Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lenovo laptop slows down temporarily

Started by paulelsa , Mar 01 2025 09:43 PM

  • Please log in to reply

#16
DR M
Posted 09 March 2025 - 07:29 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hello.
 
The following fix will remove the torrent client's remnants. It won't remove your downloads via the client.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\Prefetch\QBITTORRENT.EXE-D7E686C7.pf
C:\Users\paule\Downloads\qbittorrent_4.5.4_x64_setup.exe
C:\Users\paule\Downloads\qbittorrent_4.6.2_x64_setup (1).exe
C:\Users\paule\Downloads\qbittorrent_4.6.2_x64_setup (2).exe
C:\Users\paule\Downloads\qbittorrent_4.6.2_x64_setup.exe
C:\Users\paule\Desktop\qBittorrent.lnk
C:\Users\paule\AppData\Roaming\qBittorrent
C:\Users\paule\AppData\Roaming\Microsoft\Windows\Recent\search-msquery=itorrent.pdf&crumb=kinddocs.lnk
C:\Users\paule\AppData\Roaming\Microsoft\Windows\Recent\utorrent-1.lnk
C:\Users\paule\AppData\Roaming\Microsoft\Windows\Recent\utorrent.lnk
C:\Users\paule\AppData\Local\qBittorrent
C:\Program Files\qBittorrent
C:\FRST\Quarantine\C\Users\paule\AppData\Roaming\qBittorrent
C:\Users\paule\OneDrive\Documents\Recover\Paul Robinson\AppData\Roaming\utorrent
C:\Users\paule\OneDrive\Documents\Recover\Paul Robinson\AppData\Roaming\uTorrent Web
C:\Users\paule\OneDrive\Documents\Recover\Paul Robinson\AppData\Roaming\BiglyBT\torrents
C:\Users\paule\OneDrive\Documents\Recover\Paul Robinson\AppData\Roaming\Azureus\torrents
C:\Users\paule\OneDrive\Documents\Recover\Paul Robinson\AppData\LocalLow\uTorrent.WebView2
C:\Users\paule\OneDrive\Documents\Recover\Paul Robinson\AppData\Local\BitTorrentHelper
C:\Users\paule\OneDrive\Documents\Recover\Paul Robinson\AppData\Local\transmission\Torrents
C:\Users\paule\AppData\Roaming\bittorrent
C:\Users\paule\AppData\Local\BitTorrentHelper

StartRegedit:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2414797706-3836927515-1130015698-1001]
"\Device\HarddiskVolume3\Program Files\qBittorrent"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{6FFF933C-638D-4890-98A8-0D8B6CFAA05C}C:\program files\qbittorrent"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{D17701E8-7DFE-4DA5-A211-205FF5522E59}C:\program files\qbittorrent"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Control Panel\NotifyIconSettings\7835114734754729522]
"ExecutablePath"="{6D809377-6AF0-444B-8957-A3773F02200E}\qBittorrent"
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\BitTorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\BitTorrentPersist]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Google\Chrome\NativeMessagingHosts\com.utorrent.native]
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e23d722e_0]
""="{2}.\\?\hdaudio#subfunc_01&ven_8086&dev_281c&nid_0001&subsys_00000000&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\ehdmiouttopo/00010001|\Device\HarddiskVolume3\Program Files\qBittorrent"
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"uTorrent_.torrent"=-
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$qbittorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$utorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~{6d809377-6af0-444b-8957-a3773f02200e}qbittorrentqbittorrent.exe]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~{6d809377-6af0-444b-8957-a3773f02200e}qbittorrentuninst.exe]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$qbittorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$utorrent]
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"C:\Users\paule\AppData\Roaming\utorrent"=-
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\AppData\Roaming\utorrent"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\utorrent_installer.exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\utorrent_installer (1).exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\utorrent_installer (2).exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\utorrent_installer (3).exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\bittorrent_installer (1).exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\bittorrent_installer.exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\qbittorrent_4.5.4_x64_setup.exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\qBittorrent\qbittorrent.exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\qbittorrent_4.6.2_x64_setup.exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\qbittorrent_4.6.2_x64_setup (2).exe"=-
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.btapp]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.btinstall]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.btkey]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.btsearch]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.btskin]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.torrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\AppUserModelId\NotifyIconGeneratedAumid_7835114734754729522]
"DisplayName"="qBittorrent - A Bittorrent Client"
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\bittorrent]
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\qBittorrent"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\magnet\DefaultIcon]
""=""C:\Program Files\qBittorrent"
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\magnet\shell\open\command]
""=""C:\Program Files\qBittorrent"
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\uTorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\bittorrent]

Endregedit:

EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

 


  • 0

Advertisements

#17
paulelsa
Posted 09 March 2025 - 07:18 PM

paulelsa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Thank you very much .. here is fix log

Attached File  Fixlog.txt   14.72KB   26 downloads


  • 0

#18
DR M
Posted 10 March 2025 - 02:07 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hi!
 
The fix only deleted files/folders, not the registry entries. 
 
We will run it again, but via Safe mode.
 
To enter Safe mode:
 
1. Go to Settings.
2. Select "System" from the sidebar of the Settings App.
3. Select "Recovery."
4. Click the "Restart Now" button next to the title "Advanced Setup."
5. A pop-up dialogue box appears, prompting you to save your work before restarting, and then select "Restart Now."
6. Choose "Troubleshoot."
7. Select "Advanced Options" in Troubleshoot.
8. Select "Startup Settings" from the Advanced Options menu.
9. Click "Restart" in Startup Settings.
10. To enter Safe Mode, press the "4" key on your keyboard.

 

You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

 

Once you are in Safe mode, run the fix below, just like you did before:

start::
createrestorepoint:

StartRegedit:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2414797706-3836927515-1130015698-1001]
"\Device\HarddiskVolume3\Program Files\qBittorrent"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{6FFF933C-638D-4890-98A8-0D8B6CFAA05C}C:\program files\qbittorrent"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{D17701E8-7DFE-4DA5-A211-205FF5522E59}C:\program files\qbittorrent"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Control Panel\NotifyIconSettings\7835114734754729522]
"ExecutablePath"="{6D809377-6AF0-444B-8957-A3773F02200E}\qBittorrent"
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\BitTorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\BitTorrentPersist]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Google\Chrome\NativeMessagingHosts\com.utorrent.native]
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e23d722e_0]
""="{2}.\\?\hdaudio#subfunc_01&ven_8086&dev_281c&nid_0001&subsys_00000000&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\ehdmiouttopo/00010001|\Device\HarddiskVolume3\Program Files\qBittorrent"
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"uTorrent_.torrent"=-
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$qbittorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$utorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~{6d809377-6af0-444b-8957-a3773f02200e}qbittorrentqbittorrent.exe]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~{6d809377-6af0-444b-8957-a3773f02200e}qbittorrentuninst.exe]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$qbittorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{7de1b854-91c1-4154-badc-fd0bc83cd4fb}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$utorrent]
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"C:\Users\paule\AppData\Roaming\utorrent"=-
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\AppData\Roaming\utorrent"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\utorrent_installer.exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\utorrent_installer (1).exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\utorrent_installer (2).exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\utorrent_installer (3).exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\bittorrent_installer (1).exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\bittorrent_installer.exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\qbittorrent_4.5.4_x64_setup.exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\qBittorrent\qbittorrent.exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\qbittorrent_4.6.2_x64_setup.exe"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\paule\Downloads\qbittorrent_4.6.2_x64_setup (2).exe"=-
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.btapp]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.btinstall]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.btkey]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.btsearch]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.btskin]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\.torrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\AppUserModelId\NotifyIconGeneratedAumid_7835114734754729522]
"DisplayName"="qBittorrent - A Bittorrent Client"
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\bittorrent]
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\qBittorrent"=-
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\magnet\DefaultIcon]
""=""C:\Program Files\qBittorrent"
[HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\magnet\shell\open\command]
""=""C:\Program Files\qBittorrent"
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\uTorrent]
[-HKEY_USERS\S-1-5-21-2414797706-3836927515-1130015698-1001\Software\Classes\bittorrent]

Endregedit:

End::

Restart in normal mode and post here the created fixlog.txt.


  • 0

#19
paulelsa
Posted 10 March 2025 - 09:23 PM

paulelsa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Thanks Dr M - after giving myself a quick lesson in Bit Locker Recovery keys I managed to run in safe mode ... here's the fixlog

Attached File  Fixlog.txt   9.54KB   28 downloads

 I notice there was an error message at the end though - not sure if that affects the whole fix or just the one item.

 

Error: Restore point can only be created in normal mode.
Registry ====> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2414797706-3836927515-1130015698-1001 <==== Access Denied
Registry ====> ERROR: Error accessing the registry.

 


  • 0

#20
DR M
Posted 11 March 2025 - 05:43 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Yes...

 

There is an error, indicating that the fix didn't remove the registry items related with uTorrent. I could give you a fix to run in the Recovery Environment, but it doesn't worth it. 

 

How is the computer running now? 


  • 0

#21
paulelsa
Posted 11 March 2025 - 07:24 AM

paulelsa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Everything seems to be running smoothly now. Thank you for all your assistance over the past few days.


  • 0

#22
DR M
Posted 11 March 2025 - 08:43 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Great!
 
Some more maintenance with the following fix:

 

 

System File Check

  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
Reboot:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please attach the log in your next reply.

  • 0

#23
paulelsa
Posted 11 March 2025 - 03:50 PM

paulelsa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Thank you, here is the fixlog.

 

Attached File  Fixlog.txt   12.81KB   25 downloads


  • 0

#24
DR M
Posted 12 March 2025 - 06:31 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Everything looks fine.
 
If no other questions:

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.


  • 0

#25
paulelsa
Posted 12 March 2025 - 06:59 AM

paulelsa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

# Run at 12/03/2025 10:56:08 PM
# KpRm (Kernel-panik) version 2.18.0
# Website https://kernel-panik.me/tool/kprm/
# Run by paule from C:\Users\paule\Desktop
# Computer Name: PR
# OS: Windows 11 X64 (26100) (10.0.26100.3476)
# Number of passes: 1

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines

- Create Registry Backup -

   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\paule\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2025-03-12-22-56-08

- Delete Tools -


  ## ESET Online Scanner
     [OK] C:\Users\paule\Desktop\ESET Online Scanner.lnk deleted
     [OK] C:\Users\paule\Desktop\Antivirus Malware\ESET Online Scanner.lnk deleted
     [OK] C:\Users\paule\Downloads\esetonlinescanner.exe deleted
     [OK] C:\Users\paule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
     [OK] C:\Users\paule\AppData\Local\ESET\ESETOnlineScanner deleted

  ## FRST
     [OK] C:\Users\paule\Desktop\Antivirus Malware\Addition 170225.txt deleted
     [OK] C:\Users\paule\Desktop\Antivirus Malware\Addition.txt deleted
     [OK] C:\Users\paule\Desktop\Antivirus Malware\Fixlog.txt deleted
     [OK] C:\Users\paule\Desktop\Antivirus Malware\FRST 170225.txt deleted
     [OK] C:\Users\paule\Desktop\Antivirus Malware\FRST-OlderVersion deleted
     [OK] C:\Users\paule\Desktop\Antivirus Malware\FRST.txt deleted
     [OK] C:\Users\paule\Desktop\Antivirus Malware\FRST64.exe deleted
     [OK] C:\Users\paule\Desktop\Antivirus Malware\Search.txt deleted
     [OK] C:\Users\paule\Downloads\Addition.txt deleted
     [OK] C:\Users\paule\Downloads\Fixlog.txt deleted
     [OK] C:\Users\paule\Downloads\FRST (1).txt deleted
     [OK] C:\Users\paule\Downloads\FRST-OlderVersion deleted
     [OK] C:\Users\paule\Downloads\FRST.txt deleted
     [OK] C:\Users\paule\Downloads\FRST64.exe deleted
     [OK] C:\FRST deleted

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named Windows Update created at 03/10/2025 01:19:56 deleted
   ~ [OK] RP named Windows Modules Installer created at 03/11/2025 23:54:09 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ [I] RP named KpRm created at 03/12/2025 12:56:21

-- KPRM finished in 44.07s --


 


  • 0

Advertisements

#26
DR M
Posted 12 March 2025 - 11:04 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

All appears to be as it should be.

Now we know your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing. ZZZQehw.gif


I'm glad I was able to help you.


  • 0

#27
paulelsa
Posted 12 March 2025 - 02:51 PM

paulelsa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Thanks very much for your assistance and patience over several days. It’s amazing to have a service like Geeks To Go and the volunteers who support those who have nowhere else to turn in sorting out computer problems. I’ve identified quite a few unused programs I need to delete and I’ll take on board your suggestions to keep my device clean 


  • 0

#28
DR M
Posted 12 March 2025 - 03:04 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts
You are very welcome, my friend.
Wise decision to get rid of programs you don’t use/need. You certainly have a lot of stuff to check. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP