Solved Guess how much RAM I got pic and answer provided)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Heeezy

Thread Starter
Joined
May 5, 2021
Messages
12
1620267169951.png

Answer is: 16GB 3200MHZ DDR4 ram.

I have a problem with the PC starting at near 40% memory usage (right after a fresh restart) and around 6gb ram unaccounted for ram usage.

Things I have tried:
Turned off everything that opens at start-up
Cleaned Temp files
Scanned my drives multiple times (no malware) p.s I am doing another scan in the image above^

Any help or other ideas will be greatly appreciated. Thank you
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
This is not necessary a malware issue, but please let me know if you would like to check your computer for malware.

If you would like to do so, please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
 

Heeezy

Thread Starter
Joined
May 5, 2021
Messages
12
This is not necessary a malware issue, but please let me know if you would like to check your computer for malware.

If you would like to do so, please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
This is not necessary a malware issue, but please let me know if you would like to check your computer for malware.

If you would like to do so, please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
Here they are
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
There is nothing able to compromise your privacy. The tool is necessary to make a diagnosis and then fix any issues regarding your computer. Without it, we can make guesses and use the trial and error method.

It's up to you, however.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
Thanks. (y)

Give me some time to review your logs.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
Hi, Heeezy.

There are a lot to say regarding your logs. One thing is that 54% of RAM is used and this doesn't surprise me at all, with all these programs you have installed.

1. P2P Programs

You have μΤorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.
  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 4 below.

2. Non legally activated programs

There are signs that some programs are not legally activated. This is the best way to install malware in your computer (e.g. Adobe Illustrator 2020, Adobe Photoshop 2020, Wondershare Filmora 9, SOLIDWORKS Electrical 2019 SP02). Please uninstall whatever is not legally activated (Step 4)


3. Programs to consider to uninstall

Driver Easy 5.6.15
Current/latest drivers are available from the the manufacturer, or directly from Microsoft via Windows Update - for free. There should be no need to use any additional app to assist with obtaining drivers.

MobaXterm
Do you need this network remote program?

Patriot Viper DRAM RGB
Patriot's Viper 4 series is the memory of choice for advanced hardcore gamers, overclockers, enthusiast system builders and content creators. Many times these actions cause problems.

SpeedFan
You're messing with your computer's cooling system, and if you aren't careful, you could damage your hardware. Also, keep in mind that SpeedFan will not support every computer, so not everyone will be able to control their fans with this program.

By the way, did you make any overclocking/other modifications? Sometimes this can cause problems as those you describe.


4. To uninstall the programs...
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the programs you want to uninstall (At this stage you won't see Solidworks, as it is hidden. You can uninstall it after the Step 5).
  • Select the programs, one by one, and click Uninstall.
  • Restart the computer.

5. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
SOLIDWORKS Electrical 2019 SP02 (HKLM\...\{D47DBAC4-C1AB-4B16-B431-01120E8BB141}) (Version: 27.20.0051 - Dassault Systemes SolidWorks Corp) Hidden
FirewallRules: [UDP Query User{9FB77E97-25A4-4EA7-9412-63FAC94F82B8}C:\users\hadyu\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\hadyu\appdata\local\programs\blitz\blitz.exe => No File
FirewallRules: [TCP Query User{8E219BAB-E875-4D9B-B1B0-B484D83A5970}C:\users\hadyu\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\hadyu\appdata\local\programs\blitz\blitz.exe => No File
FirewallRules: [UDP Query User{593E5A5C-19E2-4F26-8B68-43D3CD36A933}C:\users\hadyu\appdata\local\programs\nordpass\nordpass.exe] => (Block) C:\users\hadyu\appdata\local\programs\nordpass\nordpass.exe => No File
FirewallRules: [TCP Query User{0E90CCE0-841C-4167-974F-5D1ABB4FC6AF}C:\users\hadyu\appdata\local\programs\nordpass\nordpass.exe] => (Block) C:\users\hadyu\appdata\local\programs\nordpass\nordpass.exe => No File
FirewallRules: [UDP Query User{F99550F7-D084-4F03-9333-403B85DFBE83}H:\amongus\among.us.v2020.9.9s\among.us.v2020.9.9s\among us.exe] => (Allow) H:\amongus\among.us.v2020.9.9s\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [TCP Query User{BBBA7775-8CF7-409B-8D9F-075AC4C3EA79}H:\amongus\among.us.v2020.9.9s\among.us.v2020.9.9s\among us.exe] => (Allow) H:\amongus\among.us.v2020.9.9s\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [{D016DFEA-9DE4-4F4E-87B9-2CB6BF64A480}] => (Allow) H:\Steam\Steam(1)\steamapps\common\Fall Guys\FallGuys_client_game.exe => No File
FirewallRules: [{D5A02404-66E1-45D2-8AB6-0FC3ECAB2312}] => (Allow) H:\Steam\Steam(1)\steamapps\common\Fall Guys\FallGuys_client_game.exe => No File
FirewallRules: [{B15DE318-74D1-4393-92D3-B13979BD03A9}] => (Allow) H:\Steam\Steam(1)\steamapps\common\Fall Guys\FallGuys_client.exe => No File
FirewallRules: [{6F6935A8-5F48-4A23-B719-D50A740E4DEA}] => (Allow) H:\Steam\Steam(1)\steamapps\common\Fall Guys\FallGuys_client.exe => No File
FirewallRules: [{76F3F358-CF19-4CB9-88FA-55AB9EE0D5FB}] => (Allow) C:\Users\hadyu\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{1220FA4E-5BEE-4420-9E46-1A82377FED1D}] => (Allow) C:\Users\hadyu\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [UDP Query User{4583593C-A93C-4485-95D8-78DEE2FE305B}H:\bombsquad\bombsquad_windows_1.4.155\bombsquad.exe] => (Block) H:\bombsquad\bombsquad_windows_1.4.155\bombsquad.exe => No File
FirewallRules: [TCP Query User{87CFB179-1B60-40DF-AE6D-A3E0C89AB9CD}H:\bombsquad\bombsquad_windows_1.4.155\bombsquad.exe] => (Block) H:\bombsquad\bombsquad_windows_1.4.155\bombsquad.exe => No File
FirewallRules: [{807D9CC2-D0A6-4A83-BF62-2121250FB538}] => (Allow) H:\Steam\Steam(1)\steamapps\common\StickFightTheGame\StickFight.exe => No File
FirewallRules: [{92C75007-9268-44ED-A4FD-E0CD2F39FACF}] => (Allow) H:\Steam\Steam(1)\steamapps\common\StickFightTheGame\StickFight.exe => No File
FirewallRules: [{B6F4F7C0-E18A-445E-B8B2-10EAD02BEFB0}] => (Allow) H:\Steam\Steam(1)\steamapps\common\Deceit\bin\win_x64\Deceit.exe => No File
FirewallRules: [{810B71DB-30A0-43D2-85B3-06F8763B0B72}] => (Allow) H:\Steam\Steam(1)\steamapps\common\Deceit\bin\win_x64\Deceit.exe => No File
FirewallRules: [{67E148D9-58EA-4AE8-A3D9-20C8C877C514}] => (Allow) H:\Steam\Steam(1)\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{13178371-AA69-4032-A71B-C8E51B660ECF}] => (Allow) H:\Steam\Steam(1)\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [UDP Query User{0722CA8A-9A6A-4450-959D-B5C18F353C1B}H:\steam\steam(1)\steam.exe] => (Allow) H:\steam\steam(1)\steam.exe => No File
FirewallRules: [TCP Query User{FD7684A1-6F03-4034-8145-67FA4F23DDEE}H:\steam\steam(1)\steam.exe] => (Allow) H:\steam\steam(1)\steam.exe => No File
