I-Need-FIX3D

All done I think. kprm-20220119194013.txt

It's smooth now. And yet, none, there are no recent issues this day. I think it's fixed now. SOLVED AND DONE 👌 Thanks a lot!

Here it is: --------------------------------------------------------------------------------------------------------- SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21] WebSite: www.safezone.cc DateLog: 18.01.2022 21:11:58 Path starting: C:\Users\walangisangwala\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: walangisangwala VersionXML: 9.30s-06.12.2021 ___________________________________________________________________________ Windows 10(6.3.19044) (x64) Professional Release: 2009 Lang: English(0409) Installation date OS: 03.01.2022 13:48:13 LicenseStatus: Windows(R), Professional edition Volume activation will expire : 237639 minutes LicenseStatus: Office 16, Office16ProPlusVL_KMS_Client edition Volume activation will expire : 239813 minutes Boot Mode: Normal Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe SystemDrive: C: FS: [NTFS] Capacity: [464.2 Gb] Used: [80.2 Gb] Free: [384 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.789.19041.0 User Account Control enabled (Level 3) Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service has stopped SSDP Discovery (SSDPSRV) - The service is running Remote Desktop Services (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2016 x86 v.16.0.4266.1001 ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (disabled and up to date) Malwarebytes (enabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Windows Defender Firewall (mpssvc) - The service is running ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Malwarebytes version 4.5.0.152 v.4.5.0.152 [+] --------------------------- [ OtherUtilities ] ---------------------------- Microsoft .NET Framework 1.1 SP1 Warning! This software is no longer supported. Microsoft Silverlight v.5.1.20913.0 Warning! This software is no longer supported. Microsoft .NET Framework 1.1 Security Update (KB2698023) Warning! This software is no longer supported. Microsoft .NET Framework 1.1 Security Update (KB2833941) Warning! This software is no longer supported. Microsoft .NET Framework 1.1 Security Update (KB979906) Warning! This software is no longer supported. Microsoft .NET Framework 1.1 Warning! This software is no longer supported. ------------------------------- [ Backup ] -------------------------------- Microsoft OneDrive v.22.002.0103.0004 [+] ------------------------------ [ ArchAndFM ] ------------------------------ 7-Zip 19.00 (x64) v.19.00 Warning! Download Update Uninstall old version and install new one. WinRAR 6.02 (64-bit) v.6.02.0 -------------------------- [ IMAndCollaborate ] --------------------------- Viber v.16.7.0.4 [+] --------------------------------- [ P2P ] --------------------------------- µTorrent v.3.5.5.46148 Warning! Ad-supported P2P-client. -------------------------------- [ Java ] --------------------------------- Java 8 Update 311 v.8.0.3110.11 -------------------------------- [ Media ] -------------------------------- VLC media player v.3.0.16 --------------------------- [ AdobeProduction ] --------------------------- Adobe Shockwave Player 12.0 v.12.0.7.148 Warning! This software is no longer supported. Please uninstall it. ------------------------------- [ Browser ] ------------------------------- Google Chrome v.97.0.4692.71 [+] Microsoft Edge v.97.0.1072.62 [+] ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe v.4.0.0.1190 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1190 Malwarebytes Service (MBAMService) - The service is running C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1009 Microsoft Defender Antivirus Service (WinDefend) - The service has stopped Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped ----------------------------- [ End of Log ] ------------------------------ Everything's fixed and now already uninstalled, all of it. I think it's done. SecurityCheck.txt

Here's the log. No problem so far: --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.355, (build 1.355.2057.0) Started On Wed Jan 19 09:25:30 2022 Engine: 1.1.18800.4 Signatures: 1.355.2057.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Wed Jan 19 12:12:56 2022 Return code: 0 (0x0) -------------------------- I think that's it. Fixed msert.log

I didn't realize that... I didn't... I didn't realize that how to create a backup files when my PC corrupted then recover it with the backup. I'm so pretty dumb, so sorry for that. By the way, I have USB and do it on my PC instead backup from the Internet, but it has 8GB only. I don't have any owned portable hard drive or USB with 32GB, so I can't create backup. Don't worry, I will find and buy it from the shop somewhere if it is available. Anyways, thanks for giving this information. Before the end, I have a one question. Is VPN protects from any hackers? Because I haven't make yet.

Here's the fully-scanned MSERT log. --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.355, (build 1.355.2057.0) Started On Mon Jan 17 19:24:54 2022 Engine: 1.1.18800.4 Signatures: 1.355.2057.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Full Scan Results: ------------------ Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed! Action: Remove, Result: 0x00000000 regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware SigSeq: 0x0000055555C57273 Threat Detected: Trojan:MSIL/Cryptor and Removed! Action: Remove, Result: 0x00000000 file://C:\Users\walangisangwala\Downloads\Warcraft III Reign Of Chaos + Frozen Throne .Full-Rip. [blaze69]\Warcraft III Reign Of Chaos + Frozen Throne.zip->Warcraft III Reign Of Chaos + Frozen Throne/blaze69.exe SigSeq: 0x00001667B462433D containerfile://C:\Users\walangisangwala\Downloads\Warcraft III Reign Of Chaos + Frozen Throne .Full-Rip. [blaze69]\Warcraft III Reign Of Chaos + Frozen Throne.zip Results Summary: ---------------- Found VirTool:Win32/DefenderTamperingRestore and Removed! Found Trojan:MSIL/Cryptor and Removed! Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Mon Jan 17 21:57:23 2022 Return code: 6 (0x6) I don't see any problems but only just two of them. Also I haven't received any shared infected files via P2P program when uTorrent is opened yet since 1 week. But, of course, I'm honestly always aware of it, though. msert.log

Anyways, I have to say this right now what was the cause of infection. I didn't uninstall uTorrent because it wasn't the cause to infect my PC, it was the unwanted cracking application that I downloaded it from "malicious" site via description, implying it was helpful, from the owner's video on YouTube. Then I accidentally opened it on desktop so the viruses freed and created in the Windows System folders. I know it was so difficult. And I know that uTorrent causing viruses and malwares to spread and must uninstall it. However, since I had the Malwarebytes Premium, which is activated, so the anti-virus will take care itself while that application is opened because it has Website Protection. I promise I'll remove uTorrent before the Premium expires. I hope to understand this... By the way, thanks a lot for that.

I think it fixed for now... Here's a log: ----------------------------------------------------------------- Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022 Ran by walangisangwala (16-01-2022 21:54:23) Run:1 Running from C:\Users\walangisangwala\Desktop\FRST Loaded Profiles: walangisangwala Boot Mode: Normal ============================================== fixlist content: ***************** Comment: STEP 01 All processes will be force closed, System Protection will be enabled Comment: New Restore Point will be created, All network proxies will be removed CloseProcesses: SystemRestore: On CreateRestorePoint: RemoveProxy: Comment: STEP 02 First PS to gather advanced disk info and Secure Boot info StartPowerShell: # Determine if Secure Boot is enabled or not $SBS=Confirm-SecureBootUEFI echo "Secure Boot Status: $SBS" # Function Get-Drive by Raghu Dodda from stackoverflow function Get-Drive { foreach($disk in Get-CimInstance Win32_Diskdrive) { $diskMetadata = Get-Disk | Where-Object { $_.Number -eq $disk.Index } | Select-Object -First 1 $partitions = Get-CimAssociatedInstance -ResultClassName Win32_DiskPartition -InputObject $disk foreach($partition in $partitions) { $drives = Get-CimAssociatedInstance -ResultClassName Win32_LogicalDisk -InputObject $partition foreach($drive in $drives) { $totalSpace = [math]::Round($drive.Size / 1GB, 3) $freeSpace = [math]::Round($drive.FreeSpace / 1GB, 3) $usedSpace = [math]::Round($totalSpace - $freeSpace, 3) $volume = Get-Volume | Where-Object { $_.DriveLetter -eq $drive.DeviceID.Trim(":") } | Select-Object -First 1 [PSCustomObject] @{ DriveLetter = $drive.DeviceID Number = $disk.Index Label = $volume.FileSystemLabel Manufacturer = $diskMetadata.Manufacturer Model = $diskMetadata.Model SerialNumber = $diskMetadata.SerialNumber.Trim() Name = $disk.Caption FileSystem = $volume.FileSystem PartitionKind = $diskMetadata.PartitionStyle TotalSpace = $totalSpace FreeSpace = $freeSpace UsedSpace = $usedSpace Drive = $drive Partition = $partition Disk = $disk } } } } } Get-Drive | Sort -Property DriveLetter | Format-List EndPowerShell: Comment: STEP 03 Run a batch to clean up cache files and enable a disk check on restart StartBatch: ECHO Y|CHKDSK C: /F pushd c:\windows\system32 bcdedit.exe /set {default} recoveryenabled yes net stop bits net stop cryptSvc net stop wuauserv net stop msiserver del /s /q C:\Windows\SoftwareDistribution\download\*.* del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*" del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*" netsh winsock reset catalog netsh int ipv4 reset reset.log netsh int ipv6 reset reset.log ipconfig /release ipconfig /renew ipconfig /flushdns ipconfig /registerdns net start bfe net start bits net start cryptSvc net start eventsystem net start msiserver net start rpcss net start sdrsvc net start trustedinstaller net start vss net start winmgmt net start wuauserv netsh winhttp reset proxy bitsadmin /list /allusers bitsadmin /reset /allusers netsh advfirewall reset netsh advfirewall set allprofiles state ON EndBatch: Comment: STEP 04 Check the OS files for issues cmd: DISM.exe /Online /Cleanup-image /Restorehealth cmd: sfc /scannow cmd: winmgmt /salvagerepository cmd: winmgmt /verifyrepository cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R Comment: STEP 05 Use Farbar routine to delete temp files C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp C:\Users\walangisangwala\AppData\Local\Temp\*.* Task: {97FBEF1A-5122-4A48-956F-5E6015554D64} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2022-01-02] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {ADB0D6C2-60A9-48AF-A80C-81C04F209C76} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [570240 2017-02-15] (Apple Inc. -> Apple Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2022-01-02] (Adobe Systems Incorporated -> Adobe Systems Incorporated) U3 aspnet_state; no ImagePath EmptyTemp: Reboot: ***************** Processes closed successfully. SystemRestore: On => completed Restore point was successfully created. ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-3052631617-1058395183-4167437106-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-3052631617-1058395183-4167437106-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= ========= Powershell: ========= Secure Boot Status: DriveLetter : C: Number : 0 Label : BOOTCAMP Manufacturer : Model : APPLE HDD HTS541010A9E632 SerialNumber : JD8002D8J4D5BD Name : APPLE HDD HTS541010A9E632 FileSystem : NTFS PartitionKind : GPT TotalSpace : 464.195 FreeSpace : 370.571 UsedSpace : 93.624 Drive : Win32_LogicalDisk: C: (DeviceID = "C:") Partition : Win32_DiskPartition: Disk #0, Partition #2 (DeviceID = "Disk #0, Partition #2") Disk : Win32_DiskDrive: APPLE HDD HTS541010A9E632 (DeviceID = "\\.\PHYSICALDRIVE0") DriveLetter : D: Number : 1 Label : SHANE 32GB Manufacturer : SanDisk Model : Cruzer Switch SerialNumber : 4C532000000617112143 Name : SanDisk Cruzer Switch USB Device FileSystem : FAT32 PartitionKind : MBR TotalSpace : 29.801 FreeSpace : 28.035 UsedSpace : 1.766 Drive : Win32_LogicalDisk: D: (DeviceID = "D:") Partition : Win32_DiskPartition: Disk #1, Partition #0 (DeviceID = "Disk #1, Partition #0") Disk : Win32_DiskDrive: SanDisk Cruzer Switch USB Device (DeviceID = "\\.\PHYSICALDRIVE1") ========= End of Powershell: ========= ========= Batch: ========= ========= End of Batch: ========= ========= DISM.exe /Online /Cleanup-image /Restorehealth ========= Deployment Image Servicing and Management tool Version: 10.0.19041.844 Image Version: 10.0.19044.1466 [== 3.8% ] [== 3.8% ] [== 3.8% ] [== 3.9% ] [== 4.1% ] [== 4.2% ] [== 4.3% ] [== 4.5% ] [== 4.6% ] [== 4.7% ] [== 4.8% ] [== 4.9% ] [== 5.0% ] [== 5.1% ] [=== 5.2% ] [=== 5.3% ] [=== 5.4% ] [=== 5.6% ] [=== 5.7% ] [=== 5.8% ] [=== 6.0% ] [=== 6.1% ] [=== 6.3% ] [=== 6.4% ] [=== 6.6% ] [=== 6.8% ] [==== 6.9% ] [==== 7.0% ] [==== 7.1% ] [==== 7.2% ] [==== 7.3% ] [==== 7.5% ] [==== 7.6% ] [==== 7.8% ] [==== 7.8% ] [==== 8.1% ] [==== 8.2% ] [==== 8.4% ] [==== 8.4% ] [==== 8.5% ] [===== 8.7% ] [===== 8.8% ] [===== 9.0% ] [===== 9.1% ] [===== 9.2% ] [===== 9.3% ] [===== 9.4% ] [===== 9.6% ] [===== 9.6% ] [===== 9.7% ] [===== 9.9% ] [===== 10.1% ] [===== 10.3% ] [====== 10.4% ] [====== 10.7% ] [====== 10.9% ] [====== 11.0% ] [====== 11.2% ] [====== 11.2% ] [====== 11.5% ] [====== 11.7% ] [======= 12.2% ] [======= 12.7% ] [======= 13.1% ] [======= 13.6% ] [======== 14.1% ] [======== 14.4% ] [======== 14.7% ] [======== 14.9% ] [======== 15.2% ] [========= 15.5% ] [========= 15.9% ] [========= 16.1% ] [========= 16.4% ] [========= 16.7% ] [========= 17.0% ] [========== 17.4% ] [========== 17.7% ] [========== 18.0% ] [========== 18.3% ] [========== 18.8% ] [=========== 19.1% ] [=========== 19.4% ] [=========== 19.8% ] [=========== 20.0% ] [=========== 20.2% ] [=========== 20.3% ] [=========== 20.5% ] [============ 20.8% ] [============ 20.9% ] [============ 21.1% ] [============ 21.1% ] [============ 21.3% ] [============ 21.4% ] [============ 21.5% ] [============ 21.7% ] [============ 21.9% ] [============ 22.1% ] [============ 22.3% ] [============= 22.4% ] [============= 22.7% ] [============= 22.8% ] [============= 22.9% ] [============= 22.9% ] [============= 22.9% ] [============= 23.0% ] [============= 23.0% ] [============= 23.1% ] [============= 23.2% ] [============= 23.4% ] [============= 23.5% ] [============= 23.6% ] [============= 23.8% ] [============= 24.1% ] [============== 24.2% ] [============== 24.5% ] [============== 24.8% ] [============== 25.0% ] [============== 25.2% ] [============== 25.6% ] [============== 25.8% ] [=============== 26.0% ] [=============== 26.3% ] [=============== 26.4% ] [=============== 26.7% ] [=============== 26.8% ] [=============== 27.0% ] [=============== 27.2% ] [=============== 27.4% ] [================ 27.7% ] [================ 27.9% ] [================ 28.1% ] [================ 28.2% ] [================ 28.5% ] [================ 28.6% ] [================ 28.7% ] [================ 28.8% ] [================ 29.1% ] [================ 29.2% ] [================ 29.3% ] [================= 29.4% ] [================= 29.7% ] [================= 29.7% ] [================= 29.8% ] [================= 29.8% ] [================= 30.0% ] [================= 30.1% ] [================= 30.2% ] [================= 30.3% ] [================= 30.5% ] [================= 30.6% ] [================= 30.6% ] [================= 30.6% ] [================= 30.7% ] [================= 30.9% ] [================= 30.9% ] [================== 31.2% ] [================== 31.3% ] [================== 31.3% ] [================== 31.5% ] [================== 31.5% ] [================== 31.7% ] [================== 31.8% ] [================== 31.8% ] [================== 31.8% ] [================== 31.9% ] [================== 32.1% ] [================== 32.2% ] [================== 32.3% ] [================== 32.5% ] [================== 32.5% ] [================== 32.7% ] [================== 32.8% ] [================== 32.8% ] [=================== 32.8% ] [=================== 33.0% ] [=================== 33.0% ] [=================== 33.1% ] [=================== 33.1% ] [=================== 33.3% ] [=================== 33.4% ] [=================== 33.9% ] [=================== 34.0% ] [=================== 34.0% ] [=================== 34.0% ] [=================== 34.1% ] [=================== 34.1% ] [=================== 34.2% ] [=================== 34.3% ] [=================== 34.3% ] [=================== 34.4% ] [=================== 34.4% ] [==================== 34.5% ] [==================== 34.6% ] [==================== 34.6% ] [==================== 34.6% ] [==================== 34.6% ] [==================== 34.6% ] [==================== 34.7% ] [==================== 34.8% ] [==================== 34.8% ] [==================== 34.9% ] [==================== 34.9% ] [==================== 34.9% ] [==================== 35.0% ] [==================== 35.0% ] [==================== 35.1% ] [==================== 35.2% ] [==================== 35.2% ] [==================== 35.3% ] [==================== 35.3% ] [==================== 35.4% ] [==================== 35.5% ] [==================== 35.5% ] [==================== 35.5% ] [==================== 35.5% ] [==================== 35.6% ] [==================== 35.7% ] [==================== 35.7% ] [==================== 35.8% ] [==================== 35.8% ] [==================== 35.8% ] [==================== 35.8% ] [==================== 35.9% ] [==================== 35.9% ] [==================== 35.9% ] [==================== 36.0% ] [==================== 36.0% ] [==================== 36.1% ] [===================== 36.2% ] [===================== 36.3% ] [===================== 36.3% ] [===================== 36.4% ] [===================== 36.5% ] [===================== 36.6% ] [===================== 36.7% ] [===================== 36.8% ] [===================== 36.8% ] [===================== 36.9% ] [===================== 37.0% ] [===================== 37.1% ] [===================== 37.1% ] [===================== 37.3% ] [===================== 37.3% ] [===================== 37.3% ] [===================== 37.4% ] [===================== 37.4% ] [===================== 37.5% ] [===================== 37.6% ] [===================== 37.7% ] [===================== 37.7% ] [===================== 37.7% ] [===================== 37.8% ] [===================== 37.8% ] [===================== 37.9% ] [====================== 38.0% ] [====================== 38.0% ] [====================== 38.3% ] [====================== 38.3% ] [====================== 38.4% ] [====================== 38.4% ] [====================== 38.6% ] [====================== 38.7% ] [====================== 38.8% ] [====================== 38.9% ] [====================== 38.9% ] [====================== 39.1% ] [====================== 39.2% ] [====================== 39.2% ] [====================== 39.5% ] [====================== 39.5% ] [====================== 39.6% ] [======================= 39.8% ] [======================= 39.8% ] [======================= 39.9% ] [======================= 40.0% ] [======================= 40.2% ] [======================= 40.4% ] [======================= 40.5% ] [======================= 40.5% ] [======================= 40.6% ] [======================= 40.8% ] [======================= 41.0% ] [======================= 41.1% ] [======================= 41.2% ] [======================= 41.3% ] [======================= 41.4% ] [======================== 41.4% ] [======================== 41.5% ] [======================== 41.6% ] [======================== 41.7% ] [======================== 41.7% ] [======================== 41.7% ] [======================== 41.8% ] [======================== 41.9% ] [======================== 41.9% ] [======================== 42.0% ] [======================== 42.1% ] [======================== 42.2% ] [======================== 42.3% ] [======================== 42.3% ] [======================== 42.4% ] [======================== 42.5% ] [======================== 42.5% ] [======================== 42.6% ] [======================== 42.6% ] [======================== 42.7% ] [======================== 42.8% ] [======================== 42.9% ] [======================== 42.9% ] [======================== 43.1% ] [======================== 43.1% ] [========================= 43.2% ] [========================= 43.4% ] [========================= 43.5% ] [========================= 43.7% ] [========================= 44.1% ] [========================= 44.2% ] [========================= 44.2% ] [========================= 44.3% ] [========================= 44.5% ] [========================= 44.5% ] [========================= 44.7% ] [========================= 44.7% ] [========================== 44.8% ] [========================== 45.1% ] [========================== 45.1% ] [========================== 45.4% ] [========================== 45.6% ] [========================== 45.7% ] [========================== 45.8% ] [========================== 45.9% ] [========================== 46.0% ] [========================== 46.3% ] [========================== 46.5% ] [===========================47.0% ] [===========================47.3% ] [===========================47.6% ] [===========================47.8% ] [===========================48.1% ] [===========================48.2% ] [===========================48.2% ] [===========================48.5% ] [===========================48.8% ] [===========================48.9% ] [===========================49.1% ] [===========================49.3% ] [===========================49.6% ] [===========================49.9% ] [===========================50.0% ] [===========================50.3% ] [===========================50.6% ] [===========================50.6% ] [===========================50.6% ] [===========================50.6% ] [===========================50.7% ] [===========================50.7% ] [===========================50.7% ] [===========================50.8% ] [===========================50.9% ] [===========================50.9% ] [===========================50.9% ] [===========================50.9% ] [===========================51.0% ] [===========================51.0% ] [===========================51.1% ] [===========================51.1% ] [===========================51.1% ] [===========================