AdvancedSetup

Firefox's idea of privacy and my idea of privacy don't agree. My idea of privacy is to 100% NEVER collect ANY data unless I specifically and personally enable it and not some update or installation setting it to collect by default. See what’s changing in Firefox: Better insights, same privacy https://blog.mozilla.org/en/products/firefox/firefox-search-update/ How do I opt-in or opt-out of sending performance data? https://support.mozilla.org/en-US/kb/share-data-mozilla-help-improve-firefox Telemetry collection and deletion https://support.mozilla.org/en-US/kb/telemetry-clientid about:telemetry Other settings

The current logs do not indicate any obvious infection, but let's go ahead and check with some other AV scanners just to make sure. Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe How to run a scan with Kaspersky Virus Removal Tool 2020 https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced mode https://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan https://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencrypt C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you

Perhaps backing your personal data to an external USB hard drive and doing a CLEAN install of Windows but then DO NOT use an Online Account with setting up your Windows profile. User a LOCAL account. Clean Install Windows 10 & 11 (2023) https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587 Also, please review the following topic Bypass Microsoft Online Account Creation during installation of Windows 11 https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/

Please download https://www.safezone.cc/resources/av-block-remover-avbr.224/download AV block remover, unzip it and run. If you possibly can't run it, just rename AVbr.exe -> AV-b-r.exe for instance and run. Or you can use this link to download a random named file to run: https://avbr.safezone.cc/rnd/ If this method doesn't work, run this tool NOT from your Desktop or Downloads folder (use any other folder). If the malware still blocks the utility, then try to run it in Safe Mode with Networking. Follow the instructions. After reboot you'll receive AV_block_remove_date-time.log. Please attach it to your next post.

Personally I'd go with Windows 11 as Windows 10 will go end of life next year

Good day @Qwerty2417 The current logs do not appear to indicate any type of infection. The loss of so much data would typically in most cases indicate either some type of controller IO error or hard drive failure. Malware typically would encrypt your data with a Ransomware attack, not remove the data. Way back many years ago there were some attacks that would move data around but it was not actually deleting it. Microsoft themselves had a Windows Update maybe a couple or few years ago that deleted some user data but it was not 4TB which would be an entire drive not a user home folder in most cases. CompatTelRunner.exe is also known as Windows Compatibility Telemetry. This periodically sends usage and performance data to Microsoft IP addresses so that improvements can be made on user experience and fix potential errors. Your logs do indicate some type of issues as Windows Defender failed on updating. Let's go ahead and run some AV scans just to make sure there is nothing unexpected on the system. Please make a NEW System Restore Point Turn On or Off System Protection for Drives in Windows 11 https://www.elevenforum.com/t/turn-on-or-off-system-protection-for-drives-in-windows-11.3598/ Create System Restore Point in Windows 11 https://www.elevenforum.com/t/create-system-restore-point-in-windows-11.3602/ Then go ahead and run the following Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe How to run a scan with Kaspersky Virus Removal Tool 2020 https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced mode https://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan https://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencrypt C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you

The C: drive that contains Windows because to truly fix this you need to remove ALL partitions from C: and install a clean version of Windows. Even if you cannot afford to buy a license for Windows it will run in "Reduced functionality" which basically runs pretty much the same but they don't let you customize Windows is basically all. But then you have a CLEAN and SAFE installation of Windows

A slow computer is not a sign of infection. Many things can cause a slow computer. Unless your hard drive itself is failing there is no obvious risk of losing data. Using an external USB hard drive that is larger than your main internal hard drive is highly recommended. It is also recommended to be USB so that you can disconnect the drive once data is backed up. With the risk of encryption type malware you don't want to keep backups online in case you were to some day get a Ransomware infection you don't want it to have access to you backups.

Good day, @Khaled989 Backing your personal data up to an external drive and then doing a clean install of Windows is the best option. Using cracked software one never knows if their data is being stolen while using the system. Clean Install Windows 10 & 11 (2023) https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587 Also, please review the following topic Bypass Microsoft Online Account Creation during installation of Windows 11 https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/ Backup Software https://forums.malwarebytes.org/index.php?/topic/136226-backup-software

Once you've run the above scans, please run the following also. Create an Autoruns Log: Please download Sysinternals Autoruns from here: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns Save Autoruns.zip to your computer. Then locate it and extract it to a new folder where you can find and run it. Once it starts you may not be able to easily stop the scan but you can try to press the Escape key on your keyboard. Once scanning is stopped, click on the Options menu at the top of the program and select Scan Options... Then place a check mark on the following items Verify Code Signatures, Check VirusTotal.com, and Submit Unknown Images Then click the Rescan button. Agree to the VirusTotal EULA NOTE: You must allow AutoRuns to run for at least 20 minutes to complete the VirusTotal scan. If you attempt to save the file sooner it will not be complete Once the new scan has been completed, please click on the File button at the top of the program and select Save, or use the Save icon, and save the Autoruns.arn file to your desktop and close Autoruns. Right-click on the Autoruns.arn file (it will typically be the name of your computer) on your desktop or where you save it, and hover your mouse over Send To and select Compressed (zipped) Folder Attach the Autoruns.zip folder (your computer name.zip) you just created to your next reply. Thank you

Thank you for the logs, please run the following. Please attach all logs. @Animadversor Scan with SecurityCheck by glax24 https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/ Scan with FSS Farbar Service Scanner https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/ Scan with Farbar Recovery Scan Tool https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/

Please post back the FIXLOG.TXT from the Farbar run. The Cureit found no issues or threats Are you still getting an alert or block about PowerShell? @keewon

Please download this updated FIXLIST.TXT file and run it as before with Farbar fixlist.txt Then restart the computer if it did not restart on it's own. Then run the following @keewon Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply

Please ATTACH all logs unless otherwise requested Please run the following Please download https://www.safezone.cc/resources/av-block-remover-avbr.224/download AV block remover, unzip it and run. If you possibly can't run it, just rename AVbr.exe -> AV-b-r.exe for instance and run. Or you can use this link to download a random named file to run: https://avbr.safezone.cc/rnd/ If this method doesn't work, run this tool NOT from your Desktop or Downloads folder (use any other folder). If the malware still blocks the utility, then try to run it in Safe Mode with Networking. Follow the instructions. After reboot you'll receive AV_block_remove_date-time.log. Please attach it to your next post.

Once the FIX above has completed and the computer has been restarted Please uninstall, update, or otherwise address the following as appropriate for your computer. Discord v.1.0.9013 Warning! Download Update Java 8 Update 371 (64-bit) v.8.0.3710.11 Warning! Download Update | Uninstall old version and install new one (jre-8u411-windows-x64.exe). NVIDIA GeForce Experience 3.27.0.120 v.3.27.0.120 Warning! Download Update Spotify v.1.2.21.1104.g42cf0a50 Warning! Download Update WinRAR 6.21 (64-bit) v.6.21.0 Warning! Download Update Zoom v.5.16.2 (22807) Warning! Download Update Please uninstall the following ---------------------------- [ UnwantedApps ] ----------------------------- CCleaner v.6.23 (Computer experts no longer recommend this program) Bonjour v.3.1.0.1 (This program is rarely needed on Windows and often causes networking issues) Then RESTART the computer again and check for Windows Updates and install any updates found