FirewallRules: [UDP Query User{0026A00F-F992-4148-A4F0-269C3663916B}H:\fortnite_epic\epic games\gtav\gtav\gta5.exe] => (Allow) H:\fortnite_epic\epic games\gtav\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{482F5961-CD7B-44E8-A1A0-269A732F9797}H:\fortnite_epic\epic games\gtav\gtav\gta5.exe] => (Allow) H:\fortnite_epic\epic games\gtav\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{57735EF4-6725-421F-8941-7FF8019B9EB0}G:\fortnite_epic\epic games\gtav\gta5.exe] => (Allow) G:\fortnite_epic\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{C237C333-BC29-494B-8C55-A367CCB1C742}G:\fortnite_epic\epic games\gtav\gta5.exe] => (Allow) G:\fortnite_epic\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{CC336077-1BA2-40EE-B5EC-949559F86629}G:\warzone\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\warzone\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{EBDB66F9-7435-4DDD-A86E-9BCBCD550AA1}G:\warzone\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\warzone\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{20AAB9DE-1A12-4546-B975-3556A781BD42}] => (Allow) G:\Steam\Steam(1)\steamapps\common\Hospital Tycoon\HospitalTycoon.exe => No File
FirewallRules: [{7B0D95DD-6A70-445B-9505-C8196E69A4FD}] => (Allow) G:\Steam\Steam(1)\steamapps\common\Hospital Tycoon\HospitalTycoon.exe => No File
FirewallRules: [{0FB552AD-9467-4ECD-A5B2-B2CF16E1F8CD}] => (Allow) G:\Steam\Steam(1)\steamapps\common\Deceit\bin\win_x64\Deceit.exe => No File
FirewallRules: [{600B562B-19DA-4262-B95D-A8C9C5127E13}] => (Allow) G:\Steam\Steam(1)\steamapps\common\Deceit\bin\win_x64\Deceit.exe => No File
FirewallRules: [UDP Query User{78F6FFD1-9154-47D4-B561-CD9FA80246AB}G:\ra2\red alert 2\game.exe] => (Block) G:\ra2\red alert 2\game.exe => No File
FirewallRules: [TCP Query User{0B2B33EE-7F79-460F-85D0-88094564C29C}G:\ra2\red alert 2\game.exe] => (Block) G:\ra2\red alert 2\game.exe => No File
FirewallRules: [UDP Query User{E50B186D-D184-4A99-A858-6EF158A8EE1E}G:\red alert 2\game.exe] => (Allow) G:\red alert 2\game.exe => No File
FirewallRules: [TCP Query User{0E781592-52A5-40E9-ACA7-11159C6AE15F}G:\red alert 2\game.exe] => (Allow) G:\red alert 2\game.exe => No File
FirewallRules: [UDP Query User{EA7B967F-DF75-4CDD-A7FC-7E1406A07FC0}G:\warzone\cod\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\warzone\cod\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{3514C7D7-63BB-4823-8A42-14963CC7F5C6}G:\warzone\cod\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\warzone\cod\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{AD17B83D-CD1F-45AA-AFD5-D42B366A25BC}] => (Allow) C:\Users\hadyu\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [UDP Query User{6A52296E-00EE-4216-8511-75E7A5D38DC1}G:\solidworks\solidworks\photoview\photoview360.exe] => (Allow) G:\solidworks\solidworks\photoview\photoview360.exe => No File
FirewallRules: [TCP Query User{A73E9C8D-460A-420E-8FA4-609C82E4F792}G:\solidworks\solidworks\photoview\photoview360.exe] => (Allow) G:\solidworks\solidworks\photoview\photoview360.exe => No File
FirewallRules: [{103C371B-0C55-470F-BA1C-7B3BDFDC93D4}] => (Allow) G:\Steam\Steam(1)\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{D8D37425-868D-4D0C-9D94-9671A62A2FC0}] => (Allow) G:\Steam\Steam(1)\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{EE2C3823-DF53-49EA-A5CB-E178022E49DF}] => (Allow) G:\League Of legends\Riot Games\League of Legends\LeagueClient.exe => No File
FirewallRules: [{9E8B80A8-07C3-424E-A771-E600D59F108F}] => (Allow) G:\League Of legends\Riot Games\League of Legends\LeagueClient.exe => No File
FirewallRules: [UDP Query User{392F9F37-F783-448F-9C15-6B0539B2FD94}C:\users\hadyu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hadyu\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{91A0CACF-1DDE-4806-A65D-460D0AA8E7F9}C:\users\hadyu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hadyu\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{E3CBA274-91CF-42D7-B5DC-635B28B059EB}G:\steam\steam(1)\steamapps\common\gravitas\skyark\binaries\win64\drop-win64-shipping.exe] => (Allow) G:\steam\steam(1)\steamapps\common\gravitas\skyark\binaries\win64\drop-win64-shipping.exe => No File
FirewallRules: [TCP Query User{04002625-D395-4847-B8ED-CE4ADEE4A2DE}G:\steam\steam(1)\steamapps\common\gravitas\skyark\binaries\win64\drop-win64-shipping.exe] => (Allow) G:\steam\steam(1)\steamapps\common\gravitas\skyark\binaries\win64\drop-win64-shipping.exe => No File
FirewallRules: [{896B8185-B1CD-4C7B-B8ED-D25A635E88AE}] => (Allow) G:\Steam\Steam(1)\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe => No File
FirewallRules: [{AF6E792E-F89A-40C4-B16B-F9282DEC0E16}] => (Allow) G:\Steam\Steam(1)\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe => No File
