Skip to content

Instantly share code, notes, and snippets.

@rayzuhh

rayzuhh/addition

Created Oct 6, 2019
Embed
What would you like to do?
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by frazh (06-10-2019 10:08:05)
Running from C:\Users\frazh\Downloads
Windows 10 Pro Version 1903 18362.388 (X64) (2019-10-05 21:38:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2810894802-1332715039-3122624091-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2810894802-1332715039-3122624091-503 - Limited - Disabled)
frazh (S-1-5-21-2810894802-1332715039-3122624091-1001 - Administrator - Enabled) => C:\Users\frazh
Guest (S-1-5-21-2810894802-1332715039-3122624091-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2810894802-1332715039-3122624091-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Mozilla Firefox 69.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.2 (x64 en-US)) (Version: 69.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.2 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7811 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2810894802-1332715039-3122624091-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\frazh\AppData\Local\Microsoft\OneDrive\19.152.0801.0009\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2810894802-1332715039-3122624091-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\frazh\AppData\Local\Microsoft\OneDrive\19.152.0801.0009\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2810894802-1332715039-3122624091-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\frazh\AppData\Local\Microsoft\OneDrive\19.152.0801.0009\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52386221.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WmsSelfHealing => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52386221.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hvsifltr => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WmsSelfHealing => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-10-05 21:09 - 2019-10-06 04:12 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2810894802-1332715039-3122624091-1001\Control Panel\Desktop\\Wallpaper -> c:\users\frazh\appdata\local\microsoft\windows\themes\roamedthemefiles\desktopbackground\1.png
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKU\S-1-5-21-2810894802-1332715039-3122624091-1001\...\StartupApproved\Run: => "Spotify"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{774FE87A-A29F-4EC2-8F39-14A2FAB61962}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{DD9F8161-351A-4833-A47E-426EABD09FFF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{78C53CEC-DFB5-4F7F-9367-0E72E9B9C546}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3B207466-DBCA-4309-9AFC-D4CA807D6A7D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
==================== Codecs (Whitelisted) ==================
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/06/2019 09:58:50 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (10/06/2019 09:48:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3140,R,98) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU.log.
Error: (10/06/2019 09:48:08 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (3140,R,98) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRU.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (10/06/2019 09:47:58 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (3140,R,98) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRU.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (10/06/2019 09:47:48 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3140,R,98) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU.log.
Error: (10/06/2019 09:47:48 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (3140,R,98) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRU.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (10/06/2019 09:47:38 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (3140,R,98) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRU.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (10/06/2019 09:47:28 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3140,R,98) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU.log.
System errors:
=============
Error: (10/06/2019 09:49:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Installer Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (10/06/2019 09:47:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.
Error: (10/06/2019 09:46:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading
Error: (10/06/2019 09:46:16 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (10/06/2019 09:45:13 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JNMK5K7)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (10/06/2019 09:44:10 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JNMK5K7)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (10/06/2019 09:43:47 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JNMK5K7)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (10/06/2019 09:41:43 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JNMK5K7)
Description: DCOM got error "1084" attempting to start the service BthAvctpSvc with arguments "Unavailable" in order to run the server:
{6E1F7F3E-760E-45F3-AA8F-5761ABDA272A}
Windows Defender:
===================================
Date: 2019-10-06 04:47:36.168
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CD61A38C-07F9-4A1F-A042-6DA64ADE1EF8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-05 21:59:29.510
Description:
Controlled Folder Access blocked C:\Windows\SysWOW64\chkdsk.exe from making changes to memory.
Detection time: 2019-10-06T01:59:29.509Z
Path: \Device\HarddiskVolume2
Process Name: C:\Windows\SysWOW64\chkdsk.exe
Security intelligence Version: 1.303.989.0
Engine Version: 1.1.16400.2
Product Version: 4.18.1909.6
Date: 2019-10-05 21:41:37.399
Description:
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe has been blocked from modifying %system%\CatRoot by Controlled Folder Access.
Detection time: 2019-10-06T01:41:37.398Z
Path: %system%\CatRoot
Process Name: C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe
Security intelligence Version: 1.303.989.0
Engine Version: 1.1.16400.2
Product Version: 4.18.1909.6
Date: 2019-10-05 21:35:31.198
Description:
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe has been blocked from modifying %windir%\Temp by Controlled Folder Access.
Detection time: 2019-10-06T01:35:31.197Z
Path: %windir%\Temp
Process Name: C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe
Security intelligence Version: 1.303.963.0
Engine Version: 1.1.16400.2
Product Version: 4.18.1909.6
Date: 2019-10-05 21:31:38.785
Description:
Controlled Folder Access blocked C:\Users\frazh\AppData\Local\Temp\{D594F90A-A4AA-453F-847C-0A3294CAA7F9}\{0BBD5DD7-88B8-415B-9152-533F9057AB80}.exe from making changes to memory.
Detection time: 2019-10-06T01:31:38.784Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Users\frazh\AppData\Local\Temp\{D594F90A-A4AA-453F-847C-0A3294CAA7F9}\{0BBD5DD7-88B8-415B-9152-533F9057AB80}.exe
Security intelligence Version: 1.303.963.0
Engine Version: 1.1.16400.2
Product Version: 4.18.1909.6
Date: 2019-10-06 04:24:48.176
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.1004.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Date: 2019-10-06 04:14:45.952
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-10-06 04:05:05.960
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.1004.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Date: 2019-10-06 03:55:01.818
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-10-05 22:39:05.127
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2019-10-06 06:57:57.281
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-10-06 06:57:57.237
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-10-06 03:41:55.135
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-10-06 03:41:53.321
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: American Megatrends Inc. C.80 07/27/2016
Motherboard: MSI B150 PC MATE (MS-7971)
Processor: Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 24%
Total physical RAM: 16347.06 MB
Available physical RAM: 12342.34 MB
Total Virtual: 16347.06 MB
Available Virtual: 10794.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1862.02 GB) (Free:1708.65 GB) NTFS
\\?\Volume{bd393a16-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{bd393a16-0000-0000-0000-50a0d1010000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: BD393A16)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=522 MB) - (Type=27)
==================== End of Addition.txt ============================
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.