Featured Post

Best places to buy Kaspersky Anti-Virus in 2020 - Android Central

Image
Best places to buy Kaspersky Anti-Virus in 2020 - Android CentralBest places to buy Kaspersky Anti-Virus in 2020 - Android CentralAntivirus Software Market Pin-Point Analyses of Industry Competition Dynamics to Offer You a Competitive Edge - 3rd Watch NewsAntivirus Software Market Research with Covid-19 after Effects - Apsters NewsAntivirus Software Market Scope by Trends, Opportunities to Expand Significantly by 2026 - Jewish Life NewsBest places to buy Kaspersky Anti-Virus in 2020 - Android CentralPosted: 28 Apr 2020 12:00 AM PDTKaspersky Anti-Virus is one of the best computer protection programs around, and has been thoroughly tested by several third-party labs and in our own in-house tests, too. The best place to purchase a copy of Kaspersky Anti-Virus is from Kaspersky itself. However, you can often find deals through other vendors. The trick is finding a trustworthy one, so you don't accidentally purchase and download malware instead of a legitimate copy of Kaspersky. Here a…

Physical hack with powershell scripts/overlay os? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

I left my PC unlocked at an untrustworthy person for some days and when I got it back there was an extra hard drive in the computer. I also noticed that the passwords I used for different sites after were hacked. I think the person made scripts using powershell or has another OS running on top of mine.
Alot of weird folders and files also appered, which are proving difficult to impossible to delete as apparently I do not have the correct access. I tried alot even with changing admin rights to the current login and even in the cases where I was able to delete these files, they would just reappear when I rebooted even if I shredded them in the trashbin.
I tried reinstalling windows on several occasions but all the weird things are still there. I have removed the extra hard drive physically from the computer but I am not sure about the partitions. The BIOS settings were changed to legacy mode which I noticed was not default.
Sorry I cannot explain any better but I hope you have an idea of what the problem is. I even bought Advanced Systemrepair but even if it finds and fixes registry entries, things just revert back with a reboot.
And I also bought Bitdefender, but it only found password protected files relating to Realtek driver.
I feel like I have tried everything but my knowledge is limited. I just reinstalled windows.
Please, feel free to ask me any questions or even ask for remote control. If you have trouble understanding some Words in the log files, try google translate for Swedish..
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2020
Ran by arvid (administrator) on DESKTOP-DB19VKU (HP OMEN by HP Laptop) (15-04-2020 19:24:43)
Running from C:\Users\arvid\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: arvid (Available Profiles: arvid)
Platform: Windows 10 Home Version 1909 18363.592 (X64) Language: Svenska (Sverige)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_942053d68a2ba613\x64\TouchpointAnalyticsClientService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\arvid\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> ) C:\Windows\System32\Windows.WARP.JITService.exe <8>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe <9>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e8edf6c6-4859-4338-9392-0ef549f780f8}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1892512 2018-12-14] (Intel Corporation -> Intel Corporation)
S2 HPOmenCap; C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_59a0a32410fb19a2\x64\OmenCap.exe [502544 2020-02-05] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_942053d68a2ba613\x64\TouchpointAnalyticsClientService.exe [429008 2019-10-31] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\Windows\System32\ibtsiva.exe [529912 2018-12-21] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\Windows\System32\drivers\Accelerometer.sys [53904 2019-07-22] (HP Inc. -> HP)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [78832 2018-12-14] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [75248 2018-12-14] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [403440 2018-12-14] (Intel Corporation -> Intel Corporation)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [33352 2018-12-19] (HP Inc. -> HP Inc.)
R0 hpdskflt; C:\Windows\System32\drivers\hpdskflt.sys [41104 2019-07-22] (HP Inc. -> HP)
R3 HPOmenCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_326f2e1d16385daf\x64\hpomencustomcapdriver.sys [33464 2018-12-19] (HP Inc. -> HP Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 Netwtw06; C:\Windows\System32\drivers\Netwtw06.sys [8723968 2019-03-19] (Microsoft Windows -> Intel Corporation)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_9172c4e962e5b3ee\nvlddmkm.sys [17200384 2018-07-04] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [662528 2019-03-19] (Microsoft Windows -> Realtek )
R3 RTSPER; C:\Windows\System32\drivers\RtsPer.sys [946368 2019-04-11] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 ViGEmBus; C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_e84845c70c38fbe7\x64\ViGEmBus.sys [74648 2018-08-01] (HP Inc. -> Benjamin Höglinger-Stelzer)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-15 19:35 - 2020-04-15 18:36 - 000000000 ____D C:\Windows\Panther
2020-04-15 19:24 - 2020-04-15 19:24 - 000000000 ____D C:\FRST
2020-04-15 19:18 - 2020-04-15 19:18 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2020-04-15 19:18 - 2020-04-15 19:18 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-04-15 19:18 - 2018-07-04 03:39 - 040346984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 031244248 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 025961336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 017200384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2020-04-15 19:18 - 2018-07-04 03:39 - 013728120 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 011273624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 004350040 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 003760672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 002013776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439836.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 001563392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 001468448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439836.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 001419200 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 001356816 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 001347664 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 001216872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 001157392 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 001092352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 001069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 001063216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 000904712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 000814616 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 000652344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 000626592 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-04-15 19:18 - 2018-07-04 03:39 - 000518176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-04-15 19:18 - 2018-07-04 03:38 - 035250264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2020-04-15 19:18 - 2018-07-04 03:38 - 017750344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-04-15 19:18 - 2018-07-04 03:38 - 015165008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-04-15 19:18 - 2018-07-04 03:38 - 004856232 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-04-15 19:18 - 2018-07-04 03:38 - 004126128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-04-15 19:18 - 2018-07-04 00:18 - 000044271 _____ C:\Windows\system32\nvinfo.pb
2020-04-15 18:58 - 2020-04-15 18:58 - 000000000 ____D C:\Users\arvid\AppData\Local\D3DSCache
2020-04-15 18:58 - 2020-04-15 18:58 - 000000000 ____D C:\ProgramData\HP
2020-04-15 18:57 - 2020-04-15 19:20 - 000000000 ____D C:\Users\arvid\AppData\Local\Comms
2020-04-15 18:57 - 2020-04-15 18:58 - 000000000 ____D C:\ProgramData\Packages
2020-04-15 18:53 - 2020-04-15 19:02 - 000000000 ____D C:\Users\arvid\AppData\Local\PlaceholderTileLogoFolder
2020-04-15 18:46 - 2020-04-15 18:58 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3440769829-446293215-1813656079-1001
2020-04-15 18:46 - 2020-04-15 18:58 - 000000000 ___RD C:\Users\arvid\OneDrive
2020-04-15 18:46 - 2020-04-15 18:46 - 000001450 _____ C:\Users\arvid\Desktop\Microsoft Edge.lnk
2020-04-15 18:46 - 2018-12-14 13:47 - 000078832 _____ (Intel Corporation) C:\Windows\system32\Drivers\dptf_acpi.sys
2020-04-15 18:45 - 2020-04-15 18:45 - 000000000 ___HD C:\Users\arvid\MicrosoftEdgeBackups
2020-04-15 18:44 - 2020-04-15 18:59 - 000000000 ____D C:\Users\arvid\AppData\Local\Packages
2020-04-15 18:44 - 2020-04-15 18:56 - 000000000 ____D C:\Users\arvid\AppData\Local\ConnectedDevicesPlatform
2020-04-15 18:44 - 2020-04-15 18:45 - 000000000 ____D C:\Users\arvid\AppData\Local\MicrosoftEdge
2020-04-15 18:44 - 2020-04-15 18:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-04-15 18:44 - 2020-04-15 18:44 - 000000000 ___RD C:\Users\arvid\3D Objects
2020-04-15 18:44 - 2020-04-15 18:44 - 000000000 ____D C:\Windows\LastGood.Tmp
2020-04-15 18:44 - 2020-04-15 18:44 - 000000000 ____D C:\Users\arvid\AppData\Roaming\Adobe
2020-04-15 18:44 - 2020-04-15 18:44 - 000000000 ____D C:\Users\arvid\AppData\Local\VirtualStore
2020-04-15 18:44 - 2020-04-15 18:44 - 000000000 ____D C:\Users\arvid\AppData\Local\Publishers
2020-04-15 18:43 - 2020-04-15 18:43 - 000000000 ____D C:\Windows\SysWOW64\sda
2020-04-15 18:42 - 2020-04-15 18:42 - 000000000 ____D C:\Windows\system32\Intel
2020-04-15 18:42 - 2018-12-14 13:47 - 000403440 _____ (Intel Corporation) C:\Windows\system32\Drivers\esif_lf.sys
2020-04-15 18:42 - 2018-12-14 13:47 - 000075248 _____ (Intel Corporation) C:\Windows\system32\Drivers\dptf_cpu.sys
2020-04-15 18:41 - 2020-04-15 19:04 - 001603370 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-15 18:41 - 2020-04-15 18:58 - 000002363 _____ C:\Users\arvid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-15 18:41 - 2020-04-15 18:46 - 000000000 ____D C:\Users\arvid
2020-04-15 18:41 - 2020-04-15 18:41 - 000000020 ___SH C:\Users\arvid\ntuser.ini
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\Start-meny
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\Skrivare
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\Programdata
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\Nätverket
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\Mina dokument
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\Mallar
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\Lokala inställningar
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\Documents\Mina videoklipp
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\Documents\Mina bilder
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\Documents\Min musik
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\AppData\Roaming\Microsoft\Windows\Start Menu\Program
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\AppData\Local\Tidigare
2020-04-15 18:41 - 2020-04-15 18:41 - 000000000 _SHDL C:\Users\arvid\AppData\Local\Programdata
2020-04-15 18:39 - 2020-01-09 23:22 - 002874368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Public\Documents\Mina videoklipp
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Public\Documents\Mina bilder
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Public\Documents\Min musik
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\Start-meny
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\Skrivare
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\Programdata
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\Nätverket
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\Mina dokument
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\Mallar
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\Lokala inställningar
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\Documents\Mina videoklipp
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\Documents\Mina bilder
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\Documents\Min musik
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Program
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\AppData\Local\Tidigare
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default\AppData\Local\Programdata
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\Start-meny
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\Skrivare
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\Programdata
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\Nätverket
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\Mina dokument
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\Mallar
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\Lokala inställningar
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\Documents\Mina videoklipp
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\Documents\Mina bilder
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\Documents\Min musik
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Program
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Tidigare
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Programdata
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\ProgramData\Start-meny
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\ProgramData\Skrivbord
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\ProgramData\Programdata
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Program
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\ProgramData\Mallar
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\ProgramData\Dokument
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Program Files\Delade filer
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Program
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 _SHDL C:\Documents and Settings
2020-04-15 18:37 - 2020-04-15 18:37 - 000000000 ____D C:\Windows\minidump
2020-04-15 18:35 - 2020-04-15 18:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-15 18:35 - 2020-04-15 18:35 - 000257712 _____ C:\Windows\system32\FNTCACHE.DAT
