Files (x86)\iTop VPN\atud.exe [3294272 2023-03-16] (Chengdu ShanHe Information Technology Co., Ltd. -> iTop Inc.)
Task: {8A09C6EC-9170-4298-B262-0CEBD336A49B} - System32\Tasks\Avast Emergency Update => C:\Programme Files\Avast Software\Avast\AvEmUpdate.exe [5000600 2023-03-31] (Avast Software s.r.o. -> AVAST Software)
Task: {A625B6AC-9E08-4AD0-A2B1-02DB120BDC47} - System32\Tasks\SmartDefrag_Startup => C:\Programme Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [7033064 2023-03-03] (IObit CO., LTD -> IObit)
Task: {AE7578F5-EBD3-48D3-9991-7C4B594125C4} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Programme Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {BEB0EEB1-000E-48C3-A0FA-EC9727F87597} - System32\Tasks\iTopVPN_SkipUAC_DELL => C:\Program Files (x86)\iTop VPN\iTopVPN.exe [6806592 2023-03-16] (Chengdu ShanHe Information Technology Co., Ltd. -> iTop Inc.)
Task: {C08848D1-CE39-40C8-A731-A512465D875C} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Programme Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {C3194356-4C83-45E7-B3B2-1FCF3E25CD32} - System32\Tasks\iTop Screen Recorder Startup => C:\Program Files\iTop Screen Recorder\IScrRec.exe [15694080 2023-02-27] (ORANGE VIEW LIMITED -> iTop Inc.)
Task: {C571E4CE-8421-4B2A-9803-48893D32F8BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {CDD7FC71-0FF1-48D8-B178-0D34A0C92866} - System32\Tasks\CCleaner Update => C:\Programme Files\CCleaner\CCUpdate.exe [714256 2023-03-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {D5371005-1EA2-467C-B3C7-D4EA3710F295} - System32\Tasks\CCleanerSkipUAC - DELL => C:\Programme Files\CCleaner\CCleaner.exe [33038648 2023-03-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {DE029A28-BEC4-4121-A350-C1125719B137} - System32\Tasks\iTop Screen Recorder SkipUAC (DELL) => C:\Program Files\iTop Screen Recorder\IScrRec.exe [15694080 2023-02-27] (ORANGE VIEW LIMITED -> iTop Inc.)
Task: {E0AABCDF-5F1F-48A5-866C-AB86377FAFA4} - System32\Tasks\iTopVPN_Scheduler_DELL => C:\Program Files (x86)\iTop VPN\iTopVPN.exe [6806592 2023-03-16] (Chengdu ShanHe Information Technology Co., Ltd. -> iTop Inc.)
Task: {E2E58677-F719-494A-829A-12303778FDC7} - System32\Tasks\SmartDefrag_Update => C:\Programme Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3657448 2023-03-01] (IObit CO., LTD -> IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Programme Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Posting report