51.2% ] [===========================51.2% ] [===========================51.2% ] [===========================51.2% ] [===========================51.2% ] [===========================51.3% ] [===========================51.3% ] [===========================51.3% ] [===========================51.4% ] [===========================51.4% ] [===========================51.5% ] [===========================51.5% ] [===========================51.5% ] [===========================51.5% ] [===========================51.5% ] [===========================51.6% ] [===========================51.6% ] [===========================51.6% ] [===========================51.7% ] [===========================51.7% ] [===========================51.7% ] [===========================51.8% ] [===========================51.8% ] [===========================51.9% ] [===========================51.9% ] [===========================52.0% ] [===========================52.0% ] [===========================52.0% ] [===========================52.1% ] [===========================52.1% ] [===========================52.2% ] [===========================52.2% ] [===========================52.2% ] [===========================52.3% ] [===========================52.4% ] [===========================52.4% ] [===========================52.5% ] [===========================52.5% ] [===========================52.5% ] [===========================52.5% ] [===========================52.6% ] [===========================52.6% ] [===========================52.7% ] [===========================52.7% ] [===========================52.8% ] [===========================52.8% ] [===========================52.8% ] [===========================52.8% ] [===========================52.9% ] [===========================52.9% ] [===========================52.9% ] [===========================53.0% ] [===========================53.0% ] [===========================53.0% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.2% ] [===========================53.2% ] [===========================53.2% ] [===========================53.3% ] [===========================53.3% ] [===========================53.4% ] [===========================53.4% ] [===========================53.4% ] [===========================53.4% ] [===========================53.4% ] [===========================53.5% ] [===========================53.5% ] [===========================53.5% ] [===========================53.6% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.7% ] [===========================53.7% ] [===========================53.7% ] [===========================53.8% ] [===========================53.9% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.1% ] [===========================54.1% ] [===========================54.2% ] [===========================54.2% ] [===========================54.3% ] [===========================54.3% ] [===========================54.3% ] [===========================54.4% ] [===========================54.4% ] [===========================54.5% ] [===========================54.5% ] [===========================54.5% ] [===========================54.6% ] [===========================54.6% ] [===========================54.6% ] [===========================54.6% ] [===========================54.6% ] [===========================54.7% ] [===========================54.7% ] [===========================54.8% ] [===========================54.9% ] [===========================54.9% ] [===========================54.9% ] [===========================54.9% ] [===========================54.9% ] [===========================55.0% ] [===========================55.0% ] [===========================55.0% ] [===========================55.1% ] [===========================55.2% ] [===========================55.4% ] [===========================55.5% ] [===========================55.8% ] [===========================56.0% ] [===========================56.1% ] [===========================56.2% ] [===========================56.2% ] [===========================56.2% ] [===========================56.3% ] [===========================56.3% ] [===========================56.5% ] [===========================56.6% ] [===========================56.6% ] [===========================56.8% ] [===========================57.3%= ] [===========================57.3%= ] [===========================57.7%= ] [===========================58.7%== ] [===========================59.2%== ] [===========================59.3%== ] [===========================59.8%== ] [===========================59.8%== ] [===========================59.8%== ] [===========================62.3%==== ] [===========================84.9%================= ] [==========================100.0%==========================] The restore operation completed successfully. The operation completed successfully. ========= End of CMD: ========= ========= sfc /scannow ========= Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 0% complete. Verification 1% complete. Verification 1% complete. Verification 2% complete. Verification 3% complete. Verification 3% complete. Verification 4% complete. Verification 4% complete. Verification 5% complete. Verification 6% complete. Verification 6% complete. Verification 7% complete. Verification 8% complete. Verification 8% complete. Verification 9% complete. Verification 9% complete. Verification 10% complete. Verification 11% complete. Verification 11% complete. Verification 12% complete. Verification 12% complete. Verification 13% complete. Verification 14% complete. Verification 14% complete. Verification 15% complete. Verification 16% complete. Verification 16% complete. Verification 17% complete. Verification 17% complete. Verification 18% complete. Verification 19% complete. Verification 19% complete. Verification 20% complete. Verification 20% complete. Verification 21% complete. Verification 22% complete. Verification 22% complete. Verification 23% complete. Verification 24% complete. Verification 24% complete. Verification 25% complete. Verification 25% complete. Verification 26% complete. Verification 27% complete. Verification 27% complete. Verification 28% complete. Verification 28% complete. Verification 29% complete. Verification 30% complete. Verification 30% complete. Verification 31% complete. Verification 32% complete. Verification 32% complete. Verification 33% complete. Verification 33% complete. Verification 34% complete. Verification 35% complete. Verification 35% complete. Verification 36% complete. Verification 37% complete. Verification 37% complete. Verification 38% complete. Verification 38% complete. Verification 39% complete. Verification 40% complete. Verification 40% complete. Verification 41% complete. Verification 41% complete. Verification 42% complete. Verification 43% complete. Verification 43% complete. Verification 44% complete. Verification 45% complete. Verification 45% complete. Verification 46% complete. Verification 46% complete. Verification 47% complete. Verification 48% complete. Verification 48% complete. Verification 49% complete. Verification 49% complete. Verification 50% complete. Verification 51% complete. Verification 51% complete. Verification 52% complete. Verification 53% complete. Verification 53% complete. Verification 54% complete. Verification 54% complete. Verification 55% complete. Verification 56% complete. Verification 56% complete. Verification 57% complete. Verification 57% complete. Verification 58% complete. Verification 59% complete. Verification 59% complete. Verification 60% complete. Verification 61% complete. Verification 61% complete. Verification 62% complete. Verification 62% complete. Verification 63% complete. Verification 64% complete. Verification 64% complete. Verification 65% complete. Verification 66% complete. Verification 66% complete. Verification 67% complete. Verification 67% complete. Verification 68% complete. Verification 69% complete. Verification 69% complete. Verification 70% complete. Verification 70% complete. Verification 71% complete. Verification 72% complete. Verification 72% complete. Verification 73% complete. Verification 74% complete. Verification 74% complete. Verification 75% complete. Verification 75% complete. Verification 76% complete. Verification 77% complete. Verification 77% complete. Verification 78% complete. Verification 78% complete. Verification 79% complete. Verification 80% complete. Verification 80% complete. Verification 81% complete. Verification 82% complete. Verification 82% complete. Verification 83% complete. Verification 83% complete. Verification 84% complete. Verification 85% complete. Verification 85% complete. Verification 86% complete. Verification 86% complete. Verification 87% complete. Verification 88% complete. Verification 88% complete. Verification 89% complete. Verification 90% complete. Verification 90% complete. Verification 91% complete. Verification 91% complete. Verification 92% complete. Verification 93% complete. Verification 93% complete. Verification 94% complete. Verification 95% complete. Verification 95% complete. Verification 96% complete. Verification 96% complete. Verification 97% complete. Verification 98% complete. Verification 98% complete. Verification 99% complete. Verification 99% complete. Verification 100% complete. Windows Resource Protection found corrupt files and successfully repaired them. For online repairs, details are included in the CBS log file located at windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline repairs, details are included in the log file provided by the /OFFLOGFILE flag. ========= End of CMD: ========= ========= winmgmt /salvagerepository ========= WMI repository is consistent ========= End of CMD: ========= ========= winmgmt /verifyrepository ========= WMI repository is consistent ========= End of CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Error: Unable to rebuild performance counter setting from system backup store, error code is 2 ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\614cf21c-650f-4e27-89eb-ef77d1c83ba2.tmp => moved successfully C:\Windows\Temp\ASPNETSetup_00000.log => moved successfully C:\Windows\Temp\ASPNETSetup_00001.log => moved successfully C:\Windows\Temp\catalog.json => moved successfully C:\Windows\Temp\chrome_installer.log => moved successfully C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully C:\Windows\Temp\iusb3mon.exe.png => moved successfully C:\Windows\Temp\MpCmdRun.log => moved successfully C:\Windows\Temp\MpSigStub.log => moved successfully C:\Windows\Temp\msedge_installer.log => moved successfully C:\Windows\Temp\steam.vbe => moved successfully C:\Windows\Temp\tem283F.tmp => moved successfully C:\Windows\Temp\TS_558A.tmp => moved successfully C:\Windows\Temp\UpdHealthTools.msi => moved successfully ========= End -> "C:\Windows\Temp\*.*" ======== =========== "C:\WINDOWS\system32\*.tmp" ========== not found ========= End -> "C:\WINDOWS\system32\*.tmp" ======== =========== "C:\WINDOWS\syswow64\*.tmp" ========== not found ========= End -> "C:\WINDOWS\syswow64\*.tmp" ======== =========== "C:\Users\walangisangwala\AppData\Local\Temp\*.*" ========== C:\Users\walangisangwala\AppData\Local\Temp\.ses => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\0cf3d774-23d5-418d-af61-d050da3dcd40.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\291b391a-9502-4702-bcd0-fe4013f94780.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\2b555854-0ccc-4f38-8c17-0b91efc14591.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\2bc6537a-f5e6-4fc6-a6d6-2f1ca4e622f9.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\2fed6869-ff51-4fb3-8e54-11ca24aeb0f2.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\40090425-1dcb-4967-9474-88e85c0e41e9.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\43e96363-920f-4c01-9129-f9cc8aa2ccd0.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\46402e87-4427-46c4-90a9-385172e57c08.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\49716fc9-6169-4cf1-9078-dd7d0b9b432a.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\4b8a0db2-ccb1-4233-830a-bb21f803753b.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\4fcae03d-1274-49c0-bf0f-ac08c7c2b091.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\557b6103-770a-467d-b286-0f846c0e80ec.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\609618d9-cb77-4ff5-a7ed-29a60991ceaf.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\6c4dc971-4db0-4b05-8fd7-99401768dd1a.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\709fca50-4d96-49fc-9071-f2ec5f036cf6.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\77d621c9-740d-42f1-91ee-fb9da941dc00.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\7e7a2698-89bf-46c5-9b5c-3219896f8fc9.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\825c3d71-3643-4b6f-9a30-845759041ffa.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\932f9877-cc98-462e-a164-181872d28c31.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\9cb0ad8d-d54e-4aae-8e04-515d8a5c345a.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\a018c7e9-eedd-4a99-b6f1-dfd871617070.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\bf1a1b54-3c3c-4f98-9f42-b629289f1313.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\c23c4f5a-fb61-40f8-9eef-cfbd539d2779.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\c2c4b521-2fa2-4ef5-8887-c6deccd22a77.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\c377b566-8ffb-40cf-b4e6-c368cba807b4.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\c96fc096-cd91-425a-a3a8-7d32e6f0ff63.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\cre9E62.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\creBC8C.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\cv_debug.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\d9969cd8-8de7-4708-bdbb-8d97154d5da4.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\dd_vcredist_amd64_20220113221823.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\dd_vcredist_amd64_20220113221823_000_vcRuntimeMinimum_x64.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\dd_vcredist_amd64_20220113221823_001_vcRuntimeAdditional_x64.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\dd_vcredist_amd64_20220113222044.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\e6219e6a-c40a-42e8-b38b-241f9f130fde.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\ef10a8e6-70c5-4733-9804-c6f2e419ffd4.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\efe6b899-9a86-4f73-a705-7a3c31f5e1dd.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\f373339f-24ca-46d1-909d-86fb52854c9d.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\f3e582d8-c983-4739-9f8f-255665585af4.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\f3e5eb1c-71b8-42e8-9f43-3d3c1ef7395b.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\fa56d15e-df5d-44e1-b9cd-5490a97396d7.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\IMG_20150824_190131_bOpvPf.jpg => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\IMG_20150824_190131_gSTRwx.jpg => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\JavaDeployReg.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\java_install_reg.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\jusched.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\mbst-stub-results.txt => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\mb_BD76.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\RD5F84.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\RDC3BC.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\Setup Log 2022-01-13 #001.txt => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\Setup Log 2022-01-15 #001.txt => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\Setup Log 2022-01-15 #002.txt => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\Setup Log 2022-01-15 #003.txt => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\SetupExe(202201050957441514).log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\steam.vbe => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\StructuredQuery.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\uni9101.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\Viber_20220104222433.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\Viber_20220104222433_000_ViberSetup.msi.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct14FF.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct1658.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct1683.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct1B20.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct1C5A.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct2204.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct23D9.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct27C2.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct2C43.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct2C44.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct2CD3.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct33F7.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct38A1.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct41E0.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct4ACD.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct4ACE.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct526B.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct5424.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct54D9.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct5AA6.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct5B16.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct5B17.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct5C36.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct5D26.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct64C2.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct6E34.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct6ECB.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct71DC.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct732A.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct756F.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct799E.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct86E9.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct8706.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct874A.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct8957.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct8AC3.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct8FF5.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wct9C67.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctA620.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctA684.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctA7D8.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctAA1.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctAC5A.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctB08D.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctB5C8.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctB98E.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctC3C0.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctC709.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctD266.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctD539.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctD69D.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctD8C.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctDDDF.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctE89E.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctEAF7.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctECEE.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctEF52.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctF24F.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctF3B1.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctF3BF.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctF641.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctFB3E.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wctFDDE.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wmsetup.log => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\wsuA696.tmp => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\{1A94E3F7-20DD-455E-9200-57B1918F14CC} - OProcSessId.dat => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\{E13436E6-871E-4F65-8CEA-CC2C70C90098} - OProcSessId.dat => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\{E6922EC3-C3C0-4C4E-92FD-FC6E8EAE2BFE} - OProcSessId.dat => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\{F35829B5-DEC9-486E-8679-8DFD0999EC6D} - OProcSessId.dat => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\~DFEABF1A1A20E20CB9.TMP => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\~DFF2674041301912F6.TMP => moved successfully C:\Users\walangisangwala\AppData\Local\Temp\~e5.0001 => moved successfully ========= End -> "C:\Users\walangisangwala\AppData\Local\Temp\*.*" ======== "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97FBEF1A-5122-4A48-956F-5E6015554D64}" => not found "C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADB0D6C2-60A9-48AF-A80C-81C04F209C76}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADB0D6C2-60A9-48AF-A80C-81C04F209C76}" => removed successfully C:\WINDOWS\System32\Tasks\Apple\AppleSoftwareUpdate => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => removed successfully "C:\WINDOWS\Tasks\Adobe Flash Player Updater.job" => not found AdobeFlashPlayerUpdateSvc => service not found. HKLM\System\CurrentControlSet\Services\aspnet_state => removed successfully aspnet_state => service removed successfully =========== EmptyTemp: ========== BITS transfer queue => 1310720 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 41466992 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 20992040 B Edge => 0 B Chrome => 63092783 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 2464 B LocalService => 233916 B NetworkService => 266742 B walangisangwala => 298886390 B RecycleBin => 17061722 B EmptyTemp: => 422.8 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 22:39:45 ==== ------------------------------------------------------- Fixlog.txt

I think I should post the logs one by one not multi-upload with these... Here's the first one... I'm sorry if I've to repost this log by splitting ------------------------------------------------------------------------ Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/16/22 Scan Time: 12:38 PM Log File: 30c3326c-7686-11ec-98be-38f9d3045124.json -Software Information- Version: 4.5.0.152 Components Version: 1.0.1538 Update Package Version: 1.0.49865 License: Trial -System Information- OS: Windows 10 (Build 19044.1466) CPU: x64 File System: NTFS User: DESKTOP-V6PEHHI\walangisangwala -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 301370 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 4 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) --------- Report Scan.txt

Here are those...Report Scan.txtAdwCleaner[C00].txtAdwCleaner[S00].txtAddition.txtFRST.txt Report Scan.txt AdwCleaner[S00].txt AdwCleaner[C00].txt FRST.txt Addition.txt

I shut down my computer last night but when I opened it today, the scan scheduler detected those files, register keys/values and a folder that were infected. I think my PC got infected by unknown application or something. I need help to fix this issue. Here's a screenshot of this report: