Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide:    Best VPNs to unblock Stan outside Australia in 2023

Generic User Avatar

My PC keeps filling out with new files - no space left

Started by cherm , Aug 27 2023 05:38 AM

  • This topic is locked This topic is locked
77 replies to this topic

#31 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 07 September 2023 - 12:15 PM

 

When was the last time it booted successfully and what steps did you take just prior to the boot failure. I see some antivirus program activity and a System Reset entry on 8-30. Did it fail to boot immediately following those steps?


Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

BC AdBot (Login to Remove)

 

#32 cherm

cherm
  • Topic Starter

  • Avatar image
  • Members
  • 94 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:04:24 AM

Posted 07 September 2023 - 04:32 PM

I don't know exactly when I booted successfully last time.

I don't know for sure when did I boo successfully, I used to keep my pc active 24/7.

 

I believe it was during the last week of August.


#33 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 07 September 2023 - 04:51 PM

Thank you.

Please attempt this.

===================================================

Farbar Recovery Scan Tool Fix From Installed Recovery Partition

--------------------
  • If necessary, download Farbar Recover Scan Tool for 64 bit systems and save it to a USB device
  • Download Attached File  Fixlist.txt   22bytes   3 downloads and save it in the same USB device
  • Insert the USB device into your compromised computer
  • Holding down the Shift Key click Start, click the power icon, then select Reboot
  • Click Troubleshoot
  • Click Advanced options
  • Click Command Prompt
  • Type G:\FRST64.exe then hit Enter
  • Press Fix button
  • Reboot your computer
  • A fixlog.txt file will be saved on the USB drive. Please copy and paste it to your reply.
  • A $SysReset folder will hopefully be placed on the USB device
  • Please zip and upload the folder here
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog
  • Uploaded zip folder

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#34 cherm

cherm
  • Topic Starter

  • Avatar image
  • Members
  • 94 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:04:24 AM

Posted 08 September 2023 - 04:18 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-08-2023
Ran by SYSTEM (08-09-2023 12:10:55) Run:1
Running from G:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Copy: C:\$SysReset G:\
*****************
 
================== "Copy: C:\$SysReset G:\" ===================
 
"C:\$SysReset\Scratch\csrss.exe" copied successfully
"C:\$SysReset\Logs\dism.log" copied successfully
"C:\$SysReset\Logs\PushButtonReset.etl" copied successfully
"C:\$SysReset\Logs\SessionID.xml" copied successfully
"C:\$SysReset\Logs\setupact.log" copied successfully
"C:\$SysReset\Logs\setuperr.log" copied successfully
"C:\$SysReset\Logs\Timestamp.xml" copied successfully
 
=== End of Copy: ===
 
==== End of Fixlog 12:10:56 ====
 
 
$SysReset folder was submitted

#35 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 08 September 2023 - 08:22 AM

Thank you.

A System Reset was attempted on 2023-08-30 22:30. Did that occur before or after the computer was unbootable?

In addition, please run the below Fixlist as you did before and post the results.

Attached Files


Edited by Oh My!, 08 September 2023 - 09:48 AM.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#36 cherm

cherm
  • Topic Starter

  • Avatar image
  • Members
  • 94 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:04:24 AM

Posted 08 September 2023 - 09:47 AM

I believe it was before the computer was unbootable.


#37 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 08 September 2023 - 09:49 AM

Thank you.

Sorry, I just modified the previous post to have you run a Fixlist.

I suspect the attempted System Reset resulted in a corruption of the operating system. We just need to figure out what to do about it.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#38 cherm

cherm
  • Topic Starter

  • Avatar image
  • Members
  • 94 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:04:24 AM

Posted 08 September 2023 - 01:59 PM

I"ll waited patiently for your instructions.


#39 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 08 September 2023 - 07:03 PM

Thank you.

Please do this

===================================================

Farbar Recovery Scan Tool Fix From Installed Recovery Partition

--------------------
  • If necessary, download Farbar Recover Scan Tool for 64 bit systems and save it to a USB device
  • Download Attached File  Fixlist.txt   20.55KB   1 downloads and save it in the same USB device
  • Insert the USB device into your compromised computer
  • Holding down the Shift Key click Start, click the power icon, then select Reboot
  • Click Troubleshoot
  • Click Advanced options
  • Click Command Prompt
  • Type G:\FRST64.exe then hit Enter
  • Press Fix button
  • Reboot your computer
  • A fixlog.txt file will be saved on the USB drive. Please copy and paste it to your reply.
  • Attempt to boot your computer into Normal or Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog
  • Can you boot?

Edited by Oh My!, 09 September 2023 - 08:45 AM.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#40 cherm

cherm
  • Topic Starter

  • Avatar image
  • Members
  • 94 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:04:24 AM

Posted 09 September 2023 - 02:31 AM

I tried to recover my memory as to my steps fighting the over production of new files.

1. I ran the following online antivirus programs: HouseCall, ESET, Malwarebyte and F-Secure, None identified the source of the problem/

2. I tried another program, I don't recall its name. The program suggested creating a Restore point, which sounded legitimate. Then it requested to uninstall 2 current antivirus programs' stating that they interfere with its functioning. Since I remember the McAfee asked the same act, I followed it.

 

Most probably this program created to booting problem. I can not the cause for the over productions of files.