2020-04-15 18:35 - 2020-04-15 18:35 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2020-04-15 18:35 - 2020-04-15 18:35 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-04-15 18:35 - 2020-04-15 18:35 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-04-15 18:35 - 2020-04-15 18:35 - 000000000 ____D C:\Windows\ServiceProfiles
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-15 19:35 - 2019-03-19 06:49 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2020-04-15 19:22 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\AppReadiness
2020-04-15 19:18 - 2019-03-19 06:50 - 000000000 ____D C:\Windows\INF
2020-04-15 19:04 - 2019-03-19 13:41 - 000681922 _____ C:\Windows\system32\perfh01D.dat
2020-04-15 19:04 - 2019-03-19 13:41 - 000138480 _____ C:\Windows\system32\perfc01D.dat
2020-04-15 19:03 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-15 18:57 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\ServiceState
2020-04-15 18:56 - 2019-03-19 06:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-04-15 18:41 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2020-04-15 18:41 - 2019-03-19 06:37 - 000000000 ____D C:\Windows\CbsTemp
2020-04-15 18:39 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\system32\spool
2020-04-15 18:39 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2020-04-15 18:37 - 2019-03-19 06:52 - 000000000 ____D C:\Program Files\Windows NT
2020-04-15 18:35 - 2019-03-19 06:52 - 000000000 ___RD C:\Windows\PrintDialog
2020-04-15 18:35 - 2019-03-19 06:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-04-15 18:35 - 2019-03-19 06:37 - 000032768 _____ C:\Windows\system32\config\ELAM
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2020
Ran by arvid (15-04-2020 19:26:15)
Running from C:\Users\arvid\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1909 18363.592 (X64) (2020-04-15 16:37:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administratör (S-1-5-21-3440769829-446293215-1813656079-500 - Administrator - Disabled)
arvid (S-1-5-21-3440769829-446293215-1813656079-1001 - Administrator - Enabled) => C:\Users\arvid
DefaultAccount (S-1-5-21-3440769829-446293215-1813656079-503 - Limited - Disabled)
Gäst (S-1-5-21-3440769829-446293215-1813656079-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3440769829-446293215-1813656079-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Microsoft OneDrive (HKU\S-1-5-21-3440769829-446293215-1813656079-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Packages:
=========
E-post och Kalender -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2020-04-15] (Microsoft Corporation) [MS Ad]
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.38.0_x64__v10z8vjag6ke6 [2020-04-15] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-04-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_x86__8wekyb3d8bbwe [2020-04-15] (Microsoft Studios) [MS Ad]
MSN Väder -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2020-04-15] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3440769829-446293215-1813656079-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\arvid\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\30389.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
15-04-2020 18:46:18 Windows Update
==================== Faulty Device Manager Devices ============
Name: NVIDIA GeForce GTX 1050 Ti
Description: NVIDIA GeForce GTX 1050 Ti
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : This device cannot work properly until you restart your computer. (Code14)
Resolution: Restart your computer.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI-styrenhet för datainsamling och signalbehandling
Description: PCI-styrenhet för datainsamling och signalbehandling
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/15/2020 07:24:55 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Fel uppstod när en rutin i skuggkopieprovidern {b5946137-7b9f-4925-af80-51abd60b20d5} anropades. Information om rutinen: EndPrepareSnapshots({4f89b1a8-2174-4b05-a916-bfb23b4bce46}) [hr = 0x80042302, En komponent för tjänsten Volume Shadow Copy stötte på ett oväntat fel.
Mer information finns i loggboken Program.
].
Åtgärd:
   Utför asynkron åtgärd
Kontext:
   Aktuell status: DoSnapshotSet
Error: (04/15/2020 07:24:55 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när rutinen GetDiskFreeSpaceEx(\\?\Volume{8b9e9638-cc03-4373-a814-d54ffe300612}\) anropades. hr = 0x80070005, Åtkomst nekad.
.
Åtgärd:
   Välj en volym för differensområden automatiskt
   Bearbetar EndPrepareSnapshots
Kontext:
   Körningskontext: System Provider
Error: (04/15/2020 07:24:31 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Fel uppstod när en rutin i skuggkopieprovidern {b5946137-7b9f-4925-af80-51abd60b20d5} anropades. Information om rutinen: EndPrepareSnapshots({d1f1e939-8b71-40ea-b6c7-5989370c9ff2}) [hr = 0x80042302, En komponent för tjänsten Volume Shadow Copy stötte på ett oväntat fel.
Mer information finns i loggboken Program.
].
