Tech Support Guy banner
Cancel
Create thread New Forums
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Cannot remove symsrv.dll infection

Solved
Jump to Latest
7K views 11 replies 2 participants last post by  DR M  
D
#1 ·
Hi,

Recently, avira antivirus couldn't open, same thing happened with ccleaner. So i ran anti malware bytes and it showed around 100 infections. It removed all except this one infection symsrv.dll. On every scan it said the infection is quarantined but after reboot it still shows up. Even in safe mode it was same. After some google search installed unhackme and free fixer. even with those the same thing happened. A search on c drive shows 2 files symsrv.dll and symsrv.dll.000 in c:/programfiles/commonfiles. Anti Malware byte didn't detect symsrv.dll.000.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2021
Ran by Admin (administrator) on ADMIN-PC (Hewlett-Packard HP Pavilion g6 Notebook PC) (21-08-2021 15:20:22)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) [File not signed] C:\Windows\System32\atieclxx.exe
(AMD) [File not signed] C:\Windows\System32\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2018-12-29] (IDT, Inc.) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\Run: [] => [X]
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\MountPoints2: G - G:\OnePlus_setup.exe /s
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\MountPoints2: {198c4f11-e8cd-11e9-ba42-20689d9bd96a} - G:\OnePlus_setup.exe /s
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\MountPoints2: {288177b6-943d-11e9-bca9-20689d9bd96a} - G:\Setup.exe
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\MountPoints2: {2a1121fd-9f86-11e8-8296-20689d9bd96a} - G:\Setup.exe
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\MountPoints2: {3bc10a6d-dc08-11e8-9b64-20689d9bd96a} - G:\Setup.exe
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\MountPoints2: {5419b600-f391-11ea-8294-20689d9bd96a} - G:\Setup.exe
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\MountPoints2: {a4b10715-deea-11ea-9b75-20689d9bd96a} - G:\Setup.exe
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\MountPoints2: {ad922e1d-6725-11e9-b73b-20689d9bd96a} - G:\OnePlus_setup.exe /s
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\MountPoints2: {ba1ab005-37cb-11e8-8698-20689d9bd96a} - G:\OnePlus_setup.exe /s
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\MountPoints2: {d3d98891-6ba6-11e8-a799-20689d9bd96a} - G:\OnePlus_setup.exe /s
HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\MountPoints2: {e340f66b-93d3-11eb-a747-20689d9bd96a} - G:\OnePlus_setup.exe /s
HKU\S-1-5-21-4100574571-97274293-195119175-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2021-08-21] (Microsoft Corporation) [File not signed] <==== ATTENTION
BootExecute: autocheck autochk * Ĺ $(Ă‚
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\Users\Admin\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A1E2E1E-3B81-4CEB-8013-14B7B747BBF0} - System32\Tasks\{9BB1A666-CBD0-4936-8047-5587F97E5C5A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Admin\Desktop\tally 7.2\install.exe" -d "C:\Users\Admin\Desktop\tally 7.2"
Task: {12187ECE-7C06-4F92-82C4-8082EF74EBAB} - System32\Tasks\{6C646625-9E00-4BA9-8813-CCCC7506168A} => C:\Windows\system32\pcalua.exe -a C:\OdinIntegrated\Client\vcredist_x86.exe -d C:\OdinIntegrated\Client
Task: {5408AADF-C994-4344-97C2-7E777E326D65} - System32\Tasks\{021686BD-ADEE-4EB1-B882-2A1D355488E1} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\install.exe -d C:\Users\Admin\Downloads
Task: {67BBFAA4-A8C5-4627-9966-4ED27C5E4E4E} - System32\Tasks\{3656475F-3434-4F76-8335-6A41CB6C1AC9} => C:\Windows\system32\pcalua.exe -a C:\OdinIntegrated\Client\Server2Diet.exe -d C:\OdinIntegrated\Client
Task: {6A788389-0963-4F3B-AF9B-33315A830C11} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {88C1BABC-9800-4AF7-9697-648856F58BCE} - System32\Tasks\{6C23329B-773B-43B6-B270-717CF708859B} => C:\Windows\system32\pcalua.exe -a G:\OnePlus_USB_Drivers_Setup.exe -d G:\
Task: {8E72E59E-1572-4CC5-8F61-7617AE6525BF} - System32\Tasks\{8C2C4475-9A03-4674-B6F0-D57A1DA8CE26} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\Server2Diet.exe -d C:\Users\Admin\Downloads
Task: {DE60B3A2-A141-493D-8668-58D9DE531F88} - System32\Tasks\{1F8C1CB8-12A6-4C81-A71C-FCCBC5E2DAE1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Admin\Downloads\tally 7.2 rel 3.14.exe" -d C:\Users\Admin\Downloads
Task: {EDCF13A8-F9C1-429C-B077-02FA625BEB17} - System32\Tasks\{E31EB1B5-79C1-446F-9AB7-3C49A6916D60} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Desktop\install.exe -d C:\Users\Admin\Desktop
Task: {F96CEB1B-D536-4582-A894-B81272DFFEE1} - System32\Tasks\{E4D78978-03FA-4399-A7B9-C4691DDD5DE9} => C:\Windows\system32\pcalua.exe -a C:\Odin\DIET\vcredist_x86.exe -d C:\Odin\DIET
Task: {FD1B2441-4AA4-4EAA-8F8B-BC87BC99B307} - System32\Tasks\{3A6E5820-5C9D-4D55-85F1-B6C4FAAB6ED3} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\Server4Diet.exe -d C:\Users\Admin\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [200407 2015-08-12] (Apple Inc.) [File not signed]
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 202.56.215.54 59.144.144.100
Tcpip\..\Interfaces\{017D25A4-5ABD-4B7A-89BC-8466258DF814}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0BCE821A-3A88-40AD-8C9D-4FB1DD796559}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3171BF4B-9A65-4B1F-87E3-1D48D09D658B}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{BCF30F44-CFB9-48A1-9490-BC717C24A073}: [DhcpNameServer] 202.56.215.54 59.144.144.100