#41 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 09 September 2023 - 07:34 AM

Thank you for the information. Make sure to run the steps in Post #39.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#42 cherm

cherm
  • Topic Starter

  • Avatar image
  • Members
  • 94 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:04:24 AM

Posted 09 September 2023 - 08:54 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-08-2023
Ran by SYSTEM (09-09-2023 16:52:13) Run:2
Running from G:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
cmd: wmic qfe
cmd: type "C:\Windows\System32\Logfiles\Srt\SrtTrail.txt"
HKU\User\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [41584544 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {D791332B-4089-4697-B61A-2BFAD3DA3D5F} - System32\Tasks\Microsoft\Windows\InstallService\SmartRetry
Task: {132E87AF-BC2E-4C65-AD8A-16C732A3A076} - System32\Tasks\Avira_Antivirus_Systray => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe"  /min (No File)
Task: {132E87AF-BC2E-4C65-AD8A-16C732A3A076} - System32\Tasks\Avira_Antivirus_Systray => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe"  /min (No File)
Task: {067C3245-A79E-497B-ABF7-D2D70D98C41B} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {067C3245-A79E-497B-ABF7-D2D70D98C41B} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {067C3245-A79E-497B-ABF7-D2D70D98C41B} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {04F552BC-055E-4F20-9531-E5AB619F4C70} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [262024 2023-08-15] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {C038F49D-0C13-4162-9DC5-B07826F0FD91} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1814672 2023-08-15] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {9D8C5462-81A8-40FF-966A-460DBD434021} - System32\Tasks\Avira_Security_Update => C:\WINDOWS\system32\net.exe [81920 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
Task: {5F43A270-3247-4E8C-94C9-433AD54CDD69} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [35381016 2023-03-31] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {704EB81A-6813-4C0F-AE95-DC39CD45ED9D} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.0.1.259_0\WatchDog.exe [937000 2023-07-27] (Bitdefender SRL -> Bitdefender)
Task: {7FB9A476-EB83-41A8-82AD-5F28F3647B88} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe  (No File)
Task: {0A3ADECE-74EE-465B-A257-D78C841DC213} - System32\Tasks\CCleanerSkipUAC - User => "C:\Program Files\CCleaner\CCleaner.exe"  $(Arg0) (No File)
Task: {E20BD887-5588-429C-BE69-FA01597A3D86} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\temp\scoped_dir4244_1181014593\esetonlinescanner.exe  LOGON (No File) <==== ATTENTION
Task: {34967669-F2A1-4D02-B075-8DBAA8490580} - System32\Tasks\EOSv3 Scheduler onTime => D:\temp\scoped_dir4244_1181014593\esetonlinescanner.exe  SCHED (No File) <==== ATTENTION
Task: {DB8639B3-ECEF-4AB0-86CD-BC1EBF0622EF} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [26792176 2023-08-28] (GRIDINSOFT, TOV -> Gridinsoft LLC)
Task: {1003759A-957F-4A92-BD44-3356D106F189} - System32\Tasks\klcp_update => "C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe"  /verysilent /update /freq=30 (No File)
S2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3002640 2022-09-08] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [266384 2023-08-15] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [297392 2023-08-15] (Avira Operations GmbH -> Avira Operations GmbH)
S2 BDAppSrv; C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe [842264 2023-08-20] (Bitdefender SRL -> Bitdefender)
S2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-08-20] (Bitdefender SRL -> Bitdefender)
S2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-08-20] (Bitdefender SRL -> Bitdefender)
S2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2946088 2023-07-20] (Bitdefender SRL -> Bitdefender)
S2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2560552 2023-07-20] (Bitdefender SRL -> Bitdefender)
S2 BDSafepaySrv; C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe [842264 2023-08-20] (Bitdefender SRL -> Bitdefender)
S2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11147944 2023-08-29] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11147944 2023-08-29] (Avira Operations GmbH -> Avira Operations GmbH)
S2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [274584 2023-08-09] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [288792 2023-08-20] (Bitdefender SRL -> Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [842264 2023-08-20] (Bitdefender SRL -> Bitdefender)
S3 CCleanerPerformanceOptimizerService; "C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe" [X]
S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.112\elevation_service.exe" [X]
S2 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" [X]
S3 OneDrive Updater Service; "C:\Program Files\Microsoft OneDrive\23.169.0813.0001\OneDriveUpdaterService.exe" [X]
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [X]
S1 atc; C:\Windows\System32\DRIVERS\atc.sys [6205488 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
S0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
S0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 BdDci; C:\Windows\system32\DRIVERS\bddci.sys [798128 2022-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [22976 2020-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [190712 2023-08-28] (Avira Operations GmbH -> Avira Operations GmbH)
S3 bdprivmon; C:\Windows\system32\DRIVERS\bdprivmon.sys [49200 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender SRL)
S1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [233560 2023-08-25] (Avira Operations GmbH -> Avira Operations GmbH)
S3 bduefiscan; C:\Windows\system32\DRIVERS\bduefiscan.sys [39840 2022-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S1 Gemma; C:\Windows\System32\DRIVERS\gemma.sys [1347496 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA)
S3 GridinSoftInetSecurityDriver; C:\Windows\system32\DRIVERS\gsInetSecurity.sys [107784 2023-08-28] (GridinSoft, LLC -> GridinSoft LLC)