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2023
Ran by DELL (20-04-2023 23:20:30)
Running from C:\Users\DELL\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) (2021-09-24 04:40:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3419532252-3645827167-3916636528-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3419532252-3645827167-3916636528-503 - Limited - Disabled)
DELL (S-1-5-21-3419532252-3645827167-3916636528-1001 - Administrator - Enabled) => C:\Users\DELL
Guest (S-1-5-21-3419532252-3645827167-3916636528-501 - Limited - Disabled)
User Guest (S-1-5-21-3419532252-3645827167-3916636528-1002 - Limited - Enabled) => C:\Users\User Guest
WDAGUtilityAccount (S-1-5-21-3419532252-3645827167-3916636528-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: COMODO Firewall (Disabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Autorun Eater v2.6 (HKLM-x32\...\Autorun Eater_is1) (Version: 2.6 - Old McDonald's Farm)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 23.2.6053 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 6.10 - Piriform)
COMODO Firewall (HKLM\...\{529CC629-B436-4886-B322-4BE75B97783D}) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.) Hidden
COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.)
EaseUS Partition Master 13.8 (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 111.0.5563.147 - Google LLC)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
iTop Screen Recorder (HKLM-x32\...\iTop Screen Recorder_is1) (Version: 3.5.0.1501 - iTop Inc.)
iTop Screenshot (HKLM-x32\...\iTop Screenshot_is1) (Version: 1.2.2.540 - iTop Inc.)
iTop VPN (HKLM-x32\...\iTop VPN_is1) (Version: 4.4.1.4033 - iTop Inc.)
MADHURA Dictionary (HKLM-x32\...\{D304902E-33A0-4622-A375-C805C7F13231}) (Version: - )
Malwarebytes version 4.5.25.256 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.25.256 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.48 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 111.0.1661.54 - Microsoft Corporation)
Microsoft Excel MUI (English) 2016 (HKLM\...\{90160000-0016-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2016 (HKLM\...\{90160000-00BA-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2016 (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2016 (HKLM\...\{90160000-00E1-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2016 (HKLM\...\{90160000-00E2-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2016 (HKLM\...\{90160000-002C-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM\...\{90160000-001F-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2016 (HKLM\...\{90160000-00C1-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2016 (HKLM\...\{90160000-006E-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2016 (HKLM\...\{90160000-0115-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Standard 2016 (HKLM\...\{90160000-0012-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Standard 2016 (HKLM\...\Office16.STANDARD) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\OneDriveSetup.exe) (Version: 23.054.0313.0001 - Microsoft Corporation)
Microsoft OneNote MUI (English) 2016 (HKLM\...\{90160000-00A1-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2016 (HKLM\...\{90160000-001A-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2016 (HKLM\...\{90160000-0018-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2016 (HKLM\...\{90160000-0019-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Word MUI (English) 2016 (HKLM\...\{90160000-001B-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDF Reader for Windows 10 (HKLM\...\PDF Reader for Windows 10_is1) (Version: - PDFLogic Corporation)
RogueKiller version 15.8.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.8.2.0 - Adlice Software)
SinhalaTamil IME (HKLM-x32\...\{EE8D388C-F43A-4370-942F-BD37FCC99A7C}) (Version: - )
Smart Defrag 8 (HKLM-x32\...\Smart Defrag_is1) (Version: 8.4.0.259 - IObit)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)

Packages:
=========
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4478.0_x64__8j3eq9eme6ctt [2023-02-17] (INTEL CORP) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-17] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2023-01-09] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0 [2023-01-09] (Spotify AB) [Startup Task]
Waves MaxxAudio Pro for Dell 2020 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2020_3.0.98.0_x64__fh4rh281wavaa [2021-08-31] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_e99a314c3593d5e7\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme Files\Avast Software\Avast\ashShell.dll [2023-03-31] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme Files\Avast Software\Avast\ashShell.dll [2023-03-31] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme Files\Avast Software\Avast\ashShell.dll [2023-03-31] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Programme Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Programme Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme Files\Avast Software\Avast\ashShell.dll [2023-03-31] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-30] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme Files\Avast Software\Avast\ashShell.dll [2023-03-31] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Programme Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-30] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-12-02 11:42 - 2016-01-31 02:39 - 000237678 _____ () [File not signed] C:\Program Files (x86)\SinhalaTamil IME\Mi_UniSinhalaStdKeybDriver.dll
2021-12-02 11:42 - 2009-05-27 00:23 - 000217207 _____ () [File not signed] C:\Program Files (x86)\SinhalaTamil IME\Mi_UniTamilStdKeybDriver.dll
2023-03-31 06:02 - 2010-12-08 15:21 - 000753664 _____ (BCGSoft Co Ltd) [File not signed] C:\Programme Files (x86)\USB Disk Security\BCGPStyle2010Blue150.dll
2023-03-31 06:02 - 2015-01-31 10:08 - 006062080 _____ (BCGSoft Ltd) [File not signed] C:\Programme Files (x86)\USB Disk Security\BCGCBPRO1500u80.dll
2023-03-31 06:02 - 2015-01-31 10:08 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Programme Files (x86)\USB Disk Security\MFC80U.DLL

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
AlternateDataStreams: C:\Users\DELL\Desktop\FRST64.exe:MBAM.Zone.Identifier [240]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 10:19 - 2019-03-19 10:19 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3419532252-3645827167-3916636528-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3419532252-3645827167-3916636528-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: COMODO Internet Security Firewall Driver -> inspect (enabled)
Bluetooth Network Connection: COMODO Internet Security Firewall Driver -> inspect (enabled)
Ethernet 2: COMODO Internet Security Firewall Driver -> inspect (enabled)
Wi-Fi: COMODO Internet Security Firewall Driver -> inspect (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{890B4D1F-1971-44A1-8F73-8A9782403860}] => (Allow) C:\Windows\KMS-R@1n.exe => No File
FirewallRules: [{847EA8C3-70A5-4600-B94C-1C2EBB1F1F2F}] => (Allow) C:\Windows\KMS-R@1n.exe => No File
FirewallRules: [{4833C8A3-D1DA-4CCB-ABA8-6A5E20DA5C1F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.48\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

