Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

DNS rebinding (Verizon) Recovery - Plz help!

Started by gabaaaa , Feb 19 2024 02:45 AM

  • Please log in to reply
7 replies to this topic

#1 gabaaaa

gabaaaa

  • Avatar image
  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:10:58 PM

Posted 19 February 2024 - 02:45 AM

Hi, 

 

My computer was hacked a while back via DNS rebinding. Got a whole new internet provider bc My passwords / identity and everything else was compromised. I watched them move my mouse and my computer has not been the same since. no matter how many times I reset lol Now, I thought I was ok but my camera for window hello keeps launching trying to open passwords? Please check that there is no malware I cannot find or that nobody has hacked me again :(

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.02.2024
Ran by gdm71 (administrator) on GH3RM (Microsoft Corporation Surface Laptop 3) (19-02-2024 02:38:49)
Running from C:\Users\gdm71\Downloads\FRST64 (1).exe
Loaded Profiles: gdm71
Platform: Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe <6>
(dwm.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ISM.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2bee269ff6068a49\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c7d8ede2ab197971\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_943ac983dea9b81b\AS\IAS\IntelAudioService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncHelper.exe
(services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.24010.117.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_f74568513a3bb299\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_f74568513a3bb299\RtkAudUService64.exe [835680 2021-10-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3959664 2021-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [196264 2023-12-12] (ESET, spol. s r.o. -> ESET)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-276510395-3558197461-3639509482-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-276510395-3558197461-3639509482-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2730600 2024-02-16] (Electronic Arts, Inc. -> Electronic Arts)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {36122A6E-B355-4413-AE34-4E7CE72CA48A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {C19B50E1-46E9-49BE-86DC-920E4F5205B5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DD03AE8-DD70-497B-B084-6F150289D48D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {69E89072-056B-4B75-96E3-8845BC83F008} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0938D12-3757-4132-90C9-35C354FDFED1} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170128 2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {33406E4F-3A03-4C6D-8F61-F46EC4C02A2F} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {A4B98C3F-59D4-4545-8853-EA3F475653C9} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-276510395-3558197461-3639509482-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{413f702e-e6c0-4734-999b-efe495932bdf}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\gdm71\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-19]
Edge DownloadDir: Default -> C:\Users\gdm71\Downloads
Edge Extension: (Edge relevant text changes) - C:\Users\gdm71\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-02]
Edge Profile: C:\Users\gdm71\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2024-02-19]
Edge DownloadDir: Profile 1 -> C:\Users\gdm71\OneDrive\Desktop
Edge Extension: (Edge relevant text changes) - C:\Users\gdm71\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-19]
Edge HKLM-x32\...\Edge\Extension: [nkapkmklnmidbbgjaipbgpcnbomnaakc]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [12068456 2024-02-16] (Electronic Arts, Inc. -> Electronic Arts)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [2539384 2023-12-12] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3890064 2023-12-12] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3890064 2023-12-12] (ESET, spol. s r.o. -> ESET)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncHelper.exe [3515936 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_943ac983dea9b81b\AS\IAS\IntelAudioService.exe [402488 2022-08-11] (Intel Corporation -> Intel)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\OneDriveUpdaterService.exe [3853856 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 SurfaceExperienceService-61.24010.117; C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.24010.117.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8738744 2024-02-17] (Microsoft Corporation -> Microsoft)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [215616 2023-12-12] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [120032 2023-12-12] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2023-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [254344 2023-12-12] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [55528 2023-12-12] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [81824 2023-12-12] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [124168 2023-12-12] (ESET, spol. s r.o. -> ESET)
R3 SurfaceSerialHubDriver; C:\Windows\System32\DriverStore\FileRepository\surfaceserialhubdriver.inf_amd64_f531483c52451822\SurfaceSerialHubDriver.sys [366056 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55856 2024-02-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [594304 2024-02-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2024-02-02] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-19 02:28 - 2024-02-19 02:31 - 002390016 _____ (Farbar) C:\Users\gdm71\Downloads\FRST64 (1).exe
2024-02-19 01:37 - 2024-02-19 01:37 - 000000000 ____D C:\Users\gdm71\AppData\Local\ESET
2024-02-19 01:37 - 2024-02-19 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2024-02-19 01:37 - 2024-02-19 01:37 - 000000000 ____D C:\ProgramData\ESET
2024-02-19 01:37 - 2024-02-19 01:37 - 000000000 ____D C:\Program Files\ESET
2024-02-18 22:56 - 2024-02-18 22:56 - 000067059 _____ C:\Users\gdm71\OneDrive\Desktop\fcra-605b.pdf
2024-02-18 22:15 - 2024-02-18 22:15 - 009798776 _____ (ESET) C:\Users\gdm71\Downloads\eset_smart_security_premium_live_installer.exe
2024-02-18 21:03 - 2024-02-18 21:03 - 000000000 ___HD C:\OneDriveTemp
2024-02-18 07:11 - 2024-02-18 07:11 - 002179878 _____ C:\Users\gdm71\Downloads\Your Shopping Cart _ Fashion Nova.pdf
2024-02-18 06:02 - 2024-02-18 06:02 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-02-17 05:54 - 2024-02-17 05:54 - 000000000 ____D C:\ProgramData\SurfaceExperienceService
2024-02-17 05:09 - 2024-02-19 02:35 - 000027670 _____ C:\Users\gdm71\Downloads\Addition.txt
2024-02-17 05:08 - 2024-02-19 02:39 - 000012793 _____ C:\Users\gdm71\Downloads\FRST.txt
2024-02-17 05:08 - 2024-02-19 02:39 - 000000000 ____D C:\FRST
2024-02-17 05:02 - 2024-02-17 05:02 - 000469564 _____ C:\Windows\gethelp_audiotroubleshooter_latestpackage.zip
2024-02-17 05:01 - 2024-02-17 05:01 - 000000000 ____D C:\ProgramData\WindowsPerformanceRecorder
2024-02-17 01:57 - 2024-02-17 01:58 - 000000000 ____D C:\AdwCleaner
2024-02-17 01:57 - 2024-02-17 01:57 - 008797968 _____ (Malwarebytes) C:\Users\gdm71\Downloads\adwcleaner(1).exe
2024-02-17 01:57 - 2024-02-17 01:57 - 000000000 ____D C:\Users\gdm71\AppData\Local\CrashDumps
2024-02-17 01:50 - 2024-02-17 01:50 - 002390016 _____ (Farbar) C:\Users\gdm71\Downloads\FRST64.exe
2024-02-12 16:25 - 2024-02-12 16:25 - 000001937 _____ C:\Users\gdm71\OneDrive\Desktop\Zoom.lnk
2024-02-05 12:09 - 2024-02-05 12:11 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Microsoft\Excel
2024-02-05 12:09 - 2024-02-05 12:10 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Microsoft\Office
2024-02-05 12:09 - 2024-02-05 12:09 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Microsoft\UProof
2024-02-05 12:09 - 2024-02-05 12:09 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Microsoft\AddIns
2024-02-05 12:04 - 2024-02-17 02:19 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-02-04 22:47 - 2024-02-04 22:48 - 000000000 ____D C:\Windows\Microsoft Antimalware
2024-02-04 19:01 - 2024-02-16 13:03 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-02-04 19:00 - 2024-02-16 13:03 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-04 19:00 - 2024-02-04 19:00 - 000000000 ___RD C:\Users\Default\OneDrive
2024-02-04 18:57 - 2024-02-04 18:57 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2024-02-04 18:57 - 2024-02-04 18:57 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-02-04 18:57 - 2024-02-04 18:57 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2024-02-04 18:57 - 2024-02-04 18:57 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-02-04 18:57 - 2024-02-04 18:57 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2024-02-04 18:57 - 2024-02-04 18:57 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2024-02-04 18:57 - 2024-02-04 18:57 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-02-04 18:57 - 2024-02-04 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-02-04 18:48 - 2024-02-18 06:01 - 000000000 ____D C:\Program Files\Microsoft Office
2024-02-04 18:48 - 2024-02-04 18:48 - 000000000 ____D C:\Program Files\Microsoft Office 15
2024-02-04 18:37 - 2024-02-04 18:37 - 000000000 ____D C:\Users\gdm71\AppData\Local\Backup
2024-02-03 05:52 - 2024-02-03 05:52 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2024-02-03 05:52 - 2024-02-03 05:52 - 000000000 ____D C:\ProgramData\Origin
2024-02-03 05:52 - 2024-02-03 05:52 - 000000000 ____D C:\ProgramData\Electronic Arts
2024-02-03 05:52 - 2024-02-03 05:40 - 000447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2024-02-03 05:38 - 2024-02-17 01:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2024-02-03 05:38 - 2024-02-03 05:38 - 000000000 ____D C:\Users\gdm71\AppData\Local\Origin
2024-02-03 05:38 - 2024-02-03 05:38 - 000000000 ____D C:\Users\gdm71\AppData\Local\Electronic Arts
2024-02-03 05:38 - 2024-02-03 05:38 - 000000000 ____D C:\Users\gdm71\AppData\Local\EALaunchHelper
2024-02-03 05:38 - 2024-02-03 05:38 - 000000000 ____D C:\Users\gdm71\AppData\Local\EADesktop
2024-02-03 05:38 - 2024-02-03 05:38 - 000000000 ____D C:\Users\gdm71\AppData\Local\cache
2024-02-03 05:37 - 2024-02-17 01:57 - 000000000 ____D C:\ProgramData\EA Desktop
2024-02-03 05:37 - 2024-02-03 05:52 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-03 05:37 - 2024-02-03 05:40 - 000000000 ____D C:\Program Files\EA Games
2024-02-03 05:37 - 2024-02-03 05:37 - 000000000 ____D C:\Program Files\Electronic Arts
2024-02-02 13:03 - 2024-02-02 13:03 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-02-02 13:02 - 2024-02-02 13:03 - 000262768 _____ C:\Users\gdm71\OneDrive\Desktop\FY2024 - City Council Discretionary Reporting - Court-Involved Youth (1).pdf
2024-02-02 12:51 - 2024-02-02 12:51 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-02-02 12:51 - 2024-02-02 12:51 - 000000000 ____D C:\Users\gdm71\AppData\Local\Zoom
2024-02-02 12:36 - 2024-02-02 12:51 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Zoom
2024-02-02 07:33 - 2024-02-02 07:33 - 000000000 ____D C:\Users\gdm71\AppData\LocalLow\Temp
2024-02-02 04:13 - 2024-02-17 02:24 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-02-02 04:09 - 2024-02-19 02:35 - 000000000 ____D C:\ProgramData\Packages
2024-02-02 04:09 - 2024-02-17 02:19 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2024-02-02 04:09 - 2024-02-02 04:09 - 000000000 _SHDL C:\Documents and Settings
2024-02-02 04:09 - 2024-02-02 04:09 - 000000000 ____D C:\Windows\SoftwareDistribution_sdt
2024-02-02 04:07 - 2024-02-17 02:19 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-02-02 04:07 - 2024-02-16 13:00 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-02 04:07 - 2024-02-02 05:45 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-02-02 04:07 - 2024-02-02 04:07 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-02-02 04:07 - 2024-02-02 04:07 - 000000000 ____D C:\Windows\system32\config\BFS
2024-02-02 04:07 - 2024-02-02 03:05 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-02 04:07 - 2024-02-02 03:05 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-02 04:06 - 2024-02-18 21:03 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-02-02 04:06 - 2024-02-17 02:19 - 000012288 ___SH C:\DumpStack.log.tmp
2024-02-02 04:06 - 2024-02-04 19:02 - 000474032 _____ C:\Windows\system32\FNTCACHE.DAT
2024-02-02 04:06 - 2024-02-02 04:06 - 000000000 ____D C:\Windows\ServiceProfiles
2024-02-02 04:06 - 2024-02-02 02:54 - 000000000 ____D C:\Windows\Panther
2024-02-02 04:02 - 2024-02-02 04:02 - 000000000 ____D C:\Users\gdm71\AppData\Local\OneDrive
2024-02-02 03:58 - 2024-02-02 03:58 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Lenovo
2024-02-02 03:58 - 2024-02-02 03:58 - 000000000 ____D C:\ProgramData\Lenovo
2024-02-02 03:54 - 2024-02-02 03:54 - 000019222 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-02 03:53 - 2024-02-02 03:53 - 000019222 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-02-02 03:49 - 2023-05-16 16:07 - 005169424 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw10.sys
2024-02-02 03:49 - 2023-05-16 16:07 - 001474832 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter10.dll
2024-02-02 03:44 - 2024-02-03 04:57 - 000000000 ____D C:\Windows\Firmware
2024-02-02 03:37 - 2024-02-02 03:37 - 000000000 ____D C:\Users\gdm71\AppData\Local\Comms
2024-02-02 03:12 - 2024-02-17 01:59 - 000000000 ____D C:\Windows\system32\MRT
2024-02-02 03:08 - 2024-02-02 03:08 - 000000000 ____D C:\Users\gdm71\AppData\Local\Publishers
2024-02-02 02:55 - 2024-02-19 02:34 - 000000000 ____D C:\Users\gdm71\AppData\Local\D3DSCache
2024-02-02 02:54 - 2024-02-18 21:03 - 000000000 ___RD C:\Users\gdm71\OneDrive
2024-02-02 02:54 - 2024-02-17 01:50 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Microsoft\MMC
2024-02-02 02:54 - 2024-02-16 13:03 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-276510395-3558197461-3639509482-1001
2024-02-02 02:54 - 2024-02-02 02:54 - 000000000 ____D C:\Users\gdm71\AppData\Local\VirtualStore
2024-02-02 02:53 - 2024-02-17 01:53 - 000000000 ____D C:\Users\gdm71\AppData\Local\PlaceholderTileLogoFolder
2024-02-02 02:53 - 2024-02-02 02:53 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-02-02 02:52 - 2024-02-19 02:35 - 000000000 ____D C:\Users\gdm71\AppData\Local\Packages
2024-02-02 02:52 - 2024-02-19 01:14 - 000000000 ____D C:\Users\gdm71\AppData\Local\ConnectedDevicesPlatform
2024-02-02 02:52 - 2024-02-02 02:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-02 02:52 - 2024-02-02 02:52 - 000000000 ___SD C:\Users\gdm71\AppData\Roaming\Microsoft\Crypto
2024-02-02 02:52 - 2024-02-02 02:52 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Microsoft\Vault
2024-02-02 02:52 - 2024-02-02 02:52 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Microsoft\Network
2024-02-02 02:52 - 2024-02-02 02:52 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Adobe
2024-02-02 02:52 - 2024-02-02 02:52 - 000000000 ____D C:\Users\gdm71\AppData\LocalLow\Intel
2024-02-02 02:49 - 2024-02-02 02:49 - 000000000 ___SD C:\Users\gdm71\AppData\Roaming\Microsoft\SystemCertificates
2024-02-02 02:48 - 2024-02-03 05:33 - 000000000 ___SD C:\Users\gdm71\AppData\Roaming\Microsoft\Protect
2024-02-02 02:48 - 2024-02-02 03:01 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Microsoft\Spelling
2024-02-02 02:48 - 2024-02-02 02:54 - 000000000 ____D C:\Users\gdm71
2024-02-02 02:48 - 2024-02-02 02:52 - 000000000 ____D C:\Users\gdm71\AppData\Roaming\Microsoft\Windows
2024-02-02 02:48 - 2024-02-02 02:48 - 000000020 ___SH C:\Users\gdm71\ntuser.ini
2024-02-02 02:48 - 2024-02-02 02:48 - 000000000 ___SD C:\Users\gdm71\AppData\Roaming\Microsoft\Credentials
2024-02-02 02:04 - 2024-02-17 02:19 - 000000000 ____D C:\Intel
2024-02-02 02:03 - 2023-10-13 03:00 - 000541368 _____ (Intel) C:\Windows\system32\libvpl.dll
2024-02-02 02:03 - 2023-10-13 03:00 - 000481536 _____ (Intel) C:\Windows\SysWOW64\libvpl.dll
2024-02-02 02:03 - 2023-10-13 02:59 - 000979144 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2024-02-02 02:03 - 2023-10-13 02:59 - 000737864 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2024-02-02 02:03 - 2023-10-13 02:59 - 000621760 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2024-02-02 02:03 - 2023-10-13 02:59 - 000480760 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2024-02-02 02:03 - 2023-10-13 02:58 - 000512432 _____ C:\Windows\system32\ze_tracing_layer.dll
2024-02-02 02:03 - 2023-10-13 02:58 - 000418272 _____ C:\Windows\system32\ze_loader.dll
2024-02-02 02:03 - 2023-10-13 02:58 - 000179272 _____ C:\Windows\system32\ze_validation_layer.dll
2024-02-02 02:03 - 2023-10-13 02:57 - 027983904 _____ (Intel Corporation) C:\Windows\system32\mfxplugin64_hw.dll
2024-02-02 02:03 - 2023-10-13 02:57 - 020707808 _____ (Intel Corporation) C:\Windows\SysWOW64\mfxplugin32_hw.dll
2024-02-02 02:03 - 2023-10-13 02:57 - 001989600 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-02-02 02:03 - 2023-10-13 02:57 - 001989600 _____ C:\Windows\system32\vulkaninfo.exe
2024-02-02 02:03 - 2023-10-13 02:57 - 001546264 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-02-02 02:03 - 2023-10-13 02:57 - 001546264 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-02-02 02:03 - 2023-10-13 02:57 - 001454144 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-02-02 02:03 - 2023-10-13 02:57 - 001454144 _____ C:\Windows\system32\vulkan-1.dll
2024-02-02 02:03 - 2023-10-13 02:57 - 001167432 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-02-02 02:03 - 2023-10-13 02:57 - 001167432 _____ C:\Windows\SysWOW64\vulkan-1.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-19 02:35 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-19 02:35 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-02-19 02:35 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\AppReadiness
2024-02-19 02:35 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-19 01:37 - 2022-05-07 00:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-02-19 01:37 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemTemp
2024-02-19 01:37 - 2022-05-07 00:22 - 000000000 ____D C:\Windows\INF
2024-02-17 05:54 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ServiceState
2024-02-17 02:35 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-17 02:03 - 2023-12-04 01:30 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-02-17 02:03 - 2022-05-07 00:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-02-17 02:03 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemResources
2024-02-17 02:03 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-02-17 02:03 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\catroot2_sdt
2024-02-17 02:03 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\bcastdvr
2024-02-17 02:03 - 2022-05-07 00:17 - 000524288 _____ C:\Windows\system32\config\BBI
2024-02-17 02:01 - 2022-05-07 00:17 - 000000000 ____D C:\Windows\CbsTemp
2024-02-16 12:58 - 2022-05-07 00:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-02-04 18:59 - 2022-05-07 00:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-02-04 18:35 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\appcompat
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\UUS
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\setup
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\oobe
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellComponents
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\Provisioning
2024-02-02 17:21 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\BrowserCore
2024-02-02 05:45 - 2022-05-07 00:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-02 04:11 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\spool
2024-02-02 04:11 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\AppLocker
2024-02-02 04:06 - 2022-05-07 00:24 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2024-02-02 04:03 - 2022-05-07 00:17 - 000000000 ____D C:\Windows\servicing
2024-02-02 03:08 - 2022-05-07 00:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-02-02 02:12 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.02.2024
Ran by gdm71 (19-02-2024 02:39:40)
Running from C:\Users\gdm71\Downloads
Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) (2024-02-02 09:09:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-276510395-3558197461-3639509482-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-276510395-3558197461-3639509482-503 - Limited - Disabled)
gdm71 (S-1-5-21-276510395-3558197461-3639509482-1001 - Administrator - Enabled) => C:\Users\gdm71
Guest (S-1-5-21-276510395-3558197461-3639509482-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-276510395-3558197461-3639509482-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
FW: ESET Firewall (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.128.0.5641 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{c1fc3f5a-7e4f-46db-9593-1fc94dd7ed86}) (Version: 13.128.0.5641 - Electronic Arts)
ESET Security (HKLM\...\{D49B87B7-D6F4-43F9-8CC5-097B0715F6D3}) (Version: 17.0.16.0 - ESET, spol. s r.o.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17231.20236 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.128 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.128 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.104.58.1030 - Electronic Arts Inc.)
Zoom (HKU\S-1-5-21-276510395-3558197461-3639509482-1001\...\ZoomUMX) (Version: 5.17.7 (31859) - Zoom Video Communications, Inc.)
 
Packages:
=========
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2024-02-19] (Sparse Package)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x64__8wekyb3d8bbwe [2024-02-02] (Microsoft Corporation)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x86__8wekyb3d8bbwe [2024-02-02] (Microsoft Corporation)
Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.237.110.0_x64__8wekyb3d8bbwe [2024-02-02] (Microsoft Corporation)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2311.21003.0_x64__8wekyb3d8bbwe [2024-02-05] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-02-02] (Microsoft Corp.)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-02-02] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2024-02-02] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0 [2024-02-17] (Spotify AB) [Startup Task]
Surface -> C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.24010.117.0_x64__8wekyb3d8bbwe [2024-02-17] (Microsoft Corporation)
Surface Diagnostic Toolkit -> C:\Program Files\WindowsApps\Microsoft.SurfaceDiagnostics_2.222.139.0_x64__8wekyb3d8bbwe [2024-02-17] (Microsoft Corporation) [Startup Task]
Surface Hub Hardware Diagnostic -> C:\Program Files\WindowsApps\Microsoft.SurfaceHubHardwareDiagnostic_2.57.137.0_x64__8wekyb3d8bbwe [2024-02-17] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-02] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-12-12] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-12-12] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-12-12] (ESET, spol. s r.o. -> ESET)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2024-02-03] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2024-02-03] (Electronic Arts -> On2.com)
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-02-19 01:37 - 2024-02-19 01:37 - 005855744 _____ (ESET, spol. s r.o. -> ESET) [File not signed] C:\Program Files\ESET\ESET Security\Modules\em045_64\1087\em045_64.dll
2024-02-16 13:13 - 2024-02-16 13:13 - 002849280 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2024-02-16 13:13 - 2024-02-16 13:13 - 000685056 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2024-02-16 13:12 - 2024-02-16 13:12 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2024-02-16 13:13 - 2024-02-16 13:13 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2024-02-16 13:13 - 2024-02-16 13:13 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2024-02-16 13:13 - 2024-02-16 13:13 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-07 00:24 - 2024-02-17 01:59 - 000000852 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-276510395-3558197461-3639509482-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKU\S-1-5-21-276510395-3558197461-3639509482-1001\...\StartupApproved\Run: => "EADM"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FA7200BA-FAD1-4950-9413-75F17590222B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{6F96B317-F906-4318-8232-3B16AFD1E9D3}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{1E70F7FA-88F0-4FF9-A5CD-E947DC9E5D5C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F2AF4A96-024C-4FB1-87A1-05149C69AFE6}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{B317516E-5364-44AA-B4D6-03D8FFA123ED}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{03832C86-2DDD-44A5-A867-CFDBC1636D43}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A31E1BFF-1413-4C51-9CCF-43078DF4AA24}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A8040208-34A5-49E3-B876-7B35E6CA504C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{25E86293-8A9D-4A10-8BFE-EC7C0D672A59}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A9B3F0B7-A2C7-453F-B123-E7C999401B66}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{828136CD-19B7-44B6-A24B-28DF9EB5A324}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{04D1FA2E-ABF9-4DA9-8431-3D21B05BD9B5}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{674ABB9D-2A8A-4886-AAB5-591C51092732}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
02-02-2024 02:58:05 Feb2024
03-02-2024 05:36:55 EA app
16-02-2024 12:59:06 Windows Update
16-02-2024 12:59:14 Windows Update
16-02-2024 12:59:28 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/19/2024 01:48:22 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
 
Error: (02/19/2024 01:48:22 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
 
Error: (02/19/2024 01:48:22 AM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
 
Error: (02/17/2024 01:57:13 AM) (Source: Application Error) (EventID: 1000) (User: GH3RM)
Description: Faulting application name: EALaunchHelper.exe, version: 13.128.0.5641, time stamp: 0x65c698c1
Faulting module name: ucrtbase.dll, version: 10.0.22621.2506, time stamp: 0x097c794c
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x30bc
Faulting application start time: 0x0x1da616e8555b372
Faulting application path: C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 633bfeb2-ef45-4b1a-8e47-02da6678bf3f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/17/2024 01:55:12 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_AppXSvc, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.3085, time stamp: 0xbced4b82
Exception code: 0xc0000409
Fault offset: 0x00000000000a43b0
Faulting process id: 0x0x1e60
Faulting application start time: 0x0x1da616c6b0c5071
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 4499a04e-1b99-4eae-ae6e-0cb198d3e4f2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/02/2024 04:13:31 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: GH3RM)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).
 
Error: (02/02/2024 04:12:50 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program WindowsPackageManagerServer.exe version 1.17.2203.10001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (02/02/2024 03:47:31 AM) (Source: Application Error) (EventID: 1000) (User: GH3RM)
Description: Faulting application name: WindowsPackageManagerServer.exe, version: 1.17.2203.10001, time stamp: 0x622a8641
Faulting module name: WindowsPackageManager.dll, version: 1.17.2203.10001, time stamp: 0x622a8613
Exception code: 0xc0000005
Fault offset: 0x0000000000089bf3
Faulting process id: 0x0x294c
Faulting application start time: 0x0x1da55b474f9a6af
Faulting application path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe\WindowsPackageManager.dll
Report Id: 6ff4db5f-485a-4708-bb1c-88eb187cece1
Faulting package full name: Microsoft.DesktopAppInstaller_1.17.10691.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: winget
 
 
System errors:
=============
Error: (02/19/2024 01:44:35 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {cd7dfccd-f0c9-40f1-b8bf-fa63a29768ad}, had event 74
 
Error: (02/18/2024 09:03:15 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {cd7dfccd-f0c9-40f1-b8bf-fa63a29768ad}, had event 74
 
Error: (02/18/2024 05:59:33 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {cd7dfccd-f0c9-40f1-b8bf-fa63a29768ad}, had event 74
 
Error: (02/17/2024 02:03:57 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (02/17/2024 01:59:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EABackgroundService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2024 01:59:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FileSyncHelper service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2024 01:59:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (02/17/2024 01:59:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Audio Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
================
Date: 2024-02-18 06:54:19
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-02 05:45:05
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

CodeIntegrity:
===============
Date: 2024-02-19 01:52:43
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\tdt.dll that did not meet the Custom 3 / Antimalware signing level requirements. 
 
Date: 2024-02-19 01:48:22
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: Microsoft Corporation 17.200.140 11/02/2023
Motherboard: Microsoft Corporation Surface Laptop 3
Processor: Intel® Core™ i5-1035G7 CPU @ 1.20GHz
Percentage of memory in use: 62%
Total physical RAM: 7778.13 MB
Available physical RAM: 2909.87 MB
Total Virtual: 9954.13 MB
Available Virtual: 4586.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.38 GB) (Free:38.03 GB) (Model: HFM128GDGTNG-87A0A) (Protected) NTFS
 
\\?\Volume{771e36ec-25cc-4588-8c96-b8e609f9430b}\ () (Fixed) (Total:0.75 GB) (Free:0.08 GB) NTFS
\\?\Volume{34358618-570c-4857-9503-9d9dbfc9246a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: CB5B7BFF)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


BC AdBot (Login to Remove)

 

#2 gabaaaa

gabaaaa
  • Topic Starter

  • Avatar image
  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:10:58 PM

Posted 19 February 2024 - 04:04 AM

Attached File  Screenshot (4).png   445.94KB   0 downloadsAttached File  Screenshot (5).png   245.44KB   0 downloads

 


Edited by gabaaaa, 19 February 2024 - 04:06 AM.

#3 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 23 February 2024 - 10:28 AM

Greetings and :welcome: back to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please run a new FRST Scan and copy/paste both reports in your reply.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#4 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 26 February 2024 - 10:27 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 28 February 2024 - 01:02 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#6 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 01 March 2024 - 11:42 AM

This topic has been re-opened at the request of the person who originally posted.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 01 March 2024 - 11:43 AM

Run a new FRST scan and copy/paste both reports in your reply.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#8 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted Yesterday, 12:20 PM

Greetings.

Although you have requested the topic be re-opened you have not replied for 3 days. If you do not reply within 2 more days the topic will be permanently closed and it will be necessary to start a new topic when you have more availability.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·