Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2022 Ran by pc (25-02-2022 19:13:12) Running from C:\Users\pc\Downloads Microsoft Windows 10 Home Version 1803 17134.1304 (X64) (2020-09-28 13:18:25) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-120822950-1225855894-879144086-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-120822950-1225855894-879144086-503 - Limited - Disabled) Guest (S-1-5-21-120822950-1225855894-879144086-501 - Limited - Disabled) pc (S-1-5-21-120822950-1225855894-879144086-1001 - Administrator - Enabled) => C:\Users\pc WDAGUtilityAccount (S-1-5-21-120822950-1225855894-879144086-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Immunet 3 (Enabled - Up to date) {D3417D79-6FAC-4B50-D487-4BA8768A0AA4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adaware Driver Manager v5.5.610 (HKLM-x32\...\Adaware Driver Manager_is1) (Version: 5.5.610 - Adaware Software) Adaware VPN (HKLM\...\{52276A30-8D74-468E-B2A8-EBAC404A9FCA}) (Version: 1.0.144.3274 - Adaware) Hidden Adaware VPN (HKLM-x32\...\Adaware VPN) (Version: 1.0.144.3274 - Adaware Software) Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft) Application Compatibility Toolkit (HKLM\...\{3BD6A529-0C2A-1EE9-A123-3EF4D804A1D1}) (Version: 10.1.19041.1 - Microsoft) Hidden Assessments on Client (HKLM-x32\...\{2C100366-FCBF-7B21-5E61-015CDFBBEF25}) (Version: 10.1.19041.1 - Microsoft) Hidden BCUninstaller (HKLM\...\{f4fef76c-1aa9-441c-af7e-d27f58d898d1}_is1) (Version: 5.1.0.0 - Marcin Szeniak) Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.472.0 - Microsoft Corporation) EPSON XP-710 Series Printer Uninstall (HKLM\...\EPSON XP-710 Series) (Version: - SEIKO EPSON Corporation) Everything 1.4.1.1015 (x86) (HKLM-x32\...\Everything) (Version: 1.4.1.1015 - voidtools) Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.3.67.211 - Digital Wave Ltd) Imaging And Configuration Designer (HKLM-x32\...\{8072F2F3-C269-A639-4626-9209FFF6DEDB}) (Version: 10.1.19041.1 - Microsoft) Hidden Imaging Designer (HKLM-x32\...\{2852AE0C-1EEB-72F9-1C5D-FACF6C9304DE}) (Version: 10.1.19041.1 - Microsoft) Hidden Imaging Tools Support (HKLM-x32\...\{30C24881-949F-D09C-5376-9F0DC6B412CD}) (Version: 10.1.19041.1 - Microsoft) Hidden Immunet 3 (HKLM-x32\...\Immunet Protect) (Version: 3.1.13.9671 - Sourcefire, Inc.) iTop Screen Recorder (HKLM-x32\...\iTop Screen Recorder_is1) (Version: 2.1.0.556 - iTop Inc.) iTop VPN (HKLM-x32\...\iTop VPN_is1) (Version: 3.0.0.2327 - iTop Inc.) KeepVid Music Tag Editor(Build 2.0.0.17) (HKLM-x32\...\KeepVid Music Tag Editor_is1) (Version: 2.0.0.17 - KeepVid Software) Kits Configuration Installer (HKLM-x32\...\{8867E8B9-1539-18F3-54AB-B1F1E641AC14}) (Version: 10.1.19041.1 - Microsoft) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.43 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-120822950-1225855894-879144086-1001\...\OneDriveSetup.exe) (Version: 22.012.0117.0003 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30037 (HKLM-x32\...\{dfea0fad-88b2-4a1f-8536-3f8f9391f4ef}) (Version: 14.29.30037.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation) MiniTool Partition Wizard Free 12.6 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.6 - MiniTool Software Limited) MXAx64 (HKLM-x32\...\{53B28ABA-8EFB-7BFB-603D-9B1334BBD881}) (Version: 10.1.19041.1 - Microsoft) Hidden OEM Test Certificates (HKLM-x32\...\{DAF67B85-47AE-B13B-5C22-3A7149E46EB8}) (Version: 10.1.19041.1 - Microsoft) Hidden PC Cleaner v8.3.0.2 (HKLM-x32\...\PC Cleaner_is1) (Version: 8.3.0.2 - PC Helpsoft) <==== ATTENTION REALTEK Wireless LAN Driver (HKLM-x32\...\{33AABC60-A52F-41FF-B2B9-17321240CD5}) (Version: 1.00.0286 - REALTEK Semiconductor Corp.) Registry First Aid 11 (HKLM\...\RFA11_is1) (Version: 11.3.0 - RoseCitySoftware) RogueKiller version 15.3.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.3.0.0 - Adlice Software) SearcherBar (HKLM-x32\...\SearcherBar) (Version: 0.3 - ) <==== ATTENTION Toolkit Documentation (HKLM-x32\...\{1978CD82-5D9C-F9BD-4FA3-17AFA5AE12B2}) (Version: 10.1.19041.1 - Microsoft) Hidden UEV Tools on amd64 (HKLM\...\{91339917-AF30-9EC7-D5AA-05919BB21DB9}) (Version: 10.1.19041.1 - Microsoft) Hidden Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8F2D6CEB-BC98-4B69-A5C1-78BED238FE77}) (Version: 2.71.0.0 - Microsoft Corporation) Hidden Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden UsbFix Anti-Malware Premium (HKLM-x32\...\Usbfix) (Version: 11.0.4.8 - SOSVirus (SOSVirus.Net)) User State Migration Tool (HKLM-x32\...\{2AD80B8E-9213-FEA7-BA85-0EFED76D6F11}) (Version: 10.1.19041.1 - Microsoft) Hidden Volume Activation Management Tool (HKLM-x32\...\{4B43C47D-8870-ACFA-C414-6C0884876EB0}) (Version: 10.1.19041.1 - Microsoft) Hidden VoodooShield version 7.00 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 7.00 - VoodooSoft, LLC) VS10Runtimex64 (HKLM\...\{82CD33B2-1DE6-4663-B6F0-1592B2376F78}) (Version: 1.0.0 - sourcefire) Hidden Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation) Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{9346016b-6620-4841-8ea4-ad91d3ea02b5}) (Version: 10.1.19041.1 - Microsoft Corporation) Windows Driver Package - Everest Semiconductor (ES8316AudCodec) MEDIA (04/12/2016 10.8.19.261) (HKLM\...\04A06CE061616D094E565A04F1C9326F634DE0D3) (Version: 04/12/2016 10.8.19.261 - Everest Semiconductor) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00004) (HKLM\...\BE156A27AFEAEA39D6A7C9D25CFA8DAFAF91756B) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00004) (HKLM\...\D43FD4059F47ACA9539247D6CF690AAEA503AF2D) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.) Windows Driver Package - Intel (esif_lf) System (08/21/2018 8.3.10209.6897) (HKLM\...\066E132E04DC1F3D3FFA3490155A30B6DE393748) (Version: 08/21/2018 8.3.10209.6897 - Intel) Windows Driver Package - Intel Corporation (iaisp) System (03/04/2016 21.10586.6071.2014) (HKLM\...\D3063B7B0FE9DCCFEA06359BB9651D9A56C7332B) (Version: 03/04/2016 21.10586.6071.2014 - Intel Corporation) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) WinRAR 6.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 6.10.0 - win.rar GmbH) WinThruster v7.5.0.0 (HKLM-x32\...\WinThruster_is1) (Version: 7.5.0.0 - Solvusoft) <==== ATTENTION WPT Redistributables (HKLM-x32\...\{AE00264D-F001-A1D3-F3B8-74A9D2193E7F}) (Version: 10.1.19041.1 - Microsoft) Hidden WPTx64 (HKLM-x32\...\{FD439F85-AD64-B3E5-9FC5-444AE8C8AF7B}) (Version: 10.1.19041.1 - Microsoft) Hidden Packages: ========= Excel Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Excel_16001.14326.20784.0_x64__8wekyb3d8bbwe [2022-02-08] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-06] (Microsoft Studios) [MS Ad] PowerPoint Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.PowerPoint_16001.14326.20784.0_x64__8wekyb3d8bbwe [2022-02-08] (Microsoft Corporation) Word Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Word_16001.14326.20784.0_x64__8wekyb3d8bbwe [2022-02-08] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\pc\Desktop\Pre_Scan_Donate.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN ==================== Loaded Modules (Whitelisted) ============= 2021-08-26 15:20 - 2021-08-26 15:20 - 000217600 _____ () [File not signed] C:\Program Files\Adaware VPN\nfapi.dll 2022-02-08 13:43 - 2022-02-08 13:43 - 001501696 _____ () [File not signed] C:\Program Files\Immunet\3.1.13\LIBEAY32.dll 2022-02-08 13:43 - 2022-02-08 13:43 - 000331776 _____ () [File not signed] C:\Program Files\Immunet\3.1.13\SSLEAY32.dll 2019-12-06 18:37 - 2019-12-06 18:37 - 000262144 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaspie.sys => ""="Driver" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-120822950-1225855894-879144086-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.pipo.cn SearchScopes: HKU\S-1-5-21-120822950-1225855894-879144086-1001 -> DefaultScope {3CD64E96-9F54-4767-AFC2-ACC1DF335934} URL = SearchScopes: HKU\S-1-5-21-120822950-1225855894-879144086-1001 -> {3CD64E96-9F54-4767-AFC2-ACC1DF335934} URL = BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-12 00:38 - 2022-02-08 20:03 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-120822950-1225855894-879144086-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{C35D2241-4DB5-45D7-8401-8CB9E5075C97}C:\users\pc\downloads\easeus.todo.pctrans.pro.tech.13.0.20211223.portable\easeus.todo.pctrans.pro.tech.13.0.20211223.portable.karanpc\easeus todo pctrans.exe] => (Allow) C:\users\pc\downloads\easeus.todo.pctrans.pro.tech.13.0.20211223.portable\easeus.todo.pctrans.pro.tech.13.0.20211223.portable.karanpc\easeus todo pctrans.exe (EaseUS) [File not signed] FirewallRules: [UDP Query User{AC719819-80F2-4C2B-BDF2-EF1F5D14501F}C:\users\pc\downloads\easeus.todo.pctrans.pro.tech.13.0.20211223.portable\easeus.todo.pctrans.pro.tech.13.0.20211223.portable.karanpc\easeus todo pctrans.exe] => (Allow) C:\users\pc\downloads\easeus.todo.pctrans.pro.tech.13.0.20211223.portable\easeus.todo.pctrans.pro.tech.13.0.20211223.portable.karanpc\easeus todo pctrans.exe (EaseUS) [File not signed] FirewallRules: [{8E492394-835B-4B1D-BBB7-83C71AEFED27}] => (Allow) C:\Program Files\Adaware VPN\openvpn.exe (Adaware Software (Lavasoft Software Canada Inc.) -> The OpenVPN Project) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (02/25/2022 06:58:22 PM) (Source: VSS) (EventID: 4001) (User: ) Description: Volume Shadow Copy Service error: Cannot find diff areas for creating shadow copies. Add at least one NTFS drive to the system with enough free space. The free space needed is at least 32 Mb for each volume to be shadow copied. Operation: Automatically choosing a diff-area volume Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (02/25/2022 06:56:39 PM) (Source: VSS) (EventID: 4001) (User: ) Description: Volume Shadow Copy Service error: Cannot find diff areas for creating shadow copies. Add at least one NTFS drive to the system with enough free space. The free space needed is at least 32 Mb for each volume to be shadow copied. Operation: Automatically choosing a diff-area volume Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (02/25/2022 06:18:10 PM) (Source: VSS) (EventID: 12305) (User: ) Description: Volume Shadow Copy Service error: Volume/disk not connected or not found. Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 0000000000000270,0x00560034,0000013F1C2098F0,0,0000013F1C2088C0,4096,[0]). Operation: Processing PostFinalCommitSnapshots Context: Execution Context: System Provider System errors: ============= Error: (02/25/2022 07:20:53 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IUI5T6N) Description: The server {4BD3E4E1-7BD4-4A2B-9964-496400DE5193} did not register with DCOM within the required timeout. ==================== Memory info =========================== BIOS: American Megatrends Inc. JS-BI-8-S80CR200-CC34B-027-B 01/26/2019 Motherboard: PIPO W2pro Processor: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz Percentage of memory in use: 75% Total physical RAM: 1972.19 MB Available physical RAM: 488.23 MB Total Virtual: 5916.19 MB Available Virtual: 2508.04 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:28.37 GB) (Free:0 GB) NTFS Drive d: (ANDROID-X86) (Removable) (Total:19.71 GB) (Free:18.43 GB) FAT32 \\?\Volume{95cb67e3-01b4-4c67-855e-5b5b64276e6f}\ () (Fixed) (Total:0 GB) (Free:0 GB) \\?\Volume{f3e9da0c-19ac-427e-9773-813e8c58d1f2}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32 \\?\Volume{db11a2e0-95ab-11ec-961c-ac5d5c5d3902}\ () (Removable) (Total:0 GB) (Free:0 GB) ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 29.3 GB) (Disk ID: 4226B409) Partition: GPT. ========================================================== Disk: 1 (Size: 29.7 GB) (Disk ID: 000FB51E) Partition 1: (Active) - (Size=19.7 GB) - (Type=0C) Partition 2: (Not Active) - (Size=10 GB) - (Type=83) ==================== End of Addition.txt =======================