20-03-2023 14:31:24 Scheduled Checkpoint
30-03-2023 17:09:15 Scheduled Checkpoint
31-03-2023 05:37:25 Installing COMODO Firewall

==================== Faulty Device Manager Devices ============

Name: Mobile AT Interface
Description: Mobile AT Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Mobile Diag Interface
Description: Mobile Diag Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/20/2023 11:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: biwinrt.dll, version: 10.0.19041.1566, time stamp: 0x77f34e41
Exception code: 0xe0464645
Fault offset: 0x00000000000053c5
Faulting process id: 0x306c
Faulting application start time: 0x01d973afc312b2fa
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: 88af627e-43b6-4127-95da-a2bf8259294c
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.2301.1131.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub

Error: (04/20/2023 11:00:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: biwinrt.dll, version: 10.0.19041.1566, time stamp: 0x77f34e41
Exception code: 0xe0464645
Fault offset: 0x00000000000053c5
Faulting process id: 0x332c
Faulting application start time: 0x01d973adaa6cc6bc
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: f6073c76-0e68-4e37-aeba-545cc79079bb
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.2301.1131.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub

Error: (04/20/2023 10:49:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: biwinrt.dll, version: 10.0.19041.1566, time stamp: 0x77f34e41
Exception code: 0xe0464645
Fault offset: 0x00000000000053c5
Faulting process id: 0x3134
Faulting application start time: 0x01d973ac4fb8797d
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: f0f43dd4-8f0c-454f-9a41-8792834df0e0
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.2301.1131.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub

Error: (04/20/2023 10:36:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: biwinrt.dll, version: 10.0.19041.1566, time stamp: 0x77f34e41
Exception code: 0xe0464645
Fault offset: 0x00000000000053c5
Faulting process id: 0x33b8
Faulting application start time: 0x01d973a9c7e379ef
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: 6fe9c1b8-036e-43d5-b657-49e65073b18c
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.2301.1131.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub

Error: (04/20/2023 10:31:31 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (7496,G,0) An attempt to open the file "C:\Users\DELL\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/01/2023 07:43:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: overseer.exe, version: 1.0.465.0, time stamp: 0x63b6c96b
Faulting module name: overseer.exe, version: 1.0.465.0, time stamp: 0x63b6c96b
Exception code: 0xc0000005
Fault offset: 0x00000000000264a5
Faulting process id: 0x1ffc
Faulting application start time: 0x01d9643f4b3a4978
Faulting application path: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Faulting module path: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Report Id: 55920b1a-4e5a-4d6d-9652-0f96f83679ed
Faulting package full name:
Faulting package-relative application ID:

Error: (04/01/2023 07:09:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Programme Files (x86)\USB Disk Security\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/01/2023 07:08:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Programme Files (x86)\USB Disk Security\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/20/2023 10:47:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).

Error: (04/01/2023 08:34:27 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/01/2023 07:48:54 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/01/2023 07:07:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Guard Runtime Monitor Broker service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/01/2023 07:07:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the System Guard Runtime Monitor Broker service to connect.

Error: (04/01/2023 07:04:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The igfxCUIService2.0.0.0 service depends on the SENS service which failed to start because of the following error:
igfxCUIService2.0.0.0 is not a valid Win32 application.

Error: (04/01/2023 07:04:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SENS service terminated with the following error:
SENS is not a valid Win32 application.

Error: (04/01/2023 07:04:29 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume D: encountered a non-retryable error and could not start. The data contains the error code.


Windows Defender:
================
Date: 2023-03-30 16:39:55
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...toKMS.SA!MSR&threatid=2147741757&enterprise=0
Name: HackTool:Win32/AutoKMS.SA!MSR
Severity: High
Category: Tool
Path: file:_C:\Windows\KMS-R@1n.exe; process:_pid:3776,ProcessStart:133246305968364409; service:_KMS-R@1n
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\KMS-R@1n.exe
Security intelligence Version: AV: 1.385.1537.0, AS: 1.385.1537.0, NIS: 1.385.1537.0
Engine Version: AM: 1.1.20100.6, NIS: 1.1.20100.6

Date: 2023-03-30 16:39:55
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\WINDOWS\KMS-R@1nHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.385.1537.0, AS: 1.385.1537.0, NIS: 1.385.1537.0
Engine Version: AM: 1.1.20100.6, NIS: 1.1.20100.6

Date: 2023-03-30 11:47:57
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...MSIL/AutoKms&threatid=2147711767&enterprise=0
Name: HackTool:MSIL/AutoKms
Severity: High
Category: Tool
Path: file:_C:\Windows\KMS-R@1nHook.exe; imagefileexecoptions:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSppSvc.exe; imagefileexecoptions:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe; imagefileexecoptions:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSppSvc.exe; imagefileexecoptions:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSppSvc.exe; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSppSvc.exe; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.385.1537.0, AS: 1.385.1537.0, NIS: 1.385.1537.0
Engine Version: AM: 1.1.20100.6, NIS: 1.1.20100.6

Date: 2023-03-30 11:47:02
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...MSIL/AutoKms&threatid=2147711767&enterprise=0
Name: HackTool:MSIL/AutoKms
Severity: High
Category: Tool
Path: file:_C:\Windows\KMS-R@1nHook.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.385.1537.0, AS: 1.385.1537.0, NIS: 1.385.1537.0
Engine Version: AM: 1.1.20100.6, NIS: 1.1.20100.6

Date: 2023-03-30 11:08:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-03-30 11:04:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.385.1214.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20100.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2023-03-30 11:04:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.385.1214.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20100.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2023-03-27 09:48:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.383.410.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20000.2
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2023-03-27 09:42:12
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.383.410.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20000.2
Error code: 0x80072f78
Error description: The server returned an invalid or unrecognized response

Date: 2023-03-27 09:42:12
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.383.410.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20000.2
Error code: 0x80072f78
Error description: The server returned an invalid or unrecognized response

CodeIntegrity:
===============
Date: 2023-04-20 23:11:05
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-04-20 23:02:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Programme Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2023-04-20 22:33:13
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Programme Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 2.5.1 08/20/2021
Motherboard: Dell Inc. 0RM5DR
Processor: Intel(R) Core(TM) i3-10100 CPU @ 3.60GHz
Percentage of memory in use: 88%
Total physical RAM: 3843.71 MB
Available physical RAM: 459.43 MB
Total Virtual: 7070.58 MB
Available Virtual: 1407.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.38 GB) (Free:873.65 GB) (Model: ST1000DM010-2EP102) NTFS
Drive d: (Recovery) (Fixed) (Total:0.52 GB) (Free:0 GB) (Model: ST1000DM010-2EP102) NTFS
Drive g: (KINGSTON) (Removable) (Total:1.92 GB) (Free:0.65 GB) FAT32

\\?\Volume{d5e203b9-c25a-405e-a5af-7840eb3d0b10}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{60d80f5e-2710-0000-a9c2-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 22472246)
Partition 1: (Active) - (Size=1.9 GB) - (Type=FAT32)

==================== End of Addition.txt =======================

 

The FRST.txt report is incomplete. Please check to see if there is more to the report. If not please run a new FRST64.exe Scan and attach the report.

 

Thank you for the reports.

Are you aware there is pirated Microsoft software on the system, most likely Microsoft Office 2016, and are you willing to uninstall the program?

 

My personal policy is to require removal before continued assistance is offered. However, I will tell you at first glance I do not see any evidence of active malware on the system. Any further help by me (not speaking for others) would require removal of the program.

 

In my humble opinion that is a wise decision, especially given it belongs to a Health Institution. One of the reasons for my position on software downloaded or activated from other than trustworthy sources is because these means are used quite often to infiltrate a computer with malicious software. The consequences can be devastating up to and including the encryption of all data on the drive and/or the stealing of sensitive information. The cost of managing that after the fact makes the cost of genuine purchase and activation well worth it. We all tend to believe it will never happen to us but I deal with people quite frequently who wish they could go back and plug the hole but it is now too late. The choice is pretty straightforward - you can choose to pay nor or risk paying dearly later.

Let me know when we can continue. There is still some tune-up we can do.

Thank you for your understanding and kindness. Hope to see you soon.

Gary

 

manilka835 are you still following this topic?