FireFox:
========
FF DefaultProfile: 5ua0ntaq.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5ua0ntaq.default [2021-08-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225196.dll [2017-02-10] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: HCWP Web Components -> C:\Program Files (x86)\HCWP Web Components\npHCWPWebVideoPlugin.dll [2014-03-05] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-4100574571-97274293-195119175-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2020-07-25] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
FF Plugin HKU\S-1-5-21-4100574571-97274293-195119175-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2020-07-25] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

Opera:
=======
OPR Profile: C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable [2021-08-19]
OPR DefaultSuggestURL: Opera Stable -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list&t={opera:vpnClient}
OPR Extension: (Rich Hints Agent) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-08-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [235520 2012-03-05] (AMD) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7497336 2021-08-21] (Malwarebytes Inc -> Malwarebytes)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2018-12-29] (IDT, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-03] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10729984 2012-03-05] (Advanced Micro Devices, Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [328192 2012-03-05] (Advanced Micro Devices, Inc.) [File not signed]
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [222984 2021-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [177112 2021-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2017-06-19] (Power Technology -> Windows (R) Win 7 DDK provider)
S3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2017-06-19] (Power Technology -> Windows (R) Win 7 DDK provider)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-12-29] (Martin Malik - REALiX -> REALiX(tm))
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [342528 2012-10-02] (Intel(R) Corporation) [File not signed]
S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [14748416 2012-03-26] (Intel Corporation) [File not signed]
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-08-21] (Malwarebytes Inc -> Malwarebytes)
R2 NPF; C:\Program Files\iVMS-4200 Station\iVMS-4200\Drivers\npf64.sys [36600 2018-07-03] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation -> Corel Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [550912 2018-12-29] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 cpuz140; \??\C:\Users\Admin\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S1 NNSDNS; system32\DRIVERS\NNSDns.sys [X]
S1 NNSHTTP; system32\DRIVERS\NNSHttp.sys [X]
S1 NNSHTTPS; system32\DRIVERS\NNSHttps.sys [X]
S1 NNSIDS; system32\DRIVERS\NNSIds.sys [X]
S1 NNSPICC; system32\DRIVERS\NNSPicc.sys [X]
S1 NNSPOP3; system32\DRIVERS\NNSPop3.sys [X]
S1 NNSPROT; system32\DRIVERS\NNSProt.sys [X]
S1 NNSPRV; system32\DRIVERS\NNSPrv.sys [X]
S1 NNSSMTP; system32\DRIVERS\NNSSmtp.sys [X]
S1 NNSSTRM; system32\DRIVERS\NNSStrm.sys [X]
S2 PSINAflt; system32\DRIVERS\PSINAflt.sys [X]
S2 PSINFile; system32\DRIVERS\PSINFile.sys [X]
S1 PSINKNC; system32\DRIVERS\psinknc.sys [X]
S2 PSINProc; system32\DRIVERS\PSINProc.sys [X]
S2 PSINProt; system32\DRIVERS\PSINProt.sys [X]
S2 PSINReg; system32\DRIVERS\PSINReg.sys [X]
S3 SmbDrvI; system32\DRIVERS\Smb_driver_Intel.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-21 15:20 - 2021-08-21 15:24 - 000017089 _____ C:\Users\Admin\Downloads\FRST.txt
2021-08-21 15:12 - 2021-08-21 15:21 - 000000000 ____D C:\FRST
2021-08-21 15:07 - 2021-08-21 15:07 - 002300416 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2021-08-21 04:42 - 2021-08-21 04:42 - 000069337 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlcoer.dll
2021-08-21 04:14 - 2021-08-21 04:16 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-21 04:14 - 2021-08-21 04:16 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-08-21 04:13 - 2021-08-21 04:13 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-08-21 04:13 - 2021-08-21 04:13 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-08-21 04:03 - 2019-02-21 09:42 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-08-21 04:03 - 2019-02-21 09:40 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-08-21 04:03 - 2019-02-10 21:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2021-08-21 04:03 - 2019-02-10 21:39 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2021-08-21 04:01 - 2021-08-21 04:10 - 000000000 ____D C:\AdwCleaner
2021-08-21 04:01 - 2021-08-21 04:01 - 008553680 _____ (Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_8.3.0.exe
2021-08-21 03:58 - 2020-12-29 00:48 - 000000888 _____ C:\Windows\system32\Drivers\etc\hosts.old
2021-08-21 03:32 - 2021-08-21 03:32 - 000000000 ____D C:\@RestoreQuarantine
2021-08-21 03:06 - 2021-08-21 14:33 - 000000246 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2021-08-21 02:59 - 2021-08-21 04:36 - 000000000 ____D C:\Users\Admin\Documents\RegRun2
2021-08-21 02:57 - 2021-08-21 14:36 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2021-08-21 02:57 - 2021-08-21 04:35 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2021-08-21 02:56 - 2021-08-04 16:33 - 044319016 _____ (Greatis Software, LLC. ) C:\Users\Admin\Desktop\unhackme_setup.exe
2021-08-21 02:37 - 2021-08-21 02:37 - 002198775 _____ (Malwarebytes) C:\Users\Admin\Downloads\MBSetup-119967.119967-consumer.exe
2021-08-21 02:37 - 2021-08-21 02:37 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2021-08-21 02:36 - 2021-08-21 02:37 - 011775335 _____ (ESET) C:\Users\Admin\Downloads\esetonlinescanner.exe
2021-08-21 02:21 - 2021-08-21 02:21 - 000280336 _____ C:\Windows\Minidump\082121-30966-01.dmp
2021-08-21 02:14 - 2021-08-21 02:14 - 000280336 _____ C:\Windows\Minidump\082121-19749-01.dmp
2021-08-21 02:10 - 2021-08-21 02:10 - 000280336 _____ C:\Windows\Minidump\082121-26208-01.dmp
2021-08-21 02:05 - 2021-08-21 02:05 - 000280336 _____ C:\Windows\Minidump\082121-27378-01.dmp
2021-08-21 02:02 - 2021-08-21 02:02 - 000280336 _____ C:\Windows\Minidump\082121-28610-01.dmp
2021-08-21 01:59 - 2021-08-21 02:21 - 464203414 _____ C:\Windows\MEMORY.DMP
2021-08-21 01:59 - 2021-08-21 02:21 - 000000000 ____D C:\Windows\Minidump
2021-08-21 01:59 - 2021-08-21 01:59 - 000280336 _____ C:\Windows\Minidump\082121-39047-01.dmp
2021-08-21 01:52 - 2021-08-21 01:52 - 000000000 ____D C:\Windows\SysWOW64\%Bases%
