Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2023 02 Ran by hp (01-12-2023 19:57:11) Run:1 Running from C:\Users\hp\Downloads Loaded Profiles: hp Boot Mode: Normal ============================================== fixlist content: ***************** Start:: CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [DigitalPulse] => C:\Users\hp\AppData\Roaming\DigitalPulse\DigitalPulseService.exe [10453760 2023-08-10] (Digital Pulse -> ) <==== ATTENTION HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [imon] => wscript.exe "C:\Users\hp\AppData\Roaming\Microsoft\Windows NT\imon.js" [176 2023-10-02] () [File not signed] GroupPolicy: Restriction - Edge Policies: C:\ProgramData\NTUSER.pol: Restriction HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction Task: {E0ACD587-8CEF-41FD-8453-EF7A8665008D} - System32\Tasks\DigitalPulseUpdateTask => C:\Users\hp\AppData\Roaming\DigitalPulse\DigitalPulseUpdate.exe [4906752 2023-08-10] (Digital Pulse -> ) Task: {E2CC767F-BE1B-47C6-8F60-A65A02FB2E9D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (No File) Task: {03DDD375-0563-4A04-A786-784D1CEE4033} - System32\Tasks\Microsoft\OneCore\DirectX\LXPCworking => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe [58864 2022-06-25] (Microsoft Corporation -> Microsoft Corporation) -> /unregister "C:\Program Files (x86)\KeysHttp\DarkTranj\cscapnzswsBKEY61.dll" Task: {620E2238-D4EA-4489-A678-2941A3DFFA44} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe (No File) Task: {F0B3786F-512A-47E2-A6E8-3DC36EEF03E8} - System32\Tasks\nhdues.exe => C:\Users\hp\AppData\Local\Temp\1ff8bec27e\nhdues.exe Task: {615A0CFC-5522-4F82-8DED-936948F840C1} - System32\Tasks\VOauExQRhSdgJhJ2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-05-18] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\pLEtgnEXU\UsQgAc.dll",#1 Task: {166C760B-5B19-4567-83DF-21FC3F5F8553} - System32\Tasks\WindowsAppPool\sUaud76NdhgaHbd => C:\Users\hp\AppData\Local\Temp\sUaud76NdhgaHbd.exe (No File) Task: C:\WINDOWS\Tasks\VOauExQRhSdgJhJ.job => C:\Program Files (x86)\pLEtgnEXU\dFYzCK.dll Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Notifications: Default -> hxxps://captchaone.lm.r.appspot.com; hxxps://cleancaptcha.lm.r.appspot.com; hxxps://vipcaptchanow.ew.r.appspot.com; hxxps://web.whatsapp.com; hxxps://www.facebook.com Edge HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m Edge StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m" Edge DefaultSearchURL: Default -> hxxps://x-finder.pro/search?q={searchTerms} Edge DefaultSearchKeyword: Default -> x-finder.pro Edge DefaultSuggestURL: Default -> hxxps://x-finder.pro/search/suggest.php?q={searchTerms} U3 wuauserv; C:\WINDOWS\system32\svchost.exe [55320 2023-05-18] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) U3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [46504 2023-05-18] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S4 VBoxGuest; VBoxGuest [X] S4 VBoxMouse; VBoxMouse [X] S4 VBoxService; VBoxService [X] S4 VBoxSF; VBoxSF [X] S4 VBoxVideo; VBoxVideo [X] S4 VBoxWddm; VBoxWddm [X] C:\Program Files (x86)\VBMsLqLYwDUn C:\Program Files (x86)\bjiixYyONUZU2 C:\WINDOWS\system32\Tasks\VOauExQRhSdgJhJ2 C:\ProgramData\qpWiLFLNAyPZgwVB C:\Users\hp\AppData\Roaming\DigitalPulse C:\Program Files (x86)\KeysHttp C:\Program Files (x86)\pLEtgnEXU cmd: netsh advfirewall reset EmptyTemp: End:: ***************** Error: (0) Failed to create a restore point. Processes closed successfully. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully HKLM\SOFTWARE\Policies\Microsoft\MRT => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center => removed successfully "HKLM\Software\Policies\Microsoft\Windows\System\\EnableSmartScreen" => removed successfully "HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DigitalPulse" => not found "HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\Software\Microsoft\Windows\CurrentVersion\Run\\imon" => removed successfully "C:\WINDOWS\system32\GroupPolicy\Machine" folder move: C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\ProgramData\NTUSER.pol => moved successfully HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0ACD587-8CEF-41FD-8453-EF7A8665008D}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0ACD587-8CEF-41FD-8453-EF7A8665008D}" => removed successfully C:\WINDOWS\System32\Tasks\DigitalPulseUpdateTask => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalPulseUpdateTask" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2CC767F-BE1B-47C6-8F60-A65A02FB2E9D}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2CC767F-BE1B-47C6-8F60-A65A02FB2E9D}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{03DDD375-0563-4A04-A786-784D1CEE4033}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03DDD375-0563-4A04-A786-784D1CEE4033}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\OneCore\DirectX\LXPCworking => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\OneCore\DirectX\LXPCworking" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{620E2238-D4EA-4489-A678-2941A3DFFA44}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620E2238-D4EA-4489-A678-2941A3DFFA44}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CUAssistant\CULauncher" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0B3786F-512A-47E2-A6E8-3DC36EEF03E8}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0B3786F-512A-47E2-A6E8-3DC36EEF03E8}" => removed successfully C:\WINDOWS\System32\Tasks\nhdues.exe => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nhdues.exe" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{615A0CFC-5522-4F82-8DED-936948F840C1}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{615A0CFC-5522-4F82-8DED-936948F840C1}" => removed successfully C:\WINDOWS\System32\Tasks\VOauExQRhSdgJhJ2 => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VOauExQRhSdgJhJ2" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{166C760B-5B19-4567-83DF-21FC3F5F8553}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{166C760B-5B19-4567-83DF-21FC3F5F8553}" => removed successfully C:\WINDOWS\System32\Tasks\WindowsAppPool\sUaud76NdhgaHbd => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindowsAppPool\sUaud76NdhgaHbd" => removed successfully C:\WINDOWS\Tasks\VOauExQRhSdgJhJ.job => moved successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully "Edge Notifications" => removed successfully "Edge HomePage" => removed successfully "Edge StartupUrls" => removed successfully "Edge DefaultSearchURL" => removed successfully "Edge DefaultSearchKeyword" => removed successfully "Edge DefaultSuggestURL" => removed successfully HKLM\System\CurrentControlSet\Services\wuauserv => removed successfully wuauserv => service removed successfully wuauserv => service not found. HKLM\System\CurrentControlSet\Services\VBoxGuest => removed successfully VBoxGuest => service removed successfully HKLM\System\CurrentControlSet\Services\VBoxMouse => removed successfully VBoxMouse => service removed successfully HKLM\System\CurrentControlSet\Services\VBoxService => removed successfully VBoxService => service removed successfully HKLM\System\CurrentControlSet\Services\VBoxSF => removed successfully VBoxSF => service removed successfully HKLM\System\CurrentControlSet\Services\VBoxVideo => removed successfully VBoxVideo => service removed successfully HKLM\System\CurrentControlSet\Services\VBoxWddm => removed successfully VBoxWddm => service removed successfully "C:\Program Files (x86)\VBMsLqLYwDUn" folder move: C:\Program Files (x86)\VBMsLqLYwDUn => moved successfully "C:\Program Files (x86)\bjiixYyONUZU2" folder move: C:\Program Files (x86)\bjiixYyONUZU2 => moved successfully "C:\WINDOWS\system32\Tasks\VOauExQRhSdgJhJ2" => not found "C:\ProgramData\qpWiLFLNAyPZgwVB" folder move: C:\ProgramData\qpWiLFLNAyPZgwVB => moved successfully "C:\Users\hp\AppData\Roaming\DigitalPulse" folder move: C:\Users\hp\AppData\Roaming\DigitalPulse => moved successfully "C:\Program Files (x86)\KeysHttp" folder move: C:\Program Files (x86)\KeysHttp => moved successfully "C:\Program Files (x86)\pLEtgnEXU" folder move: C:\Program Files (x86)\pLEtgnEXU => moved successfully ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= =========== EmptyTemp: ========== FlushDNS => completed BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23385361 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B Windows/system/drivers => 71279756 B Edge => 1620829 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 159959 B systemprofile32 => 159959 B LocalService => 159959 B NetworkService => 185623 B hp => 84015449 B RecycleBin => 0 B EmptyTemp: => 172.6 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:58:25 ====