Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

My pc was infected and I can't get rid of it.

Started by Jarbon , Feb 26 2024 09:51 AM

  • This topic is locked This topic is locked
36 replies to this topic

#1 Jarbon

Jarbon

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 26 February 2024 - 09:51 AM

Detected: Virtool:win32/DefenderTamperingRestore

Affected:
regkeyvalue: hklm\software\microsoft\windowsdefender\\DisableAntiSpyware

I've tried running msert 3 times restarted and ran it again then tried windows defender and still didn't work. After getting this my steam acc was temp taken but i got that bavk and my amazon account was almost used to buy something for the hacker. Please help me.

BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 26 February 2024 - 10:20 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for 64 bit systems and note where the file is saved (Desktop, Downloads, etc.) <<< Important
  • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
  • Right click on the icon and select Run as administrator
  • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Addition.txt

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#3 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 26 February 2024 - 10:36 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by Owner (administrator) on DESKTOP-IDRJGDS (26-02-2024 10:29:40)
Running from C:\Users\Owner\Downloads\FRST64.exe
Loaded Profiles: Owner
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe ->) (Reaction Software Limited -> Weather Zero) C:\Program Files (x86)\WeatherZero\WeatherZero.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Windows\runSW.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe <2>
(D:\Program Files\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) D:\Program Files\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <54>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2401.1001.10.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(Nota Inc. -> Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Nefarius Software Solutions) [File not signed] C:\Users\Owner\Downloads\PROCONXINPUT\HidCerberus.Srv\HidCerberus.Srv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_8c8de08a85de4474\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Reaction Software Limited -> Weather Information Service) C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> ) C:\Windows\runSW.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2401.1001.10.0_x64__8wekyb3d8bbwe\XboxGameBarWidgets.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3022640 2024-01-31] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5204968 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [915848 2020-03-30] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\Run: [MicrosoftEdgeAutoLaunch_B5EF8F7A20842FF61C6E8DE6B6A1456E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70921216 2024-02-21] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2730600 2024-02-21] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\Run: [EpicGamesLauncher] => D:\Program Files\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37371856 2024-02-19] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\121.0.6167.189\Installer\chrmstp.exe [2024-02-23] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {EA156E67-694C-4316-B833-29AA1B9AF3BF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe [5577144 2024-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {16B04F6E-7304-4D08-8B8E-9548E23DC188} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{848D39A6-1088-4E0C-A920-88F1138400DB} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
Task: {3BCE1DFF-8A48-4FA2-B610-22080BCE96DC} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {2A947793-6856-4720-A145-3FF87550FCE9} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {101C1F7B-4B5F-4986-B674-0D894D46A833} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Users\Owner\Desktop\MSERT.exe  /EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x80072ee7" (No File)
Task: {9698431C-2B57-437A-8604-33EA0A60FA35} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6AF87F95-C1BD-4A5C-861C-862E999D1E4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DC177B11-1384-4A86-9036-9458E43C1AAD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6163EFDD-CC86-4CD7-9CA9-928FA6E20965} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5D8F2AD8-2B94-4E33-BB29-BBB55D022BA7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2023-09-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {3E5DF02A-EBB0-4541-863F-FAB8E85E9223} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-09-01] (Nvidia Corporation -> NVIDIA Corporation)
Task: {2B855750-82B7-4820-88C5-DB15230184ED} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {40BEA7BD-5384-4C50-86AD-87A359021981} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9A84F6C3-752B-43E2-889F-681EB606B9A7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E2062625-B0C1-424F-947F-D54921E3C6CF} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E802B581-A45E-4D24-92BA-74ABCF3ABC33} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C84FDEEE-F9FC-4927-82C7-3CC1F08689E8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BB5C40A-E0EA-462B-BB76-9406B026528A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BC396B38-8CFB-44D2-97A7-4A800A74CE13} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5363552 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {F7978712-52C1-4C1A-AC47-808726ED9BAB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5629064 2021-11-23] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {2CFD1769-6E37-4F8C-B679-7B898F1FF768} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6093928 2021-12-20] (Safer-Networking Limited -> Safer-Networking Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.186.129
Tcpip\..\Interfaces\{1a15fdec-73b4-448d-8523-5deea6dc184b}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1a15fdec-73b4-448d-8523-5deea6dc184b}: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{2b8290b3-a087-4254-adca-439e433f3e05}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4d02e44e-4f34-4bf2-8ff9-dc85fda93670}: [DhcpNameServer] 75.76.84.102 75.76.84.103
Tcpip\..\Interfaces\{6cd423be-d343-49f9-9cba-04a16d3b768a}: [NameServer] 8.8.8.8,4.4.4.4
Tcpip\..\Interfaces\{6cd423be-d343-49f9-9cba-04a16d3b768a}: [DhcpNameServer] 192.168.186.129
Tcpip\..\Interfaces\{6cd423be-d343-49f9-9cba-04a16d3b768a}\2616E616E616261636B677F6F646370727F646: [NameServer] 8.8.8.8,4.4.4.4
Tcpip\..\Interfaces\{6cd423be-d343-49f9-9cba-04a16d3b768a}\2616E616E616261636B677F6F646370727F646: [DhcpNameServer] 192.168.12.1
Tcpip\..\Interfaces\{6cd423be-d343-49f9-9cba-04a16d3b768a}\2616E616E616261636B677F6F646370727F646: [DhcpDomain] lan
Tcpip\..\Interfaces\{6cd423be-d343-49f9-9cba-04a16d3b768a}\35C656467656D236F65727479716274637F55374548545: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6cd423be-d343-49f9-9cba-04a16d3b768a}\35C656467656D236F65727479716274637F55374548545: [DhcpDomain] hsd1.sc.comcast.net
 
Edge: 
=======
Edge Profile: C:\Users\Owner\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-26]
Edge HomePage: Default -> hxxp://mysearch.avg.com?cid={36F92B2C-0384-42FD-995B-531E7DA3A354}&mid=29a8216d254f47d29139d168c023437c-0d158a439fd337acc16b223c2e92496b7cff6a34&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-17 21:26:19&v=18.1.0.443&pid=safeguard&sg=&sap=hp
Edge StartupUrls: Default -> "hxxps://www.google.com/"
Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Owner\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-07]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Owner\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-02-26]
Edge Extension: (Anime Wallpapers & New Tab) - C:\Users\Owner\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\feaonlbifhnoflcfkpgognbjoaohomek [2023-04-25]
Edge Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-18]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Owner\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-02-21]
Edge Extension: (Edge relevant text changes) - C:\Users\Owner\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26]
Edge Extension: (Microsoft Rewards) - C:\Users\Owner\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlbmdekgjkajiobkcbpolefohlelfhfe [2023-04-25]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [fooolghllnmhmmndgjiamiiodkpenpbb]
 
FireFox:
========
FF DefaultProfile: lztyrrk2.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lztyrrk2.default [2023-01-08]
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8am42fam.default-release [2024-02-25]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2024-02-26]
CHR DownloadDir: D:\Owner\Downloads
CHR Notifications: Default -> hxxps://b.captchacheckout.top; hxxps://blox.center; hxxps://webpenadclub.com; hxxps://www.netflix.com
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={36F92B2C-0384-42FD-995B-531E7DA3A354}&mid=29a8216d254f47d29139d168c023437c-0d158a439fd337acc16b223c2e92496b7cff6a34&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-17 21:26:19&v=18.1.0.443&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://feaonlbifhnoflcfkpgognbjoaohomek/page.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US91088G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-02-23]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-02-21]
CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2020-11-20]
CHR Extension: (Microsoft Bing Search with Rewards) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2023-07-30]
CHR Extension: (Anime Wallpapers & New Tab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\feaonlbifhnoflcfkpgognbjoaohomek [2019-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-17]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-26]
CHR Extension: (Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok [2024-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-02-26]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2024-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-21]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-26]
CHR Extension: (Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok [2024-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-12-31]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-02-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2024-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-20]
CHR Extension: (Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok [2024-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-20]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2024-02-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKU\S-1-5-21-235486974-3183418840-3710584001-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
 
