Hello,
Windows Security had detected this :
Detected : PUADIIManager:Win32/Snackarvin
Status: Active
How I can be sure there is no problem ?
Windows 10 pro
Winver :
Version 22H2 (OS Build 19045.4046)
Thank you
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
Windows Security : Detection
Started by
scipion
, Feb 28 2024 12:22 PM
11 replies to this topic
#1
scipion
-
- Members
- 24 posts
- OFFLINE
- Local time:04:58 AM
Back to top
#2
dennis_l
-
- Malware Response Team
- 3,141 posts
- OFFLINE
- Gender:Male
- Location:UK
- Local time:03:58 AM
Posted 28 February 2024 - 02:29 PM
Hi scipion,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.
- Back up any important data, as a precaution before starting this process.
- If you are unsure about anything then please ask. This makes the task much easier in the long run.
- Do not run any other tools or make changes to your system during the removal process.
- Please do not start a new topic and keep all replies in this thread.
- Follow the instructions in the sequence advised.
- Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
- Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
- Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
- Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.
Firstly I'd like you to follow the steps outlined here: Preparation Guide
Section 6 covers how to download and run the Farbar Recovery Scan Tool (FRST).
Note: If you receive a warning about the download, it is a false positive and you can safely ignore it.
Please copy and paste both FRST logs into your reply. If you get an error message advising that the content is too long, you should post 2 separate replies.
Dennis
#3
scipion
- Topic Starter
-
- Members
- 24 posts
- OFFLINE
- Local time:04:58 AM
Posted 28 February 2024 - 04:38 PM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by user (administrator) on DESKTOP-O8TET55 (Dell Inc. OptiPlex 3050) (28-02-2024 22:33:52)
Running from C:\Users\user\Downloads\FRST64.exe
Loaded Profiles: user
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Signal Messenger, LLC -> Signal Messenger, LLC) C:\Users\user\AppData\Local\Programs\signal-desktop\Signal.exe <4>
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSvc64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_d6e4236a0f82e7b4\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_19812d3db79f7a21\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_19812d3db79f7a21\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WSL\wslservice.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe
(services.exe ->) (OpenVPN Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(services.exe ->) (OpenVPN Inc. -> The OpenVPN project) C:\Program Files\OpenVPN\bin\openvpnserv2.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2401.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.2141.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.2141.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102808 2021-05-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618080 2021-05-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSvc64.exe [1222536 2018-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-27] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3302288 2024-02-04] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [138214768 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\Run: [MicrosoftEdgeAutoLaunch_8714F0D917266FE3AFB7F8BB98EEBC18] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\MountPoints2: {00c63088-3156-11ee-ad84-d89ef306ab8e} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\MountPoints2: {00c63446-3156-11ee-ad84-d89ef306ab8e} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\MountPoints2: {efbae751-029e-11ee-ad7d-d89ef306ab8e} - "D:\WifiAutoInstallSetup.exe"
HKLM\...\Print\Monitors\HP 7312 Status Monitor: C:\WINDOWS\system32\hpinksts7312LM.dll [336904 2014-06-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 6230): C:\WINDOWS\system32\HPDiscoPM7312.dll [764576 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {BDE1BF8B-E220-479B-B979-FAA80BC145E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {D5C94C92-9546-4CB6-B09B-0EC535704840} - System32\Tasks\CCleanerCrashReporting => C:\Users\user\Desktop\ccleanner\x64\CCleanerBugReport.exe -> --product 90 --send dumps|report --path "C:\Users\user\Desktop\ccleanner\LOG" --programpath "C:\Users\user\Desktop\ccleanner" --configpath "C:\Users\user\Desktop\ccleanner\Setup" --guid "690b192a-c490-469f-8cee-af130a993ef4" --version "6.10.10347" --silent
Task: {1D7D9660-8589-42BF-A10D-F5F01B2F8787} - System32\Tasks\CCleanerSkipUAC - user => "C:\Users\user\Desktop\ccleanner\CCleaner.exe" $(Arg0) (No File)
Task: {999D5FC2-23F8-458B-8CD8-E63AC7377C88} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D59B3D75-853E-41B5-A2B8-FFC968C4F793} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {F03F671A-23DA-4632-AC3A-DF44889FD602} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF68D9D3-8D57-4B7E-81B6-A9D09A5ABE5C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B6555B2E-977B-4517-97C9-5A7B6A4ECB8A} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170128 2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {D7C6975A-26A9-4FD7-9C3A-3F6081EDD618} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7E5ED885-B18F-4FA2-9B43-C7616CFB3BD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7437E8DB-F4DA-412C-87DB-D721F982A32D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1F6DED09-7807-49D7-A180-4A38035F3B38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B3B5FC58-0F1C-4D12-B2DD-8F96D70062D1} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-08-18] () [File not signed]
Task: {D79A40D9-4B0E-4961-A17A-4299A690E100} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1353733-732B-4B97-87B6-69D2ABBA4C08} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1856328334-1563625827-3414849223-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Users\user\Desktop\ccleanner\x64\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1856328334-1563625827-3414849223-1001] => 34.142.51.21:443
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{11899c81-17cc-490b-84c6-30c1e133687f}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{da632e85-2099-435d-870c-543060f7b711}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{da632e85-2099-435d-870c-543060f7b711}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{da632e85-2099-435d-870c-543060f7b711}: [DhcpDomain] home
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-28]
Edge Notifications: Default -> hxxps://y99.in
Edge StartupUrls: Default -> "hxxp://www.bbc.co.uk/"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Qwant) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eljplgljphmgjhnalbganhenlcapgnne [2022-12-20]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-02-21]
Edge Extension: (Edge relevant text changes) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-08-22] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncHelper.exe [3515936 2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2432608 2023-08-14] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-22] (HP Inc. -> HP Inc.)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [497568 2021-10-25] (Logitech Inc -> Logitech)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\OneDriveUpdaterService.exe [3853856 2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
R2 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24504 2023-08-15] (OpenVPN Inc. -> The OpenVPN project)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [64800 2023-08-15] (OpenVPN Inc. -> The OpenVPN Project)