2021-08-21 01:24 - 2021-08-21 01:24 - 000000017 _____ C:\Users\Admin\AppData\Local\resmon.resmoncfg
2021-08-21 01:23 - 2021-08-21 01:23 - 055853327 _____ C:\Users\Admin\Downloads\windows6.1-kb4474419-v3-x64_b5614c6cea5cb4e198717789633dca16308ef79c.msu
2021-08-21 00:21 - 2010-03-08 15:40 - 000013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2021-08-21 00:07 - 2021-08-21 00:24 - 000000000 ____D C:\Users\Admin\AppData\Roaming\FreeFixer
2021-08-21 00:07 - 2021-08-21 00:24 - 000000000 ____D C:\Users\Admin\AppData\Local\FreeFixer
2021-08-21 00:07 - 2021-08-21 00:07 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2021-08-21 00:07 - 2021-08-21 00:07 - 000000000 ____D C:\Program Files\FreeFixer
2021-08-21 00:06 - 2021-08-21 00:07 - 002748061 _____ (Kephyr) C:\Users\Admin\Downloads\freefixersetup.exe
2021-08-20 23:41 - 2021-08-20 23:42 - 002841367 _____ (Kaspersky) C:\Users\Admin\Downloads\ks4.021.3.10.391en_25142.exe
2021-08-20 22:53 - 2021-08-21 00:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome
2021-08-20 22:49 - 2021-08-20 23:52 - 000000000 ____D C:\ProgramData\Panda Security
2021-08-20 02:49 - 2021-08-21 02:05 - 001230402 _____ C:\Windows\ntbtlog.txt
2021-08-19 23:19 - 2021-08-19 23:19 - 000000225 _____ C:\ProgramData\VpnSharedSettings.config
2021-08-19 23:19 - 2021-08-19 23:19 - 000000225 _____ C:\ProgramData\VpnSharedSettings.backup
2021-08-19 20:10 - 2021-08-20 23:52 - 000000000 ____D C:\MATS
2021-08-19 19:37 - 2021-08-19 19:37 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-08-19 18:44 - 2021-08-20 23:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-08-19 17:18 - 2021-08-19 17:39 - 000000000 ____D C:\Users\Admin\Downloads\Shiva.Baby.2021.720p.WEBRip.800MB.x264-GalaxyRG[TGx]
2021-08-19 17:14 - 2021-08-19 17:15 - 000000000 ____D C:\Users\Admin\Downloads\Snake.Eyes.G.I.Joe.Origins.2021.1080p.AMZN.WEBRip.1400MB.DD5.1.x264-GalaxyRG[TGx]
2021-08-19 17:13 - 2021-08-19 17:32 - 1418046175 ____R C:\Users\Admin\Downloads\MAARA (2021) Tamil HDRip 720p x264 (DD+5.1 - 192Kbps) 1.3GB ESub ['MB].mkv
2021-08-19 17:00 - 2021-08-19 17:00 - 000000000 ____D C:\Users\Admin\AppData\Local\Adaware
2021-08-19 12:06 - 2021-08-19 11:56 - 028064604 _____ C:\Users\Admin\Desktop\192.168.1.58_01_20210819115415195.mp4
2021-08-17 12:19 - 2015-06-05 00:51 - 000513640 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2021-08-17 12:19 - 2015-06-05 00:51 - 000173672 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2021-08-11 11:05 - 2021-08-11 11:05 - 000009823 _____ C:\Users\Admin\Downloads\916020072716344.pdf
2021-08-08 15:42 - 2021-08-08 15:58 - 000000000 ____D C:\Users\Admin\Desktop\Misc
2021-08-05 13:21 - 2021-08-05 13:21 - 000459530 _____ C:\Users\Admin\Desktop\mom vaccine certificate.pdf
2021-08-04 12:54 - 2021-08-04 12:54 - 000012140 _____ C:\Users\Admin\Desktop\cnn1516_NetPosition.xls
2021-08-03 18:07 - 2021-08-04 00:09 - 000000731 _____ C:\Users\Public\Desktop\DietOdin.exe (VER 10.0.5.0).lnk
2021-08-03 18:06 - 2021-08-03 18:10 - 000000000 ____D C:\Users\Admin\AppData\Roaming\NIRMALBANG
2021-07-27 23:43 - 2021-07-27 23:43 - 000000000 ____D C:\Users\Admin\Desktop\Video clips
2021-07-27 23:43 - 2021-07-27 23:43 - 000000000 ____D C:\Users\Admin\Desktop\Images