Åtgärd:
   Utför asynkron åtgärd
Kontext:
   Aktuell status: DoSnapshotSet
Error: (04/15/2020 07:24:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när rutinen GetDiskFreeSpaceEx(\\?\Volume{8b9e9638-cc03-4373-a814-d54ffe300612}\) anropades. hr = 0x80070005, Åtkomst nekad.
.
Åtgärd:
   Välj en volym för differensområden automatiskt
   Bearbetar EndPrepareSnapshots
Kontext:
   Körningskontext: System Provider
Error: (04/15/2020 06:44:44 PM) (Source: ESENT) (EventID: 455) (User: )
Description: StartMenuExperienceHost (1476,R,98) TILEREPOSITORYS-1-5-21-3440769829-446293215-1813656079-1001: Felet -1023 (0xfffffc01) inträffade när loggfilen C:\Users\arvid\AppData\Local\TileDataLayer\Database\EDB.log öppnades.
Error: (04/15/2020 06:44:44 PM) (Source: ESENT) (EventID: 522) (User: )
Description: StartMenuExperienceHost (1476,P,98) TILEREPOSITORYS-1-5-21-3440769829-446293215-1813656079-1001: Ett försök att öppna enheten med namnet "\\.\C:" som innehåller "C:\" misslyckades med systemfelet 5 (0x00000005): "Åtkomst nekad. ". Åtgärden misslyckas med felet -1032 (0xfffffbf8).
Error: (04/15/2020 06:39:06 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fel uppstod när statusen Windows Defender uppdaterades till SECURITY_PRODUCT_STATE_ON.
System errors:
=============
Error: (04/15/2020 07:17:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjänsten Microsoft Account Sign-in Assistant avbröts med följande fel:
Allmänt fel för nekad åtkomst
Error: (04/15/2020 07:12:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjänsten Microsoft Account Sign-in Assistant avbröts med följande fel:
Allmänt fel för nekad åtkomst
Error: (04/15/2020 07:07:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjänsten Microsoft Account Sign-in Assistant avbröts med följande fel:
Allmänt fel för nekad åtkomst
Error: (04/15/2020 06:56:53 PM) (Source: DCOM) (EventID: 10010) (User: NT instans)
Description: Servern {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} registrerades inte med DCOM inom erforderlig timeout.
Error: (04/15/2020 06:56:53 PM) (Source: DCOM) (EventID: 10010) (User: NT instans)
Description: Servern {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} registrerades inte med DCOM inom erforderlig timeout.
Error: (04/15/2020 06:56:50 PM) (Source: DCOM) (EventID: 10010) (User: NT instans)
Description: Servern {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} registrerades inte med DCOM inom erforderlig timeout.
Error: (04/15/2020 06:56:04 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DB19VKU)
Description: Servern {F9717507-6651-4EDB-BFF7-AE615179BCCF} registrerades inte med DCOM inom erforderlig timeout.
Error: (04/15/2020 06:39:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Tjänsten Printer Extensions and Notifications är markerad som en interaktiv tjänst. Systemet är dock konfigurerat för att inte tillåta interaktiva tjänster. Tjänsten kommer kanske inte att fungera korrekt.
==================== Memory info ===========================
BIOS: AMI F.09 04/24/2019
Motherboard: HP 8469
Processor: Intel® Core™ i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 59%
Total physical RAM: 7998.83 MB
Available physical RAM: 3228.45 MB
Total Virtual: 9918.83 MB
Available Virtual: 5223.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.33 GB) (Free:213.6 GB) NTFS
\\?\Volume{80d373c3-1b88-4ca5-ac2f-066e624fa84a}\ (Återställning) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{f0528286-a3bc-4be0-b371-2252312e1010}\ (Återställning) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{27f599ea-be2b-4eae-bc2a-004d851f8908}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: B2275CE9)
Partition: GPT.
==================== End of Addition.txt =======================
Regards
Arvid

Edited by Sparvid, Today, 12:50 PM.



https://ift.tt/3el3Pey

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US