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.2.9\ProtonVPNService.exe [474824 2023-12-18] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.2.9\ProtonVPN.WireGuardService.exe [474312 2023-12-18] (Proton AG -> ProtonVPN)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SonosLibraryService; C:\Program Files (x86)\SonosV2\SonosLibraryService.exe [27648 2024-01-29] () [File not signed]
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [802752 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WslInstaller; C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_2.0.9.0_x64__8wekyb3d8bbwe\wslinstaller.exe [2766880 2024-01-06] (Microsoft Corporation -> Microsoft Corporation)
R2 WSLService; C:\Program Files\WSL\wslservice.exe [6276528 2023-11-10] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R2 hcmon; C:\WINDOWS\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 MpKsl294ad5fc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5EFF8C96-4DB4-42C2-BC34-EA5E5CFC9110}\MpKslDrv.sys [272664 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [77336 2022-08-19] (Insecure.Com LLC -> Insecure.Com LLC.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 ovpn-dco; C:\WINDOWS\System32\drivers\ovpn-dco.sys [90568 2023-03-31] (WDKTestCert lev,132435948852968539 -> OpenVPN, Inc)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.2.9\Resources\ProtonVPN.CalloutDriver.sys [34176 2023-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [40448 2023-10-22] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2022-05-25] (Windscribe Limited -> The OpenVPN Project)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [251776 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [262648 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1060600 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R0 vmci; C:\WINDOWS\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [31120 2023-10-10] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [53704 2023-10-10] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\DRIVERS\vmnetuserif.sys [30664 2023-10-10] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\DRIVERS\vmx86.sys [100776 2023-10-10] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21040 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [608648 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
S3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2022-05-25] (Windscribe Limited -> WireGuard LLC)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [38176 2023-10-22] (WireGuard LLC -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-05-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 cpuz158; \??\C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-28 22:33 - 2024-02-28 22:34 - 000024585 _____ C:\Users\user\Downloads\FRST.txt
2024-02-28 22:33 - 2024-02-28 22:34 - 000000000 ____D C:\FRST
2024-02-28 22:32 - 2024-02-28 22:32 - 002386944 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2024-02-28 21:17 - 2024-02-28 21:18 - 004398304 _____ (Dominik Reichl ) C:\Users\user\Downloads\KeePass-2.56-Setup.exe
2024-02-28 18:13 - 2024-02-28 18:15 - 000000000 ___HD C:\$WinREAgent
2024-02-26 20:53 - 2024-02-26 20:53 - 000546231 _____ C:\Users\user\Downloads\62db39be-4d52-406e-b3b4-ba4561733597.pdf
2024-02-25 19:29 - 2024-02-25 19:29 - 000011292 _____ C:\Users\user\Downloads\Vinted-S1167478964.pdf
2024-02-21 14:56 - 2024-02-21 14:56 - 000262325 _____ C:\Users\user\Downloads\Ticket-Lille-London-3136089617.pdf
2024-02-21 12:35 - 2024-02-21 12:35 - 000076310 _____ C:\Users\user\Downloads\Best-Twink-bleeped-Gay-Porn-28.webp
2024-02-19 21:21 - 2024-02-19 21:21 - 000714870 _____ C:\Users\user\Downloads\02. TCP IP Model CheatSheet - ATech ( Waqas Karim ).pdf
2024-02-19 19:08 - 2024-02-26 21:22 - 000200491 _____ C:\Users\user\Downloads\2042_4384.pdf
2024-02-19 00:17 - 2021-06-23 19:47 - 000257072 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2024-02-19 00:17 - 2021-06-23 19:47 - 000173072 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2024-02-19 00:17 - 2021-06-23 19:47 - 000148368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2024-02-19 00:11 - 2024-02-19 00:11 - 001542299 _____ C:\Users\user\Downloads\976b382b-6df4-4e8b-80e5-4f78d8107256.pdf
2024-02-19 00:11 - 2024-02-19 00:11 - 000011441 _____ C:\Users\user\Downloads\mondial_relay_label_BR02401111018357.pdf
2024-02-15 21:22 - 2024-02-15 21:22 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-15 21:21 - 2024-02-15 21:21 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-15 21:14 - 2024-02-15 21:14 - 000011445 _____ C:\Users\user\Downloads\Vinted-S1154049808.pdf
2024-02-15 21:11 - 2024-02-15 21:11 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-02-15 21:03 - 2024-02-15 21:04 - 001914812 _____ C:\WINDOWS\Minidump\021524-15765-01.dmp
2024-02-07 21:04 - 2024-02-07 21:04 - 000000000 ____D C:\Users\user\AppData\Roaming\NuGet
2024-02-07 21:04 - 2024-02-07 21:04 - 000000000 ____D C:\Users\user\AppData\Local\PackageManagement
2024-02-07 21:04 - 2024-02-07 21:04 - 000000000 ____D C:\Program Files\PackageManagement
2024-02-07 18:08 - 2024-02-07 18:08 - 000156964 _____ C:\Users\user\Downloads\Fiches-2024Fiche-metier-candidat-2520464.pdf
2024-02-07 18:05 - 2024-02-07 18:05 - 002210860 _____ C:\Users\user\Downloads\D3-Administrateur Systèmes et Réseaux.pdf
2024-02-07 18:00 - 2024-02-07 18:00 - 005190553 _____ C:\Users\user\Downloads\brochure (2).pdf
2024-02-07 17:44 - 2024-02-07 17:39 - 001432320 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-02-07 17:44 - 2024-02-07 17:39 - 001432320 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-02-07 17:44 - 2024-02-07 17:39 - 001145632 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-02-07 17:44 - 2024-02-07 17:39 - 001145632 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-02-07 17:39 - 2024-02-07 17:39 - 000000000 ____D C:\Users\user\Downloads\gfx_win_101.2115 (2)
2024-02-07 17:38 - 2024-02-07 17:38 - 521046942 _____ C:\Users\user\Downloads\gfx_win_101.2115 (2).zip
2024-02-07 17:38 - 2024-02-07 17:38 - 004689070 _____ C:\Users\user\Downloads\Install_Win10_10069_12212023.zip
2024-02-07 17:38 - 2023-12-19 12:11 - 001315800 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2024-02-07 17:36 - 2024-02-07 17:36 - 000411136 _____ C:\Users\user\Downloads\DriversCloud_Win.exe
2024-02-07 17:36 - 2024-02-07 17:36 - 000001186 _____ C:\Users\Public\Desktop\DriversCloud.com - Start the detection.lnk
2024-02-07 17:36 - 2024-02-07 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com
2024-02-07 17:36 - 2024-02-07 17:36 - 000000000 ____D C:\ProgramData\driverscloud.com
2024-02-07 17:36 - 2024-02-07 17:36 - 000000000 ____D C:\Program Files\Cybelsoft
2024-02-06 21:32 - 2024-02-06 21:33 - 000000000 ____D C:\ProgramData\ProtonVPN
2024-02-06 21:32 - 2024-02-06 21:32 - 000001050 _____ C:\Users\Public\Desktop\Proton VPN.lnk
2024-02-06 21:32 - 2024-02-06 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
2024-02-06 21:32 - 2024-02-06 21:32 - 000000000 ____D C:\Program Files\Proton
2024-02-06 20:47 - 2024-02-06 20:49 - 660639394 _____ C:\Users\user\Downloads\64bit.7z
2024-02-06 20:33 - 2024-02-06 20:43 - 000000000 ____D C:\Users\user\Downloads\MEmu Download
2024-02-06 20:32 - 2024-02-06 20:43 - 000000000 ____D C:\Users\user\.android
2024-02-06 20:22 - 2024-02-06 20:22 - 024084360 _____ (Microvirt Software Technology Co. Ltd.) C:\Users\user\Downloads\MEmu-setup-abroad-sdk-mv (1).exe
2024-02-06 20:21 - 2024-02-06 20:43 - 000000000 ____D C:\Users\user\AppData\Local\Microvirt
2024-02-06 20:20 - 2024-02-06 20:20 - 024084360 _____ (Microvirt Software Technology Co. Ltd.) C:\Users\user\Downloads\MEmu-setup-abroad-sdk-mv.exe
2024-02-06 19:45 - 2024-02-06 19:45 - 001000368 _____ (Spotify Ltd) C:\Users\user\Downloads\SpotifySetup (1).exe
2024-02-06 19:38 - 2024-02-06 19:39 - 057533224 _____ (Sonos, Inc. ) C:\Users\user\Downloads\Sonos_77.4-49290.exe
2024-02-05 18:46 - 2024-02-05 18:46 - 005190553 _____ C:\Users\user\Downloads\brochure (1).pdf
2024-02-05 18:43 - 2024-02-05 18:43 - 005190553 _____ C:\Users\user\Downloads\brochure.pdf
2024-01-29 18:56 - 2024-01-29 18:56 - 000011416 _____ C:\Users\user\Downloads\Vinted-S1129871246.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-28 22:32 - 2022-02-15 19:13 - 000000000 ____D C:\Users\user\AppData\Roaming\KeePass
2024-02-28 22:30 - 2022-02-15 19:12 - 000000963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2024-02-28 22:30 - 2022-02-15 19:12 - 000000000 ____D C:\Program Files\KeePass Password Safe 2
2024-02-28 22:29 - 2022-02-16 16:28 - 000000000 ____D C:\Users\user\AppData\Roaming\Notepad++
2024-02-28 22:20 - 2023-05-31 20:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-28 22:20 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-28 21:17 - 2022-02-15 19:13 - 000059742 _____ C:\Users\user\Documents\Database.kdbx
2024-02-28 19:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-28 19:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-28 19:36 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-28 18:36 - 2022-10-22 12:55 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\UProof
2024-02-28 18:36 - 2022-10-22 12:47 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Office
2024-02-28 18:23 - 2022-02-16 17:19 - 000000000 ____D C:\Users\user\AppData\Roaming\Signal
2024-02-28 18:23 - 2022-02-15 18:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-02-28 18:18 - 2023-06-03 10:30 - 001689716 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-28 18:18 - 2023-05-30 21:39 - 000760534 _____ C:\WINDOWS\system32\perfh00C.dat
2024-02-28 18:18 - 2023-05-30 21:39 - 000147024 _____ C:\WINDOWS\system32\perfc00C.dat
2024-02-28 18:16 - 2022-10-19 08:44 - 000000000 ____D C:\Users\user\AppData\Local\SquirrelTemp
2024-02-28 18:15 - 2022-02-15 19:07 - 000000000 __SHD C:\Users\user\IntelGraphicsProfiles
2024-02-28 18:12 - 2023-11-04 11:26 - 000000000 ____D C:\ProgramData\VMware
2024-02-28 18:12 - 2023-05-31 20:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-28 18:12 - 2023-05-31 20:03 - 000001575 _____ C:\WINDOWS\system32\config\VSMIDK
2024-02-28 18:12 - 2022-02-15 19:04 - 000000000 ____D C:\Intel
2024-02-28 18:12 - 2022-02-15 18:38 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-28 18:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-02-27 22:03 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-02-26 22:20 - 2023-04-26 18:53 - 000000000 ____D C:\Users\user\AppData\Local\Spotify
2024-02-26 20:31 - 2023-04-26 18:52 - 000000000 ____D C:\Users\user\AppData\Roaming\Spotify
2024-02-25 19:21 - 2022-02-16 17:06 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-25 19:21 - 2022-02-15 18:40 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-20 21:29 - 2023-05-31 20:10 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-20 21:29 - 2023-05-31 20:10 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-19 22:06 - 2022-10-25 18:32 - 000000000 ____D C:\Users\user\AppData\Roaming\Telegram Desktop
2024-02-19 21:32 - 2024-01-18 17:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-02-19 21:32 - 2023-05-31 20:03 - 000439864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-19 21:31 - 2024-01-07 10:15 - 000000000 ___SD C:\WINDOWS\system32\lxss
2024-02-19 21:31 - 2019-12-07 15:49 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-19 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-19 00:14 - 2024-01-17 14:27 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1856328334-1563625827-3414849223-1001
2024-02-19 00:14 - 2024-01-17 14:27 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-02-19 00:14 - 2024-01-17 14:27 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-19 00:13 - 2023-02-25 13:14 - 002713080 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-02-19 00:13 - 2023-02-25 13:14 - 000689656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-02-19 00:13 - 2023-02-25 13:14 - 000218728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-02-19 00:13 - 2023-02-25 13:14 - 000202344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-02-19 00:13 - 2023-02-25 13:14 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-02-19 00:13 - 2023-02-25 13:14 - 000095848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-02-19 00:13 - 2023-02-25 13:14 - 000075256 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-02-15 21:25 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-15 21:21 - 2023-05-31 20:08 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-15 21:15 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-15 21:11 - 2022-02-16 15:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-15 21:09 - 2024-01-17 14:22 - 000000000 ____D C:\Program Files\Microsoft Office
2024-02-15 21:09 - 2022-02-16 15:53 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-15 21:04 - 2024-01-07 10:15 - 000000000 ____D C:\WINDOWS\Minidump
2024-02-07 17:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-02-07 17:39 - 2023-01-19 16:06 - 001969752 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-02-07 17:39 - 2023-01-19 16:06 - 001969752 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-02-07 17:39 - 2023-01-19 16:06 - 001526360 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-02-07 17:39 - 2023-01-19 16:06 - 001526360 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-02-07 17:38 - 2023-04-22 21:33 - 000000000 ____D C:\Program Files (x86)\Realtek
2024-02-06 21:38 - 2022-11-26 18:26 - 000000509 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2024-02-06 21:32 - 2022-05-14 21:02 - 000000000 ____D C:\Users\user\AppData\Roaming\Proton Technologies AG
2024-02-06 21:32 - 2022-05-14 21:02 - 000000000 ____D C:\Users\user\AppData\Local\ProtonVPN
2024-02-06 21:32 - 2022-05-14 21:02 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2024-02-06 21:03 - 2023-10-25 18:24 - 000000000 ____D C:\Users\user\.VirtualBox
2024-02-06 20:49 - 2023-10-25 18:24 - 000000000 ____D C:\ProgramData\VirtualBox
2024-02-06 20:33 - 2022-12-19 00:05 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2024-02-06 20:16 - 2023-07-24 19:50 - 000000000 ____D C:\ProgramData\SonosV2,_Inc
2024-02-06 19:45 - 2023-04-26 18:53 - 000001890 _____ C:\Users\user\Desktop\Spotify.lnk
2024-02-06 19:45 - 2023-04-26 18:53 - 000001876 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2024-02-06 19:40 - 2023-07-24 19:50 - 000002008 _____ C:\Users\Public\Desktop\Sonos.lnk
2024-02-06 19:40 - 2023-07-24 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2024-02-06 19:40 - 2023-07-24 19:50 - 000000000 ____D C:\Program Files (x86)\SonosV2
2024-02-06 19:39 - 2022-02-15 20:34 - 000000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2024-02-05 07:31 - 2022-02-16 16:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-01-29 18:40 - 2023-05-30 22:12 - 000000000 ____D C:\WINDOWS\SystemTemp
==================== Files in the root of some directories ========
2023-07-07 01:53 - 2023-07-07 01:53 - 000000273 _____ () C:\ProgramData\fontcacheev1.dat
2022-11-01 18:46 - 2023-10-14 13:53 - 000000128 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2023-11-14 21:42 - 2023-11-14 21:42 - 000007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by user (28-02-2024 22:36:09)
Running from C:\Users\user\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) (2023-06-03 09:25:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1856328334-1563625827-3414849223-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1856328334-1563625827-3414849223-503 - Limited - Disabled)
Guest (S-1-5-21-1856328334-1563625827-3414849223-501 - Limited - Disabled)
user (S-1-5-21-1856328334-1563625827-3414849223-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-1856328334-1563625827-3414849223-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\uTorrent) (Version: 3.6.0.46922 - BitTorrent Inc.)
7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Advanced IP Scanner 2.5.1 (HKLM-x32\...\{C8511AEB-814C-4D6F-AA45-44035EAD563B}) (Version: 2.5.4594.1 - Famatech)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D76F9829-A6F3-48D3-A0B6-BC1522CB9F49}) (Version: 17.0.0.21 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version: - )
Cisco Packet Tracer 8.2.1 64Bit (HKLM\...\Cisco Packet Tracer 8.2.1 64Bit_is1) (Version: 8.2.1.118 - Cisco Systems, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{FFFED431-EF80-4C39-A66E-E11BC7413D33}) (Version: 5.5.5.16206 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{cff56899-3afb-4fe1-aeec-a0474836d1cd}) (Version: 5.5.5.16206 - Dell Inc.)
DriversCloud.com (HKLM\...\{7C5A59CD-BF23-4E8B-9DAE-28A0ED02AE61}) (Version: 11.2.8.0 - Cybelsoft)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2023.3.0.23028 - Foxit Software Inc.)
GNS3 (HKLM-x32\...\GNS3) (Version: 2.2.43 - GNS3 Technology Inc.)
HP Officejet Pro 6230 Basic Device Software (HKLM\...\{B46B5C70-3A40-4308-A877-2BE85EA218E8}) (Version: 33.3.81.21334 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Chipset Device Software (HKLM\...\{81520FC5-3518-40E9-9803-70CE8A801D07}) (Version: 10.1.1.38 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2235.3.28.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{6AD1E885-36E0-4156-8492-8F97C1692259}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{A2A7C3E9-E78A-4890-BE66-F41B69932FDB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{FDE727F2-B48C-4A79-B9BD-635AE948D7A2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{335F9123-9306-4DB0-AF07-9C636317EE9D}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.65.245.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.65.245.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{1be68cd9-7dbd-4481-816f-a0a7ec6359bd}) (Version: 1.65.245.0 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
iTunes (HKLM\...\{C9B64EBB-D631-4331-8B4F-C4231964080C}) (Version: 12.13.1.3 - Apple Inc.)
KeePass Password Safe 2.56 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.56 - Dominik Reichl)
Logitech Capture (HKLM\...\Capture) (Version: 2.08.11 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LWS Facebook (HKLM-x32\...\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (HKLM-x32\...\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}) (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (HKLM-x32\...\{1651216E-E7AD-4250-92A1-FB8ED61391C9}) (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (HKLM-x32\...\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}) (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (HKLM-x32\...\{71E66D3F-A009-44AB-8784-75E2819BA4BA}) (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (HKLM-x32\...\{08610298-29AE-445B-B37D-EFBE05802967}) (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (HKLM-x32\...\{174A3B31-4C43-43DD-866F-73C9DB887B48}) (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (HKLM-x32\...\{8937D274-C281-42E4-8CDB-A0B2DF979189}) (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (HKLM-x32\...\{9DAEA76B-E50F-4272-A595-0124E826553D}) (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (HKLM-x32\...\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}) (Version: 13.31.1038.0 - Logitech) Hidden
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host - 8.0.0 (x64) (HKLM\...\{D44822A8-FC28-42FC-8B1D-21A78579FC79}) (Version: 64.0.4211 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.0 (x64) (HKLM\...\{3A706840-2882-423C-90EB-B31545E2BC7A}) (Version: 64.0.4211 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation)
Microsoft .NET Runtime - 8.0.0 (x64) (HKLM\...\{76DEEAB3-122F-4231-83C7-0C35363D02F9}) (Version: 64.0.4211 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.0 (x64) (HKLM-x32\...\{4017c737-0cbf-45cf-8088-81191382a0d5}) (Version: 8.0.0.33031 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.52 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - fr-fr (HKLM\...\ProPlus2021Retail - fr-fr) (Version: 16.0.17231.20236 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{0F36B110-DAAC-4A9E-9A33-8B3764FD11F1}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{1A249250-9DE9-4D51-8E28-528586D5C205}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Nickvision Parabolic version 2023.11.1 (HKLM-x32\...\{F0AE5CF5-E5D8-45DA-BE26-292D04C2591B}_is1) (Version: 2023.11.1 - Nickvision)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6.2 - Notepad++ Team)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.71 - Nmap Project)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 28.1.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040C-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
OpenVPN 2.6.6-I001 amd64 (HKLM\...\{BE31D738-DC52-49C3-9CB1-8978B5FC788B}) (Version: 2.6.601 - OpenVPN, Inc.)
Oracle VM VirtualBox 7.0.12 (HKLM\...\{63D7619C-79C2-42B6-A463-060F52EAF7C0}) (Version: 7.0.12 - Oracle and/or its affiliates)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 3.2.9 - Proton AG)
PuTTY release 0.79 (64-bit) (HKLM\...\{E07417FF-E888-4648-878C-73E25D64D50D}) (Version: 0.79.0.0 - Simon Tatham)
Python 3.11.6 (64-bit) (HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\{ed272925-4f75-4579-80e7-7af7470274c5}) (Version: 3.11.6150.0 - Python Software Foundation)
Python 3.11.6 Append to Path (64-bit) (HKLM\...\{1FA1B010-0522-468C-BD29-EEACC3B02FF6}) (Version: 3.11.6150.0 - Python Software Foundation) Hidden
Python 3.11.6 Core Interpreter (64-bit) (HKLM\...\{65D1D415-E699-4A82-8D6D-F8B7488D9954}) (Version: 3.11.6150.0 - Python Software Foundation) Hidden
Python 3.11.6 Development Libraries (64-bit) (HKLM\...\{DDC730D4-A94C-4C97-89D6-B7F532413A73}) (Version: 3.11.6150.0 - Python Software Foundation) Hidden
Python 3.11.6 Documentation (64-bit) (HKLM\...\{A5731924-4225-4B73-BEEB-4A575133E8BB}) (Version: 3.11.6150.0 - Python Software Foundation) Hidden
Python 3.11.6 Executables (64-bit) (HKLM\...\{2CCD08A5-5FA3-4218-964E-6426FA3F28E8}) (Version: 3.11.6150.0 - Python Software Foundation) Hidden
Python 3.11.6 pip Bootstrap (64-bit) (HKLM\...\{774C54C9-575B-4611-81C5-06466534F750}) (Version: 3.11.6150.0 - Python Software Foundation) Hidden
Python 3.11.6 Standard Library (64-bit) (HKLM\...\{2BB7BEBF-308B-4A9D-B1E0-1BBE7C8F5EA4}) (Version: 3.11.6150.0 - Python Software Foundation) Hidden
Python 3.11.6 Tcl/Tk Support (64-bit) (HKLM\...\{5BC2F455-DDC6-468D-A7CE-2982DDAFBC77}) (Version: 3.11.6150.0 - Python Software Foundation) Hidden
Python 3.11.6 Utility Scripts (64-bit) (HKLM\...\{EA60D78B-BB3E-44EB-94B7-AF50586E79D9}) (Version: 3.11.6150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B1F7D579-C5B4-4859-9A53-BE40E5AAC4A7}) (Version: 3.11.6150.0 - Python Software Foundation)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.69.1121.2023 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9175.1 - Realtek Semiconductor Corp.)
Signal 6.48.1 (HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.48.1 - Signal Messenger, LLC)
Sonos (HKLM-x32\...\{6FB7DAEC-5DAD-491E-9951-4684423F291C}) (Version: 77.4.49290 - Sonos, Inc.)
Spotify (HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\Spotify) (Version: 1.2.31.1205.g4d59ad7c - Spotify AB)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.30767 - Microsoft Corporation)
Telegram Desktop (HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.15 - Telegram FZ-LLC)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
VMware VIX (HKLM-x32\...\{F2C392A0-8F71-4A9C-8DC4-AB388E0F47D3}) (Version: 1.17.0 - VMware, Inc.)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
WinDirStat 1.1.2 (HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\WinDirStat) (Version: - )
Windows Subsystem for Linux (HKLM\...\{408A5C50-34F2-4025-968E-A21D6A515D48}) (Version: 2.0.9.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 4.0.3 64-bit (HKLM-x32\...\Wireshark) (Version: 4.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-01-22] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5336.0_x64__8j3eq9eme6ctt [2024-02-19] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-10-16] (INTEL CORP)
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.20.6201.0_x64__8wekyb3d8bbwe [2024-02-19] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.7.2.0_x64__8wekyb3d8bbwe [2023-12-21] (Microsoft Studios)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2023-04-24] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-04-24] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-06] (Microsoft Studios) [MS Ad]
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu_2204.3.49.0_x64__79rhkp1fndgsc [2024-01-06] (Canonical Group Limited)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2023-04-22] (Waves Audio)
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1136.2333.0_x64__8wekyb3d8bbwe [2024-02-19] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.1136.2333.0_x64__8wekyb3d8bbwe [2024-02-19] (Microsoft Corp.)
Windows App Runtime DDLM 4000.1049.117.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1049.117.0-x6_4000.1049.117.0_x64__8wekyb3d8bbwe [2023-12-13] (Microsoft Corporation)
Windows App Runtime DDLM 4000.1049.117.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1049.117.0-x8_4000.1049.117.0_x86__8wekyb3d8bbwe [2023-12-13] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1856328334-1563625827-3414849223-1001_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> C:\Program Files\Proton\VPN\v3.2.9\ProtonVPN.exe (Proton AG -> )
CustomCLSID: HKU\S-1-5-21-1856328334-1563625827-3414849223-1001_Classes\CLSID\{95b081fa-ae3e-61ec-3dd3-e82ab3600cc4}\localserver32 -> C:\Program Files (x86)\Nickvision Parabolic\NickvisionTubeConverter.WinUI.exe (NickvisionTubeConverter.WinUI) [File not signed]
CustomCLSID: HKU\S-1-5-21-1856328334-1563625827-3414849223-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\user\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
CustomCLSID: HKU\S-1-5-21-1856328334-1563625827-3414849223-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\contextMenu\NppShell.dll [2024-01-14] (Notepad++ -> Bjarke I. Pedersen gurli@gurlinet.dk)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-23] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-23] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2023-10-14 13:47 - 2023-06-20 09:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2022-11-26 18:26 - 2024-02-06 21:38 - 000000509 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.18.192.1 DESKTOP-O8TET55.mshome.net # 2029 2 0 4 20 38 4 854
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Player\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\PuTTY\;C:\Program Files\Python311\;C:\Program Files\Python311\Scripts\
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 3: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
OpenVPN Data Channel Offload: VMware Bridge Protocol -> vmware_bridge (enabled)
OpenVPN Data Channel Offload: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet10: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet10: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
OpenVPN Wintun: VMware Bridge Protocol -> vmware_bridge (enabled)
OpenVPN Wintun: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet4: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet4: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet2: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet7: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet7: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet9: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet9: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet6: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet6: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet3: VMware Bridge Protocol -> vmware_bridge (disabled)
OpenVPN TAP-Windows6: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
OpenVPN TAP-Windows6: VMware Bridge Protocol -> vmware_bridge (enabled)
OpenVPN TAP-Windows6: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VMware Network Adapter VMnet5: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet5: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{E623CC3F-B234-4D31-8456-035E7A955D78}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [TCP Query User{A7B8FB65-F7A4-46D1-B21D-00D57E2BA316}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{AE592B49-20E7-4818-9E5F-AFAC5BEBBC07}C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{F5E2692F-87A0-46AF-84A0-4ABFB0F199E6}C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{90A1C2FD-C133-440B-8AC4-A08EBC02BC2F}] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{E692621D-6DC8-41F8-8301-47400BB17D49}] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{C6270660-CB06-4B57-88DD-DDACFCE12868}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{004A3D05-4D78-45F3-BE04-AF23C55D0615}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{FC5A799D-DD19-42C3-9E24-949465359254}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B117E71-E8B9-4C05-8A80-614C4925E102}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{CC191C13-2A15-42FC-A832-FC986722D477}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{D55E2D54-C1BF-41FC-B9F6-E176EE7982AC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6230\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{297DD3A9-0AFA-4C1F-AF78-233EBF4391D4}] => (Allow) LPort=5357
FirewallRules: [{AF50A61A-2067-4F24-8A2F-F2ACD7576646}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6230\Bin\DeviceSetup.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{76E7415E-0842-4438-89EB-895F4B6FCA88}] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{00B7D3BC-59A3-45D2-BD41-ED6B8DCF7B71}] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{95F9585A-0D3C-4DA3-A64D-841E666D5AED}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{6FA48098-6442-4299-B71C-52889FCA6E68}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{63CE53D2-77F0-4F9E-87F3-91F9DB355186}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{200F976A-4375-4F8C-9568-CF4ACF0AB164}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AA81403B-F406-4AEE-AAD3-681C26820A2C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C79AE6E6-3E66-4407-9A44-86089701AF5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9ECEDCD1-748E-4657-8B95-4468E0D5A057}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2FC1D71A-3C9C-4ED6-9A06-358E95F734E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C6B7512A-CC80-40DA-8101-45FB6E20D437}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B05675A-D447-46C1-8D34-D5B979A1EDEB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{176BC8B1-4B60-4988-87A0-D9BF83CB2F87}] => (Allow) C:\Program Files (x86)\SonosV2\Sonos.exe (Sonos, Inc. -> Sonos, Inc.)
FirewallRules: [{96E627DA-6B2F-41F5-B647-1835663841CF}] => (Allow) C:\Program Files (x86)\SonosV2\Sonos.exe (Sonos, Inc. -> Sonos, Inc.)
FirewallRules: [{D0F8C007-EEFF-467C-A532-5F7704EF7437}] => (Allow) LPort=3445
FirewallRules: [{EDBF8921-036D-4A36-9851-02657EC8B7D9}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{1152D089-7BFE-4704-9108-CB8C37740047}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{9D1A9F58-AD32-4317-9BEB-8BFF37D7AF76}C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [UDP Query User{8C154A0E-50BA-4A0A-AFF0-D04EB2539E21}C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{967EE940-BF12-4F4C-B8E8-C7C29614E424}] => (Block) C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{D290C8EC-054C-4819-B1AC-6B0C2D551201}] => (Block) C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{6CA57A22-0B36-4274-8D29-3F4F8CBC282A}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{00B9CF59-CCC7-40D2-B604-D7BA13790C20}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{EEEB7CA3-3C8D-412A-AD0E-ED8E567BEAA9}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{8DD6E8FB-4481-44FD-AD9D-92AAAC18F968}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{35AC42E2-B54F-4543-BE58-1EC1C1CB97CC}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{522EF697-A266-4311-923F-60978916382F}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{FFB94CC4-9039-4099-93B3-12DDBFB97C77}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{02352971-4E66-45CF-960D-6823D9DB95AA}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{99B3F8E2-8C23-4E43-838E-08E4D85BA225}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{70D469E4-ECE6-453B-9679-069BB04D8639}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{995E21A4-45DF-4CE8-8561-5FB8F594C8DC}] => (Allow) C:\Program Files\GNS3\qemu-3.1.0\qemu-system-i386w.exe (Stefan Weil -> hxxps://www.qemu.org) [File not signed]
FirewallRules: [{3BC6B3D2-9518-4343-825B-F991AF61CA7D}] => (Allow) C:\Program Files\GNS3\qemu-3.1.0\qemu-system-i386w.exe (Stefan Weil -> hxxps://www.qemu.org) [File not signed]
FirewallRules: [{2786CBD6-2239-4C5E-BE1E-D04547659AA8}] => (Allow) C:\Program Files\GNS3\qemu-3.1.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxps://www.qemu.org) [File not signed]
FirewallRules: [{DF57D21E-CA63-4967-BA96-FA6760C72A6B}] => (Allow) C:\Program Files\GNS3\qemu-3.1.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxps://www.qemu.org) [File not signed]
FirewallRules: [{6823802A-9C50-412D-BDDC-0DEC16C885D9}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{0F86E007-80B9-489B-AE60-C1BB91CF38BA}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [TCP Query User{14B26662-831E-44A5-BA88-C69BC1945B4B}C:\program files\gns3\gns3server.exe] => (Allow) C:\program files\gns3\gns3server.exe () [File not signed]
FirewallRules: [UDP Query User{C6CE2BB8-99F7-420A-8668-DA4D86B91407}C:\program files\gns3\gns3server.exe] => (Allow) C:\program files\gns3\gns3server.exe () [File not signed]
FirewallRules: [TCP Query User{45852B91-BD6F-453B-BCC5-F5C73B92DDE2}C:\program files\gns3\dynamips\dynamips.exe] => (Allow) C:\program files\gns3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [UDP Query User{61E6ED1D-78FF-40FD-AAF1-B966DCA5B1BE}C:\program files\gns3\dynamips\dynamips.exe] => (Allow) C:\program files\gns3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [TCP Query User{7BB28A85-6B8D-457E-82CD-ED842A968CE4}C:\program files\gns3\vpcs\vpcs.exe] => (Allow) C:\program files\gns3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [UDP Query User{6081B612-8F10-478E-B99C-A674ABCE7618}C:\program files\gns3\vpcs\vpcs.exe] => (Allow) C:\program files\gns3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [TCP Query User{3E7BB39D-43EC-401B-BE34-39D9DD243688}C:\program files\gns3\ubridge.exe] => (Allow) C:\program files\gns3\ubridge.exe () [File not signed]
FirewallRules: [UDP Query User{7E3E9484-74AF-4847-84AE-16DBD92769A1}C:\program files\gns3\ubridge.exe] => (Allow) C:\program files\gns3\ubridge.exe () [File not signed]
FirewallRules: [{BAB6EA68-80BB-447E-94F0-E023A8EDDB7B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{02E62532-29DB-4460-AA5F-64F1102811DF}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{DDA47412-D1B3-4078-98E6-99042581B934}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{A9115C81-B4B7-498E-A1E0-B0D79492EF6E}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{03F08C92-64AC-4F27-A1D3-8695C629E548}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [{DC68E6B7-1EDA-49BD-91AA-D2AD8CEA2E33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{362E0EEE-3FFF-47FC-A96C-D8E48E6657E5}D:\program files\microvirt\memuhyperv\memuhyper.exe] => (Allow) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
FirewallRules: [UDP Query User{6DD7DCBA-38A0-45A4-84CD-E5652E992922}D:\program files\microvirt\memuhyperv\memuhyper.exe] => (Allow) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
FirewallRules: [{87B13B0B-835B-40E5-A859-FC84E7185016}] => (Block) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
FirewallRules: [{6A1BCD40-6034-4424-8CD6-2FC4E914FE83}] => (Block) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
FirewallRules: [{99A6247A-1183-41C8-8B01-028BA04B8432}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft)
FirewallRules: [{B8AB813E-A08D-493B-A9A0-BD86C7AD5CAF}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft)
FirewallRules: [{4C01713C-CD62-4FFD-9E90-1886EF406C45}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:118.62 GB) (Free:18.87 GB) (16%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/28/2024 06:13:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-O8TET55.local already in use; will try DESKTOP-O8TET55-2.local instead
Error: (02/28/2024 06:13:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-O8TET55.local. Addr 169.254.8.16
Error: (02/28/2024 06:13:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.8.16:5353 16 DESKTOP-O8TET55.local. AAAA 2A01:CB0C:0D50:5A00:453C:6C01:A0F9:D6CC
Error: (02/28/2024 06:13:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-O8TET55.local. AAAA FE80:0000:0000:0000:73F4:0184:3A10:9E99
Error: (02/28/2024 06:13:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.8.16:5353 16 DESKTOP-O8TET55.local. AAAA 2A01:CB0C:0D50:5A00:453C:6C01:A0F9:D6CC
Error: (02/28/2024 06:13:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 DESKTOP-O8TET55.local. Addr 169.254.8.16
Error: (02/28/2024 06:13:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.8.16:5353 16 DESKTOP-O8TET55.local. AAAA 2A01:CB0C:0D50:5A00:453C:6C01:A0F9:D6CC
Error: (02/28/2024 06:12:50 PM) (Source: SonosLibraryService) (EventID: 0) (User: )
Description: Service cannot be started. The handle is invalid
System errors:
=============
Error: (02/28/2024 06:15:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441).
Error: (02/28/2024 06:12:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (02/28/2024 06:12:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error:
The compound file GameInput Service was produced with a newer version of storage.
Error: (02/28/2024 06:12:42 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
Error: (02/27/2024 10:03:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WpnService service terminated with the following error:
A system shutdown is in progress.
Error: (02/27/2024 10:03:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The ClickToRunSvc service terminated with the following error:
%%17000
Error: (02/27/2024 10:03:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The igccservice service terminated with the following error:
An exception occurred in the service when handling the control request.
Error: (02/27/2024 10:03:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SonosLibraryService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Windows Defender:
================
Date: 2024-02-28 22:36:06
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUABundler:Win32/uTorrent_BundleInstaller
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\user\Downloads\utorrent_installer.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\user\Downloads\FRST64.exe
Security intelligence Version: AV: 1.405.757.0, AS: 1.405.757.0, NIS: 1.405.757.0
Engine Version: AM: 1.1.24010.10, NIS: 1.1.24010.10
Date: 2024-02-28 22:36:01
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUADlManager:Win32/Snackarcin
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\user\Downloads\subtitle-Harry.Potter.and.the.Chamber.of.Secre_813388.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\user\Downloads\FRST64.exe
Security intelligence Version: AV: 1.405.757.0, AS: 1.405.757.0, NIS: 1.405.757.0
Engine Version: AM: 1.1.24010.10, NIS: 1.1.24010.10
Date: 2024-02-28 19:36:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-02-28 18:13:26
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUADlManager:Win32/Snackarcin
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\user\Downloads\subtitle-Harry.Potter.and.the.Chamber.of.Secre_813388.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.405.697.0, AS: 1.405.697.0, NIS: 1.405.697.0
Engine Version: AM: 1.1.24010.10, NIS: 1.1.24010.10
Date: 2024-02-26 19:47:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2023-12-20 20:55:01
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.693.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-12-20 20:55:01
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.693.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-12-20 20:55:01
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.693.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-12-20 20:55:01
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.693.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-12-20 20:55:01
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.693.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2023-12-05 19:01:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-11-15 19:36:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-11-07 19:03:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-11-04 19:32:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-10-31 19:56:42
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. 1.28.0 12/12/2023
Motherboard: Dell Inc. 08NPPY
Processor: Intel® Core™ i3-6100 CPU @ 3.70GHz
Percentage of memory in use: 58%
Total physical RAM: 8075.56 MB
Available physical RAM: 3370.71 MB
Total Virtual: 10059.56 MB
Available Virtual: 4791.65 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.62 GB) (Free:18.87 GB) (Model: GIGABYTE GP-GSM2NE3128GNTD) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:462.64 GB) (Model: ST500DM002-1BD142) NTFS
Drive f: (Tosh1TB) (Fixed) (Total:931.51 GB) (Free:783.73 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS
\\?\Volume{6d81fa04-23aa-4d89-82cf-f0e7ea219db8}\ () (Fixed) (Total:0.5 GB) (Free:0.05 GB) NTFS
\\?\Volume{46d217d0-1e92-458e-ac98-b93ad99316a8}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 119.2 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
#4
dennis_l
-
- Malware Response Team
- 3,141 posts
- OFFLINE
- Gender:Male
- Location:UK
- Local time:03:58 AM
Posted 29 February 2024 - 06:20 AM
The detection is a Potentially unwanted application warning, which Windows Defender appears to have removed.
The path was "C:\Users\user\Downloads\subtitle-Harry.Potter.and.the.Chamber.of.Secre_813388.exe"
I suggest that you check your Downloads folder and remove anything no do not recognise or are unsure of.
Even better would be to remove everything by selecting all of the files in the folder (Ctrl+A keys) and press Shift+Delete (at the same time) on your keyboard.
When you are asked "Are you sure you want to permanently delete these items?", press Yes.
------------------------------------------------------------------------
I have checked your logs and see that you have DriversCloud.com installed.
If you need to download drivers, then it's best to get them from your computer manufacturer's or the device manufacturer's websites. This will ensure that you have the correct drivers.
I would therefore suggest that you consider removing this program.
-------------------------------------------------------------------------
I see that you have Peer 2 Peer torrent software installed. It is likely that if you continue to use this, you will become infected, as malicious Worms, Trojans & Ransomware can spread across P2P file sharing networks
It would be wise to uninstall Peer 2 Peer programs, but that choice is up to you. If you choose to remove the program, you can do so via Start > Windows System > Control Panel > Programs and Features.
However if you still wish to keep it, please do not use until we are finished and your computer is clean and updated.
-------------------------------------------------------------------------
You have two open firewall ports showing, which may be needed for genuine reasons, but thought you should be made aware of this.
FirewallRules: [{297DD3A9-0AFA-4C1F-AF78-233EBF4391D4}] => (Allow) LPort=5357
FirewallRules: [{D0F8C007-EEFF-467C-A532-5F7704EF7437}] => (Allow) LPort=3445
---------------------------------------------------------------------------------
At the moment there are no obvious signs of malware being present.
We will do a scan later, but could you please run this FRST script next.
This is mainly to do some clean-up.
As a part of this I have included the The Emptytemp: command.
Note: This will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system
- Right click on the FRST icon and select Run as administrator.
- Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
- It is not necessary to paste the information anywhere as FRST will do this for you.
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Users\user\Downloads\MEmu-setup-abroad-sdk-mv.exe
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\MountPoints2: {00c63088-3156-11ee-ad84-d89ef306ab8e} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\MountPoints2: {00c63446-3156-11ee-ad84-d89ef306ab8e} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\MountPoints2: {efbae751-029e-11ee-ad7d-d89ef306ab8e} - "D:\WifiAutoInstallSetup.exe"
S3 cpuz158; \??\C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION
Task: {1D7D9660-8589-42BF-A10D-F5F01B2F8787} - System32\Tasks\CCleanerSkipUAC - user => "C:\Users\user\Desktop\ccleanner\CCleaner.exe" $(Arg0) (No File)
CustomCLSID: HKU\S-1-5-21-1856328334-1563625827-3414849223-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\user\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
CustomCLSID: HKU\S-1-5-21-1856328334-1563625827-3414849223-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
FirewallRules: [{0B117E71-E8B9-4C05-8A80-614C4925E102}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{CC191C13-2A15-42FC-A832-FC986722D477}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{02E62532-29DB-4460-AA5F-64F1102811DF}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{DDA47412-D1B3-4078-98E6-99042581B934}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{A9115C81-B4B7-498E-A1E0-B0D79492EF6E}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{03F08C92-64AC-4F27-A1D3-8695C629E548}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [TCP Query User{362E0EEE-3FFF-47FC-A96C-D8E48E6657E5}D:\program files\microvirt\memuhyperv\memuhyper.exe] => (Allow) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
FirewallRules: [UDP Query User{6DD7DCBA-38A0-45A4-84CD-E5652E992922}D:\program files\microvirt\memuhyperv\memuhyper.exe] => (Allow) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
FirewallRules: [{87B13B0B-835B-40E5-A859-FC84E7185016}] => (Block) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
FirewallRules: [{6A1BCD40-6034-4424-8CD6-2FC4E914FE83}] => (Block) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
Emptytemp:
End::
- Click on the Fix button just once and wait.
- If the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).
Please copy the contents from this text file and paste into your next reply.
Also advise how your computer is running now.
#5
scipion
- Topic Starter
-
- Members
- 24 posts
- OFFLINE
- Local time:04:58 AM
Posted 29 February 2024 - 12:12 PM
Hello,
Thank you for your help.
I've deleted all files in Download folder, uninstall DriverCloud and µTorrent.
At the moment, everything is good.
Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by user (29-02-2024 18:07:49) Run:1
Running from C:\Users\user\Downloads
Loaded Profiles: user
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Users\user\Downloads\MEmu-setup-abroad-sdk-mv.exe
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\MountPoints2: {00c63088-3156-11ee-ad84-d89ef306ab8e} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\MountPoints2: {00c63446-3156-11ee-ad84-d89ef306ab8e} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\...\MountPoints2: {efbae751-029e-11ee-ad7d-d89ef306ab8e} - "D:\WifiAutoInstallSetup.exe"
S3 cpuz158; \??\C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION
Task: {1D7D9660-8589-42BF-A10D-F5F01B2F8787} - System32\Tasks\CCleanerSkipUAC - user => "C:\Users\user\Desktop\ccleanner\CCleaner.exe" $(Arg0) (No File)
CustomCLSID: HKU\S-1-5-21-1856328334-1563625827-3414849223-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\user\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
CustomCLSID: HKU\S-1-5-21-1856328334-1563625827-3414849223-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
FirewallRules: [{0B117E71-E8B9-4C05-8A80-614C4925E102}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{CC191C13-2A15-42FC-A832-FC986722D477}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{02E62532-29DB-4460-AA5F-64F1102811DF}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{DDA47412-D1B3-4078-98E6-99042581B934}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{A9115C81-B4B7-498E-A1E0-B0D79492EF6E}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{03F08C92-64AC-4F27-A1D3-8695C629E548}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [TCP Query User{362E0EEE-3FFF-47FC-A96C-D8E48E6657E5}D:\program files\microvirt\memuhyperv\memuhyper.exe] => (Allow) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
FirewallRules: [UDP Query User{6DD7DCBA-38A0-45A4-84CD-E5652E992922}D:\program files\microvirt\memuhyperv\memuhyper.exe] => (Allow) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
FirewallRules: [{87B13B0B-835B-40E5-A859-FC84E7185016}] => (Block) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
FirewallRules: [{6A1BCD40-6034-4424-8CD6-2FC4E914FE83}] => (Block) D:\program files\microvirt\memuhyperv\memuhyper.exe => No File
Emptytemp:
End::
*****************
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
VirusTotal: C:\Users\user\Downloads\MEmu-setup-abroad-sdk-mv.exe => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00c63088-3156-11ee-ad84-d89ef306ab8e} => removed successfully
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00c63446-3156-11ee-ad84-d89ef306ab8e} => removed successfully
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efbae751-029e-11ee-ad7d-d89ef306ab8e} => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz158 => removed successfully
cpuz158 => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D7D9660-8589-42BF-A10D-F5F01B2F8787}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D7D9660-8589-42BF-A10D-F5F01B2F8787}" => removed successfully
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC - user => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC - user" => removed successfully
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a} => removed successfully
HKU\S-1-5-21-1856328334-1563625827-3414849223-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B117E71-E8B9-4C05-8A80-614C4925E102}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC191C13-2A15-42FC-A832-FC986722D477}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02E62532-29DB-4460-AA5F-64F1102811DF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDA47412-D1B3-4078-98E6-99042581B934}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9115C81-B4B7-498E-A1E0-B0D79492EF6E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03F08C92-64AC-4F27-A1D3-8695C629E548}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{362E0EEE-3FFF-47FC-A96C-D8E48E6657E5}D:\program files\microvirt\memuhyperv\memuhyper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6DD7DCBA-38A0-45A4-84CD-E5652E992922}D:\program files\microvirt\memuhyperv\memuhyper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{87B13B0B-835B-40E5-A859-FC84E7185016}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A1BCD40-6034-4424-8CD6-2FC4E914FE83}" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50545345 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 394610639 B
Windows/system/drivers => 27605893 B
Edge => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1551166 B
NetworkService => 1688510 B
user => 64509352 B
RecycleBin => 4432811 B
EmptyTemp: => 520.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 18:08:40 ====
#6
dennis_l
-
- Malware Response Team
- 3,141 posts
- OFFLINE
- Gender:Male
- Location:UK
- Local time:03:58 AM
Posted 29 February 2024 - 01:33 PM
You are very welcome.
Let's now run a full scan with ESET Online Scanner., as an extra check.
- Download ESET Online Scanner from here and save it to your Desktop.
- Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
- Select your desired language from the drop-down menu and click Get started.
- Click Yes if a User Account window appears.
- In the Terms of use screen, click Accept if you agree to the Terms of use.
- Click Get started in the welcome screen.
- Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
- Click Computer scan, in the Welcome back screen.
- Choose Full scan on the next screen.
- Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
- Please note that this process can take several hours to complete.
- At the end of the scan, the Found and resolved detections screen may be displayed. You can click View detailed results to view specific information. Click Continue.
- On the following screen click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
- ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.I suggest that you do not do this for now Click Continue
- You are offered a 30 day trial of ESET Internet Security on the next screen. Click Continue
- On the next screen, you can leave feedback about the program if you wish.
- There is an option to delete the application's data on closing, but we can but we can do this later.
- If you left feedback, click Submit and Close. If not, click Close.
- Copy and paste the contents of the ESETScan.txt file in your next reply.
#7
scipion
- Topic Starter
-
- Members
- 24 posts
- OFFLINE
- Local time:04:58 AM
Posted 03 March 2024 - 01:24 PM
Hello,
Done but it was impossible to save or to find the ESETScan.txt.
So here is a snap of what it's done.
Everything was deleted : https://www.cjoint.com/c/NCdswmO8oVb
Everything was in a folder in my external USB hard drive.
Thank you
#8
dennis_l
-
- Malware Response Team
- 3,141 posts
- OFFLINE
- Gender:Male
- Location:UK
- Local time:03:58 AM
Posted 03 March 2024 - 02:15 PM
Ok that's fine.
I'd now like you to run a scan with AdwCleaner., which is normally fairly quick.
Please download AdwCleaner.
- Close all open programs and browsers
- Right click on the icon and select Run as administrator
- Click Scan Now
- When the scan has finished AdwCleaner shows you all detected PUPs and adware.
- If any are found, select them and click Quarantine. (I would suggest that you do not select Pre-installed applications for now, or any other items you wish to keep.)
- AdwCleaner prompts you to save and close your work before continuing. Click Continue.
- After cleaning, you are prompted to restart your device. Click Restart now to complete the cleanup process.
Once your computer has restarted ...
- If it doesn't open automatically, please start AdwCleaner.
- Click on View Log File button (This log can also be found in the Log Files tab).
- A Notepad file will open containing the results.
- Click Skip Basic Repair (if the option appears)
- Please post the contents of the file in your next reply.
#9
scipion
- Topic Starter
-
- Members
- 24 posts
- OFFLINE
- Local time:04:58 AM
Posted 03 March 2024 - 03:16 PM
# -------------------------------
# Malwarebytes AdwCleaner 8.4.1.0
# -------------------------------
# Build: 01-29-2024
# Database: 2024-01-29.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-03-2024
# Duration: 00:00:07
# OS: Windows 10 (Build 19045.4046)
# Scanned: 32102
# Detected: 2
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
#10
dennis_l
-
- Malware Response Team
- 3,141 posts
- OFFLINE
- Gender:Male
- Location:UK
- Local time:03:58 AM
Posted Yesterday, 08:00 AM
That's all looking good now and I believe that we are nearly all set.
Please advise if you have any further questions, before I post some tool/log clean up instructions and information for your future reference.
#11
scipion
- Topic Starter
-
- Members
- 24 posts
- OFFLINE
- Local time:04:58 AM
#12
dennis_l
-
- Malware Response Team
- 3,141 posts
- OFFLINE
- Gender:Male
- Location:UK
- Local time:03:58 AM
Posted Today, 05:03 AM
You are most welcome.
This tool will remove the software we used.
KpRm by Kernel-panik
- Download KpRm and save it to your Desktop
- Right click on the icon and select Run as administrator.
- Click Yes on the Disclaimer.
- Place a check mark in Delete Tools and Create Restore Point.
- Under Delete Quarantine, check Delete in 7 days.
- Click Run.
- Click OK in the All operations are completed box.
- It will create and open a log report.
- KpRm will delete itself from you Desktop and you can either save or remove the report that was generated.
These articles offer good advice and information for the future.
Keep your computer secure at home
How your system gets infected.
Ransomware advice.
Choosing Secure Passwords.
Thank you for contacting us at Bleeping Computer.
Dennis
2 user(s) are reading this topic
0 members, 2 guests, 0 anonymous users