S2 Ignisv2; C:\Windows\system32\DRIVERS\ignisv2.sys [165312 2023-08-06] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S1 netprotection_network_filter; C:\Windows\System32\drivers\netprotection_network_filter.sys [114992 2023-08-18] (Avira Operations GmbH -> Avira Operations GmbH)
S0 rtp_elam; C:\Windows\System32\DRIVERS\rtp_elam.sys [28616 2023-08-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
S1 rtp_filter; C:\Windows\System32\DRIVERS\rtp_filter.sys [357008 2023-08-28] (Avira Operations GmbH -> Avira Operations GmbH)
S1 rtp_traverse; C:\Windows\system32\DRIVERS\rtp_traverse.sys [41776 2023-08-28] (Avira Operations GmbH -> Avira Operations GmbH)
S1 webshieldfilter; C:\Windows\System32\drivers\webshieldfilter.sys [96264 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) <==== ATTENTION
S4 AndnetBus; \SystemRoot\System32\drivers\lgandnetbus64.sys [X]
S1 epp; \??\D:\DATA\Desktop\bin64\epp.sys [X]
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
UpperFilters: [{71A27CDD-812A-11D0-BEC7-08002BE2092F}] -> [volsnap avusbflt]
C:\Program Files\CCleaner
C:\Program Files (x86)\Avira
C:\WINDOWS\system32\net.exe
C:\Program Files\Bitdefender Agent
D:\temp
C:\Program Files\GridinSoft Anti-Malware
C:\Program Files\Bitdefender\Bitdefender Security
C:\Program Files\Avira
C:\Program Files (x86)\TotalAV
C:\Program Files\Malwarebytes
C:\Windows\System32\DRIVERS\atc.sys
C:\Windows\System32\DRIVERS\avdevprot.sys
C:\Windows\System32\drivers\avelam.sys
C:\Windows\System32\Drivers\avusbflt.sys
C:\Windows\system32\DRIVERS\bddci.sys
C:\Windows\System32\drivers\bdelam.sys
C:\Windows\System32\DRIVERS\BdNet.sys
C:\Windows\system32\DRIVERS\bdprivmon.sys
C:\Windows\System32\DRIVERS\BdSentry.sys
C:\Windows\system32\DRIVERS\bduefiscan.sys
C:\Windows\System32\DRIVERS\gemma.sys
C:\Windows\system32\DRIVERS\gsInetSecurity.sys
C:\Windows\system32\DRIVERS\ignisv2.sys
C:\Windows\System32\DRIVERS\MbamElam.sys
C:\Windows\System32\Drivers\mbamswissarmy.sys
C:\Windows\System32\drivers\netprotection_network_filter.sys
C:\Windows\System32\DRIVERS\rtp_elam.sys
C:\Windows\System32\DRIVERS\rtp_filter.sys
C:\Windows\system32\DRIVERS\rtp_traverse.sys
C:\Windows\System32\drivers\webshieldfilter.sys
C:\Windows\System32\drivers\webshieldfilter.sys
2023-08-30 10:38 - 2023-08-30 10:38 - 000003322 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
2023-08-30 08:38 - 2023-08-18 01:24 - 000114992 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\netprotection_network_filter.sys
2023-08-30 08:37 - 2023-08-30 08:37 - 000000000 ____D C:\Program Files\Avira
2023-08-30 08:37 - 2023-08-28 20:31 - 000357008 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\rtp_filter.sys
2023-08-30 08:37 - 2023-08-28 20:31 - 000041776 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\rtp_traverse.sys
2023-08-30 08:37 - 2023-08-28 20:31 - 000028616 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\rtp_elam.sys
2023-08-30 08:37 - 2023-08-28 01:54 - 000190712 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\BdNet.sys
2023-08-30 08:37 - 2023-08-25 02:47 - 000233560 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\BdSentry.sys
2023-08-30 08:33 - 2023-08-30 08:33 - 000705300 _____ C:\ProgramData\cl.1693412566.bdinstall.v2.bin
2023-08-30 08:33 - 2023-08-30 08:33 - 000118388 _____ C:\ProgramData\cl.kit.1693412562.bdinstall.v2.bin
2023-08-30 08:32 - 2023-08-30 08:32 - 000000000 ____D C:\ProgramData\Gemma
2023-08-30 08:32 - 2023-08-30 08:32 - 000000000 ____D C:\ProgramData\Atc
2023-08-30 08:31 - 2023-08-30 08:31 - 000090164 _____ C:\ProgramData\agent.update.1693413084.bdinstall.v2.bin
2023-08-30 08:29 - 2023-08-30 08:33 - 000000000 ____D C:\ProgramData\BDLogging
2023-08-30 08:29 - 2023-08-30 08:29 - 000002378 _____ C:\Users\Public\Desktop\Bitdefender.lnk
2023-08-30 08:29 - 2023-08-30 08:29 - 000000000 ____D C:\Windows\System32\elambkup
2023-08-30 08:29 - 2020-12-17 15:33 - 000022976 _____ (Bitdefender) C:\Windows\System32\Drivers\bdelam.sys
2023-08-30 08:28 - 2023-08-30 08:28 - 000000000 ____D C:\Users\User\AppData\Roaming\Bitdefender Security App
2023-08-30 08:28 - 2023-08-09 23:08 - 006205488 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\Windows\System32\Drivers\atc.sys
2023-08-30 08:28 - 2023-08-08 21:27 - 000049200 _____ (Bitdefender SRL) C:\Windows\System32\Drivers\bdprivmon.sys
2023-08-30 08:28 - 2023-07-11 23:27 - 001347496 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\System32\Drivers\gemma.sys
2023-08-30 08:28 - 2022-12-07 07:14 - 000633248 _____ (Bitdefender) C:\Windows\System32\Drivers\Trufos.sys
2023-08-30 08:28 - 2022-09-29 03:18 - 000798128 _____ (Bitdefender) C:\Windows\System32\Drivers\bddci.sys
2023-08-30 08:28 - 2022-08-11 20:56 - 000039840 _____ (Bitdefender) C:\Windows\System32\Drivers\bduefiscan.sys
2023-08-30 08:27 - 2023-08-30 08:27 - 000000000 ____D C:\Users\User\AppData\Roaming\Bitdefender
2023-08-30 08:27 - 2023-08-30 08:27 - 000000000 ____D C:\ProgramData\Bitdefender
2023-08-30 08:27 - 2023-08-30 08:27 - 000000000 ____D C:\Program Files\Bitdefender
2023-08-30 08:27 - 2023-08-06 16:19 - 000165312 _____ (Bitdefender) C:\Windows\System32\Drivers\ignisv2.sys
2023-08-30 08:23 - 2023-08-30 08:31 - 000003854 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2023-08-30 08:22 - 2023-03-17 08:25 - 000522136 _____ (Bitdefender) C:\Windows\System32\Drivers\vlflt.sys
2023-08-30 08:21 - 2023-08-30 08:31 - 000000000 ____D C:\Program Files\Bitdefender Agent
2023-08-30 08:21 - 2023-08-30 08:21 - 000142132 _____ C:\ProgramData\agent.1693412509.bdinstall.v2.bin
2023-08-30 10:38 - 2023-08-30 10:38 - 000003322 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
2023-08-30 08:38 - 2023-08-18 01:24 - 000114992 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\netprotection_network_filter.sys
2023-08-30 08:37 - 2023-08-30 08:37 - 000000000 ____D C:\Program Files\Avira
2023-08-30 08:37 - 2023-08-28 20:31 - 000357008 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\rtp_filter.sys
2023-08-30 08:37 - 2023-08-28 20:31 - 000041776 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\rtp_traverse.sys
2023-08-30 08:37 - 2023-08-28 20:31 - 000028616 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\rtp_elam.sys
2023-08-30 08:37 - 2023-08-28 01:54 - 000190712 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\BdNet.sys
2023-08-30 08:37 - 2023-08-25 02:47 - 000233560 _____ (Avira Operations GmbH) C:\Windows\System32\Drivers\BdSentry.sys
2023-08-30 08:33 - 2023-08-30 08:33 - 000705300 _____ C:\ProgramData\cl.1693412566.bdinstall.v2.bin
2023-08-30 08:33 - 2023-08-30 08:33 - 000118388 _____ C:\ProgramData\cl.kit.1693412562.bdinstall.v2.bin
2023-08-30 08:32 - 2023-08-30 08:32 - 000000000 ____D C:\ProgramData\Gemma
2023-08-30 08:32 - 2023-08-30 08:32 - 000000000 ____D C:\ProgramData\Atc
2023-08-30 08:31 - 2023-08-30 08:31 - 000090164 _____ C:\ProgramData\agent.update.1693413084.bdinstall.v2.bin
2023-08-30 08:29 - 2023-08-30 08:33 - 000000000 ____D C:\ProgramData\BDLogging
2023-08-30 08:29 - 2023-08-30 08:29 - 000002378 _____ C:\Users\Public\Desktop\Bitdefender.lnk
2023-08-30 08:29 - 2023-08-30 08:29 - 000000000 ____D C:\Windows\System32\elambkup
2023-08-30 08:29 - 2020-12-17 15:33 - 000022976 _____ (Bitdefender) C:\Windows\System32\Drivers\bdelam.sys
2023-08-30 08:28 - 2023-08-30 08:28 - 000000000 ____D C:\Users\User\AppData\Roaming\Bitdefender Security App
2023-08-30 08:28 - 2023-08-09 23:08 - 006205488 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\Windows\System32\Drivers\atc.sys
2023-08-30 08:28 - 2023-08-08 21:27 - 000049200 _____ (Bitdefender SRL) C:\Windows\System32\Drivers\bdprivmon.sys
2023-08-30 08:28 - 2023-07-11 23:27 - 001347496 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\System32\Drivers\gemma.sys
2023-08-30 08:28 - 2022-12-07 07:14 - 000633248 _____ (Bitdefender) C:\Windows\System32\Drivers\Trufos.sys
2023-08-30 08:28 - 2022-09-29 03:18 - 000798128 _____ (Bitdefender) C:\Windows\System32\Drivers\bddci.sys
2023-08-30 08:28 - 2022-08-11 20:56 - 000039840 _____ (Bitdefender) C:\Windows\System32\Drivers\bduefiscan.sys
2023-08-30 08:27 - 2023-08-30 08:27 - 000000000 ____D C:\Users\User\AppData\Roaming\Bitdefender
2023-08-30 08:27 - 2023-08-30 08:27 - 000000000 ____D C:\ProgramData\Bitdefender
2023-08-30 08:27 - 2023-08-30 08:27 - 000000000 ____D C:\Program Files\Bitdefender
2023-08-30 08:27 - 2023-08-06 16:19 - 000165312 _____ (Bitdefender) C:\Windows\System32\Drivers\ignisv2.sys
2023-08-30 08:23 - 2023-08-30 08:31 - 000003854 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2023-08-30 08:22 - 2023-03-17 08:25 - 000522136 _____ (Bitdefender) C:\Windows\System32\Drivers\vlflt.sys
2023-08-30 08:21 - 2023-08-30 08:31 - 000000000 ____D C:\Program Files\Bitdefender Agent
2023-08-30 08:21 - 2023-08-30 08:21 - 000142132 _____ C:\ProgramData\agent.1693412509.bdinstall.v2.bin
2023-08-30 06:38 - 2023-08-30 06:41 - 000000000 ____D C:\ProgramData\ScanGuard
2023-08-30 06:38 - 2023-08-30 06:39 - 000000000 ____D C:\Program Files (x86)\ScanGuard
2023-08-30 06:38 - 2023-08-30 06:38 - 000001092 _____ C:\Users\Public\Desktop\ScanGuard.lnk
2023-08-30 06:25 - 2023-08-09 01:30 - 000096264 _____ (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\webshieldfilter.sys
2023-08-30 06:22 - 2023-08-30 06:41 - 000000000 ____D C:\Users\User\AppData\Local\GUI
2023-08-30 06:22 - 2023-08-30 06:22 - 000001064 _____ C:\Users\Public\Desktop\TotalAV.lnk
2023-08-30 06:22 - 2023-08-30 06:22 - 000000000 ____D C:\ProgramData\TotalAV
2023-08-30 06:22 - 2023-08-30 06:22 - 000000000 ____D C:\ProgramData\SecuritySuite
2023-08-30 06:22 - 2023-08-09 01:30 - 000018912 _____ (TODO: <Company name>) C:\Windows\System32\Drivers\protected_elam.sys
2023-08-30 06:21 - 2023-08-30 07:15 - 000000000 ____D C:\Program Files (x86)\TotalAV
2023-08-30 06:08 - 2023-08-30 06:08 - 000001121 _____ C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk
2023-08-30 06:08 - 2023-08-30 06:08 - 000000000 ____D C:\ProgramData\GridinSoft
2023-08-30 06:08 - 2023-08-30 06:08 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2023-08-29 06:35 - 2023-08-30 00:09 - 000000000 ____D C:\AdwCleaner
2023-08-28 21:02 - 2023-08-28 21:02 - 000107784 _____ (GridinSoft LLC) C:\Windows\System32\Drivers\gsInetSecurity.sys
2023-08-28 21:02 - 2023-08-28 21:02 - 000055488 _____ C:\Windows\System32\Drivers\GSDriver64.sys
2023-08-25 15:17 - 2023-08-25 15:17 - 000003792 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupVerify
2023-08-25 12:04 - 2023-08-25 12:04 - 000000000 ____D C:\ProgramData\Piriform
2023-08-25 07:56 - 2023-08-25 07:56 - 000001417 _____ C:\Windows\System32\default_error_stack-000002-000000.txt
2023-08-25 07:28 - 2023-08-25 07:28 - 000000542 _____ C:\Windows\System32\default_error_stack-000001-000000.txt
2023-08-25 06:51 - 2023-08-29 06:17 - 000000000 ____D C:\Program Files\Trend Micro
2023-08-25 06:48 - 2023-08-25 06:50 - 000000000 ____D C:\ProgramData\F-Secure
2023-08-23 05:12 - 2023-08-23 05:12 - 000003888 _____ C:\Windows\System32\Tasks\Avira_Security_Maintenance
2023-08-23 05:12 - 2023-08-23 05:12 - 000003428 _____ C:\Windows\System32\Tasks\Avira_Security_Service_SCM_Watchdog
2023-08-23 05:12 - 2023-08-23 05:12 - 000002818 _____ C:\Windows\System32\Tasks\Avira_Security_Systray
2023-08-30 08:43 - 2023-01-09 13:16 - 000000000 ____D C:\Users\Public\Speedup Sessions
2023-08-30 08:40 - 2023-01-09 13:16 - 000000000 ____D C:\Program Files (x86)\Avira
2023-08-30 08:38 - 2023-01-09 13:16 - 000000000 ____D C:\ProgramData\Avira
2023-08-30 08:38 - 2022-05-06 21:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-08-30 08:27 - 2023-01-09 12:42 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2023-08-30 00:09 - 2022-06-22 02:22 - 000000000 ____D C:\Users\User\AppData\Roaming\IObit
2023-08-29 23:57 - 2021-09-20 05:23 - 000000000 ____D C:\Program Files\CCleaner
2023-08-29 11:56 - 2023-05-10 04:13 - 000000000 ____D C:\Users\User\AppData\Local\Malwarebytes
2023-08-28 13:37 - 2022-06-22 02:23 - 000000000 ____D C:\Users\User\AppData\LocalLow\IObit
2023-08-28 13:37 - 2022-06-22 02:23 - 000000000 ____D C:\ProgramData\IObit
2023-08-28 13:37 - 2020-03-04 01:11 - 000000000 ____D C:\temp
2023-08-25 12:05 - 2022-11-07 13:45 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2023-08-25 06:50 - 2020-03-07 08:48 - 000000000 ____D C:\Users\User\AppData\Local\FSDART
2023-08-23 05:12 - 2023-01-09 13:16 - 000003476 _____ C:\Windows\System32\Tasks\Avira_Security_Update
2023-08-11 07:50 - 2022-09-26 10:01 - 000239544 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
 
*****************
 
 
========= wmic qfe =========
 
Caption                                     CSName          Description      FixComments  HotFixID   InstallDate  InstalledBy          InstalledOn  Name  ServicePackInEffect  Status  
                                            MININT-2PH5JEB  Security Update               KB5017233               NT AUTHORITY\SYSTEM  11/7/2022                                       
 
 
 
========= End of CMD: =========
 
 
========= type "C:\Windows\System32\Logfiles\Srt\SrtTrail.txt" =========
 
Startup Repair diagnosis and repair log
---------------------------
Last successful boot time: ‎8/‎25/‎2023 7:55:08 PM (GMT)
Number of repair attempts: 28
 
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = D:\WINDOWS
AutoChk Run = 0
Number of root causes = 1
 
Test Performed: 
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 94 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 15 ms
 
Test Performed: 
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 32 ms
 
Test Performed: 
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 3968 ms
 
Test Performed: 
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 47 ms
 
Test Performed: 
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Root cause found: 
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.
 
---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = D:\WINDOWS
AutoChk Run = 0
Number of root causes = 1
 
Test Performed: 
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 15 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 94 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms
 
Test Performed: 
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 31 ms
 
Test Performed: 
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 3875 ms
 
Test Performed: 
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 47 ms
 
Test Performed: 
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Root cause found: 
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.
 
---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = D:\WINDOWS
AutoChk Run = 0
Number of root causes = 1
 
Test Performed: 
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 109 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms
 
Test Performed: 
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms
 
Test Performed: 
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 3297 ms
 
Test Performed: 
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 46 ms
 
Test Performed: 
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Root cause found: 
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.
 
---------------------------
---------------------------
 
 
========= End of CMD: =========
 
"HKU\User\Software\Microsoft\Windows\CurrentVersion\Run" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D791332B-4089-4697-B61A-2BFAD3DA3D5F} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D791332B-4089-4697-B61A-2BFAD3DA3D5F} => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\InstallService\SmartRetry => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\InstallService\SmartRetry => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{132E87AF-BC2E-4C65-AD8A-16C732A3A076} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{132E87AF-BC2E-4C65-AD8A-16C732A3A076} => removed successfully
C:\Windows\System32\Tasks\Avira_Antivirus_Systray => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Antivirus_Systray => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{132E87AF-BC2E-4C65-AD8A-16C732A3A076} => not found
C:\Windows\System32\Tasks\Avira_Antivirus_Systray => Could not move
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Antivirus_Systray => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{067C3245-A79E-497B-ABF7-D2D70D98C41B} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{067C3245-A79E-497B-ABF7-D2D70D98C41B} => removed successfully
C:\Windows\System32\Tasks\Avira_Security_Maintenance => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Security_Maintenance => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{067C3245-A79E-497B-ABF7-D2D70D98C41B} => not found
C:\Windows\System32\Tasks\Avira_Security_Maintenance => Could not move
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Security_Maintenance => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{067C3245-A79E-497B-ABF7-D2D70D98C41B} => not found
C:\Windows\System32\Tasks\Avira_Security_Maintenance => Could not move
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Security_Maintenance => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04F552BC-055E-4F20-9531-E5AB619F4C70} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04F552BC-055E-4F20-9531-E5AB619F4C70} => removed successfully
C:\Windows\System32\Tasks\Avira_Security_Service_SCM_Watchdog => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Security_Service_SCM_Watchdog => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C038F49D-0C13-4162-9DC5-B07826F0FD91} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C038F49D-0C13-4162-9DC5-B07826F0FD91} => removed successfully
C:\Windows\System32\Tasks\Avira_Security_Systray => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Security_Systray => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D8C5462-81A8-40FF-966A-460DBD434021} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D8C5462-81A8-40FF-966A-460DBD434021} => removed successfully
C:\Windows\System32\Tasks\Avira_Security_Update => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Security_Update => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F43A270-3247-4E8C-94C9-433AD54CDD69} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F43A270-3247-4E8C-94C9-433AD54CDD69} => removed successfully
C:\Windows\System32\Tasks\AviraSystemSpeedupVerify => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AviraSystemSpeedupVerify => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{704EB81A-6813-4C0F-AE95-DC39CD45ED9D} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{704EB81A-6813-4C0F-AE95-DC39CD45ED9D} => removed successfully
C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7FB9A476-EB83-41A8-82AD-5F28F3647B88} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FB9A476-EB83-41A8-82AD-5F28F3647B88} => removed successfully
C:\Windows\System32\Tasks\CCleaner Update => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A3ADECE-74EE-465B-A257-D78C841DC213} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A3ADECE-74EE-465B-A257-D78C841DC213} => removed successfully
C:\Windows\System32\Tasks\CCleanerSkipUAC - User => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC - User => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E20BD887-5588-429C-BE69-FA01597A3D86} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E20BD887-5588-429C-BE69-FA01597A3D86} => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34967669-F2A1-4D02-B075-8DBAA8490580} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34967669-F2A1-4D02-B075-8DBAA8490580} => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB8639B3-ECEF-4AB0-86CD-BC1EBF0622EF} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB8639B3-ECEF-4AB0-86CD-BC1EBF0622EF} => removed successfully
C:\Windows\System32\Tasks\GridinSoft Anti-Malware => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GridinSoft Anti-Malware => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1003759A-957F-4A92-BD44-3356D106F189} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1003759A-957F-4A92-BD44-3356D106F189} => removed successfully
C:\Windows\System32\Tasks\klcp_update => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update => removed successfully
HKLM\System\ControlSet001\Services\AviraOptimizerHost => removed successfully
AviraOptimizerHost => service removed successfully
HKLM\System\ControlSet001\Services\AviraSecurity => removed successfully
AviraSecurity => service removed successfully
HKLM\System\ControlSet001\Services\AviraSecurityUpdater => removed successfully
AviraSecurityUpdater => service removed successfully
HKLM\System\ControlSet001\Services\BDAppSrv => removed successfully
BDAppSrv => service removed successfully
HKLM\System\ControlSet001\Services\BDAuxSrv => removed successfully
BDAuxSrv => service removed successfully
HKLM\System\ControlSet001\Services\BDProtSrv => removed successfully
BDProtSrv => service removed successfully
HKLM\System\ControlSet001\Services\bdredline => removed successfully
bdredline => service removed successfully
HKLM\System\ControlSet001\Services\bdredline_agent => removed successfully
bdredline_agent => service removed successfully
HKLM\System\ControlSet001\Services\BDSafepaySrv => removed successfully
BDSafepaySrv => service removed successfully
HKLM\System\ControlSet001\Services\EndpointProtectionService => removed successfully
EndpointProtectionService => service removed successfully
HKLM\System\ControlSet001\Services\EndpointProtectionService2 => removed successfully
EndpointProtectionService2 => service removed successfully
HKLM\System\ControlSet001\Services\SecurityService => removed successfully
SecurityService => service removed successfully
HKLM\System\ControlSet001\Services\UPDATESRV => removed successfully
UPDATESRV => service removed successfully
HKLM\System\ControlSet001\Services\VSSERV => removed successfully
VSSERV => service removed successfully
HKLM\System\ControlSet001\Services\CCleanerPerformanceOptimizerService => removed successfully
CCleanerPerformanceOptimizerService => service removed successfully
HKLM\System\ControlSet001\Services\GoogleChromeElevationService => removed successfully
GoogleChromeElevationService => service removed successfully
HKLM\System\ControlSet001\Services\MBAMService => removed successfully
MBAMService => service removed successfully
HKLM\System\ControlSet001\Services\OneDrive Updater Service => removed successfully
OneDrive Updater Service => service removed successfully
HKLM\System\ControlSet001\Services\PrintNotify => removed successfully
PrintNotify => service removed successfully
HKLM\System\ControlSet001\Services\atc => removed successfully
atc => service removed successfully
HKLM\System\ControlSet001\Services\avdevprot => removed successfully
avdevprot => service removed successfully
HKLM\System\ControlSet001\Services\avelam => removed successfully
avelam => service removed successfully
HKLM\System\ControlSet001\Services\avusbflt => removed successfully
avusbflt => service removed successfully
HKLM\System\ControlSet001\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}\\UpperFilters avusbflt => value removed successfully
HKLM\System\ControlSet001\Services\BdDci => removed successfully
BdDci => service removed successfully
HKLM\System\ControlSet001\Services\bdelam => removed successfully
bdelam => service removed successfully
HKLM\System\ControlSet001\Services\BdNet => removed successfully
BdNet => service removed successfully
HKLM\System\ControlSet001\Services\bdprivmon => removed successfully
bdprivmon => service removed successfully
HKLM\System\ControlSet001\Services\BdSentry => removed successfully
BdSentry => service removed successfully
HKLM\System\ControlSet001\Services\bduefiscan => removed successfully
bduefiscan => service removed successfully
HKLM\System\ControlSet001\Services\Gemma => removed successfully
Gemma => service removed successfully
HKLM\System\ControlSet001\Services\GridinSoftInetSecurityDriver => removed successfully
GridinSoftInetSecurityDriver => service removed successfully
HKLM\System\ControlSet001\Services\Ignisv2 => removed successfully
Ignisv2 => service removed successfully
HKLM\System\ControlSet001\Services\MbamElam => removed successfully
MbamElam => service removed successfully
HKLM\System\ControlSet001\Services\MBAMSwissArmy => removed successfully
MBAMSwissArmy => service removed successfully
HKLM\System\ControlSet001\Services\netprotection_network_filter => removed successfully
netprotection_network_filter => service removed successfully
HKLM\System\ControlSet001\Services\rtp_elam => removed successfully
rtp_elam => service removed successfully
HKLM\System\ControlSet001\Services\rtp_filter => removed successfully
rtp_filter => service removed successfully
HKLM\System\ControlSet001\Services\rtp_traverse => removed successfully
rtp_traverse => service removed successfully
HKLM\System\ControlSet001\Services\webshieldfilter => removed successfully
webshieldfilter => service removed successfully
HKLM\System\ControlSet001\Services\AndnetBus => removed successfully
AndnetBus => service removed successfully
HKLM\System\ControlSet001\Services\epp => removed successfully
epp => service removed successfully
HKLM\System\ControlSet001\Services\netprotection_network_filter2 => removed successfully
netprotection_network_filter2 => service removed successfully
HKLM\System\ControlSet001\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
HKLM\System\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\\"UpperFilters"="volsnap" => value restored successfully
C:\Program Files\CCleaner => Could not move
C:\Program Files (x86)\Avira => Could not move
C:\WINDOWS\system32\net.exe => moved successfully
C:\Program Files\Bitdefender Agent => Could not move
"D:\temp" => not found
C:\Program Files\GridinSoft Anti-Malware => Could not move
C:\Program Files\Bitdefender\Bitdefender Security => Could not move
C:\Program Files\Avira => Could not move
C:\Program Files (x86)\TotalAV => Could not move
C:\Program Files\Malwarebytes => Could not move
C:\Windows\System32\DRIVERS\atc.sys => moved successfully
C:\Windows\System32\DRIVERS\avdevprot.sys => moved successfully
C:\Windows\System32\drivers\avelam.sys => moved successfully
C:\Windows\System32\Drivers\avusbflt.sys => moved successfully
C:\Windows\system32\DRIVERS\bddci.sys => moved successfully
C:\Windows\System32\drivers\bdelam.sys => moved successfully
C:\Windows\System32\DRIVERS\BdNet.sys => moved successfully
C:\Windows\system32\DRIVERS\bdprivmon.sys => moved successfully
C:\Windows\System32\DRIVERS\BdSentry.sys => moved successfully
C:\Windows\system32\DRIVERS\bduefiscan.sys => moved successfully
C:\Windows\System32\DRIVERS\gemma.sys => moved successfully
C:\Windows\system32\DRIVERS\gsInetSecurity.sys => moved successfully
C:\Windows\system32\DRIVERS\ignisv2.sys => moved successfully
C:\Windows\System32\DRIVERS\MbamElam.sys => moved successfully
C:\Windows\System32\Drivers\mbamswissarmy.sys => moved successfully
C:\Windows\System32\drivers\netprotection_network_filter.sys => moved successfully
C:\Windows\System32\DRIVERS\rtp_elam.sys => moved successfully
C:\Windows\System32\DRIVERS\rtp_filter.sys => moved successfully
C:\Windows\system32\DRIVERS\rtp_traverse.sys => moved successfully
C:\Windows\System32\drivers\webshieldfilter.sys => moved successfully
"C:\Windows\System32\drivers\webshieldfilter.sys" => not found
"C:\Windows\System32\Tasks\GridinSoft Anti-Malware" => not found
"C:\Windows\System32\Drivers\netprotection_network_filter.sys" => not found
C:\Program Files\Avira => Could not move
"C:\Windows\System32\Drivers\rtp_filter.sys" => not found
"C:\Windows\System32\Drivers\rtp_traverse.sys" => not found
"C:\Windows\System32\Drivers\rtp_elam.sys" => not found
"C:\Windows\System32\Drivers\BdNet.sys" => not found
"C:\Windows\System32\Drivers\BdSentry.sys" => not found
C:\ProgramData\cl.1693412566.bdinstall.v2.bin => moved successfully
C:\ProgramData\cl.kit.1693412562.bdinstall.v2.bin => moved successfully
C:\ProgramData\Gemma => Could not move
C:\ProgramData\Atc => Could not move
C:\ProgramData\agent.update.1693413084.bdinstall.v2.bin => moved successfully
C:\ProgramData\BDLogging => Could not move
C:\Users\Public\Desktop\Bitdefender.lnk => moved successfully
C:\Windows\System32\elambkup => Could not move
"C:\Windows\System32\Drivers\bdelam.sys" => not found
C:\Users\User\AppData\Roaming\Bitdefender Security App => Could not move
"C:\Windows\System32\Drivers\atc.sys" => not found
"C:\Windows\System32\Drivers\bdprivmon.sys" => not found
"C:\Windows\System32\Drivers\gemma.sys" => not found
C:\Windows\System32\Drivers\Trufos.sys => moved successfully
"C:\Windows\System32\Drivers\bddci.sys" => not found
"C:\Windows\System32\Drivers\bduefiscan.sys" => not found
C:\Users\User\AppData\Roaming\Bitdefender => Could not move
C:\ProgramData\Bitdefender => Could not move
C:\Program Files\Bitdefender => Could not move
"C:\Windows\System32\Drivers\ignisv2.sys" => not found
"C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864" => not found
C:\Windows\System32\Drivers\vlflt.sys => moved successfully
C:\Program Files\Bitdefender Agent => Could not move
C:\ProgramData\agent.1693412509.bdinstall.v2.bin => moved successfully
"C:\Windows\System32\Tasks\GridinSoft Anti-Malware" => not found
"C:\Windows\System32\Drivers\netprotection_network_filter.sys" => not found
C:\Program Files\Avira => Could not move
"C:\Windows\System32\Drivers\rtp_filter.sys" => not found
"C:\Windows\System32\Drivers\rtp_traverse.sys" => not found
"C:\Windows\System32\Drivers\rtp_elam.sys" => not found
"C:\Windows\System32\Drivers\BdNet.sys" => not found
"C:\Windows\System32\Drivers\BdSentry.sys" => not found
"C:\ProgramData\cl.1693412566.bdinstall.v2.bin" => not found
"C:\ProgramData\cl.kit.1693412562.bdinstall.v2.bin" => not found
C:\ProgramData\Gemma => Could not move
C:\ProgramData\Atc => Could not move
"C:\ProgramData\agent.update.1693413084.bdinstall.v2.bin" => not found
C:\ProgramData\BDLogging => Could not move
"C:\Users\Public\Desktop\Bitdefender.lnk" => not found
C:\Windows\System32\elambkup => Could not move
"C:\Windows\System32\Drivers\bdelam.sys" => not found
C:\Users\User\AppData\Roaming\Bitdefender Security App => Could not move
"C:\Windows\System32\Drivers\atc.sys" => not found
"C:\Windows\System32\Drivers\bdprivmon.sys" => not found
"C:\Windows\System32\Drivers\gemma.sys" => not found
"C:\Windows\System32\Drivers\Trufos.sys" => not found
"C:\Windows\System32\Drivers\bddci.sys" => not found
"C:\Windows\System32\Drivers\bduefiscan.sys" => not found
C:\Users\User\AppData\Roaming\Bitdefender => Could not move
C:\ProgramData\Bitdefender => Could not move
C:\Program Files\Bitdefender => Could not move
"C:\Windows\System32\Drivers\ignisv2.sys" => not found
"C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864" => not found
"C:\Windows\System32\Drivers\vlflt.sys" => not found
C:\Program Files\Bitdefender Agent => Could not move
"C:\ProgramData\agent.1693412509.bdinstall.v2.bin" => not found
C:\ProgramData\ScanGuard => Could not move
C:\Program Files (x86)\ScanGuard => Could not move
C:\Users\Public\Desktop\ScanGuard.lnk => moved successfully
"C:\Windows\System32\Drivers\webshieldfilter.sys" => not found
C:\Users\User\AppData\Local\GUI => Could not move
C:\Users\Public\Desktop\TotalAV.lnk => moved successfully
C:\ProgramData\TotalAV => Could not move
C:\ProgramData\SecuritySuite => Could not move
C:\Windows\System32\Drivers\protected_elam.sys => moved successfully
C:\Program Files (x86)\TotalAV => Could not move
C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk => moved successfully
C:\ProgramData\GridinSoft => Could not move
C:\Program Files\GridinSoft Anti-Malware => Could not move
C:\AdwCleaner => Could not move
"C:\Windows\System32\Drivers\gsInetSecurity.sys" => not found
C:\Windows\System32\Drivers\GSDriver64.sys => moved successfully
"C:\Windows\System32\Tasks\AviraSystemSpeedupVerify" => not found
C:\ProgramData\Piriform => Could not move
C:\Windows\System32\default_error_stack-000002-000000.txt => moved successfully
C:\Windows\System32\default_error_stack-000001-000000.txt => moved successfully
C:\Program Files\Trend Micro => Could not move
C:\ProgramData\F-Secure => Could not move
"C:\Windows\System32\Tasks\Avira_Security_Maintenance" => not found
"C:\Windows\System32\Tasks\Avira_Security_Service_SCM_Watchdog" => not found
"C:\Windows\System32\Tasks\Avira_Security_Systray" => not found
C:\Users\Public\Speedup Sessions => Could not move
C:\Program Files (x86)\Avira => Could not move
C:\ProgramData\Avira => Could not move
C:\Windows\ELAMBKUP => Could not move
C:\Program Files\Common Files\Bitdefender => Could not move
C:\Users\User\AppData\Roaming\IObit => Could not move
C:\Program Files\CCleaner => Could not move
C:\Users\User\AppData\Local\Malwarebytes => Could not move
C:\Users\User\AppData\LocalLow\IObit => Could not move
C:\ProgramData\IObit => Could not move
C:\temp => Could not move
"C:\Windows\System32\Tasks\CCleaner Update" => not found
C:\Users\User\AppData\Local\FSDART => Could not move
"C:\Windows\System32\Tasks\Avira_Security_Update" => not found
"C:\Windows\System32\Drivers\mbamswissarmy.sys" => not found
 
==== End of Fixlog 16:52:34 ====

#43 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 09 September 2023 - 01:11 PM

Did you try booting your computer? If it doesn't boot describe what happens.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#44 cherm

cherm
  • Topic Starter

  • Avatar image
  • Members
  • 94 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:04:24 AM

Posted 09 September 2023 - 03:50 PM

Nothing changed. 

Failed to boot.

I tried also Safe Mode, but this also ended up with a failure.


#45 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 09 September 2023 - 05:07 PM

Please run a new FRST Scan and post the report.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·