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-21 14:39 - 2009-07-14 10:43 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2021-08-21 14:39 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2021-08-21 14:35 - 2018-04-04 00:19 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2021-08-21 14:34 - 2009-07-14 08:50 - 000000000 ____D C:\Program Files\Common Files\System
2021-08-21 14:33 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-08-21 14:33 - 2009-07-14 10:15 - 000417504 _____ C:\Windows\system32\FNTCACHE.DAT
2021-08-21 04:44 - 2009-07-14 10:15 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-08-21 04:44 - 2009-07-14 10:15 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-08-21 04:33 - 2018-12-03 12:34 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-08-21 04:28 - 2021-01-13 15:00 - 000000000 ____D C:\Program Files (x86)\Web Components
2021-08-21 04:26 - 2018-04-17 19:30 - 000000000 ___HD C:\Users\Admin\WebComponents
2021-08-21 04:24 - 2021-01-03 13:01 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2021-08-21 04:10 - 2018-12-29 15:27 - 000000000 ____D C:\ProgramData\IObit
2021-08-21 04:05 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-08-21 04:05 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\Dism
2021-08-21 03:37 - 2018-04-04 00:18 - 000000000 ____D C:\Program Files\Opera
2021-08-21 02:19 - 2018-04-03 12:56 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2021-08-21 02:19 - 2018-04-03 12:56 - 000000000 ____D C:\Windows\system32\Macromed
2021-08-21 01:52 - 2018-04-03 12:45 - 000000000 ____D C:\Program Files\Common Files\AV
2021-08-21 01:46 - 2009-07-14 10:39 - 000000000 ____D C:\Windows\system32\Tasks\WPD
2021-08-21 01:46 - 2009-07-14 10:27 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2021-08-21 01:29 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\NDF
2021-08-21 00:54 - 2018-04-07 12:23 - 000000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2021-08-21 00:31 - 2018-04-03 12:25 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-08-20 22:52 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2021-08-20 03:04 - 2021-05-01 14:52 - 000000000 ____D C:\Users\Admin\AppData\Local\UT013
2021-08-20 02:48 - 2021-02-13 17:23 - 000000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2021-08-19 19:59 - 2018-04-04 00:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-08-19 19:37 - 2019-03-28 11:50 - 000000000 ____D C:\ProgramData\Mozilla
2021-08-19 13:38 - 2020-04-27 21:12 - 000000000 ____D C:\Users\Admin\Downloads\Telegram Desktop
2021-08-19 13:09 - 2020-04-26 21:16 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Telegram Desktop
2021-08-17 15:50 - 2018-04-03 13:17 - 000000000 ____D C:\Users\Admin\AppData\Local\Google
2021-08-17 15:50 - 2018-04-03 13:17 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-17 14:04 - 2018-06-02 15:22 - 000000000 ____D C:\iVMS-4200
2021-08-17 12:22 - 2018-04-03 11:43 - 000000000 ____D C:\Program Files (x86)\Intel
2021-08-14 19:36 - 2018-04-03 11:43 - 000000000 ____D C:\Intel
2021-08-13 09:51 - 2020-05-24 18:42 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Zoom
2021-08-12 20:47 - 2019-04-18 17:20 - 000000000 ____D C:\Users\Admin\AppData\Local\BitTorrentHelper
2021-08-08 18:07 - 2020-11-24 13:59 - 000000000 ____D C:\Users\Admin\Desktop\Nimblr
2021-08-08 16:01 - 2020-11-24 18:22 - 000000000 ____D C:\Users\Admin\Desktop\spirtual
2021-08-08 15:59 - 2020-11-24 18:07 - 000000000 ____D C:\Users\Admin\Desktop\travel
2021-08-08 15:55 - 2020-11-03 17:33 - 000000000 _____ C:\Users\Admin\Desktop\ril ce and pe.txt
2021-08-03 00:21 - 2020-11-25 16:06 - 000000000 ____D C:\Users\Admin\AppData\Local\TX3
2021-08-03 00:20 - 2020-11-25 16:06 - 000000000 ____D C:\Users\Admin\AppData\Local\My ClickOnce Applications
2021-08-03 00:19 - 2019-11-17 16:36 - 000000000 ____D C:\Users\Admin\AppData\Local\Deployment
2021-08-02 11:27 - 2021-07-18 18:41 - 000013990 _____ C:\Users\Admin\Desktop\Trading journal.xlsx
2021-07-29 00:55 - 2020-01-15 19:02 - 000044544 ___SH C:\Users\Admin\Downloads\Thumbs.db

==================== Files in the root of some directories ========

2018-04-07 19:53 - 2018-04-07 19:53 - 000003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-07 12:25 - 2021-08-21 00:17 - 000000205 _____ () C:\Users\Admin\AppData\Local\oobelibMkey.log
2021-08-21 01:24 - 2021-08-21 01:24 - 000000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\User32.dll
[2010-11-21 08:54] - [2010-11-21 08:54] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2018-04-03 11:58] - [2018-04-03 11:58] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

LastRegBack: 2021-08-10 16:01
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2021
Ran by Admin (21-08-2021 15:27:15)
Running from C:\Users\Admin\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2018-04-03 06:04:20)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Admin (S-1-5-21-4100574571-97274293-195119175-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-4100574571-97274293-195119175-500 - Administrator - Disabled)
Guest (S-1-5-21-4100574571-97274293-195119175-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{A8405EC5-A483-AA4E-6CBA-E2B163409128}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CrystalDiskInfo 7.6.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.6.0 - Crystal Dew World)
Epic Privacy Browser (HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\Epic Privacy Browser) (Version: 84.0.4147.105 - Epic)
FreeFixer (HKLM-x32\...\FreeFixer1.19) (Version: 1.19 - Kephyr)
HCWP Web Components (HKLM-x32\...\{908EFECF-6E38-4193-A858-587FD21FD9EA}_is1) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
iVMS-4200(v2.7.2.4) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.7.2.4 - hikvision)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
K-Lite Codec Pack 14.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.0 - KLCP)
Malwarebytes version 4.4.5.130 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.5.130 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 91.0.1 (x64 en-US)) (Version: 91.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Telegram Desktop version 2.7.4 (HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.4 - Telegram FZ-LLC)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Microsoft WPD (03/04/2014 6.2.5326.4762) (HKLM\...\71872475ABF607AB394FD4F511A8A2C3CA77A791) (Version: 03/04/2014 6.2.5326.4762 - Microsoft)
Windows Driver Package - OnePlus Net (07/15/2011 1.0.0.1) (HKLM\...\4ED6404DCAB3E4483422D2C4974092022327AA78) (Version: 07/15/2011 1.0.0.1 - OnePlus)
Windows Driver Package - OnePlus, Inc. (WinUSB) AndroidUsbDeviceClass (05/24/2012 6.0.0000.00000) (HKLM\...\59AFF6524BE5C0983F2711DEB8D25D511D4F4924) (Version: 05/24/2012 6.0.0000.00000 - OnePlus, Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZET 9 Lite 2.29 (HKLM-x32\...\ZET 9 Lite 2.29) (Version: 2.29 - ZET Astrology Software)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4100574571-97274293-195119175-1000_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2288887 2021-08-21] (Microsoft Corporation) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-03-05] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2012-03-05 04:06 - 2012-03-05 04:06 - 000509952 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\system32\atiadlxx.dll
2015-08-12 16:03 - 2015-08-12 16:03 - 000200407 _____ (Apple Inc.) [File not signed] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
2010-11-21 08:54 - 2010-11-21 08:54 - 001008640 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\system32\USER32.dll
2021-08-21 14:33 - 2021-08-21 14:33 - 000069337 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\System\symsrv.dll
2018-04-03 11:58 - 2018-04-03 11:58 - 000833024 _____ (Microsoft Corporation) [File not signed] C:\Windows\syswow64\USER32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4100574571-97274293-195119175-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4100574571-97274293-195119175-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-4100574571-97274293-195119175-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4100574571-97274293-195119175-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-04-03] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2021-08-21] (Microsoft Corporation) [File not signed]

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4100574571-97274293-195119175-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2021-08-21 14:36 - 000000888 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\adb;C:\Android
HKU\S-1-5-21-4100574571-97274293-195119175-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 202.56.215.54 - 59.144.144.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C63A90F5-AEC1-43BD-91B6-4662B2822EDA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{101CDE39-CD83-4649-A407-DC4973C36050}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{634BAF5B-AFAD-4AC1-9D91-756B8798B150}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{0454C927-E0FD-40AA-8746-6C3FED4F692E}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{0025802C-3423-4DF4-8DCA-4919768901D6}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [UDP Query User{4DA4B025-3827-481C-AB89-CA89BC05F425}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{CBBEE024-75D3-4CF2-AAC5-525634691247}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe () [File not signed]
FirewallRules: [UDP Query User{183F5DEE-2BEB-463D-8AB2-991A6F7918DD}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe () [File not signed]
FirewallRules: [{2FE4CB06-0CF5-4507-A417-71D704D75A61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{05B9B248-EDB3-4968-ABFC-217B8F5E5FB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D2CA14C5-CD0B-42B4-A46D-A46220CE7AC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C618159-60EB-4125-AFB3-41C6329B69E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{109B3D56-27DD-47E7-9FBC-C8571A03A617}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{EBB80B3F-D235-47E7-A514-A9701B868099}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{B4F9BEEE-2B04-4887-A6EF-891EABAF1DFF}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C85D0830-67DA-4183-BE42-80B3209C23B3}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{4B332453-6326-41F6-8AB2-12671EA892F8}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{BD225D7B-34A1-42AD-B422-DC5A53E844DE}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Block) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [UDP Query User{BAE61419-5B59-4EA9-86E0-094995F96E5E}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Block) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{94E644F6-A3DE-4F37-8818-94DD8299B4D2}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{54A68618-995D-4EC2-BB02-AE13ABF6592D}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{39326814-E21A-4480-9630-8B5E51CF6774}] => (Allow) C:\Program Files\Opera\77.0.4054.203\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{12799283-00CA-4AD1-81BF-C26482A6B627}] => (Allow) C:\Program Files\Opera\77.0.4054.277\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

20-08-2021 23:41:06 Installed Microsoft Solution - B4164D8C-3813-495A-BBBC-BA51D122A226
20-08-2021 23:42:08 Restore Point before Panda Dome was removed using Program Install and Uninstall troubleshooter
20-08-2021 23:42:57 Final Restore Point for Panda Dome using Program Install and Uninstall troubleshooter.
20-08-2021 23:50:53 Installed Microsoft Solution - B4164D8C-3813-495A-BBBC-BA51D122A226
21-08-2021 01:38:51 Windows Update
21-08-2021 02:25:52 Windows Modules Installer
21-08-2021 03:03:50 UnHackMe Malware Removal
21-08-2021 03:11:20 UnHackMe Malware Removal
21-08-2021 03:23:39 UnHackMe Malware Removal
21-08-2021 03:27:50 UnHackMe Malware Removal
21-08-2021 03:45:03 UnHackMe Malware Removal
21-08-2021 04:03:20 Windows Update
21-08-2021 04:36:06 UnHackMe Malware Removal

==================== Faulty Device Manager Devices ============

Name: PSINKnc
Description: PSINKnc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PSINKNC
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NNSHttp
Description: NNSHttp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NNSHTTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NNSHttps
Description: NNSHttps
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NNSHTTPS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PSINProt
Description: PSINProt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PSINProt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NNSids
Description: NNSids
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NNSIDS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PSINReg
Description: PSINReg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PSINReg
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NNSPicc
Description: NNSPicc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NNSPICC
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NNSPop3
Description: NNSPop3
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NNSPOP3
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NNSProt
Description: NNSProt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NNSPROT
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NNSPrv
Description: NNSPrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NNSPRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NNSSmtp
Description: NNSSmtp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NNSSMTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NNSStrm
Description: NNSStrm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NNSSTRM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard VGA Graphics Adapter
Description: Standard VGA Graphics Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: PSINAflt
Description: PSINAflt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PSINAflt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NNSDns
Description: NNSDns
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NNSDNS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: ========================

Application errors:
==================
Error: (08/21/2021 02:35:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/21/2021 02:33:49 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (08/21/2021 02:33:49 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (08/21/2021 04:39:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/21/2021 04:37:26 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (08/21/2021 04:37:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (08/21/2021 04:33:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.1089, time stamp: 0x610955fb
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0xa10
Faulting application start time: 0x01d7961784fe1a3f
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: c3964d5a-020a-11ec-ab2a-20689d9bd96a

Error: (08/21/2021 04:31:46 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Setup/Uninstall because of this error.

Program: Setup/Uninstall
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

System errors:
=============
Error: (08/21/2021 02:37:06 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service depends the following service: LMS. This service might not be installed.

Error: (08/21/2021 02:36:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (08/21/2021 02:33:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
NNSDNS
NNSHTTP
NNSHTTPS
NNSIDS
NNSPICC
NNSPOP3
NNSPROT
NNSPRV
NNSSMTP
NNSSTRM
PSINKNC

Error: (08/21/2021 02:33:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PSINReg service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/21/2021 02:33:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PSINProc service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/21/2021 02:33:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PSINFile service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/21/2021 02:33:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PSINProt service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/21/2021 02:33:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PSINAflt service failed to start due to the following error:
The system cannot find the file specified.