Opera: 
=======
OPR Profile: C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable [2020-11-05]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9712432 2023-05-18] (BattlEye Innovations e.K. -> )
R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [12094568 2024-02-21] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-09-11] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-10-08] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-05-01] (Epic Games Inc. -> Epic Games, Inc.)
S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
R2 HidCerberus.Srv; C:\Users\Owner\Downloads\PROCONXINPUT\HidCerberus.Srv\HidCerberus.Srv.exe [600064 2017-06-28] (Nefarius Software Solutions) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-26] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-02-26] (Malwarebytes Inc. -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [889400 2024-02-14] (McAfee, LLC -> McAfee, LLC)
R2 RunSwUSB; C:\Windows\runSW.exe [59232 2018-05-02] (Realtek Semiconductor Corp. -> )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2782080 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4605312 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9599704 2024-01-31] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WeatherZeroSvc; C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe [3385616 2022-07-15] (Reaction Software Limited -> Weather Information Service)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_8c8de08a85de4474\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_8c8de08a85de4474\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AsrSetupDrv; C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [22352 2019-07-31] (ASROCK Incorporation -> RW-Everything)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [280064 2022-12-30] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2022-12-30] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 GungHoNet; C:\WINDOWS\System32\GungHoNet.sys [13112 2020-02-06] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
S3 HidGuardian; C:\WINDOWS\System32\drivers\HidGuardian.sys [37280 2017-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [200104 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-02-26] (Malwarebytes Inc. -> Malwarebytes)
S3 Neac; C:\WINDOWS\System32\drivers\NeacSafe.sys [4873776 2023-08-08] (NetEase(Hangzhou) Network Co. Ltd. -> 网易(杭州)网络有限公司杭州)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2023-09-01] (Nvidia Corporation -> NVIDIA Corporation)
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [7148872 2018-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [42856 2017-06-28] (Open Source Developer, Benjamin Höglinger-Stelzer -> Nefarius Software Solutions)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2023-11-14] (nordvpn s.a. -> The OpenVPN Project)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [21391000 2024-01-30] (Riot Games, Inc. -> Riot Games, Inc.)
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
R3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [44784 2015-05-05] (Shaul Eizikovich -> Shaul Eizikovich)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2024-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2024-02-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2024-02-25] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-11-24] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-26 11:50 - 2024-02-26 11:50 - 094633984 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-02-26 10:29 - 2024-02-26 10:30 - 000030163 _____ C:\Users\Owner\Downloads\FRST.txt
2024-02-26 10:29 - 2024-02-26 10:29 - 000000000 ____D C:\FRST
2024-02-26 10:27 - 2024-02-26 10:29 - 002386944 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2024-02-26 09:35 - 2024-02-26 09:35 - 000000000 ____D C:\AdwCleaner
2024-02-26 09:24 - 2024-02-26 09:52 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\IGDump
2024-02-26 09:24 - 2024-02-26 09:24 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-02-26 09:23 - 2024-02-26 10:18 - 000000000 ____D C:\Users\Owner\AppData\Local\Malwarebytes
2024-02-26 09:23 - 2024-02-26 09:23 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-26 09:23 - 2024-02-26 09:23 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-02-26 09:21 - 2024-02-26 09:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-26 09:20 - 2024-02-26 09:21 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-26 08:52 - 2024-02-26 08:52 - 000003656 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2024-02-26 08:52 - 2024-02-26 08:52 - 000001892 _____ C:\Users\Owner\Desktop\kprm-20240226085230.txt
2024-02-26 08:52 - 2024-02-26 08:52 - 000000000 ____D C:\KPRM
2024-02-25 15:48 - 2024-02-26 11:50 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-02-25 08:56 - 2024-02-25 08:56 - 000000000 ____D C:\Users\Owner\AppData\Local\HerovsGame
2024-02-25 08:45 - 2024-02-25 08:45 - 000000223 _____ C:\Users\Owner\Desktop\MY HERO ULTRA RUMBLE.url
2024-02-24 10:30 - 2009-10-23 00:00 - 000761856 _____ C:\WINDOWS\SysWOW64\RGSS104J.dll
2024-02-24 10:30 - 2009-10-23 00:00 - 000758272 _____ C:\WINDOWS\SysWOW64\RGSS104E.dll
2024-02-24 10:30 - 2007-05-11 00:00 - 000685056 _____ C:\WINDOWS\SysWOW64\RGSS103J.dll
2024-02-24 10:30 - 2005-08-30 00:00 - 000781312 _____ C:\WINDOWS\SysWOW64\RGSS102J.dll
2024-02-24 10:30 - 2005-08-30 00:00 - 000778752 _____ C:\WINDOWS\SysWOW64\RGSS102E.dll
2024-02-24 10:30 - 2005-08-30 00:00 - 000771584 _____ C:\WINDOWS\SysWOW64\RGSS100J.dll
2024-02-24 09:38 - 2024-02-24 09:38 - 000000000 ____D C:\Users\Owner\AppData\Roaming\CloudPatchv2
2024-02-24 09:36 - 2024-02-24 09:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\shpafact
2024-02-23 14:38 - 2024-02-23 14:38 - 000000000 ____D C:\Users\Owner\AppData\Local\d90-updater
2024-02-23 00:31 - 2024-02-23 00:34 - 000000000 ___HD C:\$WinREAgent
2024-02-20 17:48 - 2024-02-20 17:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-02-14 16:41 - 2024-02-14 16:41 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-14 16:41 - 2024-02-14 16:41 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-14 11:46 - 2024-02-14 11:46 - 000000223 _____ C:\Users\Owner\Desktop\Lethal Company.url
2024-02-12 20:07 - 2024-02-12 20:07 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Pokemon Pathways 8.5.1
2024-01-27 11:42 - 2024-01-27 11:42 - 000000000 ____D C:\Users\Owner\AppData\Roaming\BepInExGUI
2024-01-27 10:55 - 2024-02-16 08:41 - 000000000 ____D C:\Users\Owner\AppData\Roaming\r2modman
2024-01-27 10:55 - 2024-02-16 05:39 - 000000000 ____D C:\Users\Owner\AppData\Local\r2modman-updater
2024-01-27 10:55 - 2024-02-02 04:55 - 000000000 ____D C:\Users\Owner\AppData\Roaming\r2modmanPlus-local
2024-01-27 10:55 - 2024-01-27 10:55 - 000001128 _____ C:\Users\Owner\Desktop\r2modman.lnk
2024-01-27 10:55 - 2024-01-27 10:55 - 000001128 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\r2modman.lnk
2024-01-27 08:38 - 2024-01-27 08:38 - 000000835 _____ C:\Users\Owner\Desktop\Elden Ring Convergence - Shortcut.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-26 10:23 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-26 10:04 - 2021-04-17 02:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-26 09:23 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-26 09:22 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-26 08:55 - 2021-04-17 02:38 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-26 08:53 - 2020-04-23 16:57 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2024-02-26 08:51 - 2021-04-17 02:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-26 08:51 - 2019-09-15 04:17 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2024-02-26 08:51 - 2019-07-31 16:55 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-02-26 08:51 - 2019-07-31 16:44 - 000000000 ____D C:\ProgramData\NVIDIA
2024-02-26 08:46 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-02-26 05:41 - 2019-08-31 17:10 - 000000000 ____D C:\Program Files (x86)\Steam
2024-02-26 05:41 - 2019-08-24 08:50 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Discord
2024-02-26 04:02 - 2019-08-31 17:12 - 000000000 ____D C:\Users\Owner\AppData\Local\Steam
2024-02-26 03:59 - 2019-08-24 08:50 - 000000000 ____D C:\Users\Owner\AppData\Local\Discord
2024-02-25 12:37 - 2019-08-01 08:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-02-25 12:30 - 2020-11-01 04:25 - 000000000 ____D C:\Program Files (x86)\CompanyCusucy
2024-02-25 12:29 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-25 12:27 - 2019-07-31 16:47 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-02-25 08:55 - 2020-03-11 01:47 - 000000000 ____D C:\Users\Owner\AppData\Roaming\EasyAntiCheat
2024-02-25 05:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-24 18:07 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-24 17:48 - 2020-06-21 02:00 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-24 17:48 - 2020-06-21 02:00 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-24 11:10 - 2021-04-21 20:19 - 000000000 ____D C:\Users\Owner\AppData\Local\D3DSCache
2024-02-24 09:30 - 2023-07-11 14:54 - 000000000 ____D C:\Users\Owner\AppData\Local\User Data
2024-02-24 09:23 - 2023-04-29 10:15 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Naraka
2024-02-23 12:59 - 2023-10-30 02:21 - 000000000 ____D C:\Users\Owner\Desktop\Bobobobo
2024-02-23 11:40 - 2022-12-30 03:29 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-23 08:41 - 2023-02-17 04:14 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2024-02-23 00:35 - 2019-09-11 18:48 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-23 00:35 - 2019-09-11 18:48 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-22 10:41 - 2021-04-17 02:35 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-22 10:41 - 2021-04-17 02:35 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-21 17:03 - 2019-08-24 08:50 - 000002227 _____ C:\Users\Owner\Desktop\Discord.lnk
2024-02-21 15:50 - 2023-09-15 04:38 - 000000000 ____D C:\ProgramData\EA Desktop
2024-02-20 17:48 - 2019-07-31 16:54 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-19 18:03 - 2023-07-03 07:36 - 000000000 ____D C:\Program Files\Riot Vanguard
2024-02-19 03:51 - 2019-08-24 08:47 - 000000000 ____D C:\ProgramData\Riot Games
2024-02-16 16:44 - 2022-10-23 14:47 - 000202344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-02-16 16:44 - 2022-10-23 14:47 - 000095848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-02-16 16:44 - 2022-10-23 14:47 - 000075256 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-02-16 16:44 - 2020-05-18 10:22 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-02-16 16:44 - 2020-03-19 16:33 - 002713080 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-02-16 16:44 - 2020-03-19 16:33 - 000689656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-02-16 16:44 - 2020-03-19 16:33 - 000218728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-02-16 11:51 - 2023-12-22 18:13 - 000000000 ____D C:\Users\Owner\AppData\Local\Warframe
2024-02-14 16:45 - 2021-04-17 02:29 - 000278040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-14 16:44 - 2019-12-07 04:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-14 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-14 16:44 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-14 16:41 - 2021-04-17 02:33 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-14 16:35 - 2019-07-31 16:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-14 16:33 - 2019-07-31 16:48 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-13 16:34 - 2023-05-19 21:10 - 000000000 ____D C:\Users\Owner\AppData\Roaming\infinitefusion
2024-02-12 19:44 - 2023-09-03 05:37 - 000000000 ____D C:\Users\Owner\Desktop\InfiniteFusion
2024-02-03 07:35 - 2024-01-03 18:09 - 000000000 ____D C:\ProgramData\Hogwarts Legacy
2024-02-02 11:14 - 2019-08-24 09:20 - 000000252 _____ C:\Users\Owner\AppData\LocalLow\rbxcsettings.rbx
 
==================== Files in the root of some directories ========
 
2020-02-06 04:57 - 2023-01-19 14:24 - 000000113 _____ () C:\Users\Owner\AppData\Roaming\D2Info0
2020-02-06 04:57 - 2023-01-19 14:25 - 000000008 _____ () C:\Users\Owner\AppData\Roaming\DofusAppId0_1
2020-02-11 08:29 - 2020-02-11 08:50 - 000000008 _____ () C:\Users\Owner\AppData\Roaming\DofusAppId0_2
2020-10-09 18:18 - 2020-11-01 04:25 - 000016438 _____ () C:\Users\Owner\AppData\Local\partner.bmp
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Owner (26-02-2024 10:30:46)
Running from C:\Users\Owner\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) (2021-04-17 07:35:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-235486974-3183418840-3710584001-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-235486974-3183418840-3710584001-503 - Limited - Disabled)
Guest (S-1-5-21-235486974-3183418840-3710584001-501 - Limited - Disabled)
Owner (S-1-5-21-235486974-3183418840-3710584001-1001 - Administrator - Enabled) => C:\Users\Owner
WDAGUtilityAccount (S-1-5-21-235486974-3183418840-3710584001-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\{10E33ABF-D7FB-4F47-900A-7973854AB45A}) (Version: 32.0.0.125 - Adobe) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.125 - Adobe)
AdoptOpenJDK JRE with Hotspot 11.0.4.11 (x64) (HKLM\...\{454A7910-E49D-4CB5-B55A-939B284085A1}) (Version: 11.0.4.11 - AdoptOpenJDK)
AdoptOpenJDK JRE with Hotspot 8.0.222.10 (x64) (HKLM\...\{F54DCAD7-C6BF-41A1-A057-5EA482FE7758}) (Version: 8.0.222.10 - AdoptOpenJDK)
AdoptOpenJDK JRE with Hotspot 8.0.222.10 (x86) (HKLM-x32\...\{7C1EB336-205E-4F3D-9C00-32C137A69B20}) (Version: 8.0.222.10 - AdoptOpenJDK)
Amazon Games (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.3.8425.2 - Amazon.com Services, Inc.)
Cheat Engine 7.5 (HKLM\...\Cheat Engine_is1) (Version:  - Cheat Engine)
Citra (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\{4d46650f-ed3a-44d4-a6c6-5875c4c1ea60}) (Version: 1.0.0 - Citra Team)
Discord (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.133.0.5646 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{9fadc9c1-bd21-46fd-ad7e-8e08ace2687e}) (Version: 13.133.0.5646 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{AEB35C6C-B6D4-4AA0-8452-DE699737B5F6}) (Version: 1.3.82.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{35905844-0610-427D-86A0-2103FABE3D4D}) (Version: 2.0.42.0 - Epic Games, Inc.)
EVE Online (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\{f768b5cd-5325-4d6b-9b29-5946c1265b0f}) (Version: 2.11.8 - CCP)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 121.0.6167.189 - Google LLC)
Gyazo 4.1.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
Malwarebytes version 5.0.17.99 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.17.99 - Malwarebytes)
Microsoft .NET Host - 5.0.9 (x64) (HKLM\...\{8313C056-53A4-4845-B03E-5C27165DC2F1}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.11 (x64) (HKLM\...\{B92B890A-04F2-4880-BA20-20D4364FB263}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.9 (x64) (HKLM\...\{AB193EEE-76AF-43D3-BFC1-823EE43D7738}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.11 (x64) (HKLM\...\{5E63E49B-C88C-46C5-855C-A7B07C11CDC8}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.9 (x64) (HKLM\...\{D55E73D8-86EB-4FC3-A957-54616AA3D961}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.11 (x64) (HKLM\...\{C3DD1448-513A-4DB8-978D-6991562EA63D}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.128 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.9 (x64) (HKLM\...\{D9A03C1C-D245-4579-B4DC-0BB2BC87E6E7}) (Version: 40.36.30315 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.9 (x64) (HKLM-x32\...\{70502eec-6d06-46ce-8acb-84c9d5248a12}) (Version: 5.0.9.30315 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM\...\{A39D4115-3A27-4245-AE92-3214B8B21932}) (Version: 48.47.50419 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM-x32\...\{c4846f79-a633-4ae4-92a3-92fdbeb33da2}) (Version: 6.0.11.31823 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Graphics Driver 537.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 537.34 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NY Reboot (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\NY Reboot) (Version:  - )
PlayStation Plus (HKLM-x32\...\{F86E19EB-C781-4A23-B764-6B397BC18BA1}) (Version: 12.2.0 - Sony Interactive Entertainment Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 8.4 - Power Software Ltd)
r2modman 3.1.47 (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\ac231ef6-6414-5f8d-b36f-3b57705721dd) (Version: 3.1.47 - ebkr)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
Riot Client  (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\Riot Game Riot_Client.) (Version:  - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
Roblox Player for Owner (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\roblox-player) (Version:  - Roblox Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TP-Link Archer T3U Driver (HKLM-x32\...\{CEB0679A-4607-4705-9D40-86734A7E94EA}) (Version: 2.1.0 - TP-Link)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 29.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VALORANT (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
vJoy Device Driver 0.2.0.5 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.0.5 - Shaul Eizikovich)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WeatherZero (HKLM-x32\...\WeatherZero) (Version: 1.0.0.9 - Weather Zero)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.866 - McAfee, LLC)
Wii U USB GCN adapter version 3.2.1 (HKLM-x32\...\{B3898604-95BA-4EBA-A8D7-C4C2BDC2712A}_is1) (Version: 3.2.1 - Matt Cunningham)
WinDirStat 1.1.2 (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - Sony Computer Entertainment Inc. Wireless controller for PLAYSTATION®3 Driver Package (01/20/2012 1.4.0.0) (HKLM\...\D5410AE5FA467EF0F19558D5F60C991A79E11B51) (Version: 01/20/2012 1.4.0.0 - Sony Computer Entertainment Inc.)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 5.71 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Wizard101 (HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
 
Packages:
=========
 
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-17] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-09-17] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-08] (Microsoft Corporation)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.611.432.0_x64__55nm5eh3cm0pr [2024-02-09] (Roblox Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-08] (Microsoft Studios) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\FileCoAuth.exe => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_8c8de08a85de4474\nvshext.dll [2023-09-03] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Owner\Desktop\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Jarret - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
 
==================== Loaded Modules (Whitelisted) =============
 
2016-06-13 18:06 - 2016-06-13 18:06 - 000447488 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\WeatherZero\Newtonsoft.Json.dll
2019-07-31 16:55 - 2021-06-19 01:55 - 001079909 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2023-01-17 12:23 - 2018-11-22 16:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2023-01-17 12:23 - 2018-11-22 16:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll
2024-02-21 15:50 - 2024-02-21 15:50 - 002849280 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2024-02-21 15:50 - 2024-02-21 15:50 - 000685056 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2024-02-21 15:50 - 2024-02-21 15:50 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2024-02-21 15:50 - 2024-02-21 15:50 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2024-02-21 15:50 - 2024-02-21 15:50 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2024-02-21 15:50 - 2024-02-21 15:50 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk:FBFC89DD04 [2594]
AlternateDataStreams: C:\Users\Owner\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4036]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-01-23] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-01-23] (McAfee, LLC -> McAfee, LLC)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7947 more sites.
 
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-235486974-3183418840-3710584001-1001\...\123simsen.com -> www.123simsen.com
 
There are 7947 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-18 23:49 - 2023-01-17 12:26 - 000455008 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15618 more lines.
 
 
2020-08-11 12:46 - 2021-03-16 23:12 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\AdoptOpenJDK\jre-8.0.222.10-hotspot\bin;C:\Program Files\AdoptOpenJDK\jre-11.0.4.11-hotspot\bin;C:\Program Files (x86)\AdoptOpenJDK\jre-8.0.222.10-hotspot\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-235486974-3183418840-3710584001-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Nier Wallpaper.jpg
DNS Servers: 8.8.8.8 - 4.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{2F62048C-CD1B-448D-BEC0-38B577FBF102}C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe => No File
FirewallRules: [TCP Query User{AAF71C4A-255F-412F-AA57-8DF7A64DDA67}C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\spellbreak\g3\binaries\win64\spellbreak.exe => No File
FirewallRules: [TCP Query User{DF6A8C26-8BC0-456C-949A-1E8D2D94E263}C:\program files (x86)\steam\steam.exe] => (Block) C:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{A5CB764F-91B8-4E96-B066-163C40826DA6}C:\program files (x86)\steam\steam.exe] => (Block) C:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{322F39EC-73F3-4928-AE74-B7854BABD0A4}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B8DBC7B4-F8AC-41C9-A7A2-097973488D36}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{CFBBE365-FEDD-4287-AEEA-625656BAFF21}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3082FEEE-1704-4397-ADD8-0816DA562FB3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{641F7F4D-7D91-4FC2-8FD9-91F78DD92E2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{46ADB663-780D-4026-A5A5-38E9A5873FD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0D534CC0-53CA-4D83-9F71-5DF1E2F71D4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{7072DFDC-314B-46E5-9FC6-7618B9FA0253}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{1E3D44C8-8B93-4DE7-AB62-2364D75B0BC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{8314FE39-A8D0-4AF7-B920-1DD10560301A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [TCP Query User{541CBC6E-68EF-411D-A1B2-87CF336B4EE0}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{B6276292-6F3B-403A-8882-D26F8295A87B}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{81C59738-67D6-47CD-99D9-3F92BEB9B18F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{BC074CE1-2E80-40B7-9693-3B5EA07F3F81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [TCP Query User{FE904043-BCD9-4655-B1AA-F580BC847C65}C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi\base\binaries\win64steam\civilizationvi_dx12.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi\base\binaries\win64steam\civilizationvi_dx12.exe => No File
FirewallRules: [UDP Query User{BD5445A1-0901-4AE9-97F9-62B09E876988}C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi\base\binaries\win64steam\civilizationvi_dx12.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi\base\binaries\win64steam\civilizationvi_dx12.exe => No File
FirewallRules: [{7AE1DD6F-FD9E-42F3-AE50-0DDCD6209BA3}] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi\base\binaries\win64steam\civilizationvi_dx12.exe => No File
FirewallRules: [{1B2D61D7-0B69-40E3-99BF-5001E1FF5A1A}] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization vi\base\binaries\win64steam\civilizationvi_dx12.exe => No File
FirewallRules: [TCP Query User{A71C1BCA-A7DD-410A-A4AF-FF0EF09B87D6}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{67600FBD-01BB-4541-9F86-3A2533E94D0E}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{7C2D9D38-E500-4A75-B36D-1F04688F60CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{6DF8CA34-B583-496F-80F7-1D971A886230}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [TCP Query User{EA4BFCA5-008D-4106-9A61-D2EB26B876E7}C:2\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe] => (Allow) C:2\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{34445082-9779-45BE-885E-6541F72DA3F7}C:2\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe] => (Allow) C:2\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe => No File
FirewallRules: [{3B43A850-9F39-4A1A-B903-8FB3AA0490AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [{24FB4278-DA85-4726-893A-68620A4FE904}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [{4E75B999-581A-4881-BD2A-BBA05F995A66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{502D8742-7FC7-4A73-8400-5B0AEE2D3C80}] => (Allow) C:\Users\Owner\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [{88E5846B-E530-4CD8-A34A-638F587F0054}] => (Allow) C:\Users\Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{C98BA7BA-BAF0-42F7-A52B-68CBE1AB2A69}] => (Allow) C:\Users\Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{992FE9E5-5A27-41A4-9B91-B54F26B99195}] => (Allow) C:\Users\Owner\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{DAC376A3-5EAC-4B3F-91C0-B04C17DEB911}] => (Allow) C:\Users\Owner\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [{6F9CCFD4-BA8B-450F-8E38-6DBCCE5F625F}] => (Allow) C:\Users\Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{3964FE53-5B13-4697-8A3E-7615F3D04E3A}] => (Allow) C:\Users\Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{228107EB-55C6-41C3-BD9B-E0405A9D78E5}] => (Allow) C:\Users\Owner\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File
FirewallRules: [TCP Query User{6C9E5D0E-FEEE-49A7-8940-251D28AC46EE}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{58FB0EA1-F782-4F24-A2A7-A224E0E9E7D9}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{DB869D5C-9866-4A7D-AF52-7820EC0FDD11}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [UDP Query User{06959799-48A3-43B4-AAE4-BF8BFD97DD7F}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [TCP Query User{B7313B80-2F80-4AF1-B685-9CB249A2D526}C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe] => (Allow) C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{35289D8F-E059-4274-8892-9CB8F1FCB6E1}C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe] => (Allow) C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe => No File
FirewallRules: [{EC3AFFA3-CDC7-465D-8D0C-A5B4B6272F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{B5DFBCCB-F32E-47B3-9E78-045596A9B420}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{11E3B93C-CD74-427B-A8BE-CA987B53258A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh!  Master Duel\masterduel.exe () [File not signed]
FirewallRules: [{2BD79D72-91DC-4943-A9A1-7ADF930796CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh!  Master Duel\masterduel.exe () [File not signed]
FirewallRules: [TCP Query User{51A20E0F-23D1-4CA2-BFE8-FC08201C2CB9}C:\users\owner\desktop\naraka\program\bin\release64\yjwj_patcher.exe] => (Allow) C:\users\owner\desktop\naraka\program\bin\release64\yjwj_patcher.exe => No File
FirewallRules: [UDP Query User{487C0E44-7500-422E-98F7-31977BADDAD5}C:\users\owner\desktop\naraka\program\bin\release64\yjwj_patcher.exe] => (Allow) C:\users\owner\desktop\naraka\program\bin\release64\yjwj_patcher.exe => No File
FirewallRules: [TCP Query User{BDC7190B-69C5-4798-ABFF-D9D163CDE3C3}C:\users\owner\desktop\naraka\program\bin\release64\clientrepair.exe] => (Allow) C:\users\owner\desktop\naraka\program\bin\release64\clientrepair.exe => No File
FirewallRules: [UDP Query User{5AFE657B-3FFB-4551-8845-C87EC70A98C4}C:\users\owner\desktop\naraka\program\bin\release64\clientrepair.exe] => (Allow) C:\users\owner\desktop\naraka\program\bin\release64\clientrepair.exe => No File
FirewallRules: [TCP Query User{40D1DF8D-9D5A-4BB8-8A90-C4B1F2E6AD87}C:\users\owner\desktop\naraka\program\narakabladepoint.exe] => (Allow) C:\users\owner\desktop\naraka\program\narakabladepoint.exe => No File
FirewallRules: [UDP Query User{8DE1300F-A4C2-4953-8DC8-7D69708918B9}C:\users\owner\desktop\naraka\program\narakabladepoint.exe] => (Allow) C:\users\owner\desktop\naraka\program\narakabladepoint.exe => No File
FirewallRules: [TCP Query User{A342AAA9-9539-4AD5-AFF4-DE228CF99ADA}C:\users\owner\downloads\naraka\program\bin\release64\yjwj_patcher.exe] => (Allow) C:\users\owner\downloads\naraka\program\bin\release64\yjwj_patcher.exe => No File
FirewallRules: [UDP Query User{B85EE3DC-A9A1-4020-AD76-E89FC7A6CA82}C:\users\owner\downloads\naraka\program\bin\release64\yjwj_patcher.exe] => (Allow) C:\users\owner\downloads\naraka\program\bin\release64\yjwj_patcher.exe => No File
FirewallRules: [TCP Query User{66F229BA-361E-43D9-8D84-4BB18FB1AE8C}C:\users\owner\downloads\naraka\program\narakabladepoint.exe] => (Allow) C:\users\owner\downloads\naraka\program\narakabladepoint.exe => No File
FirewallRules: [UDP Query User{7932482D-6D04-4822-A397-3C5A052CF280}C:\users\owner\downloads\naraka\program\narakabladepoint.exe] => (Allow) C:\users\owner\downloads\naraka\program\narakabladepoint.exe => No File
FirewallRules: [{DBFA1DBC-0820-4F96-A22B-89BAA44B3A1C}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{50208C37-7840-4439-AF03-1C3CC4CC0D87}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{B73BCAA5-8DB4-4F87-9D30-9F88BDE4DE34}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{F89B2DB6-70B0-4C5A-A79B-2C812B57F61A}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{767B5197-2E5B-4B6E-AD58-EAE2BEB33161}] => (Allow) D:\pspluslauncher.exe => No File
FirewallRules: [{B2886A9F-7810-4227-A50E-8E0B09702986}] => (Allow) C:\Users\Owner\AppData\Local\Gaikai\CrashReports\dumpupload.exe (Sony Interactive Entertainment LLC -> )
FirewallRules: [{458A58A5-FED8-4C49-B351-CB3B8C989C39}] => (Allow) D:\unidater.exe => No File
FirewallRules: [TCP Query User{7A823C97-E7B7-4A90-B879-C510D4E8DA9D}D:\naraka\program\bin\release64\yjwj_patcher.exe] => (Allow) D:\naraka\program\bin\release64\yjwj_patcher.exe => No File
FirewallRules: [UDP Query User{FD49CA08-7D18-423A-A928-A76D7B367A2E}D:\naraka\program\bin\release64\yjwj_patcher.exe] => (Allow) D:\naraka\program\bin\release64\yjwj_patcher.exe => No File
FirewallRules: [TCP Query User{B874E1C9-23D5-46EA-B2A8-7A542EC8393A}D:\naraka\program\narakabladepoint.exe] => (Allow) D:\naraka\program\narakabladepoint.exe => No File
FirewallRules: [UDP Query User{A821E588-EEFE-4F36-BE82-87630625C140}D:\naraka\program\narakabladepoint.exe] => (Allow) D:\naraka\program\narakabladepoint.exe => No File
FirewallRules: [{00532206-77C4-4DEA-9BB2-121333751960}] => (Allow) D:\SteamLibrary\steamapps\common\Evil Genius 2\launcher\eg2.exe (Rebellion) [File not signed]
FirewallRules: [{3EDFF05A-71D7-44F1-86FE-CA11A00C1B04}] => (Allow) D:\SteamLibrary\steamapps\common\Evil Genius 2\launcher\eg2.exe (Rebellion) [File not signed]
FirewallRules: [TCP Query User{B6B12788-47AD-4F7A-82AC-AD2074F494DD}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{B88CB531-81A4-48A4-B793-D80398ABE48A}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{2B0A4338-6A0F-471A-B5A6-A275F79734BA}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{9EEFAC60-99F3-449B-B936-C297ED97CEAA}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [TCP Query User{0AA775E3-378F-4B18-8667-CBEE9F7F8921}C:\users\owner\appdata\local\temp\rar$exa6932.15264\atlyss_v0.0.95e(test build)\atlyss.exe] => (Block) C:\users\owner\appdata\local\temp\rar$exa6932.15264\atlyss_v0.0.95e(test build)\atlyss.exe => No File
FirewallRules: [UDP Query User{991655FE-FBD4-4FBC-810D-F20EA2B7FE5E}C:\users\owner\appdata\local\temp\rar$exa6932.15264\atlyss_v0.0.95e(test build)\atlyss.exe] => (Block) C:\users\owner\appdata\local\temp\rar$exa6932.15264\atlyss_v0.0.95e(test build)\atlyss.exe => No File
FirewallRules: [{00FBAD79-FDEF-498B-849C-0D37567442B7}] => (Allow) D:\SteamLibrary\steamapps\common\For The King\FTK.exe () [File not signed]
FirewallRules: [{83708FFF-A97E-483A-840E-A9F4E4AD3373}] => (Allow) D:\SteamLibrary\steamapps\common\For The King\FTK.exe () [File not signed]
FirewallRules: [{15FDF686-7303-4C02-BAA8-C975C426C0C0}] => (Allow) D:\SteamLibrary\steamapps\common\ELDEN RING\Game\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{0F0FEF0D-3B37-456C-807E-B6820973D06E}] => (Allow) D:\SteamLibrary\steamapps\common\ELDEN RING\Game\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{BD849EAC-6948-48BF-8811-1F9455CA72F9}] => (Allow) D:\SteamLibrary\steamapps\common\Naruto To Boruto\NARUTO.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{138CB359-79CA-400A-8DA9-8C5AF880DD56}] => (Allow) D:\SteamLibrary\steamapps\common\Naruto To Boruto\NARUTO.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{22C35C98-97C9-428A-BED7-56B01A6B0B88}D:\steamlibrary\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [UDP Query User{50914EC6-4578-4364-9D58-3E51A8CBFC52}D:\steamlibrary\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [{A9BE2EEA-9603-4889-A3D4-733637E6E9F1}] => (Allow) D:\SteamLibrary\steamapps\common\For Honor\forhonor.exe => No File
FirewallRules: [{7A777BAB-7F2E-4747-8EBE-BA815B3AEE08}] => (Allow) D:\SteamLibrary\steamapps\common\For Honor\forhonor.exe => No File
FirewallRules: [TCP Query User{DACF3BD1-FB65-4DBC-8A8E-6553C850F6FF}D:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) D:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [UDP Query User{C5538803-3D8F-430C-A4E3-6C7B465507FB}D:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) D:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [TCP Query User{6ACFD02F-1914-408B-9D10-9655973710C3}D:\naraka\program\bin\release64\clientrepair.exe] => (Allow) D:\naraka\program\bin\release64\clientrepair.exe => No File
FirewallRules: [UDP Query User{CC9D85BF-49C3-4B85-B28B-FDD6E013E962}D:\naraka\program\bin\release64\clientrepair.exe] => (Allow) D:\naraka\program\bin\release64\clientrepair.exe => No File
FirewallRules: [{6174C478-6CE1-4CF0-8E75-669DC9858089}] => (Allow) D:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{60E7CA11-35ED-41E6-8E0D-009F8E58949F}] => (Allow) D:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{43158F49-BFE2-4589-B465-AF375D5B0297}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{7DFCF51E-34A6-424C-937B-A8846F7ACE8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{106A1585-9CDF-49D6-985C-766C0A9D346E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{2C81C715-BD03-4371-AF3D-6EA250CDC244}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{1B87EE75-9EA2-431B-9C14-72E4CBA2D469}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{F2404FCF-5EA5-4C45-B9AD-58090EB97690}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{3B5377E5-0574-4423-8A7D-A9FC75EA50E7}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [UDP Query User{F67A0BE3-0C66-43FE-894E-D27C11712946}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [{859F9EA6-B2D8-499E-8C32-00033CA516E8}] => (Allow) D:\SteamLibrary\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{26427A0A-4996-424B-8C5A-AB0F00A3B195}] => (Allow) D:\SteamLibrary\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{5F928E90-8206-45E2-997D-A8A38FD7FA9E}] => (Allow) D:\SteamLibrary\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{A1B88938-55CC-4E45-B7FF-2279445710A4}] => (Allow) D:\SteamLibrary\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [TCP Query User{64A56613-26F1-4BC1-BFD7-F1A8CACE38C1}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [UDP Query User{D928DD3C-D6E7-46C7-B0EA-84DB16AC54DB}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{A311A7E8-55F2-49AE-AD50-A9F4D9A07926}] => (Allow) D:\SteamLibrary\steamapps\common\Morrowind\Morrowind Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{F2DCD74E-5F70-476C-B363-AE8656914180}] => (Allow) D:\SteamLibrary\steamapps\common\Morrowind\Morrowind Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{6BBFF3C1-51BF-412C-A4A8-DEC783F9A86F}] => (Allow) D:\SteamLibrary\steamapps\common\Oblivion\OblivionLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{F81D3559-5FB5-488B-BB17-BFAB1A2981E1}] => (Allow) D:\SteamLibrary\steamapps\common\Oblivion\OblivionLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{2AF7025F-148C-48B8-BCDC-24AB7ABE2BB5}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{9D635BD8-648C-4791-842E-AB5AAF89D868}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{92E506D4-FD1C-4B44-B7B0-BFCF0E388703}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{471225D8-0C4E-4DA5-99A4-A985D2E38BDA}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{5B499DF5-B8A2-41A2-B346-EBA4D3F4D909}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{78EABF95-61C8-452C-AF12-D5E54444AB9F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{DC0B8970-5DA9-465C-88BA-7A3872DDB8DC}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{B16E38C7-6838-46B7-A6D5-7D1AD1726148}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{7CE9FA03-3678-4518-9428-BFD88167FDB9}] => (Allow) D:\SteamLibrary\steamapps\common\Hogwarts Legacy\HogwartsLegacy.exe (Warner Bros. Interactive) [File not signed]
FirewallRules: [{A3CFA173-57A1-4897-AA0D-09AECD0782D1}] => (Allow) D:\SteamLibrary\steamapps\common\Hogwarts Legacy\HogwartsLegacy.exe (Warner Bros. Interactive) [File not signed]
FirewallRules: [TCP Query User{63DD6486-CC05-47E2-B117-AFF5D192ADC1}D:\citra\nightly\citra-qt.exe] => (Allow) D:\citra\nightly\citra-qt.exe () [File not signed]
FirewallRules: [UDP Query User{42C145CA-8F16-420E-B9FA-45775FA7E9CB}D:\citra\nightly\citra-qt.exe] => (Allow) D:\citra\nightly\citra-qt.exe () [File not signed]
FirewallRules: [{0F33C485-E1D7-4BB6-B048-6E881E3EA3EC}] => (Allow) D:\SteamLibrary\steamapps\common\Lethal Company\Lethal Company.exe () [File not signed]
FirewallRules: [{38763F58-DD68-476E-A0E7-6E7590C2EF00}] => (Allow) D:\SteamLibrary\steamapps\common\Lethal Company\Lethal Company.exe () [File not signed]
FirewallRules: [{D561D776-1FB6-4C24-933C-5B44E2678506}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{351BB780-E64B-4A34-94A2-4BE1FBCA483D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{399C08A4-98CF-43D0-B80A-CE2A95DDCE5C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1219746F-1E93-4EFA-8D27-E07544F19195}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E08A3952-DE23-4EF7-8010-D086C68B29F4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{259D5929-0F08-4CB2-8D0E-26DA0A166BF6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F4B5AEBC-BCDF-4924-AD77-15C1668BFC8C}] => (Allow) D:\SteamLibrary\steamapps\common\My Hero Ultra Rumble\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{CC5D0377-E75F-4116-ACD6-408F066B2E2C}] => (Allow) D:\SteamLibrary\steamapps\common\My Hero Ultra Rumble\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{D46476E5-8134-48F1-B5F7-BDEA6D5588C6}] => (Allow) D:\SteamLibrary\steamapps\common\My Hero Ultra Rumble\HerovsGame\Binaries\Win64\MHUR.exe (BNEI) [File not signed]
FirewallRules: [{85EC3B9D-21BF-4BE0-976B-7F542737BB94}] => (Allow) D:\SteamLibrary\steamapps\common\My Hero Ultra Rumble\HerovsGame\Binaries\Win64\MHUR.exe (BNEI) [File not signed]
FirewallRules: [{F304A2F8-D148-46EE-8E78-F30A9D234756}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{7B762B49-5B7B-4103-BA8A-3E9A3B098D03}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{785D8D75-4D7F-40EF-8F9E-3D07EFA6657B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{515A47A8-0B2B-442B-A8DE-E7F34ACDBE56}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{D10CB776-DD6D-4235-B2B6-2C47127702B0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{B8AB8772-E352-4988-9B32-2692F8A76900}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{8BFAF127-8EB1-4526-B7E7-1BC53CF5E775}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{05A9A74D-C689-4B82-8132-E179B026FA5B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{754F97EB-84C5-4F0C-A58F-652BE30F7E3D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{744AC5DF-1D33-4354-8497-52D7124945A9}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{0755D0EC-CDC3-45B5-9968-F1150F47A77C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices ============
 
Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/26/2024 09:19:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 10.0.19041.1, time stamp: 0x45c477dd
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800
Exception code: 0xc0000374
Fault offset: 0x00000000000ff349
Faulting process id: 0xe64
Faulting application start time: 0x01da68bad80f61ea
Faulting application path: C:\WINDOWS\system32\WLANExt.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ab35e1c7-8d90-4d4d-9d76-3627102b9d30
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/26/2024 08:51:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SecHealthUI.exe, version: 10.0.19041.3758, time stamp: 0x2ec74c00
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3996, time stamp: 0xb756c9ff
Exception code: 0xc000027b
Fault offset: 0x000000000012d952
Faulting process id: 0x2c80
Faulting application start time: 0x01da68bae17d7134
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: ff02b392-8f41-407c-b1ff-699ca69871cb
Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.3636_neutral__cw5n1h2txyewy
Faulting package-relative application ID: SecHealthUI
 
Error: (02/26/2024 08:32:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 10.0.19041.1, time stamp: 0x45c477dd
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800
Exception code: 0xc0000374
Fault offset: 0x00000000000ff349
Faulting process id: 0x113c
Faulting application start time: 0x01da68b82e5902bb
Faulting application path: C:\WINDOWS\system32\WLANExt.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0c330416-ffa2-4db1-b5b3-2a3bdd6b929e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/25/2024 01:25:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 10.0.19041.1, time stamp: 0x45c477dd
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800
Exception code: 0xc0000374
Fault offset: 0x00000000000ff349
Faulting process id: 0xfe8
Faulting application start time: 0x01da6813728f4b97
Faulting application path: C:\WINDOWS\system32\WLANExt.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 077397ff-22c1-4c0a-a607-bcff82f8d466
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/25/2024 11:52:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, time stamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800
Exception code: 0xc0000005
Fault offset: 0x00000000000634f6
Faulting process id: 0x3344
Faulting application start time: 0x01da680b11ba0daf
Faulting application path: D:\Program Files\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: bc060a40-4adb-4e39-9c41-09d560dab627
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/24/2024 11:07:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LEProc.exe, version: 0.0.0.0, time stamp: 0x61268e6d
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4046, time stamp: 0xa0505aa2
Exception code: 0xe0434352
Fault offset: 0x0013fa72
Faulting process id: 0x24bc
Faulting application start time: 0x01da673b8cce0090
Faulting application path: D:\Locale Emulator\Locale.Emulator.2.5.0.1\LEProc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 0a65e0b2-dfc8-4aa6-ad43-27736c76eed4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/24/2024 11:07:22 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: LEProc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at LEProc.Program.Main(System.String[])
 
Error: (02/23/2024 03:06:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, time stamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800
Exception code: 0xc0000005
Fault offset: 0x00000000000634f6
Faulting process id: 0x1c10
Faulting application start time: 0x01da6693c3d5d3a0
Faulting application path: D:\Program Files\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 9abd2ace-4200-4b92-9f8f-886827847767
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (02/26/2024 10:26:12 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (02/26/2024 10:26:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (02/26/2024 09:27:19 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/26/2024 08:51:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (02/26/2024 08:51:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error: 
The compound file GameInput Service was produced with a newer version of storage.
 
Error: (02/26/2024 08:45:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (02/26/2024 08:45:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (02/26/2024 08:45:38 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
 
Windows Defender:
================
Date: 2024-02-26 10:21:21
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-26 10:04:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-26 09:45:24
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-26 09:09:09
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-26 09:04:21
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2024-01-27 07:21:34
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.529.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2024-01-09 08:31:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.529.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2023-12-26 07:46:50
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.529.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-12-26 07:46:50
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.529.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-12-26 07:46:50
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.529.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===============
Date: 2024-02-26 10:32:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. P1.50 02/14/2014
Motherboard: ASRock H81 Pro BTC
Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 44%
Total physical RAM: 16323.21 MB
Available physical RAM: 9076.17 MB
Total Virtual: 23491.21 MB
Available Virtual: 13794.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223 GB) (Free:3.35 GB) (Model: Hyundai 240GB SSD) NTFS
Drive d: (Seagate 2TB) (Fixed) (Total:1863.01 GB) (Free:657.76 GB) (Model: ST2000DM008-2UB102) NTFS
 
\\?\Volume{7749ea3f-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.11 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5CBDE002)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 7749EA3F)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

#4 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 26 February 2024 - 12:07 PM

Also thank you very much for volunteering your time Gary you're very much appreciated.

Edited by Jarbon, 26 February 2024 - 12:10 PM.

#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 26 February 2024 - 01:46 PM

Greetings.

My pleasure to work together on this.

Let's start with this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------
  • Download Revo Uninstaller Free Portable and save it to your Desktop
  • Right click on the folder and select Extract All..., then click Extract
  • Double click on the RevoUninstaller-Portable folder
  • Right click on RevoUPort and select Run as administrator
  • Click OK on the License Agreement
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
WeatherZero
WebAdvisor by McAfee
  • If the program's uninstaller appears work through the steps to remove the program(s)
  • Be sure the Advanced option is selected then click Scan
  • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
  • Once done click Finish
  • Reboot your computer
===================================================

Modifying Chrome Notification Settings

--------------------
  • Launch Chrome. If you can't, skip this step.
  • Copy and paste the below in the address bar then hit Enter

chrome://settings/content/notifications?search=notification

  • Under Allow examine each entry and for any entry not recognized or not wanted click on the 2 horizontal dots to the right and select Block
  • Confirm the entry was moved under the Block section
  • Close Chrome
===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\Owner\AppData\Roaming\CloudPatchv2
Folder: C:\Users\Owner\AppData\Roaming\shpafact
Folder: C:\Users\Owner\AppData\Local\d90-updater
Folder: C:\Program Files (x86)\CompanyCusucy
C:\Program Files (x86)\Google\GoogleUpdater
C:\WINDOWS\system32\Tasks\GoogleSystem
C:\Users\Owner\AppData\Roaming\CloudPatchv2
C:\Users\Owner\AppData\Roaming\shpafact
C:\Users\Owner\AppData\Local\d90-updater
C:\Program Files (x86)\CompanyCusucy
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X] 
Task: {101C1F7B-4B5F-4986-B674-0D894D46A833} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Users\Owner\Desktop\MSERT.exe /EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x80072ee7" (No File) 
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File 
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File 
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File 
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File 
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\FileCoAuth.exe => No File 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File 
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll -> No File 
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll -> No File 
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll -> No File 
Task: {16B04F6E-7304-4D08-8B8E-9548E23DC188} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{848D39A6-1088-4E0C-A920-88F1138400DB} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION 
S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION 
S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION 
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [2594] 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [2594] 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [2594] 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [2594] 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk:FBFC89DD04 [2594] 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
  • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Programs uninstalled?
  • Chrome Notifications reviewed?
  • Fixlog

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#6 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 26 February 2024 - 02:24 PM

I successfully uninstalled zeroweather and webadvisor

 

I now have no apps allowed to send notifications on chrome

 

here is my fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Owner (26-02-2024 14:13:20) Run:1
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\Owner\AppData\Roaming\CloudPatchv2
Folder: C:\Users\Owner\AppData\Roaming\shpafact
Folder: C:\Users\Owner\AppData\Local\d90-updater
Folder: C:\Program Files (x86)\CompanyCusucy
C:\Program Files (x86)\Google\GoogleUpdater
C:\WINDOWS\system32\Tasks\GoogleSystem
C:\Users\Owner\AppData\Roaming\CloudPatchv2
C:\Users\Owner\AppData\Roaming\shpafact
C:\Users\Owner\AppData\Local\d90-updater
C:\Program Files (x86)\CompanyCusucy
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X] 
Task: {101C1F7B-4B5F-4986-B674-0D894D46A833} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Users\Owner\Desktop\MSERT.exe /EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x80072ee7" (No File) 
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File 
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File 
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File 
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File 
CustomCLSID: HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\FileCoAuth.exe => No File 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File 
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll -> No File 
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll -> No File 
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll -> No File 
Task: {16B04F6E-7304-4D08-8B8E-9548E23DC188} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{848D39A6-1088-4E0C-A920-88F1138400DB} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION 
S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION 
S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION 
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [2594] 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [2594] 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [2594] 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [2594] 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk:FBFC89DD04 [2594] 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
*****************
 
SystemRestore: On => Error -> 1%
Restore point was successfully created.
Processes closed successfully.
 
========================= Folder: C:\Users\Owner\AppData\Roaming\CloudPatchv2 ========================
 
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Owner\AppData\Roaming\shpafact ========================
 
2024-02-24 09:36 - 2024-02-22 23:31 - 000086944 ____A [F07F53569C594F04B5B15CA6DBE4B455] () C:\Users\Owner\AppData\Roaming\shpafact\equilibrator.tar
2024-02-24 09:36 - 2024-02-22 23:31 - 001339518 ____A [BBE8C4350E46C239A6C78941E4E8C8DD] () C:\Users\Owner\AppData\Roaming\shpafact\floe.txt
2024-02-24 09:36 - 2024-02-22 23:31 - 000017422 ____A [ED925BDAB51F49813686B62EB82FB4A4] () [File not signed] C:\Users\Owner\AppData\Roaming\shpafact\libdl.dll
2024-02-24 09:36 - 2024-02-22 23:31 - 000117262 ____A [D35376C0D447108B2F9D64D4C40014F8] () [File not signed] C:\Users\Owner\AppData\Roaming\shpafact\libgcc_s_dw2-1.dll
2024-02-24 09:36 - 2024-02-22 23:31 - 000098830 ____A [E40B7ACDD7654C071B0F2C17EB91FDDD] (MingW-W64 Project. All rights reserved.) [File not signed] C:\Users\Owner\AppData\Roaming\shpafact\libwinpthread-1.dll
2024-02-24 09:36 - 2024-02-22 23:31 - 001295374 ____A [3CD9AF46753F2A618D15157372D0D2BC] () [File not signed] C:\Users\Owner\AppData\Roaming\shpafact\libX11-6.dll
2024-02-24 09:36 - 2024-02-22 23:31 - 000020494 ____A [B6F0655BED934503621FCF94BA449A19] () [File not signed] C:\Users\Owner\AppData\Roaming\shpafact\libXau-6.dll
2024-02-24 09:36 - 2024-02-22 23:31 - 000135182 ____A [A4212BE49E5CE8F3BF3950CA32C4BF14] () [File not signed] C:\Users\Owner\AppData\Roaming\shpafact\libxcb-1.dll
2024-02-24 09:36 - 2024-02-22 23:31 - 000025614 ____A [A3718D24F0E6EAE9D6121A1219381AE9] () [File not signed] C:\Users\Owner\AppData\Roaming\shpafact\libxcb-image-0.dll
2024-02-24 09:36 - 2024-02-22 23:31 - 000019470 ____A [557ED85A1D8A3308E552A77A9902E8CF] () [File not signed] C:\Users\Owner\AppData\Roaming\shpafact\libxcb-shm-0.dll
2024-02-24 09:36 - 2024-02-22 23:31 - 000024078 ____A [EE6788D3D3750421E01519A27F86634E] () [File not signed] C:\Users\Owner\AppData\Roaming\shpafact\libxcb-util-1.dll
2024-02-24 09:36 - 2024-02-22 23:31 - 000028686 ____A [7D4F4D3BC6AB6C3EA2097A7ECD018728] () [File not signed] C:\Users\Owner\AppData\Roaming\shpafact\libXdmcp-6.dll
2024-02-24 09:36 - 2024-02-22 23:31 - 000092174 ____A [7E507AF32CA219D2F832CF8D90CA805B] () [File not signed] C:\Users\Owner\AppData\Roaming\shpafact\zlib1.dll
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Owner\AppData\Local\d90-updater ========================
 
2024-02-23 14:38 - 2024-02-23 14:39 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Owner\AppData\Local\d90-updater\pending
2024-02-23 14:38 - 2024-02-23 14:39 - 082300080 ____A [21DDCFDC8EB649B99F2D9E3AEFB49779] (NetEase (Hangzhou) Network Co., Ltd -> Naraka) C:\Users\Owner\AppData\Local\d90-updater\pending\naraka-v3.0.2345.exe
2024-02-23 14:39 - 2024-02-23 14:39 - 000000166 ____A [A0FCDD6A2887EE2A11042DB5A66205AB] () C:\Users\Owner\AppData\Local\d90-updater\pending\update-info.json
 
====== End of Folder: ======
 
 
========================= Folder: C:\Program Files (x86)\CompanyCusucy ========================
 
 
====== End of Folder: ======
 
 
"C:\Program Files (x86)\Google\GoogleUpdater" folder move:
 
C:\Program Files (x86)\Google\GoogleUpdater => moved successfully
 
"C:\WINDOWS\system32\Tasks\GoogleSystem" folder move:
 
C:\WINDOWS\system32\Tasks\GoogleSystem => moved successfully
 
"C:\Users\Owner\AppData\Roaming\CloudPatchv2" folder move:
 
C:\Users\Owner\AppData\Roaming\CloudPatchv2 => moved successfully
 
"C:\Users\Owner\AppData\Roaming\shpafact" folder move:
 
C:\Users\Owner\AppData\Roaming\shpafact => moved successfully
 
"C:\Users\Owner\AppData\Local\d90-updater" folder move:
 
C:\Users\Owner\AppData\Local\d90-updater => moved successfully
 
"C:\Program Files (x86)\CompanyCusucy" folder move:
 
C:\Program Files (x86)\CompanyCusucy => moved successfully
HKLM\System\CurrentControlSet\Services\rsDwf => removed successfully
rsDwf => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{101C1F7B-4B5F-4986-B674-0D894D46A833}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{101C1F7B-4B5F-4986-B674-0D894D46A833}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemovalTools\MRT_ERROR_HB" => removed successfully
HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000} => removed successfully
HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKU\S-1-5-21-235486974-3183418840-3710584001-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16B04F6E-7304-4D08-8B8E-9548E23DC188}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16B04F6E-7304-4D08-8B8E-9548E23DC188}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{848D39A6-1088-4E0C-A920-88F1138400DB}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{848D39A6-1088-4E0C-A920-88F1138400DB}" => removed successfully
HKLM\System\CurrentControlSet\Services\GoogleUpdaterInternalService124.0.6315.0 => removed successfully
GoogleUpdaterInternalService124.0.6315.0 => service removed successfully
HKLM\System\CurrentControlSet\Services\GoogleUpdaterService124.0.6315.0 => removed successfully
GoogleUpdaterService124.0.6315.0 => service removed successfully
C:\ProgramData\DP45977C.lfl => ":677104FCAA" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk => ":BE32D07BC5" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk => ":F20EF51E1F" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk => ":FBFC89DD04" ADS removed successfully
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset resetlog.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
 
========= End of CMD: =========
 
 
========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
C:\Firewall.reg => moved successfully
 
========= netsh advfirewall reset =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
0 out of 0 jobs canceled.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-235486974-3183418840-3710584001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-235486974-3183418840-3710584001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
 
========= sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection found corrupt files and successfully repaired them.
 
For online repairs, details are included in the CBS log file located at
 
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
 
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.3636
 
Image Version: 10.0.19045.4046
 
No component store corruption detected.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28783613 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 814767724 B
Windows/system/drivers => 1767156 B
Edge => 0 B
Chrome => 958454092 B
Firefox => 100060123 B
Opera => 6079979 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 514 B
LocalService => 3355456 B
NetworkService => 13671494 B
Owner => 1492098985 B
 
RecycleBin => 2640082 B
EmptyTemp: => 3.2 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-02-2024 14:19:12)
 
C:\Windows\System32\Drivers\etc\hosts => Is moved successfully
Hosts restored successfully.
 
==== End of Fixlog 14:19:12 ====

#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 26 February 2024 - 03:33 PM

Thank you, that looks good.

Please run a Windows Defender scan rather than MSERT and let me know the results.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#8 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 26 February 2024 - 05:16 PM

After running the full scan it seems to still be active and severe but now there are 2 more notifications of the same threat. Windows defender says it skipped them usually and it also left 2 more notices of remediation incomplete for the same threat.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 26 February 2024 - 08:13 PM

Please run this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
Powershell: Get-MpThreatDetection
Folder: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlist

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#10 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 27 February 2024 - 08:20 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Owner (27-02-2024 08:19:31) Run:2
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
Powershell: Get-MpThreatDetection
Folder: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory
End::
*****************
 
 
========= Get-MpThreatDetection =========
 
 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 8
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 3
CurrentThreatExecutionStatusID : 0
DetectionID                    : {26982392-8E9F-4E81-98A2-05D5BC895F90}
DetectionSourceTypeID          : 2
DomainUser                     : NT AUTHORITY\SYSTEM
InitialDetectionTime           : 2/25/2024 12:29:53 PM
LastThreatStatusChangeTime     : 2/25/2024 12:30:17 PM
ProcessName                    : Unknown
RemediationTime                : 2/25/2024 12:30:17 PM
Resources                      : {file:_C:\Program Files (x86)\CompanyCusucy\CompanyCusucy.exe, service:_CompanyCusucy}
ThreatID                       : 249604
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 4
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 9
CurrentThreatExecutionStatusID : 0
DetectionID                    : {AAA7F2C6-3B07-46FB-B719-1886D67418FD}
DetectionSourceTypeID          : 2
DomainUser                     : 
InitialDetectionTime           : 2/26/2024 5:53:33 AM
LastThreatStatusChangeTime     : 2/26/2024 5:53:33 AM
ProcessName                    : Unknown
RemediationTime                : 
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 1
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 9
CurrentThreatExecutionStatusID : 0
DetectionID                    : {06E24A63-F254-47A9-97DF-D53F59D832A4}
DetectionSourceTypeID          : 2
DomainUser                     : NT AUTHORITY\SYSTEM
InitialDetectionTime           : 2/26/2024 5:53:33 AM
LastThreatStatusChangeTime     : 2/26/2024 5:53:33 AM
ProcessName                    : Unknown
RemediationTime                : 
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 1
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 9
CurrentThreatExecutionStatusID : 0
DetectionID                    : {590B8A6D-4214-479A-B9E7-C4372EA106D6}
DetectionSourceTypeID          : 2
DomainUser                     : NT AUTHORITY\SYSTEM
InitialDetectionTime           : 2/25/2024 12:53:16 PM
LastThreatStatusChangeTime     : 2/25/2024 12:53:16 PM
ProcessName                    : Unknown
RemediationTime                : 
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 1
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 8
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 3
CurrentThreatExecutionStatusID : 2
DetectionID                    : {618002BF-0CE8-4234-B82B-B16391D7AD78}
DetectionSourceTypeID          : 3
DomainUser                     : DESKTOP-IDRJGDS\Owner
InitialDetectionTime           : 5/24/2021 9:52:39 AM
LastThreatStatusChangeTime     : 5/24/2021 9:53:05 AM
ProcessName                    : C:\Windows\explorer.exe
RemediationTime                : 5/24/2021 9:53:05 AM
Resources                      : {file:_C:\Users\Owner\Downloads\H\CATC\App.exe}
ThreatID                       : 251873
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 4
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 2
CurrentThreatExecutionStatusID : 0
DetectionID                    : {FA9BAB0A-BECF-4153-BBF5-9ABC1EBB50AC}
DetectionSourceTypeID          : 2
DomainUser                     : 
InitialDetectionTime           : 2/26/2024 5:53:33 AM
LastThreatStatusChangeTime     : 2/27/2024 8:18:11 AM
ProcessName                    : Unknown
RemediationTime                : 2/27/2024 8:18:11 AM
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : -2142207965
ThreatStatusID                 : 103
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 2
CurrentThreatExecutionStatusID : 0
DetectionID                    : {1B56A45C-AA4A-400E-AD8E-FAF675CC7DF2}
DetectionSourceTypeID          : 2
DomainUser                     : 
InitialDetectionTime           : 2/26/2024 5:53:33 AM
LastThreatStatusChangeTime     : 2/26/2024 8:54:30 AM
ProcessName                    : Unknown
RemediationTime                : 2/26/2024 8:54:30 AM
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : -2142207965
ThreatStatusID                 : 103
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 2
CurrentThreatExecutionStatusID : 0
DetectionID                    : {5D4205A1-3D20-474F-B005-E1D6A1B5F108}
DetectionSourceTypeID          : 2
DomainUser                     : 
InitialDetectionTime           : 2/26/2024 5:53:33 AM
LastThreatStatusChangeTime     : 2/26/2024 3:59:25 PM
ProcessName                    : Unknown
RemediationTime                : 2/26/2024 3:59:25 PM
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : -2142207965
ThreatStatusID                 : 103
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 9
CurrentThreatExecutionStatusID : 0
DetectionID                    : {93B3D837-7C76-4195-8F3A-5195045ADB7A}
DetectionSourceTypeID          : 2
DomainUser                     : 
InitialDetectionTime           : 2/25/2024 12:53:16 PM
LastThreatStatusChangeTime     : 2/25/2024 12:53:16 PM
ProcessName                    : Unknown
RemediationTime                : 
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 1
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 2
CurrentThreatExecutionStatusID : 0
DetectionID                    : {A29AF616-2CA6-4E32-B64E-66D9A0F8F89E}
DetectionSourceTypeID          : 2
DomainUser                     : 
InitialDetectionTime           : 2/25/2024 12:53:16 PM
LastThreatStatusChangeTime     : 2/25/2024 1:19:20 PM
ProcessName                    : Unknown
RemediationTime                : 2/25/2024 1:19:20 PM
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : -2142207965
ThreatStatusID                 : 103
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 9
CurrentThreatExecutionStatusID : 0
DetectionID                    : {D8AC1739-2063-43AB-912F-27DDEEC993EE}
DetectionSourceTypeID          : 2
DomainUser                     : 
InitialDetectionTime           : 2/26/2024 5:53:33 AM
LastThreatStatusChangeTime     : 2/26/2024 5:53:33 AM
ProcessName                    : Unknown
RemediationTime                : 
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 1
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 9
CurrentThreatExecutionStatusID : 3
DetectionID                    : {0AF75C1A-DB75-43BE-BC78-69391B669E75}
DetectionSourceTypeID          : 2
DomainUser                     : NT AUTHORITY\SYSTEM
InitialDetectionTime           : 5/6/2021 9:52:00 PM
LastThreatStatusChangeTime     : 5/6/2021 9:52:00 PM
ProcessName                    : C:\Users\Owner\Desktop\Flux\bin\Fluxus v5.exe
RemediationTime                : 
Resources                      : {file:_C:\Users\Owner\Desktop\Flux\bin\Fluxus v5.exe, 
                                 process:_pid:15728,ProcessStart:132648072331478761}
ThreatID                       : 265744
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 106
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 3
CurrentThreatExecutionStatusID : 0
DetectionID                    : {4A5C7DB5-9E50-4162-9462-DFDB97797F6F}
DetectionSourceTypeID          : 2
DomainUser                     : NT AUTHORITY\SYSTEM
InitialDetectionTime           : 4/18/2021 1:02:52 AM
LastThreatStatusChangeTime     : 4/18/2021 1:03:12 AM
ProcessName                    : Unknown
RemediationTime                : 4/18/2021 1:03:12 AM
Resources                      : {file:_C:\Users\Owner\Desktop\Flux\Fluxus_Bootstrapper (1).exe}
ThreatID                       : 265744
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 4
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 9
CurrentThreatExecutionStatusID : 0
DetectionID                    : {B1C186A1-F172-46F2-A1F8-BED7358AD7BA}
DetectionSourceTypeID          : 2
DomainUser                     : 
InitialDetectionTime           : 2/26/2024 5:53:33 AM
LastThreatStatusChangeTime     : 2/26/2024 5:53:33 AM
ProcessName                    : Unknown
RemediationTime                : 
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 1
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 9
CurrentThreatExecutionStatusID : 2
DetectionID                    : {082E99B9-F5CF-462C-8ED9-8E405AA5AC0B}
DetectionSourceTypeID          : 3
DomainUser                     : DESKTOP-IDRJGDS\Owner
InitialDetectionTime           : 5/24/2021 9:52:53 AM
LastThreatStatusChangeTime     : 5/24/2021 9:52:53 AM
ProcessName                    : C:\Windows\explorer.exe
RemediationTime                : 
Resources                      : {file:_C:\Users\Owner\Downloads\H\CATC\App.exe}
ThreatID                       : 251873
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 106
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 2
CurrentThreatExecutionStatusID : 1
DetectionID                    : {16BAE96F-43CB-4D0D-BDCC-DEF9F6D54429}
DetectionSourceTypeID          : 3
DomainUser                     : DESKTOP-IDRJGDS\Owner
InitialDetectionTime           : 8/21/2021 8:53:14 PM
LastThreatStatusChangeTime     : 2/25/2024 12:30:50 PM
ProcessName                    : C:\Windows\explorer.exe
RemediationTime                : 2/25/2024 12:30:50 PM
Resources                      : {file:_C:\Users\Owner\Downloads\Installer.exe}
ThreatID                       : 227215
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 3
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 9
CurrentThreatExecutionStatusID : 2
DetectionID                    : {3A684C3E-69E9-4BED-A603-F21A43D08555}
DetectionSourceTypeID          : 2
DomainUser                     : NT AUTHORITY\SYSTEM
InitialDetectionTime           : 4/22/2021 6:57:16 PM
LastThreatStatusChangeTime     : 4/22/2021 6:57:16 PM
ProcessName                    : C:\Users\Owner\Desktop\Flux\Fluxus_Bootstrapper (1).exe
RemediationTime                : 
Resources                      : {file:_C:\Users\Owner\Desktop\Flux\Fluxus_Bootstrapper (1).exe}
ThreatID                       : 250070
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 106
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 9
CurrentThreatExecutionStatusID : 0
DetectionID                    : {16F8DA0B-BCA5-4ACF-86F3-84AAE74A2749}
DetectionSourceTypeID          : 2
DomainUser                     : 
InitialDetectionTime           : 2/26/2024 5:53:33 AM
LastThreatStatusChangeTime     : 2/26/2024 5:53:33 AM
ProcessName                    : Unknown
RemediationTime                : 
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 1
PSComputerName                 : 
 
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.23110.3
CleaningActionID               : 2
CurrentThreatExecutionStatusID : 0
DetectionID                    : {C03A7E9B-EFDA-4D88-938F-08175D04B91D}
DetectionSourceTypeID          : 2
DomainUser                     : 
InitialDetectionTime           : 2/26/2024 5:53:33 AM
LastThreatStatusChangeTime     : 2/26/2024 7:29:33 AM
ProcessName                    : Unknown
RemediationTime                : 2/26/2024 7:29:33 AM
Resources                      : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID                       : 2147741622
ThreatStatusErrorCode          : -2142207965
ThreatStatusID                 : 103
PSComputerName                 : 
 
 
 
 
========= End of Powershell: =========
 
 
========================= Folder: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory ========================
 
2021-03-24 13:41 - 2024-02-26 14:07 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00
2024-02-26 14:07 - 2024-02-26 14:07 - 000001728 ____A [B4F10F6837D569A9815872FA4DDC0D7C] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\16F8DA0B-BCA5-4ACF-86F3-84AAE74A2749
2024-02-26 07:29 - 2024-02-27 08:17 - 000001768 ____A [B98E8A5D9BD698FFB5C2D468B24431BF] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\C03A7E9B-EFDA-4D88-938F-08175D04B91D
2020-10-30 17:56 - 2021-05-21 08:27 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01
2020-10-10 00:04 - 2021-05-28 09:11 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02
2020-10-09 17:49 - 2021-05-21 08:27 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03
2020-10-21 06:35 - 2024-02-25 15:01 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04
2020-10-28 04:22 - 2021-08-21 19:53 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05
2021-05-24 08:52 - 2024-02-25 12:37 - 000003576 ____A [AB9A872440584A941196AB0263E585F1] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\082E99B9-F5CF-462C-8ED9-8E405AA5AC0B
2021-08-21 19:53 - 2024-02-26 12:34 - 000002384 ____A [5BBD5DA463CA6962FD315538E83EC899] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\16BAE96F-43CB-4D0D-BDCC-DEF9F6D54429
2021-04-22 17:57 - 2024-02-25 12:37 - 000002664 ____A [E451258CB88598627EF0238547378CCF] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\3A684C3E-69E9-4BED-A603-F21A43D08555
2020-10-09 17:40 - 2024-02-25 15:01 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06
2020-10-09 17:40 - 2024-02-25 15:01 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07
2020-11-11 10:25 - 2024-02-26 14:19 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08
2024-02-26 14:19 - 2024-02-26 14:19 - 000001728 ____A [8EE8141DF6386D80A25E8B6750FEC2D7] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\B1C186A1-F172-46F2-A1F8-BED7358AD7BA
2020-11-06 07:40 - 2021-04-12 18:58 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09
2021-03-10 22:57 - 2021-05-21 08:27 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10
2021-05-06 20:52 - 2024-02-25 12:37 - 000003584 ____A [7BBACA114F8FE05DAB7FB530FB212DA8] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\0AF75C1A-DB75-43BE-BC78-69391B669E75
2021-04-18 00:02 - 2021-04-19 00:35 - 000002248 ____A [800D0E08C18691CAE6E756FDDF65D3F1] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\4A5C7DB5-9E50-4162-9462-DFDB97797F6F
2020-10-13 20:11 - 2024-02-26 08:51 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11
2024-02-26 08:51 - 2024-02-26 08:51 - 000001728 ____A [13AD2A3C1BBF0E021B0349526E7F7839] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\D8AC1739-2063-43AB-912F-27DDEEC993EE
2020-10-10 00:04 - 2024-02-25 13:19 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12
2024-02-25 13:19 - 2024-02-26 13:56 - 000001768 ____A [D477E61334FD43F94443898B8378D88E] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\A29AF616-2CA6-4E32-B64E-66D9A0F8F89E
2020-12-09 06:11 - 2024-02-25 15:01 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13
2020-10-09 20:55 - 2024-02-26 15:59 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14
2024-02-26 08:54 - 2024-02-26 08:54 - 000001768 ____A [78DC0E8B7AB04058B00165C075A9809F] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\1B56A45C-AA4A-400E-AD8E-FAF675CC7DF2
2024-02-26 15:59 - 2024-02-26 15:59 - 000001768 ____A [FCE845596A5B522FED6F8D670EFDE672] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\5D4205A1-3D20-474F-B005-E1D6A1B5F108
2024-02-26 05:53 - 2024-02-26 05:53 - 000001728 ____A [FE146F74B87BA118BA2F90503016DD86] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\93B3D837-7C76-4195-8F3A-5195045ADB7A
2020-10-09 17:47 - 2024-02-27 08:17 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15
2024-02-27 08:17 - 2024-02-27 08:18 - 000001768 ____A [59DAC0C2BD0538B71425513F072BD568] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\FA9BAB0A-BECF-4153-BBF5-9ABC1EBB50AC
2020-11-06 07:47 - 2021-05-24 08:52 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16
2021-05-24 08:52 - 2024-02-25 12:37 - 000002384 ____A [E8E5520800D70FE6ADFE0E52BC66AF6B] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\618002BF-0CE8-4234-B82B-B16391D7AD78
2020-10-31 02:53 - 2024-02-25 15:01 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17
2024-02-25 12:53 - 2024-02-25 12:53 - 000001760 ____A [75CD793B188AB090674547D168159C92] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\590B8A6D-4214-479A-B9E7-C4372EA106D6
2020-10-16 17:10 - 2024-02-26 05:53 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18
2024-02-26 05:53 - 2024-02-26 05:53 - 000001760 ____A [6420B0E9107B976F20EAA0480631D667] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\06E24A63-F254-47A9-97DF-D53F59D832A4
2020-10-29 02:37 - 2024-02-25 15:01 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19
2021-03-19 01:35 - 2021-04-24 03:46 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20
2020-10-29 02:38 - 2024-02-25 15:01 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21
2020-10-23 22:35 - 2024-02-26 13:56 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22
2024-02-25 12:29 - 2024-02-25 12:30 - 000003808 ____A [8D755DBCA0D350891B981147868FB8A2] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\26982392-8E9F-4E81-98A2-05D5BC895F90
2024-02-26 13:56 - 2024-02-26 13:56 - 000001728 ____A [2906FF0D48D34DE5B18D606C3870D715] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\AAA7F2C6-3B07-46FB-B719-1886D67418FD
 
====== End of Folder: ======
 
 
==== End of Fixlog 08:19:41 ====

#11 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 27 February 2024 - 12:37 PM

Thank you.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix - Safe Mode Command Prompt with Attached File

--------------------
  • If necessary, download Farbar Recover Scan Tool for 64 bit systems and save it to a USB device
  • Download Attached File  Fixlist.txt   3.18KB   5 downloads and save it in the same USB device
  • Insert the USB device into your compromised computer
  • Holding down the Shift Key click Start, click the power icon, then select Reboot
  • Click Troubleshoot
  • Click Advanced options
  • Click Startup Settings
  • Click Restart
  • Select 6) Enable Safe Mode with Command Prompt
  • In the command window type in Notepad and press Enter.
  • Under File menu select Open
  • Select This PC and double click on your USB drive letter
  • Next to Files of type: select All Files
  • Right click on the FRST icon and select Run as administrator
  • Click Yes to disclaimer that may appear
  • Press Fix button
  • Reboot your computer into Normal Boot
  • A fixlog.txt file will be saved on the USB drive. Please copy and paste it to your reply. If the report is too large attach it
  • Following reboot run a Windows Defender scan and check for detections
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog
  • Windows Defender?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#12 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 27 February 2024 - 01:06 PM

After running windows defender following the reboot It now only detects 2 instances of the same virus and nothing else.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Owner (27-02-2024 13:00:16) Run:3
Running from F:\FRST64bit
Loaded Profiles: Owner
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
StartRegedit:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000000

EndRegedit:

ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

C:\Program Files (x86)\CompanyCusucy

Powershell: Set-MpPreference -EnableControlledFolderAccess Disabled
Powershell: Set-MpPreference -DisableRealtimeMonitoring $true
cmd: del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log"
cmd: del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log"
cmd: del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log"
cmd: del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\16F8DA0B-BCA5-4ACF-86F3-84AAE74A2749
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\C03A7E9B-EFDA-4D88-938F-08175D04B91D
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\082E99B9-F5CF-462C-8ED9-8E405AA5AC0B
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\16BAE96F-43CB-4D0D-BDCC-DEF9F6D54429
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\3A684C3E-69E9-4BED-A603-F21A43D08555
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\B1C186A1-F172-46F2-A1F8-BED7358AD7BA
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\0AF75C1A-DB75-43BE-BC78-69391B669E75
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\4A5C7DB5-9E50-4162-9462-DFDB97797F6F
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\D8AC1739-2063-43AB-912F-27DDEEC993EE
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\A29AF616-2CA6-4E32-B64E-66D9A0F8F89E
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\1B56A45C-AA4A-400E-AD8E-FAF675CC7DF2
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\5D4205A1-3D20-474F-B005-E1D6A1B5F108
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\93B3D837-7C76-4195-8F3A-5195045ADB7A
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\FA9BAB0A-BECF-4153-BBF5-9ABC1EBB50AC
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\618002BF-0CE8-4234-B82B-B16391D7AD78
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\590B8A6D-4214-479A-B9E7-C4372EA106D6
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\06E24A63-F254-47A9-97DF-D53F59D832A4
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\26982392-8E9F-4E81-98A2-05D5BC895F90
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\AAA7F2C6-3B07-46FB-B719-1886D67418FD
Powershell: Set-MpPreference -EnableControlledFolderAccess Enabled
Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
Powershell: Get-MpThreatDetection
Reboot:
*****************

Registry ====> The operation completed successfully.
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"="0"
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]

=== End of ExportKey ===
"C:\Program Files (x86)\CompanyCusucy" => not found

========= Set-MpPreference -EnableControlledFolderAccess Disabled =========


========= End of Powershell: =========


========= Set-MpPreference -DisableRealtimeMonitoring $true =========


========= End of Powershell: =========


========= del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log" =========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log


========= End of CMD: =========


========= del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log" =========

Deleted file - C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log


========= End of CMD: =========


========= del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log" =========

Deleted file - C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log


========= End of CMD: =========


========= del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db" =========

C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db


========= End of CMD: =========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\16F8DA0B-BCA5-4ACF-86F3-84AAE74A2749 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\C03A7E9B-EFDA-4D88-938F-08175D04B91D => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\082E99B9-F5CF-462C-8ED9-8E405AA5AC0B => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\16BAE96F-43CB-4D0D-BDCC-DEF9F6D54429 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\3A684C3E-69E9-4BED-A603-F21A43D08555 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\B1C186A1-F172-46F2-A1F8-BED7358AD7BA => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\0AF75C1A-DB75-43BE-BC78-69391B669E75 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\4A5C7DB5-9E50-4162-9462-DFDB97797F6F => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\D8AC1739-2063-43AB-912F-27DDEEC993EE => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\A29AF616-2CA6-4E32-B64E-66D9A0F8F89E => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\1B56A45C-AA4A-400E-AD8E-FAF675CC7DF2 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\5D4205A1-3D20-474F-B005-E1D6A1B5F108 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\93B3D837-7C76-4195-8F3A-5195045ADB7A => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\FA9BAB0A-BECF-4153-BBF5-9ABC1EBB50AC => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\618002BF-0CE8-4234-B82B-B16391D7AD78 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\590B8A6D-4214-479A-B9E7-C4372EA106D6 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\06E24A63-F254-47A9-97DF-D53F59D832A4 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\26982392-8E9F-4E81-98A2-05D5BC895F90 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\AAA7F2C6-3B07-46FB-B719-1886D67418FD => moved successfully

========= Set-MpPreference -EnableControlledFolderAccess Enabled =========


========= End of Powershell: =========


========= Set-MpPreference -DisableRealtimeMonitoring $false =========


========= End of Powershell: =========


========= Get-MpThreatDetection =========



ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 9
CurrentThreatExecutionStatusID : 0
DetectionID : {D9B18A59-E606-4EAB-BFAA-B991C3920CB3}
DetectionSourceTypeID : 2
DomainUser :
InitialDetectionTime : 2/26/2024 5:53:33 AM
LastThreatStatusChangeTime : 2/26/2024 5:53:33 AM
ProcessName : Unknown
RemediationTime :
Resources : {regkeyvalue:_hklm\software\microsoft\windows defender\\DisableAntiSpyware}
ThreatID : 2147741622
ThreatStatusErrorCode : 0
ThreatStatusID : 1
PSComputerName :




========= End of Powershell: =========



The system needed a reboot.

==== End of Fixlog 13:00:24 ====

Attached Files


Edited by Oh My!, 27 February 2024 - 10:23 PM.

#13 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 27 February 2024 - 01:20 PM

Also, if it matters, I installed frst64bit onto the USB using the infected pc. I can ask my roommate to use their pc to try again if that is a no no.

#14 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 28 February 2024 - 10:24 AM

The Fixlist worked so no need to run it again.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix - Safe Mode Command Prompt with Attached File

--------------------
  • If necessary, download Farbar Recover Scan Tool for 64 bit systems and save it to a USB device
  • Download Attached File  Fixlist.txt   436bytes   4 downloads and save it in the same USB device
  • Insert the USB device into your compromised computer
  • Holding down the Shift Key click Start, click the power icon, then select Reboot
  • Click Troubleshoot
  • Click Advanced options
  • Click Startup Settings
  • Click Restart
  • Select 6) Enable Safe Mode with Command Prompt
  • In the command window type in Notepad and press Enter.
  • Under File menu select Open
  • Select This PC and double click on your USB drive letter
  • Next to Files of type: select All Files
  • Right click on the FRST icon and select Run as administrator
  • Click Yes to disclaimer that may appear
  • Press Fix button
  • Reboot your computer into Normal Boot
  • A fixlog.txt file will be saved on the USB drive. Please copy and paste it to your reply. If the report is too large attach it
  • Following reboot run a Windows Defender scan and check for detections
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog
  • Windows Defender?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#15 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 28 February 2024 - 10:43 AM

Windows Defender shows 2 instances of remediation incomplete and 4 more instances of the virus.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Owner (28-02-2024 10:35:22) Run:4
Running from F:\FRST64bit
Loaded Profiles: Owner
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
Powershell: Set-MpPreference -EnableControlledFolderAccess Disabled
Powershell: Set-MpPreference -DisableRealtimeMonitoring $true
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\DisableAntiSpyware
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\DisableAntiSpyware]
Powershell: Set-MpPreference -EnableControlledFolderAccess Enabled
Powershell: Set-MpPreference -DisableRealtimeMonitoring $false 
Reboot:
*****************
 
 
========= Set-MpPreference -EnableControlledFolderAccess Disabled =========
 
Set-MpPreference : Operation failed with the following error: 0x800106ba. Operation: Set-MpPreference. Target: 
EnableControlledFolderAccess.
At C:\FRST\tmp.ps1:1 char:1
+ Set-MpPreference -EnableControlledFolderAccess Disabled
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],  
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
 
 
========= End of Powershell: =========
 
 
========= Set-MpPreference -DisableRealtimeMonitoring $true =========
 
Set-MpPreference : Operation failed with the following error: 0x800106ba. Operation: Set-MpPreference. Target: 
DisableRealtimeMonitoring.
At C:\FRST\tmp.ps1:1 char:1
+ Set-MpPreference -DisableRealtimeMonitoring $true
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],  
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
 
 
========= End of Powershell: =========
 
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\DisableAntiSpyware]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\DisableAntiSpyware => Access Denied.
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\DisableAntiSpyware" => not found
 
========= Set-MpPreference -EnableControlledFolderAccess Enabled =========
 
Set-MpPreference : Operation failed with the following error: 0x800106ba. Operation: Set-MpPreference. Target: 
EnableControlledFolderAccess.
At C:\FRST\tmp.ps1:1 char:1
+ Set-MpPreference -EnableControlledFolderAccess Enabled
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],  
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
 
 
========= End of Powershell: =========
 
 
========= Set-MpPreference -DisableRealtimeMonitoring $false =========
 
Set-MpPreference : Operation failed with the following error: 0x800106ba. Operation: Set-MpPreference. Target: 
DisableRealtimeMonitoring.
At C:\FRST\tmp.ps1:1 char:1
+ Set-MpPreference -DisableRealtimeMonitoring $false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],  
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
 
 
========= End of Powershell: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 10:35:28 ====

Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·