Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023 Ran by madog (16-10-2023 16:04:04) Run:2 Running from C:\Users\madog\Downloads Loaded Profiles: madog & adminmadogrul & Administrator Boot Mode: Normal ============================================== fixlist content: ***************** Start:: CloseProcesses: CreateRestorePoint: SystemRestore: On HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\MountPoints2: {db7a9914-642e-11ec-98af-5cf370a60e36} - "H:\setup.exe" /AUTORUN Startup: C:\Users\madog\AppData\Local\Temp\\.ses [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\27840b60-7877-482a-9a91-431ae098a327.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5198509849.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5208510059.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5218510999.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5228512146.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5238513351.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5248514632.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5258515816.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5278516962.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5288518185.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5298519509.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5308520805.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5468536344.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\58895162-0506-443d-9f97-84d0143fc942.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6833235423.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6843235612.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6853236673.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6863237908.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6873239154.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6883240468.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6903241733.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6913242945.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6923244205.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6943245499.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6953246734.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\acrobat_sbx [] Startup: C:\Users\madog\AppData\Local\Temp\\acrord32_super_sbx [] Startup: C:\Users\madog\AppData\Local\Temp\\Adobe [] Startup: C:\Users\madog\AppData\Local\Temp\\AdobeARM.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\AdobeVulcan [] Startup: C:\Users\madog\AppData\Local\Temp\\AuProjectTemp [] Startup: C:\Users\madog\AppData\Local\Temp\\c63528fd-b2a0-4ae6-8bd6-7fc33ffa9693.tmp [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\CEP11-PHXS.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CEP11-PPRO.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension-renderer.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom-renderer.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\cep_cache [] Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_1409748620 [] Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_1842460294 [] Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_583500575 [] Startup: C:\Users\madog\AppData\Local\Temp\\com.adobe.dynamiclinkmanagerLR6 [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\crash_repo_pref.txt [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CreativeCloud [] Startup: C:\Users\madog\AppData\Local\Temp\\cv_debug.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\e1f647af-35bd-4b85-a5bd-dcf885df17f5.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\EAClient [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_12400_2098176153 [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_16424_592201892 [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_275944106 [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_733106763 [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_938001874 [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_960986859 [] Startup: C:\Users\madog\AppData\Local\Temp\\ee959402-2391-4955-8b4b-0b2477514437.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\InterOP_CCD_Logs.txt [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\mat-debug-13320.log [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\mat-debug-9796.log [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\NGL [] Startup: C:\Users\madog\AppData\Local\Temp\\oobelib.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\PDApp.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\PhotoshopCrashes [] Startup: C:\Users\madog\AppData\Local\Temp\\PProIngestPresetsCacheV07.json [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\qtsingleapp-Pentab-9c9b-1-lockfile [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\skyeTemp [] Startup: C:\Users\madog\AppData\Local\Temp\\StructuredQuery.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\TeamViewer [] Startup: C:\Users\madog\AppData\Local\Temp\\UXP [] Startup: C:\Users\madog\AppData\Local\Temp\\wct6D44.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\wct824D.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\wctB265.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\wctD04E.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\{006F4810-3E6D-47DC-A13C-3D09CA453103} [] Startup: C:\Users\madog\AppData\Local\Temp\\{08F53BCF-CAD2-4D96-8D3B-318CB2BF2EB3} [] Startup: C:\Users\madog\AppData\Local\Temp\\{22832E8B-BBAC-4A5C-B061-88F6C8668939} [] Startup: C:\Users\madog\AppData\Local\Temp\\{2C277E47-B4EA-42F9-B161-F36F2A53F983} [] Startup: C:\Users\madog\AppData\Local\Temp\\{38A41D70-660B-4AB0-9E37-737DA49E9F98} [] Startup: C:\Users\madog\AppData\Local\Temp\\{467FD69C-36A0-4BE3-8F0D-83091525DFDB} [] Startup: C:\Users\madog\AppData\Local\Temp\\{46D8A504-A2D2-4C64-89D3-7B7CE574A33E} [] Startup: C:\Users\madog\AppData\Local\Temp\\{4A24A076-AB6F-4D4F-815A-2DB40CEF855F} [] Startup: C:\Users\madog\AppData\Local\Temp\\{4CFC9E85-A2EC-49F0-A164-2C91FA8FDD51} [] Startup: C:\Users\madog\AppData\Local\Temp\\{6190ADB1-B1C0-4805-85CE-40B9A6338D52} [] Startup: C:\Users\madog\AppData\Local\Temp\\{6C051795-AA4D-434D-BDC8-E5E9563C20B1} [] Startup: C:\Users\madog\AppData\Local\Temp\\{77EB9E16-E349-439B-9B6F-810053F0DB5A} [] Startup: C:\Users\madog\AppData\Local\Temp\\{842C2E66-0450-4B00-BB42-B81BAE1D9C6E} [] Startup: C:\Users\madog\AppData\Local\Temp\\{84FE7A5A-556F-45B8-92CF-F5DBA00F1F25} [] Startup: C:\Users\madog\AppData\Local\Temp\\{9BDAD52C-6EA2-45F1-AB19-4076140DBCD3} [] Startup: C:\Users\madog\AppData\Local\Temp\\{AB872A5B-013C-4820-A50C-4E6BC4BB95E6} [] Startup: C:\Users\madog\AppData\Local\Temp\\{ABC3463D-560C-4AB6-B726-CE4CA8F2194B} [] Startup: C:\Users\madog\AppData\Local\Temp\\{BF708D00-C1BB-494E-8C51-5F12E241C9FF} - OProcSessId.dat [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\{C56142A4-642D-4559-A918-0FE690BDE362} - OProcSessId.dat [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\{C60CDF77-6434-446E-BB85-6A5C23D43CA9} [] Startup: C:\Users\madog\AppData\Local\Temp\\{C8B1BD54-75CE-4A7C-94AA-643C2E30700E} [] Startup: C:\Users\madog\AppData\Local\Temp\\{DA3B6C02-6383-46A9-BB19-C0644D939071} [] Startup: C:\Users\madog\AppData\Local\Temp\\{DC495439-C06D-43F7-8C48-E047C3FC8C67} [] Startup: C:\Users\madog\AppData\Local\Temp\\{DDBE3C99-18FE-4095-A9E2-A0A532DD77D4} [] Startup: C:\Users\madog\AppData\Local\Temp\\{E7A53EDD-B726-476F-B2B9-06B7F467C0F3} [] Startup: C:\Users\madog\AppData\Local\Temp\\{E9DA7674-CC3B-4151-B098-AC2BD8A06649} [] Startup: C:\Users\madog\AppData\Local\Temp\\{EA6A136E-C5F4-45D2-83E2-82539EB58910} [] HKLM\SYSTEM\ControlSet001\Services\Bonjour Service => "C:\Program Files\Bonjour\mDNSResponder.exe" <==== ATTENTION (Rootkit!/Locked Service) EmptyTemp: Reboot: End:: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. SystemRestore: On => completed HKU\S-1-5-21-2330798512-3083080254-602287269-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db7a9914-642e-11ec-98af-5cf370a60e36} => removed successfully "C:\Users\madog\AppData\Local\Temp\\.ses" => not found "C:\Users\madog\AppData\Local\Temp\\27840b60-7877-482a-9a91-431ae098a327.tmp" => not found "C:\Users\madog\AppData\Local\Temp\\5198509849.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\5208510059.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\5218510999.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\5228512146.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\5238513351.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\5248514632.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\5258515816.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\5278516962.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\5288518185.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\5298519509.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\5308520805.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\5468536344.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\58895162-0506-443d-9f97-84d0143fc942.tmp" => not found "C:\Users\madog\AppData\Local\Temp\\6833235423.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\6843235612.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\6853236673.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\6863237908.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\6873239154.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\6883240468.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\6903241733.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\6913242945.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\6923244205.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\6943245499.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\6953246734.jpg" => not found "C:\Users\madog\AppData\Local\Temp\\acrobat_sbx" => not found "C:\Users\madog\AppData\Local\Temp\\acrord32_super_sbx" => not found "C:\Users\madog\AppData\Local\Temp\\Adobe" => not found "C:\Users\madog\AppData\Local\Temp\\AdobeARM.log" => not found "C:\Users\madog\AppData\Local\Temp\\AdobeVulcan" => not found "C:\Users\madog\AppData\Local\Temp\\AuProjectTemp" => not found "C:\Users\madog\AppData\Local\Temp\\c63528fd-b2a0-4ae6-8bd6-7fc33ffa9693.tmp" => not found "C:\Users\madog\AppData\Local\Temp\\CEP11-PHXS.log" => not found "C:\Users\madog\AppData\Local\Temp\\CEP11-PPRO.log" => not found "C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension-renderer.log" => not found "C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension.log" => not found "C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom-renderer.log" => not found "C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom.log" => not found "C:\Users\madog\AppData\Local\Temp\\cep_cache" => not found "C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_1409748620" => not found "C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_1842460294" => not found "C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_583500575" => not found "C:\Users\madog\AppData\Local\Temp\\com.adobe.dynamiclinkmanagerLR6" => not found "C:\Users\madog\AppData\Local\Temp\\crash_repo_pref.txt" => not found "C:\Users\madog\AppData\Local\Temp\\CreativeCloud" => not found "C:\Users\madog\AppData\Local\Temp\\cv_debug.log" => not found "C:\Users\madog\AppData\Local\Temp\\e1f647af-35bd-4b85-a5bd-dcf885df17f5.tmp" => not found "C:\Users\madog\AppData\Local\Temp\\EAClient" => not found "C:\Users\madog\AppData\Local\Temp\\edge_BITS_12400_2098176153" => not found "C:\Users\madog\AppData\Local\Temp\\edge_BITS_16424_592201892" => not found "C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_275944106" => not found "C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_733106763" => not found "C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_938001874" => not found "C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_960986859" => not found "C:\Users\madog\AppData\Local\Temp\\ee959402-2391-4955-8b4b-0b2477514437.tmp" => not found "C:\Users\madog\AppData\Local\Temp\\InterOP_CCD_Logs.txt" => not found "C:\Users\madog\AppData\Local\Temp\\mat-debug-13320.log" => not found "C:\Users\madog\AppData\Local\Temp\\mat-debug-9796.log" => not found "C:\Users\madog\AppData\Local\Temp\\NGL" => not found "C:\Users\madog\AppData\Local\Temp\\oobelib.log" => not found "C:\Users\madog\AppData\Local\Temp\\PDApp.log" => not found "C:\Users\madog\AppData\Local\Temp\\PhotoshopCrashes" => not found "C:\Users\madog\AppData\Local\Temp\\PProIngestPresetsCacheV07.json" => not found "C:\Users\madog\AppData\Local\Temp\\qtsingleapp-Pentab-9c9b-1-lockfile" => not found "C:\Users\madog\AppData\Local\Temp\\skyeTemp" => not found "C:\Users\madog\AppData\Local\Temp\\StructuredQuery.log" => not found "C:\Users\madog\AppData\Local\Temp\\TeamViewer" => not found "C:\Users\madog\AppData\Local\Temp\\UXP" => not found "C:\Users\madog\AppData\Local\Temp\\wct6D44.tmp" => not found "C:\Users\madog\AppData\Local\Temp\\wct824D.tmp" => not found "C:\Users\madog\AppData\Local\Temp\\wctB265.tmp" => not found "C:\Users\madog\AppData\Local\Temp\\wctD04E.tmp" => not found "C:\Users\madog\AppData\Local\Temp\\{006F4810-3E6D-47DC-A13C-3D09CA453103}" => not found "C:\Users\madog\AppData\Local\Temp\\{08F53BCF-CAD2-4D96-8D3B-318CB2BF2EB3}" => not found "C:\Users\madog\AppData\Local\Temp\\{22832E8B-BBAC-4A5C-B061-88F6C8668939}" => not found "C:\Users\madog\AppData\Local\Temp\\{2C277E47-B4EA-42F9-B161-F36F2A53F983}" => not found "C:\Users\madog\AppData\Local\Temp\\{38A41D70-660B-4AB0-9E37-737DA49E9F98}" => not found "C:\Users\madog\AppData\Local\Temp\\{467FD69C-36A0-4BE3-8F0D-83091525DFDB}" => not found "C:\Users\madog\AppData\Local\Temp\\{46D8A504-A2D2-4C64-89D3-7B7CE574A33E}" => not found "C:\Users\madog\AppData\Local\Temp\\{4A24A076-AB6F-4D4F-815A-2DB40CEF855F}" => not found "C:\Users\madog\AppData\Local\Temp\\{4CFC9E85-A2EC-49F0-A164-2C91FA8FDD51}" => not found "C:\Users\madog\AppData\Local\Temp\\{6190ADB1-B1C0-4805-85CE-40B9A6338D52}" => not found "C:\Users\madog\AppData\Local\Temp\\{6C051795-AA4D-434D-BDC8-E5E9563C20B1}" => not found "C:\Users\madog\AppData\Local\Temp\\{77EB9E16-E349-439B-9B6F-810053F0DB5A}" => not found "C:\Users\madog\AppData\Local\Temp\\{842C2E66-0450-4B00-BB42-B81BAE1D9C6E}" => not found "C:\Users\madog\AppData\Local\Temp\\{84FE7A5A-556F-45B8-92CF-F5DBA00F1F25}" => not found "C:\Users\madog\AppData\Local\Temp\\{9BDAD52C-6EA2-45F1-AB19-4076140DBCD3}" => not found "C:\Users\madog\AppData\Local\Temp\\{AB872A5B-013C-4820-A50C-4E6BC4BB95E6}" => not found "C:\Users\madog\AppData\Local\Temp\\{ABC3463D-560C-4AB6-B726-CE4CA8F2194B}" => not found "C:\Users\madog\AppData\Local\Temp\\{BF708D00-C1BB-494E-8C51-5F12E241C9FF} - OProcSessId.dat" => not found "C:\Users\madog\AppData\Local\Temp\\{C56142A4-642D-4559-A918-0FE690BDE362} - OProcSessId.dat" => not found "C:\Users\madog\AppData\Local\Temp\\{C60CDF77-6434-446E-BB85-6A5C23D43CA9}" => not found "C:\Users\madog\AppData\Local\Temp\\{C8B1BD54-75CE-4A7C-94AA-643C2E30700E}" => not found "C:\Users\madog\AppData\Local\Temp\\{DA3B6C02-6383-46A9-BB19-C0644D939071}" => not found "C:\Users\madog\AppData\Local\Temp\\{DC495439-C06D-43F7-8C48-E047C3FC8C67}" => not found "C:\Users\madog\AppData\Local\Temp\\{DDBE3C99-18FE-4095-A9E2-A0A532DD77D4}" => not found "C:\Users\madog\AppData\Local\Temp\\{E7A53EDD-B726-476F-B2B9-06B7F467C0F3}" => not found "C:\Users\madog\AppData\Local\Temp\\{E9DA7674-CC3B-4151-B098-AC2BD8A06649}" => not found "C:\Users\madog\AppData\Local\Temp\\{EA6A136E-C5F4-45D2-83E2-82539EB58910}" => not found HKLM\SYSTEM\ControlSet001\Services\Bonjour Service => "C:\Program Files\Bonjour\mDNSResponder.exe" <==== ATTENTION (Rootkit!/Locked Service) => Error: No automatic fix found for this entry. =========== EmptyTemp: ========== FlushDNS => completed BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30875329 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B Windows/system/drivers => 68403975 B Edge => 0 B Chrome => 478459030 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 12330 B NetworkService => 12330 B madog => 109059994 B adminmadogrul => 109059994 B Administrator => 109059994 B RecycleBin => 3165238 B EmptyTemp: => 866 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 16:04:15 ====