Windows Defender:
================
Date: 2021-08-20 22:40:05.008
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2020-12-28 22:31:14.913
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Custom Scan

Date: 2020-09-09 13:39:18.179
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2020-01-31 04:22:18.641
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2019-01-13 14:30:12.677
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

==================== Memory info ===========================

BIOS: Insyde F.22 11/22/2012
Motherboard: Hewlett-Packard 1840
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 93%
Total physical RAM: 3994.36 MB
Available physical RAM: 260.09 MB
Total Virtual: 7986.86 MB
Available Virtual: 3750.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.14 GB) (Free:39.39 GB) NTFS
Drive d: () (Fixed) (Total:146.48 GB) (Free:79.13 GB) NTFS
Drive e: () (Fixed) (Total:172.79 GB) (Free:67.49 GB) NTFS

\\?\Volume{685b2245-3704-11e8-a2b3-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 3C6844D2)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 
#2 ·
Hello.

Can you please explain to me the content of your Hosts file?

Code: 
2009-07-14 08:04 - 2021-08-21 14:36 - 000000888 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
 
Save
Like Like
#4 · (Edited)
Those entries indicate an attempt to avoid legal activation of Microsoft products.

I also see that you have Microsoft Office Enterprise installed. Enterprise edition is for big companies and not for individuals. Therefore, the license used here is probably not legal.

So I have to ask you:
  • Is your Windows a genuine copy?
  • What about Microsoft Office? Where did you find its license?

If Microsoft Office is not legal, then uninstall it. Otherwise a fix will remove the entries in the Hosts file and therefore (if the entries got there for this purpose) you won't be able to run the program properly. If you don't agree with this, it's fine with me to stop the procedure here.

The following command will check about your Windows validity. If it is genuine, then yes, I'll help you. If not, I won't, since it is against the Forum's rules as well as my beliefs.

Run slmgr command
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
Code: 
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.
 
Save
Like Like
D
#5 ·
Hello,

Yes they are not genuine. My laptop hdd got damaged and i had to replace it. so i lost my original license. As i use a software which runs on MSDos i cannot upgrade to either 8 or 10. Office was there when the windows was installed. This msdos software is the reason why i genuinely cannot upgrade my windows.

I will be thankful if you could help me with this. I was not aware of forum rules regarding this. I respect your beliefs and apologize for posting without knowing about the rules. I understand if you are not going to help me with this. Thank you for your help.
 
#6 · (Edited)
My laptop hdd got damaged and i had to replace it. so i lost my original license.
Click to expand...
Why did you lose the license? Isn't it listed on a label at the back of your computer?

As i use a software which runs on MSDos i cannot upgrade to either 8 or 10.
Click to expand...
What program is this?

I will be thankful if you could help me with this.
Click to expand...
Unfortunately, I can't, until you legally activate the operating system. With a pirated/cracked operating system you can't make the security updates and you have many restrictions. This is the mainly cause you got infected and even if we clean the computer now, it will get infected again, soon or later.
 
Save
Like Like
D
#7 ·
- Why did you lose the license? Isn't it listed on a label at the back of your computer?


It's a hp pavillion g6 laptop and it came with windows 8 installed. Even for that there is no number behind the laptop. It came with a separate recovery drive in the system. But because the software i had to remove win 8 and purchased windows 7 from a local vendor here who also installed it for me. This was 7 years back.

Last year my HDD was damaged or corrupted or what i do not know, but my laptop was not starting so i had installed a toshiba hdd and had to install this windows 7 because i couldn't find original win7 box.


2 - What program is this?

This is a custom made sale stock and other things management software made 25 yrs back.See the photo attached.so not possible to upgrade.

3 - I understand that you cannot help. In which case what should be done now to the thread. Thank you for your time and help.
 

Attachments

#8 ·
Something important to consider:

Even if the operating system (Windows 7) was legal, I would strongly recommend you to upgrade to Windows 10. Windows 7 stopped receiving security updates since January 2020. It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. Staying with Windows 7, just because it is compatible with a software you are using is not wise at all. Add to this that your Windows 7 is pirated, and you become the perfect target for a malware attack. :(
 
Save
Like Like
D
#9 ·
yes i know, i am not able to find original windows 7 in the market here. Unfortunately for me this data cannot be extracted to another platform by software developer and its used daily by me. Generally i do not use this laptop for other things. For that i have a dell laptop. There isnt another solution for the msdos software i use.

Infact it was the software guy who suggested to use win 7 pirated copy.

I also believe this malware infected my computer because i had downloaded a infected version of ccleaner installer.
 
#10 ·
Using pirated/cracked and outdated operating system PLUS pirated/cracked software is an easy way to infect your computer. Almost as easy as intentionally downloading malware.

At least, do not use the specific computer to connect to the internet. And I mean do not connect to the internet at all.
 
Save
Like Like
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Guy
posts
9.9M
members
873K
Since
1998
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking