No taskbar, explorer, WindowsApps stopped working after failed software install.

Tried to install MS Office 2021, failed.

Tried to install MS Office 2016, failed; first said file not found (MSOcache\All users\*\proplus.ww). On second try, said cannot access windows installer.

These installers were got from a pendrive, downloaded from torrent before.

 

Checked my admin user account has access to root and local machine permission in registry. Also, WinDir and System32 dir. They all have access, but nothing can be changed. 

 

 

Shutdown the PC and turned it on. Gave password and sign-in, immediately a dialog box showed, 

Sihost.exe – System error – The system detected an overrun of a stack based buffer in this application. This overrun could potentially allow a malicious user to gain control of the application. 

and the cursor was gone. used Alt+Tab then Esc. Same box popped up several time. Then desktop was displayed with no taskbar. Another dialog box showed, 

 

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

and opening folder on desktop did not work. Explorer, Settings app, WindowsApps, or other apps did not start. Task manager showed explorer not responding. Same after restarting explorer.exe.

 

Clean boot using msconfig.msc did not work.

 

After that boot into safe mode with command prompt. Same Sihost.exe dialog boxes appeared. After when desktop icon showed, and a popup showed,

explorer.exe - System Warning Unknown Hard Error.

 

 

Notepad.exe does not start. Many executables showed access denied. Tried tweaking.com permission preset, got stuck and did not work. "Program Files\WindowsApps" had some access error. It always had some problems.

 

Run 

DISM.exe /Online /Cleanup-image /Scanhealth
DISM.exe /Online /Cleanup-image /Restorehealth

reported Access denied. Error 5. And,

sfc /scannow

reported

Windows Resource Protection could not start the repair service.

 

Then downloaded MalewareBytes offline installer, got installed but did not start said that Service unable to connect. MalewareBytes AntiRootkit found nothing with quick scan, same with MSERT. GMER had no entry with red highlight. Also, SUPERAntiSpyware and Hitman quick scan found nothing. Adwcleaner started but scan never completes.

 

System drive C: had 3.8 GiB before infection, but now has only 800 MiB even after cleaning temporary files.

 

procexp64.exe could not show result for few MS services saying file not found. Those processes could not be terminated, or their location path was not accessible.

 

Autoruns64.exe showed some potential malwares with yellow highlight.   Autoruns64Log.zip   539.32KB   2 downloads

 

 

Farbar Recovery Scan Tool shows wrong windows. I am running Windows 11 Pro for Workstation updated two days ago before infection. Upgraded from Windows 10 Pro.

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2023
Ran by Mahdi Khan (administrator) on DESKTOPPC (0) (18-09-2023 02:53:32)
Running from K:\Repair\FRST\FRST64.exe
Loaded Profiles: Mahdi Khan & Administrator
Platform: Windows 10 Pro for Workstations Version 22H2 22621.2283 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(Taskmgr.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11192552 2023-08-04] (RealDefense, LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [MicrosoftEdgeAutoLaunch_C3CB80581CF46CFA31E673610E1E3B92] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108224 2023-09-12] (Microsoft Corporation -> Microsoft Corporation)
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [2020-11-17]
ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) [File not signed]
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win.lnk [2021-10-31]
ShortcutTarget: IPMSG for Win.lnk -> C:\Users\Rakibul Hasan\AppData\Local\IPMsg\IPMsg.exe (FastCopy Lab, LLC. -> FastCopy Lab, LLC.)
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QTTabBar Desktop Extension StartUp.QTTabGroup [2022-10-15] () [File not signed]
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Clock Redux x64.lnk [2021-10-31]
ShortcutTarget: T-Clock Redux x64.lnk -> C:\Users\Rakibul Hasan\Downloads\T-Clock\Clock64.exe (White-Tiger -> -) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {37112A68-8F86-49FD-BBF4-D443B83779BE} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe [1036152 2022-05-11] (Microleaves LTD -> AdvancedWindowsManager) <==== ATTENTION
Task: {21506AE2-6F98-4D76-B123-8C09329235C1} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {4899B188-C848-4F10-886D-75403E474AB8} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {67C053CF-C50B-4625-B5BE-04F5F5DB4F5A} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {3B36306C-1976-4633-A619-DFBB06E53D9B} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {01712052-391F-49C1-B043-570B91390EA7} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {CFBE79D3-24D1-4852-8891-A1E8827E396B} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {E644BC8C-D3C6-4AEE-A88A-A7BE1993656B} - System32\Tasks\AdvancedWindowsManager #7 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {0B8594B3-295B-45AB-ACD7-F39B7265A841} - System32\Tasks\AdvancedWindowsManager #8 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {C8C043DE-7766-4790-B277-B048666A4357} - System32\Tasks\AdvancedWindowsManager #9 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {49D1B49A-E3D4-438C-891B-166BEB6D4A71} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\windows\explorer.exe [5199488 2023-09-16] (Microsoft Windows -> Microsoft Corporation)
Task: {9B9881BB-FEB4-4B09-BD41-36562FE9D01F} - System32\Tasks\DigitalPulseUpdateTask => C:\Users\Mahdi  -> Khan\AppData\Roaming\DigitalPulse\DigitalPulseUpdate.exe
Task: {DF4D676E-A548-457B-A867-2F3AC78F03BD} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\windows\system32\UCPDMgr.exe [58880 2023-09-05] (Microsoft Windows -> Microsoft Corporation)
Task: {29D00DC6-FC96-452C-B653-59C12CF61EE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {27854F29-2AF5-4361-81BD-7F793C440CA3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1C47271A-A6E0-41F4-94BA-A88665B805EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14BBDFD8-7FF8-4569-BEB7-D3C83186A7C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66C10FFA-DA24-4ED4-B14F-61DACA405C12} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Rakibul Hasan\Downloads\Privazer.Pro.v4.0.67.Portable\App\PrivaZer\PrivaZer.exe [21678120 2023-03-03] (Goversoft LLC -> Goversoft LLC)
Task: {B1E151CA-1B28-404B-A571-38FF0846856E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:980c26c5-bc16-4d1a-bdc2-708009f8cbaf
Task: {3586B759-DF5C-4B7C-A0AC-FD8866CDA8BB} - System32\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:a20e0182-e01f-409c-8c90-c0cc05ec536a

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\MacType_SC.job => C:\Program Files\MacType\MacTray.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\update-S-1-5-21-234447606-1724280197-2013969293-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-18]
Edge Extension: (uBlock Origin development build) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cgbcahbpdhpcegmbfconppldiemgcoii [2023-09-16]
Edge Extension: (Google Docs Offline) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-30]
Edge Extension: (Edge relevant text changes) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-16]
Edge Extension: (Video Speed Controller) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2023-09-01]
StartMenuInternet: Microsoft Edge - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 Everything; C:\Program Files\Everything\Everything.exe [2261600 2021-05-12] (voidtools -> voidtools)
S2 MBAMInstallerService; C:\Users\Mahdi Khan\AppData\Local\Temp\MBAMInstallerService.exe [151182120 2023-09-18] (Malwarebytes Inc. -> Malwarebytes) <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402352 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WslService; "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_1.2.5.0_x64__8wekyb3d8bbwe\wslservice.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [42000 2023-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 UCPD; C:\windows\System32\drivers\UCPD.sys [29184 2023-09-05] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2023
Ran by Mahdi Khan (18-09-2023 01:52:28)
Running from K:\Repair\FRST
Windows 10 Pro for Workstations Version 22H2 22621.2283 (X64) (2023-08-03 09:23:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1864656965-869502255-2032475508-500 - Administrator - Enabled) => C:\Users\Administrator.DESKTOPPC
DefaultAccount (S-1-5-21-1864656965-869502255-2032475508-503 - Limited - Disabled)
Guest (S-1-5-21-1864656965-869502255-2032475508-501 - Limited - Disabled)
Mahdi Khan (S-1-5-21-1864656965-869502255-2032475508-1007 - Administrator - Enabled) => C:\Users\Mahdi Khan
WDAGUtilityAccount (S-1-5-21-1864656965-869502255-2032475508-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ClickOnce Bootstrapper Package for Microsoft .NET Framework 4.8 on Visual Studio 2017 (HKLM-x32\...\{7556B2FA-6364-47EE-901D-12B23F78F382}) (Version: 4.8.04162 - Microsoft Corporation)
DigitalPulse version 0.16.16 (HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\{64F4736C-6169-4520-9368-BE1C9EAE552A}_is1) (Version: 0.16.16 - DigitalPulse, Ltd.)
Microsoft .NET Framework 4.8 Developer Pack (HKLM-x32\...\{5d6d678e-102a-469e-9c8f-6161a7de2666}) (Version: 4.8.3928 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 SDK (HKLM-x32\...\{949C0535-171C-480F-9CF4-D25C9E60FE88}) (Version: 4.8.03928 - Microsoft Corporation)
Microsoft .NET Framework 4.8 Targeting Pack (ENU) (HKLM-x32\...\{A4EA9EE5-7CFF-4C5F-B159-B9B4E5D2BDE2}) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 Targeting Pack (HKLM-x32\...\{BAAF5851-0759-422D-A1E9-90061B597188}) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Host - 5.0.9 (x86) (HKLM-x32\...\{5C742CE3-6DA4-4B12-A7D0-77D38311297C}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.0 Preview 7 (x86) (HKLM-x32\...\{A86EEA71-83BD-41E3-9EE8-942A53B69AB2}) (Version: 48.0.30323 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.9 (x86) (HKLM-x32\...\{4CF1A983-085C-4CB4-A844-FD633C0EE956}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.0 Preview 7 (x86) (HKLM-x32\...\{6C81A114-4A85-49A5-B617-62037D7D39CA}) (Version: 48.0.30323 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.9 (x86) (HKLM-x32\...\{6C2A2599-3BC4-4C51-8F56-5BA64582E625}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.0 Preview 7 (x86) (HKLM-x32\...\{573C3147-1910-40C7-9417-987A6268E0CD}) (Version: 48.0.30323 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.0 Preview 7 (x86) (HKLM-x32\...\{d30840d6-2521-47c1-b319-f7d52e1e36c6}) (Version: 6.0.0.30327 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.81 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\OneDriveSetup.exe) (Version: 23.174.0820.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual Basic/C++ Runtime (x86) (HKLM-x32\...\{C5E3A69D-D391-45A6-A8FB-00B01E2B010D}) (Version: 1.1.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.32919 (HKLM\...\{98B96874-2649-4CC3-B599-1F2EEC28A500}) (Version: 14.38.32919 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.32919 (HKLM\...\{D028B71C-9372-40C9-B535-5841F78448CC}) (Version: 14.38.32919 - Microsoft Corporation)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.32919 (HKLM-x32\...\{5F0295FE-3DAA-4C04-94A6-2AFC6D739D34}) (Version: 14.38.32919 - Microsoft Corporation)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.32919 (HKLM-x32\...\{2F7F071D-83D0-4994-8237-7B0579452FD4}) (Version: 14.38.32919 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{C931A1C6-A7BF-3737-874A-818881A37E1B}) (Version: 10.0.60915 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.9 (x86) (HKLM-x32\...\{363fd9f5-f4b0-4e50-b683-f36aa672d048}) (Version: 5.0.9.30315 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.9 (x86) (HKLM-x32\...\{B9FE9CD0-8E60-4C5C-B9B5-4D91818C2503}) (Version: 40.36.30315 - Microsoft Corporation) Hidden
Oh My Posh version 18.8.0 (HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Oh My Posh_is1) (Version: 18.8.0 - Jan De Dobbeleer)
OpenHashTab version v3.0.2 (HKLM-x32\...\{C0EEE3CD-665D-4E4E-B3BC-ADCD0FE73C0F}_is1) (Version: v3.0.2 - namazso)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.5 - The qBittorrent project)
SetupApp version 2.1 (HKLM-x32\...\SetupApp_is1) (Version: 2.1 - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1256 - SUPERAntiSpyware.com)
Windows Installer (HKLM-x32\...\{798E61D4-8923-4E77-A74B-2DF264394A48}) (Version: 5.0.4 - AdvancedWindowsManager) Hidden
WinRAR 6.23 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH)

Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-30] (Microsoft Corporation)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-08-30] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-16] (Microsoft Corporation)
Microsoft.WindowsTerminalPreview -> C:\Program Files\WindowsApps\Microsoft.WindowsTerminalPreview_1.18.1462.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corporation) [Startup Task]
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.831.400_x64__8wekyb3d8bbwe [2023-09-01] (Microsoft Corporation)
Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.16.0_x64__cw5n1h2txyewy [2023-09-06] (Microsoft Windows)
Windows Feature Experience Pack -> C:\windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-16] (Microsoft Corporation)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.915.2255.984_neutral__8wekyb3d8bbwe [2023-09-16] (Microsoft Corporation)
WinRAR -> C:\Program Files\WinRAR [2023-08-08] (win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1864656965-869502255-2032475508-1007_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2015-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
ShortcutWithArgument: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Pinned Sites\MSEdge._pin_mbfefonkpgdabgjoiopokelgkj\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.office.com/ --profile-directory=Default
ShortcutWithArgument: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Pinned Sites\MSEdge._pin_mabbogacohbobbecclmpanobce\Wikipedia.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.wikipedia.org/ --profile-directory=Default
ShortcutWithArgument: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Pinned Sites\MSEdge._pin_agjbdfdjmphpkcblilljboheco\Microsoft Live.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.live.com/ --profile-directory=Default
ShortcutWithArgument: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Pinned Sites\MSEdge._pin_adnlfjpnmiaohpidplnoimahfh\YouTube.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.youtube.com/ --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --load-extension="C:\Users\Rakibul Hasan\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extension\indmjpmaenjlkpeencmjraafrdqppolc\3.3.1._0"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Rakibul Hasan\AppData\Local\Google\Chrome\User Data\Default\Extension\fbbbpkrnekbnffeflefdjepljcerlobq\6.3.6._0"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Rakibul Hasan\AppData\Local\Google\Chrome\User Data\Default\Extension\jamcfeqdjiqencealiknpliqarfmmkck\7.9.6._0"

==================== Loaded Modules (Whitelisted) =============

2023-08-04 13:38 - 2022-06-09 07:56 - 000430592 _____ () [File not signed] C:\Program Files (x86)\OpenHashTab\AlgorithmsDll-x64-avx.DLL
2023-09-18 01:46 - 2023-09-18 01:46 - 000011264 _____ () [File not signed] C:\Users\Mahdi Khan\AppData\Local\Temp\nsjA203.tmp\System.dll
2023-09-18 01:48 - 2023-09-18 01:48 - 001195008 _____ (ESET) [File not signed] C:\Users\Mahdi Khan\AppData\Local\ESET\ESETOnlineScanner\esets_apiW_a.DLL
2023-08-04 13:38 - 2022-06-09 07:58 - 000760320 _____ (namazso) [File not signed] C:\Program Files (x86)\OpenHashTab\OpenHashTab.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 11:24 - 2022-05-07 11:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

2023-08-30 01:16 - 2023-09-01 00:04 - 000000507 _____ C:\windows\system32\drivers\etc\hosts.ics
192.168.137.1 DesktopPC.mshome.net # 2028 8 2 29 18 4 27 571
192.168.137.147 narzo-50.mshome.net # 2023 9 4 7 18 4 27 571
20 120

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1864656965-869502255-2032475508-1007\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img19.jpg
HKU\S-1-5-21-1864656965-869502255-2032475508-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C3CB80581CF46CFA31E673610E1E3B92"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FEA97B68-0C4A-4709-9913-25457CCADF76}] => (Allow) D:\Program Files\MSO\Office16\outlook.exe => No File
FirewallRules: [{B17B8B51-DCB2-4BA0-A599-00ACD1C86327}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5FDF6F6-9B8A-4D3A-A219-BEDE15C85F9D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7BDC1053-E6F4-4592-9674-E88BC689139A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{76E2CFEE-9048-4F7D-9664-723CBD978BBD}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{E194005B-D135-4D96-9D0C-A185CAD4841E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{2387238E-F627-41D9-AD41-4F6B1E93BC60}] => (Allow) D:\programs_x64\MSOffice\Office16\outlook.exe => No File

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:97.12 GB) (Free:1.11 GB) (1%)
Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/18/2023 01:58:25 AM) (Source: Application Error) (EventID: 1005) (User: NT AUTHORITY)
Description: Advanced Windows Manager0x00x0

Error: (09/18/2023 01:58:25 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a
Faulting module name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a
Exception code: 0xc000001d
Fault offset: 0x00000000000041d5
Faulting process id: 0x0x1774
Faulting application start time: 0x0x1d9e9a14d526f10
Faulting application path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
Faulting module path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
Report Id: b861ba42-2e71-4d12-9372-94e0c01b33c9
Faulting package full name:
Faulting package-relative application ID:

Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1005) (User: NT AUTHORITY)
Description: Advanced Windows Manager0x00x0

Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a
Faulting module name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a
Exception code: 0xc000001d
Fault offset: 0x00000000000041d5
Faulting process id: 0x0x974
Faulting application start time: 0x0x1d9e9a1437b2ebe
Faulting application path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
Faulting module path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
Report Id: eb092bc3-79cc-4d35-8044-51470c50e74d
Faulting package full name:
Faulting package-relative application ID:

Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1005) (User: NT AUTHORITY)
Description: Advanced Windows Manager0x00x0

Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a
Faulting module name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a
Exception code: 0xc000001d
Fault offset: 0x00000000000041d5
Faulting process id: 0x0x11f8
Faulting application start time: 0x0x1d9e9a1437a97ed
Faulting application path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
Faulting module path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
Report Id: 16016926-e99e-40db-8b46-9e19f347ba02
Faulting package full name:
Faulting package-relative application ID:

Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1005) (User: NT AUTHORITY)
Description: Advanced Windows Manager0x00x0

Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a
Faulting module name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a
Exception code: 0xc000001d
Fault offset: 0x00000000000041d5
Faulting process id: 0x0x958
Faulting application start time: 0x0x1d9e9a1437a4d90
Faulting application path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
Faulting module path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe
Report Id: bf60243e-dd6a-498d-ad38-30f97471bb61
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (09/18/2023 01:49:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASDIFSV service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (09/18/2023 01:49:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (09/18/2023 01:49:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (09/18/2023 01:49:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (09/18/2023 01:48:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/18/2023 01:48:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\MAHDIK~1\AppData\Local\Temp\ehdrv.sys

Error: (09/18/2023 01:48:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/18/2023 01:48:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\MAHDIK~1\AppData\Local\Temp\ehdrv.sys


Windows Defender:
================
Date: 2023-09-17 16:16:23
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdUpdater&threatid=15590&enterprise=0
Name: Adware:Win32/AdUpdater
Severity: Not Yet Classified
Category: Unknown
Path: file:_C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe; file:_C:\Windows\temp\ce2d31339cfff41b4b6db9e32e93218c\Windows Updater.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.397.1061.0, AS: 1.397.1061.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.23080.2005, NIS: 0.0.0.0�

Date: 2023-09-17 14:14:25
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdUpdater&threatid=15590&enterprise=0
Name: Adware:Win32/AdUpdater
Severity: Not Yet Classified
Category: Unknown
Path: file:_C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe; file:_C:\Windows\temp\ce2d31339cfff41b4b6db9e32e93218c\Windows Updater.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.397.1061.0, AS: 1.397.1061.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.23080.2005, NIS: 0.0.0.0�

Date: 2023-09-17 14:04:41
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdUpdater&threatid=15590&enterprise=0
Name: Adware:Win32/AdUpdater
Severity: Not Yet Classified
Category: Unknown
Path: file:_C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe; file:_C:\Windows\temp\ce2d31339cfff41b4b6db9e32e93218c\Windows Updater.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.397.1061.0, AS: 1.397.1061.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.23080.2005, NIS: 0.0.0.0�

Date: 2023-09-17 00:00:14
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdUpdater&threatid=15590&enterprise=0
Name: Adware:Win32/AdUpdater
Severity: Not Yet Classified
Category: Unknown
Path: file:_C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe; file:_C:\Windows\temp\ce2d31339cfff41b4b6db9e32e93218c\Windows Updater.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.397.1061.0, AS: 1.397.1061.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.23080.2005, NIS: 0.0.0.0�

Date: 2023-09-17 00:00:04
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdUpdater&threatid=15590&enterprise=0
Name: Adware:Win32/AdUpdater
Severity: Not Yet Classified
Category: Unknown
Path: file:_C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.397.1061.0, AS: 1.397.1061.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.23080.2005, NIS: 0.0.0.0�
Event[0]

Date: 2023-09-17 14:14:10
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.�

CodeIntegrity:
===============
Date: 2023-09-18 01:51:41
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\43604469.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}).�

Date: 2023-09-18 01:51:41
Description:
The driver \Device\HarddiskVolume3\Windows\System32\drivers\43604469.sys is blocked from loading as the driver has been revoked by Microsoft.�

Date: 2023-09-18 01:49:45
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SUPERAntiSpyware\sasdifsv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.�

Date: 2023-09-18 01:49:42
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SUPERAntiSpyware\saskutil64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.�

Date: 2023-09-18 01:46:55
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\xhoqahfuxlqmgaeub.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}).�

Date: 2023-09-18 01:46:55
Description:
The driver \Device\HarddiskVolume3\Windows\System32\drivers\xhoqahfuxlqmgaeub.sys is blocked from loading as the driver has been revoked by Microsoft.�

Date: 2023-09-18 01:46:55
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\duuukkrllvfncyv.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}).�

Date: 2023-09-18 01:46:55
Description:
The driver \Device\HarddiskVolume3\Windows\System32\drivers\duuukkrllvfncyv.sys is blocked from loading as the driver has been revoked by Microsoft.�


==================== Memory info ===========================

BIOS: American Megatrends Inc. 4.6.5 12/22/2017
Motherboard: INTEL Corporation H61
Processor: Intel(R) Core(TM) i5-3470S CPU @ 2.90GHz
Percentage of memory in use: 71%
Total physical RAM: 3993.76 MB
Available physical RAM: 1136.58 MB
Total Virtual: 5785.76 MB
Available Virtual: 2806.16 MB

==================== Drives ================================

Drive c: (OSW11) (Fixed) (Total:97.12 GB) (Free:1.11 GB) NTFS
Drive d: (OldPP) (Fixed) (Total:93.05 GB) (Free:29.39 GB) NTFS
Drive e: (Etcetra) (Fixed) (Total:179.69 GB) (Free:0.65 GB) NTFS
Drive f: (Dumped) (Fixed) (Total:188.42 GB) (Free:6.1 GB) NTFS
Drive g: (Software) (Fixed) (Total:93.15 GB) (Free:6.28 GB) NTFS
Drive h: (Audio) (Fixed) (Total:93.15 GB) (Free:1.63 GB) NTFS
Drive i: (AV) (Fixed) (Total:93.15 GB) (Free:8.07 GB) NTFS
Drive j: (PZ) (Fixed) (Total:93.16 GB) (Free:6.24 GB) NTFS
Drive k: (PenDrive 64GB) (Removable) (Total:58.23 GB) (Free:24.81 GB) NTFS

\\?\Volume{468d5d53-8a3e-4e49-8fcf-89f9911b8ba1}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C9074A32)

Partition: GPT.

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 434F871E)

Partition: GPT.

==========================================================
Disk: 2 (Size: 58.2 GB) (Disk ID: 6B878C2E)
Partition 1: (Not Active) - (Size=58.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11192552 2023-08-04] (RealDefense, LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [MicrosoftEdgeAutoLaunch_C3CB80581CF46CFA31E673610E1E3B92] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108224 2023-09-12] (Microsoft Corporation -> Microsoft Corporation)
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [2020-11-17]
ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) [File not signed]
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win.lnk [2021-10-31]
ShortcutTarget: IPMSG for Win.lnk -> C:\Users\Rakibul Hasan\AppData\Local\IPMsg\IPMsg.exe (FastCopy Lab, LLC. -> FastCopy Lab, LLC.)
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QTTabBar Desktop Extension StartUp.QTTabGroup [2022-10-15] () [File not signed]
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Clock Redux x64.lnk [2021-10-31]
ShortcutTarget: T-Clock Redux x64.lnk -> C:\Users\Rakibul Hasan\Downloads\T-Clock\Clock64.exe (White-Tiger -> -) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {37112A68-8F86-49FD-BBF4-D443B83779BE} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe [1036152 2022-05-11] (Microleaves LTD -> AdvancedWindowsManager) <==== ATTENTION
Task: {21506AE2-6F98-4D76-B123-8C09329235C1} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {4899B188-C848-4F10-886D-75403E474AB8} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {67C053CF-C50B-4625-B5BE-04F5F5DB4F5A} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {3B36306C-1976-4633-A619-DFBB06E53D9B} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {01712052-391F-49C1-B043-570B91390EA7} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {CFBE79D3-24D1-4852-8891-A1E8827E396B} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {E644BC8C-D3C6-4AEE-A88A-A7BE1993656B} - System32\Tasks\AdvancedWindowsManager #7 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {0B8594B3-295B-45AB-ACD7-F39B7265A841} - System32\Tasks\AdvancedWindowsManager #8 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {C8C043DE-7766-4790-B277-B048666A4357} - System32\Tasks\AdvancedWindowsManager #9 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {49D1B49A-E3D4-438C-891B-166BEB6D4A71} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\windows\explorer.exe [5199488 2023-09-16] (Microsoft Windows -> Microsoft Corporation)
Task: {9B9881BB-FEB4-4B09-BD41-36562FE9D01F} - System32\Tasks\DigitalPulseUpdateTask => C:\Users\Mahdi  -> Khan\AppData\Roaming\DigitalPulse\DigitalPulseUpdate.exe
Task: {DF4D676E-A548-457B-A867-2F3AC78F03BD} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\windows\system32\UCPDMgr.exe [58880 2023-09-05] (Microsoft Windows -> Microsoft Corporation)
Task: {29D00DC6-FC96-452C-B653-59C12CF61EE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {27854F29-2AF5-4361-81BD-7F793C440CA3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1C47271A-A6E0-41F4-94BA-A88665B805EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14BBDFD8-7FF8-4569-BEB7-D3C83186A7C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66C10FFA-DA24-4ED4-B14F-61DACA405C12} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Rakibul Hasan\Downloads\Privazer.Pro.v4.0.67.Portable\App\PrivaZer\PrivaZer.exe [21678120 2023-03-03] (Goversoft LLC -> Goversoft LLC)
Task: {B1E151CA-1B28-404B-A571-38FF0846856E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:980c26c5-bc16-4d1a-bdc2-708009f8cbaf
Task: {3586B759-DF5C-4B7C-A0AC-FD8866CDA8BB} - System32\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:a20e0182-e01f-409c-8c90-c0cc05ec536a

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\MacType_SC.job => C:\Program Files\MacType\MacTray.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\update-S-1-5-21-234447606-1724280197-2013969293-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-18]
Edge Extension: (uBlock Origin development build) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cgbcahbpdhpcegmbfconppldiemgcoii [2023-09-16]
Edge Extension: (Google Docs Offline) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-30]
Edge Extension: (Edge relevant text changes) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-16]
Edge Extension: (Video Speed Controller) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2023-09-01]
StartMenuInternet: Microsoft Edge - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 Everything; C:\Program Files\Everything\Everything.exe [2261600 2021-05-12] (voidtools -> voidtools)
S2 MBAMInstallerService; C:\Users\Mahdi Khan\AppData\Local\Temp\MBAMInstallerService.exe [151182120 2023-09-18] (Malwarebytes Inc. -> Malwarebytes) <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402352 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WslService; "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_1.2.5.0_x64__8wekyb3d8bbwe\wslservice.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [42000 2023-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 UCPD; C:\windows\System32\drivers\UCPD.sys [29184 2023-09-05] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11192552 2023-08-04] (RealDefense, LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [MicrosoftEdgeAutoLaunch_C3CB80581CF46CFA31E673610E1E3B92] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108224 2023-09-12] (Microsoft Corporation -> Microsoft Corporation)
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [2020-11-17]
ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) [File not signed]
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win.lnk [2021-10-31]
ShortcutTarget: IPMSG for Win.lnk -> C:\Users\Rakibul Hasan\AppData\Local\IPMsg\IPMsg.exe (FastCopy Lab, LLC. -> FastCopy Lab, LLC.)
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QTTabBar Desktop Extension StartUp.QTTabGroup [2022-10-15] () [File not signed]
Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Clock Redux x64.lnk [2021-10-31]
ShortcutTarget: T-Clock Redux x64.lnk -> C:\Users\Rakibul Hasan\Downloads\T-Clock\Clock64.exe (White-Tiger -> -) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {37112A68-8F86-49FD-BBF4-D443B83779BE} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe [1036152 2022-05-11] (Microleaves LTD -> AdvancedWindowsManager) <==== ATTENTION
Task: {21506AE2-6F98-4D76-B123-8C09329235C1} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {4899B188-C848-4F10-886D-75403E474AB8} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {67C053CF-C50B-4625-B5BE-04F5F5DB4F5A} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {3B36306C-1976-4633-A619-DFBB06E53D9B} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {01712052-391F-49C1-B043-570B91390EA7} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {CFBE79D3-24D1-4852-8891-A1E8827E396B} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {E644BC8C-D3C6-4AEE-A88A-A7BE1993656B} - System32\Tasks\AdvancedWindowsManager #7 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {0B8594B3-295B-45AB-ACD7-F39B7265A841} - System32\Tasks\AdvancedWindowsManager #8 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {C8C043DE-7766-4790-B277-B048666A4357} - System32\Tasks\AdvancedWindowsManager #9 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {49D1B49A-E3D4-438C-891B-166BEB6D4A71} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\windows\explorer.exe [5199488 2023-09-16] (Microsoft Windows -> Microsoft Corporation)
Task: {9B9881BB-FEB4-4B09-BD41-36562FE9D01F} - System32\Tasks\DigitalPulseUpdateTask => C:\Users\Mahdi  -> Khan\AppData\Roaming\DigitalPulse\DigitalPulseUpdate.exe
Task: {DF4D676E-A548-457B-A867-2F3AC78F03BD} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\windows\system32\UCPDMgr.exe [58880 2023-09-05] (Microsoft Windows -> Microsoft Corporation)
Task: {29D00DC6-FC96-452C-B653-59C12CF61EE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {27854F29-2AF5-4361-81BD-7F793C440CA3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1C47271A-A6E0-41F4-94BA-A88665B805EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14BBDFD8-7FF8-4569-BEB7-D3C83186A7C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66C10FFA-DA24-4ED4-B14F-61DACA405C12} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Rakibul Hasan\Downloads\Privazer.Pro.v4.0.67.Portable\App\PrivaZer\PrivaZer.exe [21678120 2023-03-03] (Goversoft LLC -> Goversoft LLC)
Task: {B1E151CA-1B28-404B-A571-38FF0846856E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:980c26c5-bc16-4d1a-bdc2-708009f8cbaf
Task: {3586B759-DF5C-4B7C-A0AC-FD8866CDA8BB} - System32\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:a20e0182-e01f-409c-8c90-c0cc05ec536a

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\MacType_SC.job => C:\Program Files\MacType\MacTray.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\update-S-1-5-21-234447606-1724280197-2013969293-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-18]
Edge Extension: (uBlock Origin development build) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cgbcahbpdhpcegmbfconppldiemgcoii [2023-09-16]
Edge Extension: (Google Docs Offline) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-30]
Edge Extension: (Edge relevant text changes) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-16]
Edge Extension: (Video Speed Controller) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2023-09-01]
StartMenuInternet: Microsoft Edge - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 Everything; C:\Program Files\Everything\Everything.exe [2261600 2021-05-12] (voidtools -> voidtools)
S2 MBAMInstallerService; C:\Users\Mahdi Khan\AppData\Local\Temp\MBAMInstallerService.exe [151182120 2023-09-18] (Malwarebytes Inc. -> Malwarebytes) <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402352 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WslService; "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_1.2.5.0_x64__8wekyb3d8bbwe\wslservice.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [42000 2023-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 UCPD; C:\windows\System32\drivers\UCPD.sys [29184 2023-09-05] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 Autoruns64Log.zip   539.32KB   2 downloads

Edited by NabilKhan, 18 September 2023 - 10:20 AM.

Nothing works. It might be a Zero-Day attack.

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/789799 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

• If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  
• A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
  
  • Please do this even if you have previously posted logs for us.
  • If you were unable to produce the logs originally please try once more.
  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
  • If you are unsure about any of these characteristics just post what you can and we will guide you.
• Please tell us if you have your original Windows CD/DVD available.
  
• Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.
  
  FRST Download Link
  
  
• When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
• Double click on the FRST icon and allow it to run.
• Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
• Notepad will open with the results.
• Post the new logs as explained in the prep guide.
• Close the program window, and delete the program from your desktop.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Please check the autorun files on the first post.

 

Services.msc shows some suspicious services.  SusServices.png   18.78KB   0 downloads

 

ESET online scan found no threat but quarantine some PUPs. I want to restore them. How can I do that? ESET shows no result.

 

New logs:

FRST.txt

 

 

Addition.txt

Please...follow the instructions provided per the HelpBot post above.

 

Louis