FirewallRules: [UDP Query User{4EA2DD37-0598-44EF-84C9-E0717C4178D0}G:\league of legends\riot games\league of legends\game\league of legends.exe] => (Allow) G:\league of legends\riot games\league of legends\game\league of legends.exe => No File
FirewallRules: [TCP Query User{057B3907-5FD7-45FC-8D2F-B5B591F52FC8}G:\league of legends\riot games\league of legends\game\league of legends.exe] => (Allow) G:\league of legends\riot games\league of legends\game\league of legends.exe => No File
FirewallRules: [{E3BF480D-5887-418E-995D-06E802EE30FC}] => (Allow) G:\Steam\Steam(1)\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1303CAFD-55DD-4FA7-83D3-93653AFB5325}] => (Allow) G:\Steam\Steam(1)\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{ED02C57A-5F99-4861-A5B6-52A4CAF5A76B}] => (Allow) G:\Steam\Steam(1)\Steam.exe => No File
FirewallRules: [{D5D0C9B8-876E-4D71-A4CA-E06DB149274A}] => (Allow) G:\Steam\Steam(1)\Steam.exe => No File
FirewallRules: [TCP Query User{6403A29A-ED0D-4DC4-AC65-19B8E22FB0C7}H:\amongus\among.us.v2020.11.4s\among us\among us.exe] => (Allow) H:\amongus\among.us.v2020.11.4s\among us\among us.exe => No File
FirewallRules: [UDP Query User{D20ECBC4-24AB-4882-A3AF-CC97694C7013}H:\amongus\among.us.v2020.11.4s\among us\among us.exe] => (Allow) H:\amongus\among.us.v2020.11.4s\among us\among us.exe => No File
FirewallRules: [{AB801FD4-C451-4B73-BDB3-8C62DF4BD64F}] => (Allow) H:\Steam\Steam(1)\steamapps\common\wallpaper_engine\launcher.exe => No File
FirewallRules: [{D9245DEA-01CD-4E15-8067-38F55524BA9C}] => (Allow) H:\Steam\Steam(1)\steamapps\common\wallpaper_engine\launcher.exe => No File
FirewallRules: [{8C6B5C99-972D-4A9D-A631-4A8EB09599B1}] => (Allow) H:\Steam\Steam(1)\steamapps\common\Among Us\Among Us.exe => No File
FirewallRules: [{30FEC81B-4E05-4F6A-81BC-A9FA3240F3F9}] => (Allow) H:\Steam\Steam(1)\steamapps\common\Among Us\Among Us.exe => No File
FirewallRules: [{B6AAD8CD-5235-48B5-A424-728BC91D83E9}] => (Allow) H:\Fortnite_Epic\Epic Games\Warframe\Downloaded\Tools\Launcher.exe => No File
FirewallRules: [{6C8F3C4A-45AE-4644-9E71-7B2FCAA7E681}] => (Allow) H:\Fortnite_Epic\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{C095D797-9843-47D3-917D-CDF53932A9B7}] => (Allow) H:\Fortnite_Epic\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{BC2887C9-BEC9-4698-A1AF-2A9B9A48181A}] => (Allow) H:\Fortnite_Epic\Epic Games\Warframe\Downloaded\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{B7F1A840-7355-4E95-B040-30E5C755D339}] => (Allow) H:\Fortnite_Epic\Epic Games\Warframe\Downloaded\Tools\Launcher.exe => No File
FirewallRules: [{2D494170-C07B-41D6-BC32-FAC4E0853105}] => (Allow) H:\Fortnite_Epic\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{163C5AAC-A6C4-43B2-AC09-E12C6E215E6D}] => (Allow) H:\Fortnite_Epic\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{44D98867-A331-448B-AD71-24DB479567A7}] => (Allow) H:\Fortnite_Epic\Epic Games\Warframe\Downloaded\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{B18DFE9B-165A-4484-927D-50011F617F05}] => (Allow) H:\Steam\Steam(1)\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => No File
FirewallRules: [{4C366A00-CCD3-49CF-83EC-97FB2CAA49A2}] => (Allow) H:\Steam\Steam(1)\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => No File
FirewallRules: [{ECE21A98-709D-4317-A891-A2D6D88A3849}] => (Allow) H:\Steam\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{43A94FEF-B84C-48B6-BD08-BD27A868527F}] => (Allow) H:\Steam\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{24A64E2E-301A-4AF3-BD7A-D74492766F66}C:\users\hadyu\appdata\roaming\twitch\bin\electron\twitchui.exe] => (Block) C:\users\hadyu\appdata\roaming\twitch\bin\electron\twitchui.exe => No File
FirewallRules: [UDP Query User{9E025C71-0705-4E92-A3A1-A01DEB618A90}C:\users\hadyu\appdata\roaming\twitch\bin\electron\twitchui.exe] => (Block) C:\users\hadyu\appdata\roaming\twitch\bin\electron\twitchui.exe => No File
FirewallRules: [{B44BE587-4D79-4C0C-8252-4B2C427D9B10}] => (Allow) G:\Driver updates\DriverEasy\DriverEasy.exe => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
"MBAMChameleon" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMChameleon => \SystemRoot\System32\Drivers\MbamChameleon.sys <==== ATTENTION (Rootkit!/Locked Service)
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. What programs did you uninstal?
  2. The fixlog.txt
 
Last edited:

Heeezy

Thread Starter
Joined
May 5, 2021
Messages
12
First let me show my appreciation.
The fact you took the time to actually go through those logs is commendable.
And your extensive reply showed me how messed up my PC has became over the year.


I have deleted uTorrent,
Uninstalled alot of the "not legal" software, I will get around to deleting the rest soon. ty for the heads up.
You motivated me to look throught my list of programms and drivers and get rid of alot of useless things too.

A malwarebyte deep scan revealed a few fishy files so I solved that too.

I followed Step 3 and 5. (ah I ran step 5 twice)

After the restart, I still cant delete solidworks, and receive this error when I try (bare in mind, that folder does not exist)

1620293818206.png
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
First let me show my appreciation.
The fact you took the time to actually go through those logs is commendable.
And your extensive reply showed me how messed up my PC has became over the year.
You are very welcome. :)

The Solidworks file seems to be in G. We will see about it later. As for the fixlog, it seems that it did its job from the first time, since there is the indication Not found for the majority of the entries.

Can I see please the Malwarebytes report?
  • Open Malwarebytes, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.
After that...

Run AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
 
Last edited:

Heeezy

Thread Starter
Joined
May 5, 2021
Messages
12
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-06-2021
# Duration: 00:00:05
# OS: Windows 10 Pro
# Scanned: 31986
# Detected: 4


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.BitDriverUpdater C:\Users\hadyu\AppData\Roaming\Bit Guardian

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.BitDriverUpdater HKCU\Software\Bit Guardian
PUP.Optional.BitDriverUpdater HKLM\Software\Bit Guardian
PUP.Optional.InstallCore HKCU\Software\csastats

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########



-----------------------------------------------------------------------------------------------------------------

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 05/05/2021
Scan Time: 23:29
Log File: 5d5b818e-adf1-11eb-8c6d-a85e45179d05.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.40147
Licence: Free

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: HomeBuild\hadyu

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1483458
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 4 hr, 16 min, 54 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Malware.Heuristic.1003, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Choregraphe Suite 2.5.10.7, Quarantined, 1000001, 0, , , , , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 5
Malware.Heuristic.1001, C:\KEIL_V5\ARM\ARMCC\BIN\ARMCOMPILER_LIBFNP.DLL, Quarantined, 1000001, 0, 1.0.40147, 0000000000000000000003E9, dds, 01232213, 7C28A8BECA26C00551A40225283E8A63, C8F63AC7F64693DF1AA7CC9E2E8663533A607A39A8A005F366CCB1AFAAB0EC76
Malware.Heuristic.1001, C:\KEIL_V5\ARM\ARMCLANG\BIN\ARMCOMPILER_LIBFNP.DLL, Quarantined, 1000001, 0, 1.0.40147, 0000000000000000000003E9, dds, 01232213, 2CB01CF39A34F58DAFA1FD92A5A54532, 06805D6D9CFDBECC24528939A4836625EBEFA8D7A132BA9F60454AAB9900BC87
Malware.Heuristic.1001, C:\KEIL_V5\ARM\BIN\ARM.DLL, Quarantined, 1000001, 0, 1.0.40147, 0000000000000000000003E9, dds, 01232213, 8235AFA1B266F76BAC682632F1DEF890, CFA9C38E2F9990FA4A5D93FCDE0A2DCB4A1AB579A8F086D7AC6B3ABE9DB152C5
Malware.Heuristic.1001, C:\KEIL_V5\UV4\UV4.DLL, Quarantined, 1000001, 0, 1.0.40147, 0000000000000000000003E9, dds, 01232213, 8235AFA1B266F76BAC682632F1DEF890, CFA9C38E2F9990FA4A5D93FCDE0A2DCB4A1AB579A8F086D7AC6B3ABE9DB152C5
Malware.Heuristic.1003, C:\PROGRAM FILES (X86)\SOFTBANK ROBOTICS\CHOREGRAPHE SUITE 2.5\BIN\UNINSTALL.EXE, Quarantined, 1000001, 0, 1.0.40147, 0000000000000000000003EB, dds, 01232213, BF4AD36276EDC295F211B8327B0BFF2D, 90E63779A621FDAA1A2E64C3437F19804E3F0ED130EF49139F988CB0A3C04401

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


---------------------------------------------------------------------------------------------------------------
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
Thanks.

Let's clean what AdwCleaner detected as PUPs (Potentially Unwanted Programs). After that, I would like to see fresh FRST logs.

1. AdwCleaner (Clean mode)

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it (No preinstalled software was found, so you can skip these sub-steps).
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

In your next reply please post:
  1. The AdwCleaner[C0*].txt
  2. The fresh FRST logs, FRST.txt and Addition.txt
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
I will review them tomorrow morning. Here it’s almost 11p.m. now. :sleep:
 
Last edited:

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
Hi, Heeezy.

Let's move on. :)

1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2019 Fast Start.lnk"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1381896349-640839226-3745289206-1001\...\StartupApproved\Run: => "uTorrent"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1381896349-640839226-3745289206-1001\...\StartupApproved\StartupFolder: => "DS4Windows.lnk"
HKU\S-1-5-21-1381896349-640839226-3745289206-1001\...\StartupApproved\Run: => "Overwolf"
FirewallRules: [UDP Query User{CDB8F1A9-2DA6-4BC0-953B-26FDD0E9AFE4}C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\monitor-bin.exe] => (Allow) C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\monitor-bin.exe => No File
FirewallRules: [TCP Query User{65070E56-6760-4E80-970F-45A4B8DDDF6A}C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\monitor-bin.exe] => (Allow) C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\monitor-bin.exe => No File
FirewallRules: [UDP Query User{6D8B0016-6D82-4BBD-81BA-EB93D7932931}H:\red alert\red alert 2 yuri's revenge\game.exe] => (Block) H:\red alert\red alert 2 yuri's revenge\game.exe => No File
FirewallRules: [TCP Query User{A5ADDDED-B054-45A2-9762-05CD70F15628}H:\red alert\red alert 2 yuri's revenge\game.exe] => (Block) H:\red alert\red alert 2 yuri's revenge\game.exe => No File
FirewallRules: [UDP Query User{3FAFC67C-5362-4058-8139-25AD39B6954A}C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\choregraphe-bin.exe] => (Allow) C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\choregraphe-bin.exe => No File
FirewallRules: [TCP Query User{C6E5243E-9500-40A8-A28E-51175DB19C3F}C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\choregraphe-bin.exe] => (Allow) C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\choregraphe-bin.exe => No File
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1381896349-640839226-3745289206-1001\...\Run: [uTorrent] => "C:\Users\hadyu\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
C:\Users\Public\SWInstallSOLIDWORKS 2019.xml
C:\Users\hadyu\AppData\Roaming\DS4Windows
C:\Program Files (x86)\Common Files\Wondershare
C:\Users\hadyu\AppData\Roaming\uTorrent
C:\WINDOWS\System32\drivers\Hamdrv.sys
G:\Solidworks
Startup: C:\Users\hadyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2021-04-21]
ShortcutTarget: DS4Windows.lnk -> G:\Ps4 Controller\DS4Windows_2.0.13_x64\DS4Windows\DS4Windows.exe (No File)
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

2. Uninstall SOLIDWORKS
  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
Code:
SOLIDWORKS
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the SOLIDWORKS items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.

In your next reply please post:
  1. The fixlog.txt
  2. What happened with SOLIDWORKS
 

Heeezy

Thread Starter
Joined
May 5, 2021
Messages
12
Hi, Heeezy.

Let's move on. :)

1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2019 Fast Start.lnk"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1381896349-640839226-3745289206-1001\...\StartupApproved\Run: => "uTorrent"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1381896349-640839226-3745289206-1001\...\StartupApproved\StartupFolder: => "DS4Windows.lnk"
HKU\S-1-5-21-1381896349-640839226-3745289206-1001\...\StartupApproved\Run: => "Overwolf"
FirewallRules: [UDP Query User{CDB8F1A9-2DA6-4BC0-953B-26FDD0E9AFE4}C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\monitor-bin.exe] => (Allow) C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\monitor-bin.exe => No File
FirewallRules: [TCP Query User{65070E56-6760-4E80-970F-45A4B8DDDF6A}C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\monitor-bin.exe] => (Allow) C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\monitor-bin.exe => No File
FirewallRules: [UDP Query User{6D8B0016-6D82-4BBD-81BA-EB93D7932931}H:\red alert\red alert 2 yuri's revenge\game.exe] => (Block) H:\red alert\red alert 2 yuri's revenge\game.exe => No File
FirewallRules: [TCP Query User{A5ADDDED-B054-45A2-9762-05CD70F15628}H:\red alert\red alert 2 yuri's revenge\game.exe] => (Block) H:\red alert\red alert 2 yuri's revenge\game.exe => No File
FirewallRules: [UDP Query User{3FAFC67C-5362-4058-8139-25AD39B6954A}C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\choregraphe-bin.exe] => (Allow) C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\choregraphe-bin.exe => No File
FirewallRules: [TCP Query User{C6E5243E-9500-40A8-A28E-51175DB19C3F}C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\choregraphe-bin.exe] => (Allow) C:\program files (x86)\softbank robotics\choregraphe suite 2.5\bin\choregraphe-bin.exe => No File
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1381896349-640839226-3745289206-1001\...\Run: [uTorrent] => "C:\Users\hadyu\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
C:\Users\Public\SWInstallSOLIDWORKS 2019.xml
C:\Users\hadyu\AppData\Roaming\DS4Windows
C:\Program Files (x86)\Common Files\Wondershare
C:\Users\hadyu\AppData\Roaming\uTorrent
C:\WINDOWS\System32\drivers\Hamdrv.sys
G:\Solidworks
Startup: C:\Users\hadyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2021-04-21]
ShortcutTarget: DS4Windows.lnk -> G:\Ps4 Controller\DS4Windows_2.0.13_x64\DS4Windows\DS4Windows.exe (No File)
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

2. Uninstall SOLIDWORKS
  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
Code:
SOLIDWORKS
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the SOLIDWORKS items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.

In your next reply please post:
  1. The fixlog.txt
  2. What happened with SOLIDWORKS
Finally deleted.

I think my PC is as clean as it has ever been. Thank you so much Dr.M
I attached the fixlog for you. But I am happy for you to close this thread.
You have helped me immensely. cleaned my PC. Fixed errors I did not know I had.
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top