Help need fixlist for first scan

[tiffran]

Hello, and thanks in advance. I have been dealing with this attack for a while now and it’s not the first time. From prior knowledge
I knew the only way to actually find out anything was to boot up using a partition application. My C: drive was switched to system
reserve. X: was the boot and another drive, it could have been a network had no letter just a person’s avatar and name. Of course
formatting was no help and even with no network connection the files on my partition cd ended up corrupted. File dates changed
to the same as the rest of the corrupt files, 07/12/15. I’ve always been able to fix my devices myself im just really tired for real. I
scanned my pc with Farbar’s scanner and was in the process of reading the tut on the proper way to write the fixit file and I just
decided to reach out to you guys for help. Especially being that more than 10 of my devices have been infected. I just need a to
get 1 pc cleaned up and I should be able to take it from there. So im sending my files along with this request in the hopes that you
guys can can assist me.

 

[tiffran]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by What (03-01-2021 20:36:38)
Running from C:\Users\What\Desktop
Windows 10 Home Version 1909 18363.592 (X64) (2021-01-03 21:27:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2552480816-4193987694-3828653751-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2552480816-4193987694-3828653751-503 - Limited - Disabled)
Guest (S-1-5-21-2552480816-4193987694-3828653751-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2552480816-4193987694-3828653751-504 - Limited - Disabled)
What (S-1-5-21-2552480816-4193987694-3828653751-1001 - Administrator - Enabled) => C:\Users\What

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 87.1.18.77 - Brave Software Inc)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden

Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_x86__8wekyb3d8bbwe [2021-01-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.152.0_x64__kzf8qxf38zg5c [2021-01-03] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2021-01-03] (Spotify AB) [Startup Task]
Your Phone -> C:\Program Files\WindowsApps\Microsoft.YourPhone_0.0.13313.0_x64__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-2552480816-4193987694-3828653751-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 20:49 - 2019-03-18 20:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2552480816-4193987694-3828653751-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-2552480816-4193987694-3828653751-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{18D59B15-C6CF-4019-A8C8-4F26F5E0BB04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FEE1C9E4-F3B5-422A-BF43-9E80817D431B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A9B83B6E-1ADD-488B-BD04-58DFF6D82909}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{532D1A07-8891-49A9-9ADF-F10773DBF938}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AF91F092-ED24-41D7-9527-4A2AFE30BD81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F5CA5393-1A40-4AFA-8138-F6EA9D422D60}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5FC8ADEF-AB9E-4942-9E8B-4C4C09DA412E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{01396921-B6D9-4BE9-A329-0440EB960F92}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4208BA4D-929C-44F6-A873-0F22E6055A2D}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

03-01-2021 15:57:13 Windows Update

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/03/2021 08:33:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.12.2020.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 18cc

Start Time: 01d6e2529d637c21

Termination Time: 4294967295

Application Path: C:\Users\What\Desktop\FRST64.exe

Report Id: 75a8f5d6-5f26-4e5c-865c-6fc8a58649b4

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (01/03/2021 07:52:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.18362.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 211c

Start Time: 01d6e24c9212c8b5

Termination Time: 119

Application Path: C:\Windows\System32\MicrosoftEdgeCP.exe

Report Id: 05161429-90d3-44df-870b-2b322f33d9ef

Faulting package full name: Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Hang type: Unknown

Error: (01/03/2021 03:51:15 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT AUTHORITY)
Description: Certificate Services Client failed to invoke the Providers in response to event 256. Error code 2147942405.

Error: (01/03/2021 03:51:15 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT AUTHORITY)
Description: Certificate Services Client failed to load Provider pautoenr.dll. Error code 5.

Error: (01/03/2021 02:17:06 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/03/2021 02:17:05 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d

Error: (01/03/2021 02:17:05 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

Error: (01/03/2021 02:08:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (01/03/2021 08:28:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.329.1647.0).

Error: (01/03/2021 08:26:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Intel(R) Corporation - MEDIA - 5/10/2016 12:00:00 AM - 6.16.0.3197.

Error: (01/03/2021 08:00:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Intel - DPTF - 5/13/2016 12:00:00 AM - 8.1.10608.329.

Error: (01/03/2021 07:57:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WarpJITSvc service terminated with the following error:
The specified module could not be found.

Error: (01/03/2021 07:51:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Intel - Other hardware - Intel(R) Celeron(R)/Pentium(R) SM Bus Controller - 2292.

Error: (01/03/2021 07:51:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Intel - DPTF - 5/13/2016 12:00:00 AM - 8.1.10608.329.

Error: (01/03/2021 07:50:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: HP Inc. - HIDClass - 2.1.14.1.

Error: (01/03/2021 07:50:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Intel - DPTF - 5/13/2016 12:00:00 AM - 8.1.10608.329.


Windows Defender:
===================================
Date: 2021-01-03 14:14:15.852
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-01-03 13:51:16.928
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

==================== Memory info ===========================

BIOS: Insyde F.36 06/09/2017
Motherboard: HP 8175
Processor: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz
Percentage of memory in use: 58%
Total physical RAM: 4001.62 MB
Available physical RAM: 1676.78 MB
Total Virtual: 5409.62 MB
Available Virtual: 3133.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.13 GB) (Free:442.06 GB) NTFS
Drive e: () (RAMDisk) (Total:465.13 GB) (Free:439.86 GB) NTFS

\\?\Volume{8d7c1787-cef4-49af-90ce-415b587cb27f}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{3c146a7c-c095-4aa4-97da-1d423914e87b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5B397E14)

Partition: GPT.

==================== End of Addition.txt =======================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by What (administrator) on DESKTOP-60I1NFR (HP HP 15 Notebook PC) (03-01-2021 20:34:12)
Running from C:\Users\What\Desktop
Loaded Profiles: What
Platform: Windows 10 Home Version 1909 18363.592 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.590_none_5efc551459114cb9\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\87.1.18.77\Installer\chrmstp.exe [2021-01-03] (Brave Software, Inc. -> Brave Software, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8545A77D-3853-4015-B4BD-51A604ED7408} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-03] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D44203F3-AE43-4381-B167-6938AC267161} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-03] (Brave Software, Inc. -> BraveSoftware Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{11acfaa8-31f7-4f3a-a94c-9fe30cc0fdb2}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:
======
DownloadDir: C:\Users\What\Downloads

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-03] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-03] (Brave Software, Inc. -> BraveSoftware Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WarpJITSvc; %SystemRoot%\System32\Windows.WARP.JITService.dll [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-03 20:33 - 2021-01-03 20:35 - 000005202 _____ C:\Users\What\Desktop\FRST.txt
2021-01-03 20:32 - 2021-01-03 20:34 - 000000000 ____D C:\FRST
2021-01-03 20:28 - 2021-01-03 20:29 - 000001872 _____ C:\Users\What\Desktop\Rkill.txt
2021-01-03 20:28 - 2021-01-03 20:28 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\What\Desktop\iExplore.exe
2021-01-03 20:27 - 2021-01-03 20:27 - 005054744 _____ (AO Kaspersky Lab) C:\Users\What\Desktop\tdsskiller.exe
2021-01-03 20:27 - 2021-01-03 20:27 - 002286592 _____ (Farbar) C:\Users\What\Desktop\FRST64.exe
2021-01-03 20:15 - 2021-01-03 20:15 - 000000000 _____ C:\Windows\start
2021-01-03 20:11 - 2021-01-03 20:12 - 000000000 _____ C:\Windows\system32\start
2021-01-03 19:56 - 2021-01-03 19:56 - 000002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-01-03 19:56 - 2021-01-03 19:56 - 000002359 _____ C:\Users\Public\Desktop\Brave.lnk
2021-01-03 19:56 - 2021-01-03 19:56 - 000002359 _____ C:\ProgramData\Desktop\Brave.lnk
2021-01-03 19:56 - 2021-01-03 19:56 - 000000000 ____D C:\Program Files\BraveSoftware
2021-01-03 19:54 - 2021-01-03 19:54 - 000000000 ____D C:\Users\What\AppData\LocalLow\Temp
2021-01-03 19:53 - 2021-01-03 19:54 - 000230224 _____ C:\Users\What\Desktop\ml.pdf
2021-01-03 19:51 - 2021-01-03 19:56 - 000000000 ____D C:\Users\What\AppData\Local\BraveSoftware
2021-01-03 19:51 - 2021-01-03 19:51 - 000003438 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-01-03 19:51 - 2021-01-03 19:51 - 000003314 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-01-03 19:51 - 2021-01-03 19:51 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2021-01-03 19:49 - 2021-01-03 19:49 - 000000000 ___HD C:\Users\What\MicrosoftEdgeBackups
2021-01-03 16:13 - 2021-01-03 19:46 - 000000296 _____ C:\Users\What\Desktop\results.txt
2021-01-03 15:58 - 2021-01-03 15:58 - 000035379 _____ C:\Users\What\Desktop\2.txt
2021-01-03 15:58 - 2021-01-03 15:58 - 000035071 _____ C:\Users\What\Desktop\1.txt
2021-01-03 15:56 - 2021-01-03 15:57 - 000035071 _____ C:\Windows\system32\0
2021-01-03 15:56 - 2021-01-03 15:56 - 000031093 _____ C:\Users\What\Desktop\0.txt
2021-01-03 15:52 - 2021-01-03 19:54 - 000000000 ____D C:\Users\What\AppData\Local\PlaceholderTileLogoFolder
2021-01-03 14:12 - 2021-01-03 14:13 - 000000000 ____D C:\Users\What\AppData\Local\Comms
2021-01-03 14:12 - 2021-01-03 14:12 - 000000000 ____D C:\Windows\pss
2021-01-03 14:11 - 2021-01-03 14:22 - 000000000 ____D C:\Users\What\AppData\Local\D3DSCache
2021-01-03 14:10 - 2021-01-03 19:54 - 000000000 ____D C:\ProgramData\Packages
2021-01-03 13:51 - 2021-01-03 14:14 - 000225106 _____ C:\Windows\ntbtlog.txt
2021-01-03 13:51 - 2021-01-03 14:14 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-03 13:36 - 2021-01-03 19:48 - 000000000 ____D C:\Users\What\AppData\Local\MicrosoftEdge
2021-01-03 13:36 - 2021-01-03 13:36 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-01-03 13:35 - 2021-01-03 13:35 - 000001450 _____ C:\Users\What\Desktop\Microsoft Edge.lnk
2021-01-03 13:34 - 2021-01-03 19:54 - 000000000 ____D C:\Users\What\AppData\Local\Packages
2021-01-03 13:34 - 2021-01-03 14:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-03 13:34 - 2021-01-03 14:28 - 000000000 ___RD C:\Users\What\3D Objects
2021-01-03 13:34 - 2021-01-03 13:34 - 000000000 ____D C:\Users\What\AppData\Roaming\Adobe
2021-01-03 13:34 - 2021-01-03 13:34 - 000000000 ____D C:\Users\What\AppData\Local\VirtualStore
2021-01-03 13:34 - 2021-01-03 13:34 - 000000000 ____D C:\Users\What\AppData\Local\Publishers
2021-01-03 13:34 - 2021-01-03 13:34 - 000000000 ____D C:\Users\What\AppData\Local\ConnectedDevicesPlatform
2021-01-03 13:33 - 2021-01-03 13:33 - 000000020 ___SH C:\Users\What\ntuser.ini
2021-01-03 13:32 - 2021-01-03 19:49 - 000000000 ____D C:\Users\What
2021-01-03 13:32 - 2019-03-18 20:46 - 000001105 _____ C:\Users\What\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-03 13:29 - 2021-01-03 14:20 - 000795992 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-03 13:27 - 2021-01-03 13:27 - 000000000 ____D C:\Windows\minidump
2021-01-03 13:25 - 2021-01-03 13:25 - 000000000 _SHDL C:\Documents and Settings
2021-01-03 13:17 - 2021-01-03 19:46 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-03 13:17 - 2021-01-03 14:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-03 13:17 - 2021-01-03 13:17 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-03 13:17 - 2021-01-03 13:17 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-01-03 13:17 - 2021-01-03 13:17 - 000000000 ____D C:\Windows\ServiceProfiles
2021-01-03 13:16 - 2021-01-03 13:24 - 000000000 ____D C:\Windows\Panther

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-03 20:26 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-03 20:05 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\AppReadiness
2021-01-03 19:53 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-03 19:50 - 2019-03-18 20:50 - 000000000 ____D C:\Windows\INF
2021-01-03 19:48 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\USOPrivate
2021-01-03 15:18 - 2019-03-18 20:37 - 000000000 ____D C:\Windows\CbsTemp
2021-01-03 14:28 - 2019-03-18 20:52 - 000000000 __RSD C:\Windows\Media
2021-01-03 14:28 - 2019-03-18 20:52 - 000000000 __RHD C:\Users\Public\Libraries
2021-01-03 14:15 - 2019-03-18 20:37 - 000262144 _____ C:\Windows\system32\config\BBI
2021-01-03 13:29 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-01-03 13:28 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\system32\spool
2021-01-03 13:28 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-01-03 13:28 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\ServiceState
2021-01-03 13:19 - 2019-03-18 20:52 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-03 13:19 - 2019-03-18 20:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-01-03 13:18 - 2019-03-18 20:37 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-01-03 13:16 - 2019-03-18 20:49 - 000028672 _____ C:\Windows\system32\config\BCD-Template

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[iMacg3]

Welcome.

Please give me some time to go over your logs and I will get back to you soon.

 

[iMacg3]

Hi tiffran

Your logs are clean of malware.
The following fix will clean up some "orphaned"/empty registry entries.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as fixlist.txt
• Change the Save as Type to All Files
• and Save it in the same location (FRST / FRST64) is saved
• Start FRST / FRST64 with Administrator privileges.
• Press the Fix button.
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Start::
CreateRestorePoint:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
SearchScopes: HKU\S-1-5-21-2552480816-4193987694-3828653751-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 WarpJITSvc; %SystemRoot%\System32\Windows.WARP.JITService.dll [X]
End::

---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------

In your next reply, please include

• Fixlog.txt
• ESET Log

Note: Please copy and paste any requested logs into your reply instead of attaching them

 

[tiffran]

What mode should I run scans in cause I did first scans in safe mode

 

[iMacg3]

No need to run it in safe mode. Normal mode will work fine.

 

[tiffran]

sorry for the delay got hit with the bluescreen had to reinstall windows. Also i finally seen what the cmd said that flashes and disappears as soon as i power on said. "winpeshL.exe" So I had to do frst scan over here are results

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by who (administrator) on DESKTOP-SKDBPHH (HP HP 15 Notebook PC) (04-01-2021 15:22:29)
Running from C:\Users\who\Desktop
Loaded Profiles: who
Platform: Windows 10 Home Version 20H2 19042.572 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe <3>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.139.59\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F469E2A-7591-4D83-B671-547AEFF84643}\MicrosoftEdgeUpdateSetup_X86_1.3.139.59.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSetup.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\87.1.18.77\Installer\chrmstp.exe [2021-01-04] (Brave Software, Inc. -> Brave Software, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3E1E4E44-842C-4AA8-8E01-7427998E42AE} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-04] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {6D44B86E-E0CB-4B98-8CDF-822C31DDE320} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-418766818-255669586-3882332457-500 => C:\Users\who\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B1DFAFA6-A02F-4A9C-B240-4F3455D6BA8B} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-04] (Brave Software, Inc. -> BraveSoftware Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{63e293cc-d8fd-4713-a76a-a299873bc571}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:
======
Edge Profile: C:\Users\who\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-04] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-04] (Brave Software, Inc. -> BraveSoftware Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-04 15:22 - 2021-01-04 15:24 - 000005780 _____ C:\Users\who\Desktop\FRST.txt
2021-01-04 15:22 - 2021-01-04 15:22 - 000000000 ___HD C:\$WinREAgent
2021-01-04 15:21 - 2021-01-04 15:23 - 000000000 ____D C:\FRST
2021-01-04 15:21 - 2021-01-04 15:21 - 002286592 _____ (Farbar) C:\Users\who\Desktop\FRST64.exe
2021-01-04 15:18 - 2021-01-04 15:18 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-01-04 15:18 - 2021-01-04 15:18 - 000002395 _____ C:\Users\Public\Desktop\Brave.lnk
2021-01-04 15:18 - 2021-01-04 15:18 - 000002395 _____ C:\ProgramData\Desktop\Brave.lnk
2021-01-04 15:18 - 2021-01-04 15:18 - 000000000 ____D C:\Program Files\BraveSoftware
2021-01-04 15:17 - 2021-01-04 15:17 - 000003438 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-01-04 15:17 - 2021-01-04 15:17 - 000003314 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-01-04 15:17 - 2021-01-04 15:17 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2021-01-04 15:16 - 2021-01-04 15:18 - 000000000 ____D C:\Users\who\AppData\Local\BraveSoftware
2021-01-04 15:16 - 2021-01-04 15:16 - 001246680 _____ (BraveSoftware Inc.) C:\Users\who\Downloads\BraveBrowserSetup.exe
2021-01-04 05:27 - 2021-01-04 05:29 - 000000000 ____D C:\Users\who\AppData\Local\Packages
2021-01-04 05:27 - 2021-01-04 05:27 - 000000000 ___RD C:\Users\who\3D Objects
2021-01-04 05:27 - 2021-01-04 05:27 - 000000000 ____D C:\Users\who\AppData\Roaming\Adobe
2021-01-04 05:27 - 2021-01-04 05:27 - 000000000 ____D C:\Users\who\AppData\Local\VirtualStore
2021-01-04 05:27 - 2021-01-04 05:27 - 000000000 ____D C:\Users\who\AppData\Local\Publishers
2021-01-04 05:26 - 2021-01-04 05:27 - 000000000 ____D C:\Users\who\AppData\Local\ConnectedDevicesPlatform
2021-01-04 05:25 - 2021-01-04 05:27 - 000000000 ____D C:\Users\who
2021-01-04 05:25 - 2021-01-04 05:25 - 000000020 ___SH C:\Users\who\ntuser.ini
2021-01-04 05:25 - 2019-12-07 01:10 - 000001105 _____ C:\Users\who\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-04 04:30 - 2021-01-04 04:30 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-04 04:25 - 2021-01-04 04:25 - 000000000 _SHDL C:\Documents and Settings
2021-01-04 04:17 - 2021-01-04 04:17 - 000002850 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-418766818-255669586-3882332457-500
2021-01-04 04:13 - 2021-01-04 04:24 - 000000000 ____D C:\Windows\Panther

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-04 15:22 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-04 15:21 - 2020-09-27 06:53 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-04 15:21 - 2020-09-27 06:53 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-04 15:16 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF
2021-01-04 06:02 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness
2021-01-04 06:01 - 2020-09-27 06:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-04 05:27 - 2020-09-27 06:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-04 05:27 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-04 04:28 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\ServiceState
2021-01-04 04:27 - 2019-12-07 01:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-01-04 04:25 - 2020-09-27 06:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-04 04:25 - 2020-09-27 06:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-04 04:24 - 2019-12-07 01:03 - 000262144 _____ C:\Windows\system32\config\BBI
2021-01-04 04:20 - 2020-09-27 06:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-04 04:20 - 2020-09-27 06:53 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-04 04:20 - 2020-09-27 06:53 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-04 04:20 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-01-04 04:19 - 2019-12-07 01:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-04 04:19 - 2019-12-07 01:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-01-04 04:16 - 2020-09-27 06:50 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-04 04:13 - 2019-12-07 01:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by who (04-01-2021 15:26:14)
Running from C:\Users\who\Desktop
Windows 10 Home Version 20H2 19042.572 (X64) (2021-01-04 12:26:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-418766818-255669586-3882332457-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-418766818-255669586-3882332457-503 - Limited - Disabled)
Guest (S-1-5-21-418766818-255669586-3882332457-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-418766818-255669586-3882332457-504 - Limited - Disabled)
who (S-1-5-21-418766818-255669586-3882332457-1001 - Administrator - Enabled) => C:\Users\who

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 87.1.18.77 - Brave Software Inc)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )

Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-418766818-255669586-3882332457-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DE407ECD-104B-4942-99E2-876B426573DB}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:465.16 GB) (Free:444.22 GB) (95%)

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/04/2021 06:02:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.546 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 368

Start Time: 01d6e29d4895652d

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 32022853-ef66-4720-abfc-45acce7c0f2d

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (01/04/2021 05:37:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/04/2021 05:37:04 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d

Error: (01/04/2021 05:37:04 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

Error: (01/04/2021 04:27:41 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=TimerEvent

Error: (01/04/2021 04:27:40 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d

Error: (01/04/2021 04:27:40 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

Error: (01/04/2021 04:27:38 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d


System errors:
=============
Error: (01/04/2021 04:22:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.

Error: (01/04/2021 04:22:47 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (01/04/2021 04:20:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.

Error: (01/04/2021 04:20:47 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (01/04/2021 04:20:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (01/04/2021 04:20:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Network Connection Broker service hung on starting.

Error: (01/04/2021 04:18:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.

Error: (01/04/2021 04:18:47 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.


==================== Memory info ===========================

BIOS: Insyde F.36 06/09/2017
Motherboard: HP 8175
Processor: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz
Percentage of memory in use: 60%
Total physical RAM: 4001.62 MB
Available physical RAM: 1595.99 MB
Total Virtual: 5409.62 MB
Available Virtual: 3119.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.16 GB) (Free:444.2 GB) NTFS

\\?\Volume{e358a310-1745-4e0d-a9dc-0dde2f96b211}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{e2744ce4-b10a-4f57-875a-b752623f6b4e}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5B397E14)

Partition: GPT.

==================== End of Addition.txt =======================

 

[iMacg3]

Your logs are clean of malware. Please proceed with the steps to run ESET Online Scanner in my previous post. (Don't run the fix with FRST)
Post the resulting log from ESET.

 

[tiffran]

1/5/2021 17:13:20 PM
Files scanned: 170906
Detected files: 0
Cleaned files: 0
Total scan time: 01:39:23
Scan status: Finished

 

[iMacg3]

Hi tiffran

I don't see any signs of a malware infection. Let me know of any problems/issues you are experiencing with this computer.

 

[iMacg3]

Do you still need assistance?

 

[Corrine]

Due to lack of response, this thread is closed. If you wish to continue, please send iMacg3 or me a message and the thread will be reopened.