Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide: Hotspot Shield VPN review

Windows command processor spam

Started by dockarnavalla , Feb 21 2024 11:28 PM

This topic is locked

34 replies to this topic

#1 dockarnavalla

Members
17 posts
OFFLINE

Posted 21 February 2024 - 11:28 PM

Hi there!

This issue started recently. Whenever I turn on my pc command processor spams for asking permission and it is undeniable.

I have searched about it in the forum and downloaded farbar tool. Results are attached down below. Please guide me through this since it is getting more and more annoying and concerning at the same time.

Thanks in advance

Attached Files

Addition.txt 65.21KB 7 downloads
FRST.txt 51.38KB 7 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Pkshadow

BC Advisor
12,306 posts
OFFLINE

Gender:Not Telling
Location:On the Brow of the Hill, West Coast, Canada
Local time:08:56 PM

Posted 21 February 2024 - 11:45 PM

Hi, Welcome to BC.

This is the Windows 10 Forum and no FRST files are permissible.

Will ask for this to be moved to the Malware Forum.

" mosquitoes really wake up everyday and choose violence " — dalia (@_dalia7)
www.cnn.com/2020/07/23/health/mosquitoes-attraction-humans-future-wellness-scn/index.html

I-7 ASUS ROG Rampage II Extreme / ASUS TUF Gaming F17 / I-7 4770K ASUS ROG Maximus VI Extreme

#3 dockarnavalla

Topic Starter

Members
17 posts
OFFLINE

Posted 21 February 2024 - 11:47 PM

Hi, Welcome to BC.

This is the Windows 10 Forum and no FRST files are permissible.

Will ask for this to be moved to the Malware Forum.

I am truly sorry for my confusion. Thank you so much for helping.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.02.2024 02
Ran by ataca (administrator) on LAPTOP-8JBASMB5 (ASUSTeK COMPUTER INC. ASUS TUF Gaming A15 FA506IU_FX506IU) (22-02-2024 05:14:51)
Running from C:\Users\ataca\Downloads\FRST64english.exe
Loaded Profiles: ataca
Platform: Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) Language: English (United Kingdom) -> Turkish (Turkey)
Default browser: Chrome
Boot Mode: Normal

===================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware. exe
(ASUSACCI\ArmouryCrateControlInterface.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ACCIMonitor.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusOSD.exe
(C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.UserSessionHelper.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusOptimization.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_ amd64_7a3a8aa248377da4\ASUSOptimization\AsusOptimizationStartupTask.exe
(DriverStore\FileRepositoryͧ465.inf_amd64_f448bc468601f23f\B367478\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͧ465.inf_amd64 _f448bc468601f23f\B367478\atieclxx.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <52>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͧ465.inf_amd64_f448bc468601f23f\B367478\atiesrxx.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemote.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.38\atkexComSvc.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\AsusAppService\AsusAppService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkNear\AsusLinkNear.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusOptimization.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSoftwareManager\AsusSoftwareManager.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSwitch\AsusSwitch.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(services.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUSTeK COMPUTER INC\RefreshRateService\RefreshRateService.exe
(services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.6.104.0\McCSPServiceHost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\AprSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_a09f6e1732b06f59\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (PenentheMidtown -> LakeWeb Co) [File not signed] [File is in use] C:\Program Files (x86)\Common Files\CityDoveD\CityDoveD.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_179f26ff7cd32d0f\RtkAudUService64.exe <3>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Tomasz Ostrowski) [File not signed] C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe
Failed to access process -> DtsApo4Service.exe

====== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. - >Oracle Corporation)
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [Discord] => C:\Users\ataca\AppData\Local\Discord\Update.exe [1512760 2020-12 -03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [ 8160856 2020-11-11] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft) <==== ATTENTION
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher .exe [37371856 2024-02-19] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4388200 2024-01-13 ] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [101XPGameCenterTR] => "C:\Program Files (x86)\101XP Game Center TR\launcher101xp.exe" (No Net)
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [Taskbarify] => C:\Users\ataca\AppData\Local\Programs\Taskbarify\Taskbarify.exe (No File )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\122.0.6261.57\Installer\chrmstp.exe [2024 -02-22] (Google LLC -> Google LLC)
Startup: C:\Users\ataca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HelpMonitor.lnk [2024-02-20]
ShortcutTarget: HelpMonitor.lnk -> C:\Users\ataca\AppData\Roaming\Taskstream_CPE\HelpMonitor.exe (Wireshark Foundation -> Wireshark development team) [File not signed]
Startup: C:\Users\ataca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqlservr.lnk [2024-02-20]
ShortcutTarget: sqlservr.lnk -> C:\Users\ataca\AppData\Roaming\Microsoft SQL Server\sqlservr.exe (Hendrik Erz -> UCWeb Inc.) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

====== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D6F344E-C253-433C-B1B9-C453C1DB87DE} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ ASUSOptimization\AsusHotkey.exe [291456 2023-05-17 ] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {9F6EDF4F-17B2-40D3-B18F-91D3239F584F} - System32\Tasks\ASUS Update Checker 2.0 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSoftwareManager \AsusUpdateChecker.exe [797776 2023-05- 17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {1A3C0922-D5BA-4661-A2A9-1878185C8107} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [308584 2023-02-01 ] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {70B38D92-F796-4EFA-8507-DB58E9F36A27} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1860968 2023-0 2-01 ] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {4D60FAA1-10F8-4324-B894-41C095535079} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d66b97730d2e7d => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [163176 2020-08-06 ] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {4533A448-B522-4D54-8CE9-9A90CF519F53} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [163176 2020-08-06] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {DDFEE411-F2F3-40F0-81D4-E68534D33FBB} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [46631024 2023-03-06] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {E4BE6047-3A49-4F7F-BF45-0D5E26A566C0} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe ( No File)
Task: {DC75A439-3704-4602-9278-DE74D953676F} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\ asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemAnalysis\AsusSystemAnalysis.exe [ 3860560 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {2E697DC9-0228-41FD-B783-BB28A857ED85} - System32\Tasks\Dctooux => C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe [3559424 2024-02-20] (Tomasz Ostrowski ) [File not signed] <==== ATTENTION
Task: {B23C7C4B-AAF4-49B1-B726-609DCE283C1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-25] (Google LLC -> Google LLC)
Task: {CDFB8A30-52F1-4066-B126-7F237D32DCEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-25] (Google LLC -> Google LLC)
Task: {097E5099-E184-4341-9715-BEE1AE95DB05} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4565040 2023-07-17] (McAfee, LLC -> McAfee, LLC)
Task: {ADCB938F-8F10-4917-8EBD-CDFD28CBA35F} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.7.108\DADUpdater.exe [4094568 2023 -02-17] (McAfee, LLC -> McAfee, LLC)
Task: {93AC0822-ACE6-48FE-8941-CEB0B613361D} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler \McCAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {A9D18E56-F58A-437B-9AAF-AED75C8089A5} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\ McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {BA75B154-3885-48A9-B980-9B285C25C1F1} - System32\Tasks\McAfee\McAfee OOBE Patch Telemetry => C:\Program Files\Common Files\McAfee\ModuleCore\DayZeroOOBEFix_64.exe [3499728 2020-08-06] (McAfee, LLC -> McAfee, LLC)
Task: {3F1B05F3-B0A4-4DDE-B985-F5710835DD02} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC - > McAfee, LLC)
Task: {BA1DC7AC-49A1-4BED-9782-FCC980A97E0E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26977976 2023-10 -20] (Microsoft Corporation -> Microsoft Corporation)
Task: {0E0A44D5-8921-4E84-B7B8-DF0BB4E60F21} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26977976 2023-10 -20] (Microsoft Corporation -> Microsoft Corporation)
Task: {3FBD0901-8838-429E-ABB3-5ECF1904E906} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160736 2023-10-20 ] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F8D4532-5083-47FA-9B92-D4EC3DCB9B31} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160736 2023-10- 20] (Microsoft Corporation -> Microsoft Corporation)
Task: {51ABF837-E3D0-4116-8AF8-ED694D73A468} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169136 2023-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {B9825F94-901C-47A2-A3B7-3403482023E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCm dRun .exe [1649976 2023-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C212D632-14E5-40F5-8362-A450C86C7646} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun . exe [1649976 2023-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
TASK: {A0B9F689-E958-4047-85CE-B3368B843377}-System32 \ TASKS \ Microsoft \ Windows \ Windows Defender 4.18.23050.9-0 \ MPCMDRUN .exe [1649976 2023-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B024411A-96D1-429B-ABAC-9D3B9547730E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun. exe [1649976 2023-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {029216F7-B0A3-43DF-8E3E-4FDB3ED8104F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003 128 2022- 03-25] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {D6BBFC2F-A715-4625-8CE7-C55A67F650CC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341432 2022-05-06] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C2EE84F4-983B-4225-B8FF-F8E5C682A712} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.ex e [ 647424 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {414816B5-43EA-4D59-AF9E-F980288AFC0F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905 984 2022 -05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9F6F0DB5-0331-4011-AD6B-2407F668F3F6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [9 05984 2022 -05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {DE4D9015-3C0C-4D07-B5CB-A71247FD9354} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [ 1649920 2022- 05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B063E7F2-C1CC-4646-9850-7C9956F14E06} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.ex e [1649920 2022- 05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {58D2639B-9320-4FB9-991C-C90E7933D118} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep. exe [1649920 2022- 05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C1CB94C9-8879-42D1-A7B9-312445D204F0} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.ex e [1649920 2022- 05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {15B0E ABD-CD45-40C3-A157-7E9D33CB4AF5} - System32\Tasks\Opera scheduled assistant Autoupdate 1649082785 => C:\Users\ataca\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate -- component-name=assistant --component-path="C:\Users\ataca\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {941D8A94-A2E1-4736-9ED3-594BB31360E4} - System32\Tasks\Opera scheduled Autoupdate 1649082778 => C:\Users\ataca\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) ( No File)
Task: {77437B45-8F59-4CEA-97C2-F965447342A0} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_179f26ff7cd32d0f\RtkAudUService 64.exe [1616744 2022-10-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Dctooux.job => C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe <==== ATTENTION

====== Internet (Whitelisted) =====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.9.242
Tcpip\..\Interfaces\{759d83ac-f5e0-c89b-38c2-ca581e218a0c}: [NameServer] 10.100.0.1
Tcpip\..\Interfaces\{afc71e1c-2bec-4f1c-b955-0e2ebc627ec7}: [DhcpNameServer] 192.168.9.242
Tcpip\..\Interfaces\{afc71e1c-2bec-4f1c-b955-0e2ebc627ec7}\1437574656: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{afc71e1c-2bec-4f1c-b955-0e2ebc627ec7}\4545E45445F54505D2C494E4B4F513632463: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{afc71e1c-2bec-4f1c-b955-0e2ebc627ec7}\65F6461666F6E656D224233323: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fa374f50-0024-4bb9-a743-e658b98217c1}: [DhcpNameServer] 192.168.8.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ataca\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-14]
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats}
Edge Extension: (Edge relevant text changes) - C:\Users\ataca\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-04]

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-09-18] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-29] ( Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-29] ( Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-09-18] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-10-20] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Default [2024-02-22]
CHR Notifications: Default -> hxxps://teams.microsoft.com; hxxps://www.netflix.com
CHR DefaultSearchURL: Default -> hxxps://tr.search.yahoo.com/search?fr=mcafee_uninternational&type=E211TR0G91653&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Torrent Scanner) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2024-01-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-02-22]
CHR Extension: (Watch2Gether) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2023-06-16]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-02-22]
CHR Extension: (Office Online Copy and Paste) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2022-02-12]
CHR Extension: (Shazam: Search song titles in your browser) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmioliijnhnoblpgimnlajmefafdfilb [2024-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2024-02-09]
CHR Profile: C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-10]
CHR Profile: C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-09-19]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-01]
CHR Profile: C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-08-04]
CHR DefaultSearchURL: Profile 2 -> hxxps://tr.search.yahoo.com/search?fr=mcafee_uninternational&type=E211TR0G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> mcafee
CHR Extension: (Safe Torrent Scanner) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-07-13]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-07-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-01]
CHR Profile: C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Profile 4 [2024-01-11]
CHR Extension: (Torrent Scanner) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-07-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ataca\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-07-16]
CHR Profile: C:\Users\ataca\AppData\Local\Google\Chrome\User Data\System Profile [2024-02-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

Opera:
=======
OPR Profile: C:\Users\ataca\AppData\Roaming\Opera Software\Opera Stable [2022-04-04]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\ataca\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-04-04]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\ataca\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-04-04]

====== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArmoryCrateControlInterface; C:\WINDOWS\System32\ASUSACCI\ArmouryCrateControlInterface.exe [1181232 2023-06-06] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ArmoryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe [399984 2023-05-01] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.38\atkexComSvc.exe [440368 2019-10-07] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 ASUS; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [163176 2020-08-06] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusAppService; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\AsusAppService\AsusAppService.exe [1174608 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [558104 2022-05-19] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkNear\AsusLinkNear.exe [1637456 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemote.exe [783952 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [163176 2020-08-06] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusOptimization.exe [468600 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSoftwareManager; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSoftwareManager\AsusSoftwareManager.exe [1125456 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSwitch; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSwitch\AsusSwitch.exe [641104 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3860560 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC. .)
R2 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [826960 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC. .)
R2CityDoveD; C:\Program Files (x86)\Common Files\CityDoveD\CityDoveD.exe [7262608 2022-03-31] (PenentheMidtown -> LakeWeb Co) [File not signed] [File is in use] <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12860928 2023-10-20] (Microsoft Corporation -> Microsoft Corporation)
S2 DtsApo4Service; C:\WINDOWS\System32\DTS\PC\APO4x\DtsApo4Service.exe [201376 2020-10-19] (DTS, Inc. -> DTS Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1137576 2023-10-22] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [4799336 2023-09-13] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-30] (Malwarebytes Inc. -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [889400 2024-02-14] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe [797576 2021-09-17] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.6.104.0\McCSPServiceHost.exe [2825792 2021-08-13] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1672272 2021-09-07] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4288832 2021-08-31] (McAfee, LLC -> McAfee, LLC)
R2 RefreshRateService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\RefreshRateService\RefreshRateService.exe [40672 2021-09-10] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek Computer Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [6669296 2024-02-20] (Rockstar Games, Inc. -> Rockstar Games)
R2 ROG Live Service; C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe [1665648 2023-07-25] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-11-11] (LAVASOFT SOFTWARE CANADA INC -> ) <==== ATTENTION
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\AprSrv.exe [3244928 2023-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_a09f6e1732b06f59\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem .log -l 3 -d C:\ WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_a09f6e1732b06f59\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S3 WireGuardTunnel$VPNUWireguard; "C:\Program Files (x86)\VPN Unlimited\WireVPNUImpl.exe" /service "C:\Users\ataca\AppData\Local\Packages\89E2DF08.VPNUnlimited-SecurePrivateInternetConnect_6bkczb78q4msy\LocalState\TrayLogs\VPNUWireguard.conf"

======= Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-10-01] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\WINDOWS\system32\drivers\AsIO3.sys [49256 2022-08-15] (ASUSTeK COMPUTER INC. -> )
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [112336 2019-10-02] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R3 AsusSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemAnalysis\AsusSAIO.sys [46720 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusWmiAcpi.sys [48760 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80400 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-02-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [550944 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390664 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85952 2021-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [527368 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1037320 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [590032 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [120512 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [121352 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [257552 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
S3 MpKsl2d9f8d9a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl349cf04a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl6bb3c69f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslae87d6fa; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslc618afd2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
R3 MpKsld3f4a1ef; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslf42e442e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-07-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-07-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-30] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [38704 2023-04-06] (WireGuard LLC -> WireGuard LLC)
S3xhunter1; C:\WINDOWS\xhunter1.sys [2729456 2023-03-07] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S3 mfeavfk02; \Device\mfeavfk02.sys [X]
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]

====== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

====== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-22 05:06 - 2024-02-22 05:07 - 000066771 _____ C:\Users\ataca\Downloads\Addition.txt
2024-02-22 05:04 - 2024-02-22 05:15 - 000043513 _____ C:\Users\ataca\Downloads\FRST.txt
2024-02-22 05:03 - 2024-02-22 05:15 - 000000000 ____D C:\FRST
2024-02-22 05:02 - 2024-02-22 05:03 - 002386944 _____ (Farbar) C:\Users\ataca\Downloads\FRST64english.exe
2024-02-22 04:51 - 2024-02-22 04:57 - 000000000 ____D C:\Users\ataca\AppData\Roaming\80c6bf70bf3f8f
2024-02-22 04:51 - 2024-02-22 04:51 - 000000000 ____D C:\Users\ataca\AppData\Local\xmrig
2024-02-20 21:35 - 2024-02-20 21:35 - 000000000 ___HD C:\$WinREAgent
2024-02-20 20:19 - 2024-02-20 20:19 - 000000000 ____D C:\Users\ataca\AppData\Roaming\Microsoft\HTML Help
2024-02-20 20:18 - 2024-02-20 20:18 - 000002986 _____ C:\WINDOWS\system32\Tasks\Dctooux
2024-02-20 20:18 - 2024-02-20 20:18 - 000000300 _____ C:\WINDOWS\Tasks\Dctooux.job
2024-02-20 20:18 - 2024-02-20 20:18 - 000000000 ____D C:\Users\ataca\AppData\Roaming\Taskstream_CPE
2024-02-20 20:18 - 2024-02-20 20:18 - 000000000 ____D C:\Users\ataca\AppData\Roaming\Microsoft SQL Server
2024-02-20 20:18 - 2024-02-20 20:18 - 000000000 ____D C:\ProgramData\Corporation
2024-02-20 20:17 - 2024-02-20 20:17 - 012470000 _____ (Wireshark development team) C:\ProgramData\CAKKEGDGCG.exe
2024-02-20 20:17 - 2024-02-20 20:17 - 003559424 _____ (Tomasz Ostrowski) C:\ProgramData\FIIIIDGHJE.exe
2024-02-20 20:17 - 2024-02-20 20:17 - 001894352 _____ (UCWeb Inc.) C:\ProgramData\AKJKFBAFID.exe
2024-02-20 20:17 - 2024-02-20 20:17 - 000000000 ____D C:\Users\ataca\AppData\Roaming\Executor
2024-02-20 20:17 - 2022-08-27 16:21 - 000066155 _____ C:\ProgramData\WhatsApp Image 2022-08-27 at 12.52.59.jpeg
2024-02-20 20:17 - 2022-05-29 15:38 - 000204157 _____ C:\ProgramData\report 1.5.jpeg
2024-02-20 20:17 - 2022-05-29 15:11 - 000194653 _____ C:\ProgramData\report 1.4.jpeg
2024-02-20 20:17 - 2022-05-29 14:16 - 000164974 _____ C:\ProgramData\report 1.3.jpeg
2024-02-20 20:16 - 2024-02-20 20:16 - 000000000 ____D C:\Users\ataca\AppData\Roaming\rasctrnm
2024-02-20 20:16 - 2024-02-20 20:16 - 000000000 ____D C:\ProgramData\Canon_Inc_IC
2024-02-17 03:44 - 2024-02-17 03:44 - 000000368 _____ C:\Users\ataca\OneDrive\Desktop\Grand Theft Auto V.url
2024-02-05 00:08 - 2024-02-05 00:08 - 000000000 ____D C:\Users\ataca\AppData\LocalLow\Konami Digital Entertainment Co., Ltd_

====== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-22 05:09 - 2021-12-17 20:11 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-22 05:09 - 2020-09-25 00:58 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-22 05:03 - 2021-03-25 20:13 - 000003752 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2024-02-22 05:03 - 2020-08-06 03:04 - 000000000 ____D C:\WINDOWS\system32\AMD
2024-02-22 04:57 - 2023-05-19 02:10 - 000000000 ____D C:\Users\ataca\AppData\Local\Malwarebytes
2024-02-22 04:56 - 2020-08-06 03:18 - 000000000 ____D C:\WINDOWS\system32\ASUSACCI
2024-02-22 04:56 - 2020-08-06 03:06 - 000000000 ____D C:\ProgramData\NVIDIA
2024-02-22 04:56 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-22 04:51 - 2021-03-25 20:13 - 000004198 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{11C3580D-E14E-4B49-9C0C-BD8C6B780ED2}
2024-02-22 04:49 - 2020-09-25 00:58 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-21 06:56 - 2021-03-25 20:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-21 06:56 - 2020-11-11 21:13 - 000000000 ____D C:\Users\ataca\AppData\Roaming\uTorrent
2024-02-21 06:56 - 2020-10-13 18:03 - 000000000 ____D C:\Users\ataca\AppData\Roaming\discord
2024-02-21 06:56 - 2020-09-25 01:04 - 000000000 ____D C:\Program Files (x86)\Steam
2024-02-21 06:10 - 2020-09-24 23:38 - 000000000 ____D C:\Users\ataca\AppData\Local\D3DSCache
2024-02-21 06:07 - 2020-10-13 18:03 - 000000000 ____D C:\Users\ataca\AppData\Local\Discord
2024-02-21 00:43 - 2020-08-06 03:14 - 000000000 ____D C:\Program Files\ASUS
2024-02-20 21:36 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-20 21:35 - 2020-10-11 18:40 - 000000000 ____D C:\Users\ataca\AppData\Local\CrashDumps
2024-02-20 20:20 - 2024-01-15 00:24 - 000000000 ____D C:\Users\ataca\AppData\LocalLow\uTorrent
2024-02-20 06:54 - 2021-03-25 20:10 - 000000000 ____D C:\Users\ataca
2024-02-20 04:37 - 2021-05-19 15:29 - 000772210 _____ C:\WINDOWS\system32\perfh019.dat
2024-02-20 04:37 - 2021-05-19 15:29 - 000154298 _____ C:\WINDOWS\system32\perfc019.dat
2024-02-20 04:37 - 2021-03-25 20:58 - 000709438 _____ C:\WINDOWS\system32\perfh01F.dat
2024-02-20 04:37 - 2021-03-25 20:58 - 000148474 _____ C:\WINDOWS\system32\perfc01F.dat
2024-02-20 04:37 - 2021-03-25 20:18 - 002587594 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-20 04:37 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-20 04:29 - 2021-03-25 20:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-20 04:29 - 2021-03-25 20:09 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-19 23:30 - 2022-10-22 20:23 - 000095848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-02-19 23:30 - 2022-10-22 20:23 - 000075256 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-02-19 23:30 - 2020-09-24 23:57 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-02-19 23:30 - 2020-09-24 23:55 - 002713080 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-02-19 23:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-19 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-19 23:29 - 2021-11-23 02:00 - 000202344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-02-19 23:29 - 2020-09-24 23:55 - 000689656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-02-19 23:29 - 2020-09-24 23:55 - 000218728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-02-19 23:08 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-02-19 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-02-17 20:40 - 2021-04-08 17:04 - 000000000 ____D C:\Users\ataca\AppData\Local\Rockstar Games
2024-02-17 20:38 - 2024-01-11 20:06 - 000000000 ____D C:\Program Files\Rockstar Games
2024-02-17 20:38 - 2024-01-11 20:06 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2024-02-16 23:29 - 2021-12-13 01:23 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3062927071-2835298068-3034318602-1001
2024-02-16 23:29 - 2021-03-25 20:13 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3062927071-2835298068-3034318602-1001
2024-02-16 23:29 - 2021-03-25 20:10 - 000002359 _____ C:\Users\ataca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-16 18:19 - 2020-12-17 18:31 - 000000000 ____D C:\ProgramData\Epic
2024-02-14 21:40 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-14 18:34 - 2020-10-13 18:03 - 000002239 _____ C:\Users\ataca\OneDrive\Desktop\Discord.lnk
2024-02-13 21:22 - 2020-09-24 23:38 - 000000000 ____D C:\Users\ataca\AppData\Local\Packages
2024-02-10 03:00 - 2022-04-25 23:22 - 000000000 ____D C:\Users\ataca\AppData\Roaming\EasyAntiCheat
2024-02-09 02:54 - 2020-09-25 01:04 - 000000000 ____D C:\Users\ataca\AppData\Local\Steam
2024-02-02 19:14 - 2021-03-25 20:13 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-02 19:14 - 2021-03-25 20:13 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-01 18:47 - 2021-03-25 20:13 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-02-01 18:47 - 2021-03-25 20:13 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-01-30 03:53 - 2023-05-01 22:11 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

====== Files in the root of some directories ========

2024-02-20 20:17 - 2024-02-20 20:17 - 001894352 _____ (UCWeb Inc.) C:\ProgramData\AKJKFBAFID.exe
2024-02-20 20:17 - 2024-02-20 20:17 - 012470000 _____ (Wireshark development team) C:\ProgramData\CAKKEGDGCG.exe
2024-02-20 20:17 - 2024-02-20 20:17 - 003559424 _____ (Tomasz Ostrowski) C:\ProgramData\FIIIIDGHJE.exe
2021-03-10 09:01 - 2021-03-10 09:11 - 000000015 _____ () C:\Users\ataca\AppData\Roaming\obs-virtualcam.txt
2020-10-25 03:58 - 2020-12-26 23:43 - 000000081 _____ () C:\Users\ataca\AppData\Local\.bidstack.fault

====== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

===================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.02.2024 02
Ran by ataca (22-02-2024 05:15:54)
Running from C:\Users\ataca\Downloads
Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2021-03-25 19:13:52)
Boot Mode: Normal
============================================================================== ========

====== Accounts: ============================ =

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3062927071-2835298068-3034318602-500 - Administrator - Disabled)
ataca (S-1-5-21-3062927071-2835298068-3034318602-1001 - Administrator - Enabled) => C:\Users\ataca
DefaultAccount (S-1-5-21-3062927071-2835298068-3034318602-503 - Limited - Disabled)
Guest (S-1-5-21-3062927071-2835298068-3034318602-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3062927071-2835298068-3034318602-504 - Limited - Disabled)

====== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

====== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\uTorrent) (Version: 3.5.5.45828 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\{10E33ABF-D7FB-4F47-900A-7973854AB45A}) (Version: 32.0.0.125 - Adobe) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.125 - Adobe)
ARMOURY CRATE Service (HKLM\...\{01378DC3-088F-4F55-AAFA-DC6A9CCA292A}) (Version: 5.4.10 - ASUS)
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.3.15.1 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{e18c748a-933b-4a44-ae1c-508a7d916c08}) (Version: 2.3.15.1 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.25 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{94267bd0-fa8a-4aa4-925d-ec3e0d130fba}) (Version: 1.1.25 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.02.11 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{a7e3981a-c2c6-4500-baa0-7ae652c5ed54}) (Version: 1.02.11 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.56 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{dc6a1e68-15cc-4bb8-aef9-eee09c9f2593}) (Version: 1.0.56 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.39 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.2.3 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{2977b6c2-6523-42f4-8f52-bf4f7fc7a840}) (Version: 0.0.2.3 - ASUSTek COMPUTER INC. ) Hidden
ASUS Framework Service (HKLM-x32\...\{339A6383-7862-46DA-8A9D-E84180EF9424}) (Version: 3.2.1.2 - ASUSTeK Computer Inc.)
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.50 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{52400cff-4628-4ca3-a922-3767b198c1fd}) (Version: 1.0.50 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.31 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{41fd1901-1c71-453a-b440-dbe756a2cdc6}) (Version: 1.0.31 - ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.50 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{22477f71-11a8-4764-886a-20335ec9bc20}) (Version: 1.0.50 - ASUSTek COMPUTER INC.) Hidden
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.107 - ASUSTeK Computer Inc.) Hidden
Audacity 3.1.0 (HKLM\...\Audacity_is1) (Version: 3.1.0 - Audacity Team)
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.28 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.28 - ASUS)
AURA Service (HKLM-x32\...\{0fcadbd2-1a6a-4a4a-a56d-fc7163d9b3fa}) (Version: 3.07.25 - ASUSTeK Computer Inc.)
AURA Service (HKLM-x32\...\{56EEEF7D-0AE3-401A-898B-581719D005AE}) (Version: 3.07.25 - ASUSTeK Computer Inc.) Hidden
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software) Hidden
Discord (HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{8893F2DF-F93A-4D9E-83B9-AEB22639226E}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
FFmpeg v2.2.2 for Audacity - 64bit (HKLM\...\FFmpeg for Audacity_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.57 - Google LLC)
Java 8 Update 281 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
KiCad 5.1.8_1 (HKLM-x32\...\KiCad) (Version: 5.1.8_1 - KiCad)
Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-IE) (HKLM-x32\...\{998D5259-3BED-4710-98FF-D63387B5429E}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-NZ) (HKLM-x32\...\{07FC9CAD-FCEC-4186-BB83-EF7CCC9372BA}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.866 - McAfee, LLC)
McAfee® Internet Security (HKLM-x32\...\MSC) (Version: 16.0 R38 - McAfee, LLC)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16827.20166 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-IN) (HKLM-x32\...\{3B06AC90-DE68-44A9-95EB-0A3C1AF1514F}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 (HKLM-x32\...\{1de5e707-82da-4db6-b810-5d140cc4cbb3}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33130 (HKLM-x32\...\{2cfeba4a-21f8-4ea7-9927-c5a5c6f13cc9}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2022
Microsoft Visual C++ 2022
Microsoft Visual C++ 2022
Microsoft Visual C++ 2022
NVIDIA FrameView SDK 1.2.7704.31296923 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7704.31296923 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.24.0.135 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.24.0.135 - NVIDIA Corporation)
NVIDIA Graphics Driver 516.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.20.0221 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.20.0221 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20122 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20122 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Pro Basketball Manager 2023 (HKLM-x32\...\Pro Basketball Manager 2023) (Version: - SKIDROW)
Pro Basketball Manager 2024 (HKLM-x32\...\Pro Basketball Manager 2024_is1) (Version: - )
R for Windows 4.2.1 (HKLM\...\R for Windows 4.2.1_is1) (Version: 4.2.1 - R Core Team)
RefreshRateService (HKLM-x32\...\{7E5E84CB-B190-4658-A4DC-166779C329D1}) (Version: 2.1.0 - ASUSTeK COMPUTER INC.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.85.1858 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.2.7.3 - Rockstar Games)
ROG Live Service (HKLM\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 2.1.5.0 - ASUSTek COMPUTER INC.)
Roller Champions (HKLM-x32\...\Uplay Install 11899) (Version: - Ubisoft)
RStudio (HKLM-x32\...\RStudio) (Version: 2022.07.2+576 - RStudio)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 131.0.10667 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{339488fd-faf5-4c80-b648-cb51830eff7f}) (Version: 6.0.2279.4130 - Lavasoft) <==== ATTENTION
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 5.91 (64 bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

Chrome apps:
============
Docs (HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\0e5166f8a4949c5e8144b9c3a34413cb) (Version: 1.0 - Google\Chrome)
Spreadsheets (HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\2bb614a58ed11245d6537cbd1260b239) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\8a57efb1719a3447eb316ce51f5a34ed) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\3d5758c32b472cc106129e2a8c41b54f) (Version: 1.0 - Google\Chrome)
Microsoft 365 (HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\d547c87b8cf69ceaa23da0e88bc81b11) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\4aab12386f327e9f4f4f63eceb43129a) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\945e357c12545f27a648079751b5266d) (Version: 1.0 - Google\Chrome)

Packages:
=========

AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m [2024-02-09] (Advanced Micro Devices Inc.) [Startup Task]
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2023-12-24] (Advanced Micro Devices Inc.)
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.6.8.0_x64__qmba6cd70vzyy [2023-06-19] (ASUSTeK COMPUTER INC.)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.11.14.0_x64}
Photos Media Engine Plugin -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-05-19] (Microsoft Corporation)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2024-02-09] (McAfee LLC.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2307.24001.0_x64__8wekyb3d8bbwe [2023-07-30] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-07-05] (Microsoft Corporation)
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.23.0_x64__qmba6cd70vzyy [2023-07-30] (ASUSTeK COMPUTER INC.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-12] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.39.282.0_x64__dt26b99r8h8gj [2023-05-01] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-06-20] (Microsoft Studios) [MS Ad]

====== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-09-18] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-01] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_a09f6e1732b06f59\nvshext. dll [2022-11-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-01] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-09-18] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

====== Codecs (Whitelisted) =====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

====== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ataca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Applications\Documents.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) - > --profile-directory="Profile 4" --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\ataca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Applications\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC ) -> --profile-directory="Profile 4" --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\ataca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Applications\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) - > --profile-directory="Profile 4" --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\ataca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Applications\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\ataca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Applications\Microsoft 365.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ocdlmjhbenodhlknglojajgokahchlkk
ShortcutWithArgument: C:\Users\ataca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Applications\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) - > --profile-directory="Profile 4" --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\ataca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Applications\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) - > --profile-directory="Profile 4" --app-id=agimnkijcaahngcdmfeangaknmldooml

====== Loaded Modules (Whitelisted) =============

2023-05-01 22:28 - 2023-02-03 16:10 - 000525312 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ac_node_addon\prebuilds\ win32-ia32\node.napi.node
2023-05-01 22:28 - 2022-09-01 08:47 - 000520192 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\ prebuilds\win32-ia32\node.napi.node
2023-05-01 22:28 - 2022-09-01 08:47 - 000483328 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\node-system- fonts\build\Release\system-fonts.node
2023-05-01 22:28 - 2022-09-01 08:47 - 000510464 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\ prebuilds\win32-ia32\node.napi.node
2023-05-01 22:28 - 2022-09-27 13:56 - 000319488 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\sharp\prebuilds\ win32-ia32\node.napi.node
2023-05-01 22:28 - 2022-09-01 08:47 - 000786432 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\usb-detection\ prebuilds\win32-ia32\node.napi.node
2023-05-01 22:28 - 2022-06-08 09:33 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2019-12-04 00:12 - 2019-12-04 00:12 - 000467456 _____ (TODO: <Company name>) [File not signed] C:\Program Files\ASUS\Aac_Keyboard\AacKbHal_x86.dll

====== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ataca\Application Data:eccc9d0abe45c567c08e5b1ec5c63f6d [394]
AlternateDataStreams: C:\Users\ataca\AppData\Roaming:eccc9d0abe45c567c08e5b1ec5c63f6d [394]

====== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

===================== Association (Whitelisted) =================

====== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3062927071-2835298068-3034318602-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3062927071-2835298068-3034318602-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-06-09] (McAfee, LLC -> McAfee, LLC )
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023- 10-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll [ 2021-01-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-06-09] (McAfee, LLC -> McAfee , LLC)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-01-29] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023- 10-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-20] (Microsoft Corporation -> Microsoft Corporation )
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10- 20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-20] (Microsoft Corporation -> Microsoft Corporation )
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10- 20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-20] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-09-18] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-09-18] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\webcompanion.com -> hxxp://webcompanion.com

====== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2020-11-12 04:43 - 000001976 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site

====== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\ Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ataca\OneDrive\Desktop\wallpaper.jpg
DNS Servers: 192.168.9.242
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

===== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\StartupApproved\Run: => "Web Companion"

===================== FirewallRules (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3C28D77A-EF13-432F-AA76-08C02F12D217}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK COMPUTER INC. -> )
FirewallRules: [{25E6C669-88D0-4AE6-A198-D885362EED76}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A. )
FirewallRules: [{64F6E6D7-B65C-44C5-95F3-06D8A528B2D9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A. )
FirewallRules: [{9FDD7500-7CF6-48C0-9950-6FB532373F45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies SA )
Firewallrules: [{1A25032A-36AB-4AF9-84F8-794E3FE056E7}] => (Allow) C: \ Program Files \ WindowsApps \ microsoft.speapp_15.68.96.0_X86_ZF8QXF38ZG5C \ SKYPE.E XE (Skype Software Sarl -> Skype Technologies SA )
FirewallRules: [{33EE4816-A50A-482C-832C-807F1DCBC29F}] => (Allow) C:\Users\ataca\OneDrive\Desktop\New folder\Steam.exe => No File
FirewallRules: [{98047773-6811-41C0-875C-4FEB21BD24A5}] => (Allow) C:\Users\ataca\OneDrive\Desktop\New folder\Steam.exe => No File
FirewallRules: [{345202E7-A152-4852-B121-058CF13148FD}] => (Allow) C:\Users\ataca\OneDrive\Documents\New folderaa\Steam.exe => No File
FirewallRules: [{24169765-A394-48A3-AE70-14E1B76E6F27}] => (Allow) C:\Users\ataca\OneDrive\Documents\New folderaaa\Steam.exe => No File
FirewallRules: [{7D30CBDE-4EFD-40C7-A474-E60AF0BF81A3}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{49CF8E04-5662-4641-8021-F6ABC05BD079}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{AC6BEA48-62B4-40D3-8403-A51FBBE511C9}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{05BCCB5F-FC88-4674-A160-13821931B679}] => (Allow) C:\Users\ataca\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C3B120B6-0F7D-4000-863D-F1818C8D486D}] => (Allow) C:\Users\ataca\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{340675C2-F3AE-41E4-957F-8CD701F97C80}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation )
FirewallRules: [{41829CE6-D4E0-4962-9DF3-3282D2B12514}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation )
FirewallRules: [{D1DF6A9A-D8D3-4A64-B129-79DD06913041}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{137977B5-80A0-4338-9686-665533DD961C}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHOst\MMSSHOst.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{D9DF485B-A985-4A3B-AF7E-9E78CC04BBD9}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{F6F8DF67-2822-44B5-BE81-23BF0CFA6F03}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1893E865-E888-4787-8677-61453CD71AB9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{11A5AFF0-829D-4AE4-B5BF-296F4357893E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BEBC386E-C799-4E01-ABCD-F09D50564D42}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A5FC5FBF-5A04-418C-9D5B-78484C277AD3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{13D86ECB-A347-467C-9E0B-BA68E958709F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{2652DC42-5509-4446-A6F1-8EBB3ECB1735}] => (Allow) C:\Games\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{FDB98F2A-D3A8-4D79-BB84-2717AE63CA3F}] => (Allow) C:\Games\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{266D2B0B-853A-46F9-80A3-3E52DE75ECB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away Too\EmilyOnline\EmilyOnline.exe => No File
FirewallRules: [{477AA0DD-3E2E-4ECB-ABA8-4CCECAB1ED58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away Too\EmilyOnline\EmilyOnline.exe => No File
FirewallRules: [TCP Query User{13A5BCD7-BF0C-4CF0-BC2B-17DF62B10805}C:\program files (x86)\101xp game center tr\launcher101xp.exe] => (Block) C:\program files (x86)\101xp game center tr\launcher101xp.exe => No File
FirewallRules: [UDP Query User{4B11AEE8-209B-489E-9D7B-285D6050B11C}C:\program files (x86)\101xp game center tr\launcher101xp.exe] => (Block) C:\program files (x86)\101xp game center tr\launcher101xp.exe => No File
FirewallRules: [TCP Query User{9BB21128-450C-46AC-A80A-AD9B7AFD049C}C:\program files (x86)\101xp game center tr\launcher101xp.exe] => (Block) C:\program files (x86)\101xp game center tr\launcher101xp.exe => No File
FirewallRules: [UDP Query User{E8A8733C-E762-4D48-96CD-A33799C3D24B}C:\program files (x86)\101xp game center tr\launcher101xp.exe] => (Block) C:\program files (x86)\101xp game center tr\launcher101xp.exe => No File
FirewallRules: [TCP Query User{128F0DBE-B61A-4942-A4CB-B042B4A7F4A3}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{355D1422-27F0-40D7-B978-67B141155568}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{F6F7E5D5-F309-49FC-8731-0DC28A4B5660}] => (Allow) C:\Users\ataca\AppData\Local\Programs\Opera\85.0.4341.47\opera.exe => No File
FirewallRules: [TCP Query User{92926E8C-59C1-4613-A822-B3059BBA0ED7}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\ rocketleague\binaries\win64\rocketleague.exe (Psyonix, LLC -> Psyonix, LLC)
FirewallRules: [UDP Query User{5C24B104-7EC3-4431-A29C-AD4900BE9F7C}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\ rocketleague\binaries\win64\rocketleague.exe (Psyonix, LLC -> Psyonix, LLC)
FirewallRules: [{C314FD18-A7D4-4EC1-B6CD-23DB880A1277}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Roller Champions\roller.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [TCP Query User{BA21293C-60DF-40E4-8ABB-57002B92DAAF}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow ) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [UDP Query User{5ADF0B78-E4CA-466C-96C1-22D37116B4AC}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow ) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [TCP Query User{E50262DD-9035-43B9-98DD-A69C2190EDC9}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{76BF88C9-D7D9-4AF4-BDEB-D719D0C6A9A2}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{FB80375F-66D8-4B6B-9161-A14D894FFDD3}] => (Allow) C:\Users\ataca\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{4F033418-9A7A-48DF-8290-F657F92E99F5}] => (Allow) C:\Users\ataca\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B1B18716-3E62-48AB-B636-8240B06FBA23}] => (Allow) C:\Users\ataca\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{AAC6BAC5-3A85-414A-8939-D1C68DB655AA}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game. exe() [File not signed]
FirewallRules: [UDP Query User{5D3A9D0C-AF4C-44C6-B627-13FCB70BCDB9}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game. exe() [File not signed]
FirewallRules: [{E9706690-8B58-4D84-A985-5730F9B4A031}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2023\fm.exe (Sports Interactive) [File not signed ]
FirewallRules: [{9A0D374C-9E28-431D-899E-6CA43EB21E36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2023\fm.exe (Sports Interactive) [File not signed ]
FirewallRules: [{592CB749-187E-4D23-93F0-2FBCEAA029E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Business Tour\BusinessTour.exe () [File not signed]
FirewallRules: [{EDF71613-668D-41DA-BA53-FD6368FF0911}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Business Tour\BusinessTour.exe () [File not signed]
FirewallRules: [{B1811DB4-05AB-4F05-B049-34E77E51EEC5}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe => No File
FirewallRules: [{1D2E7D43-159D-4DD2-AB7C-C26104C6B9C9}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe => No File
FirewallRules: [{C27E1984-0A72-4A96-9198-3C9C1DDC4F8E}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe => No File
FirewallRules: [{E41E05F6-44D9-4C26-B932-5CB2FB996EA8}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe => No File
FirewallRules: [TCP Query User{1C90FD03-DBE6-4655-8AEE-72A8C68C6781}C:\users\ataca\appdata\local\discord\app-1.0.9012\discord.exe] => (Allow) C:\users\ ataca\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [UDP Query User{DCB66AE9-74CE-4B3F-A8BB-FA7EEAD336AE}C:\users\ataca\appdata\local\discord\app-1.0.9012\discord.exe] => (Allow) C:\users\ ataca\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [TCP Query User{74A8272B-226C-4AAA-AAC0-68F4AC797B2B}C:\games\pro basketball manager 2023\pbm2023.exe] => (Allow) C:\games\pro basketball manager 2023\pbm2023.exe ( ) [File not signed]
FirewallRules: [UDP Query User{CF44D22A-D3BE-4F54-AC94-96C355C2C633}C:\games\pro basketball manager 2023\pbm2023.exe] => (Allow) C:\games\pro basketball manager 2023\pbm2023.exe ( ) [File not signed]
FirewallRules: [TCP Query User{FA0648E6-6F9A-4B2F-B8C0-E3833B9A9224}C:\games\pro basketball manager 2023\pbm2023.exe] => (Allow) C:\games\pro basketball manager 2023\pbm2023.exe ( ) [File not signed]
FirewallRules: [UDP Query User{3A9F875A-4FC9-4F17-ACD0-680AE86E8609}C:\games\pro basketball manager 2023\pbm2023.exe] => (Allow) C:\games\pro basketball manager 2023\pbm2023.exe ( ) [File not signed]
FirewallRules: [{7BB53539-AB54-472D-AE7F-EFD83FABA7BD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D18A8DF9-FA3A-43E2-A6CB-DE8D82E38DCE}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{D7B0F267-4939-4098-B14C-A85D75F98AF4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{3982A6BB-94A8-4458-A798-6C47DB52F118}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [TCP Query User{59EB4A43-F44E-44DA-BBA4-71C8EAD88091}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game. exe() [File not signed]
FirewallRules: [UDP Query User{92031BA8-6A27-4D2D-AEEC-815EAB4C890F}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game. exe() [File not signed]
FirewallRules: [{510952FB-8450-44B1-80EA-8C1E8D7B3857}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{62714275-391F-43D3-844E-C2408033DE15}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A. )
FirewallRules: [{2F55E66E-1409-4248-A7EC-3A4DA79B5927}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl - > Skype Technologies S.A. )
FirewallRules: [{EB07B5A7-FCEF-4691-B9FA-491DD0530483}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A. )
FirewallRules: [{5F66154D-80A3-4CB4-834B-96D619EE916F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl - > Skype Technologies S.A. )
FirewallRules: [{4B9A7F64-AC77-40CC-AFD5-1FFA265C90BB}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.23.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-09 16-4E44-909B- E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{BC54EA05-FBCD-4895-BA23-908D34979442}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.23.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0 916-4E44-909B- E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{04B04249-FEA6-4B6D-8076-2ADF98EEB671}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.23.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208- 0916-4E44-909B- E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{C254036A-77D8-4EB5-B542-6288AAC3CBFE}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.23.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208- 0916-4E44-909B- E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{C0F6A0A8-5899-4165-AFFC-4D10CBD5315D}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{661E92D6-866A-43B4-8E75-2F79CB9CB318}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{F44AFB00-D408-4085-94DB-11441BD2E250}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{F8214981-EBF7-4397-BC53-174EDAA02581}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{84ACA64F-47B1-46F0-B104-0EBDF495A149}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D92515F7-2E29-4335-8326-46932ED0BCA8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{FD914729-1076-4CA7-A01E-AB4D719F586F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RISK Global Domination\RISK.exe () [File not signed]
FirewallRules: [{BACF3800-CE08-49BC-91E3-C0BFB9997A03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RISK Global Domination\RISK.exe () [File not signed]
FirewallRules: [TCP Query User{04301CEA-2414-4B75-A7F8-B4DD51ED9DF4}C:\program files\epic games\reddeadredemption2\rdr2.exe] => (Block) C:\program files\epic games\reddeadredemption2\rdr2. exe => No File
FirewallRules: [UDP Query User{1EDDF84C-659D-4CDB-A1B6-C03028720457}C:\program files\epic games\reddeadredemption2\rdr2.exe] => (Block) C:\program files\epic games\reddeadredemption2\rdr2. exe => No File
FirewallRules: [TCP Query User{3DC83BEE-402B-4D7D-9833-DE9F4B4542A9}C:\games\pro basketball manager 2024\pbm2024.exe] => (Block) C:\games\pro basketball manager 2024\pbm2024.exe ( ) [File not signed]
FirewallRules: [UDP Query User{AB97BF38-8E4D-4578-81F5-5373730ED146}C:\games\pro basketball manager 2024\pbm2024.exe] => (Block) C:\games\pro basketball manager 2024\pbm2024.exe ( ) [File not signed]
FirewallRules: [{70829D0A-29EF-4C16-A813-EFF57325DBBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Master Duel\masterduel.exe () [File not signed]
FirewallRules: [{22B3BB5F-18A1-4E29-81BA-5EA3786363B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Master Duel\masterduel.exe () [File not signed]
FirewallRules: [TCP Query User{98296096-9614-45C9-9A4E-DD7594D8C768}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5. exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{66DE307E-DFBD-420B-9B23-583416F1D62E}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5. exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{C4DB40DD-1816-455C-AFCC-C6E03CE99F59}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSwitch\AsusSwitchNet.exe (ASUSTeK COMPU TER INC. -> ASUSTeK COMPUTER INC. .)
FirewallRules: [{66EF9C64-E4FD-4434-AC45-2AC49F2F0656}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTe K COMPUTER INC. -> ASUSTeK COMPUTER INC. .)
FirewallRules: [{A4DFC968-1D0F-450D-9D3E-6C07EB36804D}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemoteAgent. exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC. .)
FirewallRules: [{0FD5267A-D2C0-4AEC-AFF2-B182339BD140}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemoteAgent.exe ( ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC. .)
FirewallRules: [{E27A8E83-1F91-42CF-9943-3C4B9B0FB62A}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkNear\AsusLinkNear.exe (AS USTeK COMPUTER INC. -> ASUSTek Computer Inc. .)
FirewallRules: [{29C036E1-570E-4C8E-92CB-E73B8690F393}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{492F29AE-4B94-4273-AF62-9470F287FEFA}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK COMPUTER INC. -> )
FirewallRules: [{13C05B3F-E74A-4AFE-9769-DD52B065084B}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK COMPUTER INC. -> )

====== Restore Points =========================

30-01-2024 22:20:49 Scheduled Checkpoint
08-02-2024 21:12:29 Scheduled Checkpoint
20-02-2024 03:51:49 Scheduled Checkpoint

====== Faulty Device Manager Devices ============

====== Event log errors: ========================

Application errors:
==================
Error: (02/22/2024 04:49:19 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LAPTOP-8JBASMB5)
Description: The server service performance object cannot be opened. The first four bytes of the data section (DWORD) contain the status code.

Error: (02/20/2024 09:35:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, timestamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3155, timestamp: 0x5212ece5
Exception code: 0xc0000005
Error offset 0x0000000000063536
Bad process ID: 0x3924
Application start time: 0x01da643c507b2b09
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulty module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: a80a88aa-feb4-48bb-9257-75d509d449b6
Incorrect package full name:
Application ID associated with the faulty package:

Error: (02/20/2024 09:28:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, timestamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3155, timestamp: 0x5212ece5
Exception code: 0xc0000005
Error offset 0x0000000000063536
Bad process ID: 0x4cf0
Application start time: 0x01da643b6d15fa5e
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulty module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 77e6e763-b101-4292-bb1e-7a6fee743cde
Incorrect package full name:
Application ID associated with the faulty package:

Error: (02/20/2024 08:33:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, timestamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3155, timestamp: 0x5212ece5
Exception code: 0xc0000005
Error offset 0x0000000000063536
Bad process ID: 0x4d68
Application start time: 0x01da6433baa4f400
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulty module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: ef68229d-400e-4644-bd77-1b480023fead
Incorrect package full name:
Application ID associated with the faulty package:

Error: (02/20/2024 08:11:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, timestamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3155, timestamp: 0x5212ece5
Exception code: 0xc0000005
Error offset 0x0000000000063536
Bad process ID: 0x524c
Application start time: 0x01da64308d01e84e
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulty module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: aa59462b-593c-49d8-a148-f32d224dcf99
Incorrect package full name:
Application ID associated with the faulty package:

Error: (02/20/2024 08:09:22 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate registration initialization for WORKGROUP\LAPTOP-8JBASMB5$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 20 Feb 2024 19:09:22 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 1f221b07-e34a-4951-bb04-97bb74bfa758

Method: GET(516ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (02/20/2024 04:47:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, timestamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3155, timestamp: 0x5212ece5
Exception code: 0xc0000005
Error offset 0x0000000000063536
Bad process ID: 0x4f00
Application start time: 0x01da63af913cfffa
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulty module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 8d062ef5-cc98-4739-8e12-3a4ce87b0073
Incorrect package full name:
Application ID associated with the faulty package:

Error: (02/20/2024 04:47:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, timestamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3155, timestamp: 0x5212ece5
Exception code: 0xc0000005
Error offset 0x0000000000063536
Bad process ID: 0x592c
Application start time: 0x01da63af91107deb
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulty module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: d5ca9631-7bbf-49a6-ae1a-87adce36e6b0
Incorrect package full name:
Application ID associated with the faulty package:

System errors:
=============
Error: (02/22/2024 05:02:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error:
The system cannot find the specified file.

Error: (02/22/2024 04:50:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error:
The system cannot find the specified file.

Error: (02/21/2024 06:56:30 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8JBASMB5)
Description: Server {94269C4E-071A-4116-90E6-52E557067E4E} failed to register with DCOM within the specified timeout period.

Error: (02/21/2024 06:56:30 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8JBASMB5)
Description: Server {94269C4E-071A-4116-90E6-52E557067E4E} failed to register with DCOM within the specified timeout period.

Error: (02/20/2024 08:19:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error:
The system cannot find the specified file.

Error: (02/20/2024 04:30:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DtsApo4Service service terminated unexpectedly. This situation occurred once.

Error: (02/20/2024 04:29:55 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown, which occurred at 04:28:34, ‎20/‎02/‎2024, was unexpected.

Error: (02/19/2024 11:30:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM received error "87" when trying to start the GamingServices service with "Unavailable" arguments to run the server:
{3E8C9ABE-9226-4609-BF5B-60288A391DEE}

Windows Defender:
================
Date: 2024-02-22 04:57:52
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Amadey.MA!MTB&threatid=2147836228&enterprise=0
Name: Trojan:Win32/Amadey.MA!MTB
ID: 2147836228
Severity: Severe
Category: Trojan
Path: file:_C:\Users\ataca\AppData\Local\Microsoft\Windows\INetCache\IE\47RUM9ZZ\clip64[1].dll; file:_C:\Users\ataca\AppData\Local\Microsoft\Windows\INetCache\IE\HXDFIWP7\clip64[1].dll; file:_C:\Users\ataca\AppData\Roaming\80c6bf70bf3f8f\clip64.dll
Detection Starting Point: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: LAPTOP-8JBASMB5\ataca
Process Name: C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe
Security information Version: AV: 1.393.2424.0, AS: 1.393.2424.0, NIS: 1.393.2424.0
Infrastructure Version: AM: 1.1.23060.1005, NIS: 1.1.23060.1005

Date: 2024-02-22 04:57:42
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Amadey.MA!MTB&threatid=2147836228&enterprise=0
Name: Trojan:Win32/Amadey.MA!MTB
ID: 2147836228
Severity: Severe
Category: Trojan
Path: file:_C:\Users\ataca\AppData\Local\Microsoft\Windows\INetCache\IE\47RUM9ZZ\clip64[1].dll; file:_C:\Users\ataca\AppData\Local\Microsoft\Windows\INetCache\IE\HXDFIWP7\clip64[1].dll; file:_C:\Users\ataca\AppData\Roaming\80c6bf70bf3f8f\clip64.dll
Detection Starting Point: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: LAPTOP-8JBASMB5\ataca
Process Name: C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe
Security information Version: AV: 1.393.2424.0, AS: 1.393.2424.0, NIS: 1.393.2424.0
Infrastructure Version: AM: 1.1.23060.1005, NIS: 1.1.23060.1005

Date: 2024-02-22 04:57:41
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Amadey.MA!MTB&threatid=2147836228&enterprise=0
Name: Trojan:Win32/Amadey.MA!MTB
ID: 2147836228
Severity: Severe
Category: Trojan
Path: file:_C:\Users\ataca\AppData\Local\Microsoft\Windows\INetCache\IE\HXDFIWP7\clip64[1].dll; file:_C:\Users\ataca\AppData\Roaming\80c6bf70bf3f8f\clip64.dll
Detection Starting Point: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: LAPTOP-8JBASMB5\ataca
Process Name: C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe
Security information Version: AV: 1.393.2424.0, AS: 1.393.2424.0, NIS: 1.393.2424.0
Infrastructure Version: AM: 1.1.23060.1005, NIS: 1.1.23060.1005

Date: 2024-02-22 04:57:36
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Amadey.MA!MTB&threatid=2147836228&enterprise=0
Name: Trojan:Win32/Amadey.MA!MTB
ID: 2147836228
Severity: Severe
Category: Trojan
Path: file:_C:\Users\ataca\AppData\Local\Microsoft\Windows\INetCache\IE\HXDFIWP7\clip64[1].dll
Detection Starting Point: Internet
Detection Type: Concrete
Detection Source: Real-Time Protection
User: LAPTOP-8JBASMB5\ataca
Process Name: C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe
Security information Version: AV: 1.393.2424.0, AS: 1.393.2424.0, NIS: 1.393.2424.0
Infrastructure Version: AM: 1.1.23060.1005, NIS: 1.1.23060.1005

Date: 2024-02-22 04:57:30
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Amadey.MA!MTB&threatid=2147836228&enterprise=0
Name: Trojan:Win32/Amadey.MA!MTB
ID: 2147836228
Severity: Severe
Category: Trojan
Path: file:_C:\Users\ataca\AppData\Local\Microsoft\Windows\INetCache\IE\47RUM9ZZ\clip64[1].dll; file:_C:\Users\ataca\AppData\Roaming\80c6bf70bf3f8f\clip64.dll
Detection Starting Point: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: LAPTOP-8JBASMB5\ataca
Process Name: C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe
Security information Version: AV: 1.393.2424.0, AS: 1.393.2424.0, NIS: 1.393.2424.0
Infrastructure Version: AM: 1.1.23060.1005, NIS: 1.1.23060.1005

CodeIntegrity:
===============
Date: 2024-02-22 04:57:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2024-02-22 04:56:45
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

====== Memory info ===========================

BIOS: American Megatrends Inc. FA506IU.319 04/26/2022
Motherboard: ASUSTeK COMPUTER INC. FA506IU
Processor: AMD Ryzen 7 4800H with Radeon Graphics
Percentage of memory in use: 60%
Total physical RAM: 15789.59 MB
Available physical RAM: 6199.54 MB
Total Virtual: 19885.59 MB
Available Virtual: 7356.95 MB

====== Drives ============================ ===

Drive c: (OS) (Fixed) (Total:457.9 GB) (Free:132.69 GB) (Model: WDC PC SN530 SDBPNPZ-512G-1002) NTFS

\\?\Volume{47632b62-b2e1-4532-a576-e0efab44911d}\ (RECOVERY) (Fixed) (Total:1.27 GB) (Free:0.62 GB) NTFS
\\?\Volume{cdd49478-82d4-4c22-a1de-22e08c7b1e68}\ (RESTORE) (Fixed) (Total:17.5 GB) (Free:4.75 GB) NTFS
\\?\Volume{e17227b5-dcb1-4930-97f8-670efbda8df5}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

====== MBR & Partition Table ===========================

============================================================================== ========
Disk: 0 (Size: 476.9 GB) (Disk ID: 79AFCF0D)

Partition: GPT.

===================== End of Addition.txt =======================

Edited by Oh My!, 22 February 2024 - 10:11 AM.

#4 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:08:56 PM

Posted 22 February 2024 - 10:11 AM

Greetings and :welcome:

to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
It is important to not run any tools or take any steps other than those I will provide for you.
Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
Please copy and paste all logs into your post unless otherwise requested.
When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#5 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:08:56 PM

Posted 22 February 2024 - 03:09 PM

Greetings.

Your computer is heavily infected so we are going to be a bit aggressive in the cleanup.

I would caution against downloading software obtained via Peer 2 Peer methods.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

Download Revo Uninstaller Free Portable and save it to your Desktop
Right click on the folder and select Extract All..., then click Extract
Double click on the RevoUninstaller-Portable folder
Right click on RevoUPort and select Run as administrator
Click OK on the License Agreement
From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)

Web Companion

If the program's uninstaller appears work through the steps to remove the program(s)
Be sure the Advanced option is selected then click Scan
For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
Once done click Finish
Reboot your computer

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
C:\Users\ataca\AppData\Local\xmrig
C:\Users\ataca\AppData\Roaming\80c6bf70bf3f8f
C:\Users\ataca\AppData\Roaming\Microsoft\HTML Help
C:\Program Files (x86)\Lavasoft
C:\Program Files (x86)\Common Files\CityDoveD
C:\Users\ataca\AppData\Local\Temp
C:\Program Files (x86)\101XP Game Center TR
2024-02-20 20:18 - 2024-02-20 20:18 - 000000000 ____D C:\Users\ataca\AppData\Roaming\Taskstream_CPE
2024-02-20 20:18 - 2024-02-20 20:18 - 000000000 ____D C:\Users\ataca\AppData\Roaming\Microsoft SQL Server
2024-02-20 20:18 - 2024-02-20 20:18 - 000000000 ____D C:\ProgramData\Corporation
2024-02-20 20:17 - 2024-02-20 20:17 - 012470000 _____ (Wireshark development team) C:\ProgramData\CAKKEGDGCG.exe
2024-02-20 20:17 - 2024-02-20 20:17 - 003559424 _____ (Tomasz Ostrowski) C:\ProgramData\FIIIIDGHJE.exe
2024-02-20 20:17 - 2024-02-20 20:17 - 001894352 _____ (UCWeb Inc.) C:\ProgramData\AKJKFBAFID.exe
2024-02-20 20:17 - 2024-02-20 20:17 - 000000000 ____D C:\Users\ataca\AppData\Roaming\Executor
2024-02-20 20:17 - 2022-08-27 16:21 - 000066155 _____ C:\ProgramData\WhatsApp Image 2022-08-27 at 12.52.59.jpeg
2024-02-20 20:17 - 2022-05-29 15:38 - 000204157 _____ C:\ProgramData\report 1.5.jpeg
2024-02-20 20:17 - 2022-05-29 15:11 - 000194653 _____ C:\ProgramData\report 1.4.jpeg
2024-02-20 20:17 - 2022-05-29 14:16 - 000164974 _____ C:\ProgramData\report 1.3.jpeg
2024-02-20 20:16 - 2024-02-20 20:16 - 000000000 ____D C:\Users\ataca\AppData\Roaming\rasctrnm
2024-02-20 20:16 - 2024-02-20 20:16 - 000000000 ____D C:\ProgramData\Canon_Inc_IC
2024-02-05 00:08 - 2024-02-05 00:08 - 000000000 ____D C:\Users\ataca\AppData\LocalLow\Konami Digital Entertainment Co., Ltd_
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [101XPGameCenterTR] => "C:\Program Files (x86)\101XP Game Center TR\launcher101xp.exe"
S3 MpKsl2d9f8d9a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl349cf04a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl6bb3c69f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslae87d6fa; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslc618afd2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
R3 MpKsld3f4a1ef; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslf42e442e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
Task: {2E697DC9-0228-41FD-B783-BB28A857ED85} - System32\Tasks\Dctooux => C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe [3559424 2024-02-20] (Tomasz Ostrowski ) [File not signed] <==== ATTENTION 
Task: C:\WINDOWS\Tasks\Dctooux.job => C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe <==== ATTENTION 
R2CityDoveD; C:\Program Files (x86)\Common Files\CityDoveD\CityDoveD.exe [7262608 2022-03-31] (PenentheMidtown -> LakeWeb Co) [File not signed] [File is in use] <==== ATTENTION 
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-11-11] (LAVASOFT SOFTWARE CANADA INC -> ) <==== ATTENTION 
AlternateDataStreams: C:\Users\ataca\Application Data:eccc9d0abe45c567c08e5b1ec5c63f6d [394] 
AlternateDataStreams: C:\Users\ataca\AppData\Roaming:eccc9d0abe45c567c08e5b1ec5c63f6d [394] 
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [ 8160856 2020-11-11] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft) <==== ATTENTION 
S3 mfeavfk01; \Device\mfeavfk01.sys [X] 
S3 mfeavfk02; \Device\mfeavfk02.sys [X] 
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X] 
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [Taskbarify] => C:\Users\ataca\AppData\Local\Programs\Taskbarify\Taskbarify.exe (No File ) 
Task: {E4BE6047-3A49-4F7F-BF45-0D5E26A566C0} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe ( No File) 
Task: {941D8A94-A2E1-4736-9ED3-594BB31360E4} - System32\Tasks\Opera scheduled Autoupdate 1649082778 => C:\Users\ataca\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) ( No File) 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Web Companion removed?
Fixlog

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#6 dockarnavalla

Topic Starter

Members
17 posts
OFFLINE

Posted 22 February 2024 - 04:10 PM

Hello again.
The removal of web companion was successful however I am not sure I was able to do the fixlog. I followed the instructions but after copying the content you have send nothing appeared on farbar tool. I clicked fix button and have the resutls here attached. I hope it was successful.

After the process I rebooted the pc and windows command processor was still popping.

Looking forward to see your reply. Thanks in advance

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.02.2024 02
Ran by ataca (22-02-2024 21:30:17) Run:1
Running from C:\Users\ataca\Downloads
Loaded Profiles: ataca
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
C:\Users\ataca\AppData\Local\xmrig
C:\Users\ataca\AppData\Roaming\80c6bf70bf3f8f
C:\Users\ataca\AppData\Roaming\Microsoft\HTML Help
C:\Program Files (x86)\Lavasoft
C:\Program Files (x86)\Common Files\CityDoveD
C:\Users\ataca\AppData\Local\Temp
C:\Program Files (x86)\101XP Game Center TR
2024-02-20 20:18 - 2024-02-20 20:18 - 000000000 ____D C:\Users\ataca\AppData\Roaming\Taskstream_CPE
2024-02-20 20:18 - 2024-02-20 20:18 - 000000000 ____D C:\Users\ataca\AppData\Roaming\Microsoft SQL Server
2024-02-20 20:18 - 2024-02-20 20:18 - 000000000 ____D C:\ProgramData\Corporation
2024-02-20 20:17 - 2024-02-20 20:17 - 012470000 _____ (Wireshark development team) C:\ProgramData\CAKKEGDGCG.exe
2024-02-20 20:17 - 2024-02-20 20:17 - 003559424 _____ (Tomasz Ostrowski) C:\ProgramData\FIIIIDGHJE.exe
2024-02-20 20:17 - 2024-02-20 20:17 - 001894352 _____ (UCWeb Inc.) C:\ProgramData\AKJKFBAFID.exe
2024-02-20 20:17 - 2024-02-20 20:17 - 000000000 ____D C:\Users\ataca\AppData\Roaming\Executor
2024-02-20 20:17 - 2022-08-27 16:21 - 000066155 _____ C:\ProgramData\WhatsApp Image 2022-08-27 at 12.52.59.jpeg
2024-02-20 20:17 - 2022-05-29 15:38 - 000204157 _____ C:\ProgramData\report 1.5.jpeg
2024-02-20 20:17 - 2022-05-29 15:11 - 000194653 _____ C:\ProgramData\report 1.4.jpeg
2024-02-20 20:17 - 2022-05-29 14:16 - 000164974 _____ C:\ProgramData\report 1.3.jpeg
2024-02-20 20:16 - 2024-02-20 20:16 - 000000000 ____D C:\Users\ataca\AppData\Roaming\rasctrnm
2024-02-20 20:16 - 2024-02-20 20:16 - 000000000 ____D C:\ProgramData\Canon_Inc_IC
2024-02-05 00:08 - 2024-02-05 00:08 - 000000000 ____D C:\Users\ataca\AppData\LocalLow\Konami Digital Entertainment Co., Ltd_
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [101XPGameCenterTR] => "C:\Program Files (x86)\101XP Game Center TR\launcher101xp.exe"
S3 MpKsl2d9f8d9a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl349cf04a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl6bb3c69f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslae87d6fa; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslc618afd2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
R3 MpKsld3f4a1ef; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslf42e442e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B02EA02B-80B2-4713-A349-E9F6FACBBE11}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
Task: {2E697DC9-0228-41FD-B783-BB28A857ED85} - System32\Tasks\Dctooux => C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe [3559424 2024-02-20] (Tomasz Ostrowski ) [File not signed] <==== ATTENTION
Task: C:\WINDOWS\Tasks\Dctooux.job => C:\Users\ataca\AppData\Local\Temp\d00f842964\Dctooux.exe <==== ATTENTION
R2CityDoveD; C:\Program Files (x86)\Common Files\CityDoveD\CityDoveD.exe [7262608 2022-03-31] (PenentheMidtown -> LakeWeb Co) [File not signed] [File is in use] <==== ATTENTION
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-11-11] (LAVASOFT SOFTWARE CANADA INC -> ) <==== ATTENTION
AlternateDataStreams: C:\Users\ataca\Application Data:eccc9d0abe45c567c08e5b1ec5c63f6d [394]
AlternateDataStreams: C:\Users\ataca\AppData\Roaming:eccc9d0abe45c567c08e5b1ec5c63f6d [394]
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [ 8160856 2020-11-11] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft) <==== ATTENTION
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S3 mfeavfk02; \Device\mfeavfk02.sys [X]
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\...\Run: [Taskbarify] => C:\Users\ataca\AppData\Local\Programs\Taskbarify\Taskbarify.exe (No File )
Task: {E4BE6047-3A49-4F7F-BF45-0D5E26A566C0} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe ( No File)
Task: {941D8A94-A2E1-4736-9ED3-594BB31360E4} - System32\Tasks\Opera scheduled Autoupdate 1649082778 => C:\Users\ataca\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) ( No File)
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.

"C:\Users\ataca\AppData\Local\xmrig" folder move:

C:\Users\ataca\AppData\Local\xmrig => moved successfully

"C:\Users\ataca\AppData\Roaming\80c6bf70bf3f8f" folder move:

C:\Users\ataca\AppData\Roaming\80c6bf70bf3f8f => moved successfully

"C:\Users\ataca\AppData\Roaming\Microsoft\HTML Help" folder move:

C:\Users\ataca\AppData\Roaming\Microsoft\HTML Help => moved successfully
"C:\Program Files (x86)\Lavasoft" => not found

"C:\Program Files (x86)\Common Files\CityDoveD" folder move:

C:\Program Files (x86)\Common Files\CityDoveD => moved successfully

"C:\Users\ataca\AppData\Local\Temp" folder move:

C:\Users\ataca\AppData\Local\Temp => moved successfully
"C:\Program Files (x86)\101XP Game Center TR" => not found

"C:\Users\ataca\AppData\Roaming\Taskstream_CPE" folder move:

C:\Users\ataca\AppData\Roaming\Taskstream_CPE => moved successfully

"C:\Users\ataca\AppData\Roaming\Microsoft SQL Server" folder move:

C:\Users\ataca\AppData\Roaming\Microsoft SQL Server => moved successfully

"C:\ProgramData\Corporation" folder move:

C:\ProgramData\Corporation => moved successfully
C:\ProgramData\CAKKEGDGCG.exe => moved successfully
C:\ProgramData\FIIIIDGHJE.exe => moved successfully
C:\ProgramData\AKJKFBAFID.exe => moved successfully

"C:\Users\ataca\AppData\Roaming\Executor" folder move:

C:\Users\ataca\AppData\Roaming\Executor => moved successfully
C:\ProgramData\WhatsApp Image 2022-08-27 at 12.52.59.jpeg => moved successfully
"C:\ProgramData\report 1.5.jpeg" => not found
"C:\ProgramData\report 1.4.jpeg" => not found
"C:\ProgramData\report 1.3.jpeg" => not found

"C:\Users\ataca\AppData\Roaming\rasctrnm" folder move:

C:\Users\ataca\AppData\Roaming\rasctrnm => moved successfully

"C:\ProgramData\Canon_Inc_IC" folder move:

C:\ProgramData\Canon_Inc_IC => moved successfully

"C:\Users\ataca\AppData\LocalLow\Konami Digital Entertainment Co., Ltd_" folder move:

C:\Users\ataca\AppData\LocalLow\Konami Digital Entertainment Co., Ltd_ => moved successfully
"HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\Software\Microsoft\Windows\CurrentVersion\Run\\101XPGameCenterTR" => removed successfully
HKLM\System\CurrentControlSet\Services\MpKsl2d9f8d9a => removed successfully
MpKsl2d9f8d9a => service removed successfully
HKLM\System\CurrentControlSet\Services\MpKsl349cf04a => removed successfully
MpKsl349cf04a => service removed successfully
HKLM\System\CurrentControlSet\Services\MpKsl6bb3c69f => removed successfully
MpKsl6bb3c69f => service removed successfully
HKLM\System\CurrentControlSet\Services\MpKslae87d6fa => removed successfully
MpKslae87d6fa => service removed successfully
HKLM\System\CurrentControlSet\Services\MpKslc618afd2 => removed successfully
MpKslc618afd2 => service removed successfully
MpKsld3f4a1ef => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\MpKsld3f4a1ef => removed successfully
MpKsld3f4a1ef => service removed successfully
HKLM\System\CurrentControlSet\Services\MpKslf42e442e => removed successfully
MpKslf42e442e => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E697DC9-0228-41FD-B783-BB28A857ED85}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E697DC9-0228-41FD-B783-BB28A857ED85}" => removed successfully
C:\WINDOWS\System32\Tasks\Dctooux => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dctooux" => removed successfully
C:\WINDOWS\Tasks\Dctooux.job => moved successfully
R2CityDoveD; C:\Program Files (x86)\Common Files\CityDoveD\CityDoveD.exe [7262608 2022-03-31] (PenentheMidtown -> LakeWeb Co) [File not signed] [File is in use] <==== ATTENTION => Error: No automatic fix found for this entry.
WCAssistantService => service not found.
C:\Users\ataca\Application Data => ":eccc9d0abe45c567c08e5b1ec5c63f6d" ADS removed successfully
"C:\Users\ataca\AppData\Roaming" => ":eccc9d0abe45c567c08e5b1ec5c63f6d" ADS not found.
"HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
HKLM\System\CurrentControlSet\Services\mfeavfk01 => removed successfully
mfeavfk01 => service removed successfully
HKLM\System\CurrentControlSet\Services\mfeavfk02 => removed successfully
mfeavfk02 => service removed successfully
HKLM\System\CurrentControlSet\Services\rsDwf => removed successfully
rsDwf => service removed successfully
"HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Taskbarify" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4BE6047-3A49-4F7F-BF45-0D5E26A566C0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4BE6047-3A49-4F7F-BF45-0D5E26A566C0}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\P508PowerAgent_sdk => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\P508PowerAgent_sdk" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{941D8A94-A2E1-4736-9ED3-594BB31360E4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{941D8A94-A2E1-4736-9ED3-594BB31360E4}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1649082778 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1649082778" => removed successfully

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Erisim engellendi.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg =========

ERROR: Unable to write to the file. There may be a disk or file system error.

========= End of Reg: =========

"C:\Firewall.reg" => not found

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.

Unable to cancel {35375F56-08BD-475E-8142-4CC2993FE765}.
{4122965D-03C5-4371-9246-8765F0CF9573} canceled.
{DEA8546B-0990-4D6A-A7C4-6D9C827D56AC} canceled.
{0AA86079-1747-498D-BD78-0F56FFC491AA} canceled.
3 out of 4 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3062927071-2835298068-3034318602-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Error: 3

bir hata olustu. C:\Users\ataca\AppData\Local\Temp\ ge‡ici klas”rnde dizin olusturulamadÕ.
Ge‡ici klas”re giden yolun varoldugundan ve klas”rde Okuma/Yazma izinleriniz oldugundan emin olun.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

========= End of CMD: =========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 324739988 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 883972242 B
Windows/system/drivers => 133444859 B
Edge => 1511827 B
Chrome => 2678080498 B
Firefox => 0 B
Opera => 14993739 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 4671319 B
systemprofile32 => 4671319 B
LocalService => 5359329 B
NetworkService => 25810773 B
ataca => 30755796 B

RecycleBin => 17476794867 B
EmptyTemp: => 20.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 21:33:18 ====

Edited by Oh My!, 22 February 2024 - 08:37 PM.

#7 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:08:56 PM

Posted 22 February 2024 - 09:30 PM

Thank you.

We can skip quoting my previous post.

There is no need to paste the information anywhere, FRST64 will do it for you

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
CloseProcesses:
DisableService: R2CityDoveD
R2CityDoveD; C:\Program Files (x86)\Common Files\CityDoveD\CityDoveD.exe
cmd: md C:\Users\ataca\AppData\Local\Temp
Startbatch:
@echo off
net stop BITS
ipconfig /flushdns
ren C:\ProgramData\Microsoft\Network\Downloader\qmgr.db qmgr.db.old
net start BITS
Endbatch:
Powershell: Get-BitsTransfer -AllUsers
cmd: DISM /Online /Cleanup-Image /CheckHealth
cmd: chkdsk
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Autoruns

--------------------

Please download Autoruns and save it to your Desktop
Right click on the autoruns64 icon on your Desktop and select Run as administrator
Wait until the lower left hand corner of the window shows Ready
Hit the Ctrl + S key at the same time
Save the file onto your Desktop using the default File name:
Please zip and upload the file here

Fixlog
Uploaded zip file

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#8 dockarnavalla

Topic Starter

Members
17 posts
OFFLINE

Posted 22 February 2024 - 11:09 PM

Here they are.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.02.2024 02
Ran by ataca (23-02-2024 04:46:32) Run:4
Running from C:\Users\ataca\OneDrive\Desktop
Loaded Profiles: ataca
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CloseProcesses:
DisableService: R2CityDoveD
R2CityDoveD; C:\Program Files (x86)\Common Files\CityDoveD\CityDoveD.exe
cmd: md C:\Users\ataca\AppData\Local\Temp
Startbatch:
@echo off
net stop BITS
ipconfig /flushdns
ren C:\ProgramData\Microsoft\Network\Downloader\qmgr.db qmgr.db.old
net start BITS
Endbatch:
Powershell: Get-BitsTransfer -AllUsers
cmd: DISM /Online /Cleanup-Image /CheckHealth
cmd: chkdsk
End::
*****************

Processes closed successfully.
R2CityDoveD; C:\Program Files (x86)\Common Files\CityDoveD\CityDoveD.exe => Error: No automatic fix found for this entry.

========= md C:\Users\ataca\AppData\Local\Temp =========

A subdirectory or file C:\Users\ataca\AppData\Local\Temp already exists.

========= End of CMD: =========

========= Batch: =========
Arka Plan AkÕllÕ AktarÕm Hizmeti hizmeti durduruluyor..
Arka Plan AkÕllÕ AktarÕm Hizmeti hizmeti basarÕyla durduruldu.

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

A duplicate file name exists, or the file
cannot be found.

Arka Plan AkÕllÕ AktarÕm Hizmeti hizmeti baslatÕlÕyor.
Arka Plan AkÕllÕ AktarÕm Hizmeti hizmeti basarÕyla baslatÕldÕ.

========= End of Batch: =========

========= Get-BitsTransfer -AllUsers =========

JobId DisplayName TransferType JobState OwnerAccount
----- ----------- ------------ -------- ------------
bd781695-9c9d-491c-b54e-b3b7ff4ebe57 Chrome Component Updater Download TransientError LAPTOP-8JBASMB5\ataca

========= End of Powershell: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19045.3208

No component store corruption detected.
The operation completed successfully.

========= End of CMD: =========

========= chkdsk =========

The type of the file system is NTFS.
Volume label is OS.

WARNING! /F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
Progress: 0 of 1348864 done; Stage: 0%; Total: 0%; ETA: 1:04:51
Progress: 43123 of 1348864 done; Stage: 3%; Total: 1%; ETA: 1:04:09 .
Progress: 81665 of 1348864 done; Stage: 6%; Total: 2%; ETA: 1:03:26 ..
Progress: 125771 of 1348864 done; Stage: 9%; Total: 3%; ETA: 0:00:39 ...
Progress: 189953 of 1348864 done; Stage: 14%; Total: 5%; ETA: 0:00:35
Progress: 241622 of 1348864 done; Stage: 17%; Total: 6%; ETA: 0:00:35 .
Progress: 241623 of 1348864 done; Stage: 17%; Total: 6%; ETA: 0:00:35 ..
Progress: 308240 of 1348864 done; Stage: 22%; Total: 8%; ETA: 0:00:33 ...
Progress: 400641 of 1348864 done; Stage: 29%; Total: 10%; ETA: 0:00:30
Progress: 473503 of 1348864 done; Stage: 35%; Total: 12%; ETA: 0:00:28 .
Progress: 587521 of 1348864 done; Stage: 43%; Total: 15%; ETA: 0:00:25 ..
Progress: 884241 of 1348864 done; Stage: 65%; Total: 22%; ETA: 0:00:17 ...
Progress: 953994 of 1348864 done; Stage: 70%; Total: 24%; ETA: 0:00:17
Progress: 1032961 of 1348864 done; Stage: 76%; Total: 26%; ETA: 0:00:17 .
Progress: 1097649 of 1348864 done; Stage: 81%; Total: 28%; ETA: 0:00:16 ..
Progress: 1177640 of 1348864 done; Stage: 87%; Total: 30%; ETA: 0:00:15 ...
Progress: 1334414 of 1348864 done; Stage: 98%; Total: 34%; ETA: 0:00:14
Progress: 1348864 of 1348864 done; Stage: 100%; Total: 34%; ETA: 0:00:14 .

1348864 file records processed.
File verification completed.
Phase duration (File record verification): 7.22 seconds.
Progress: 18853 of 18853 done; Stage: 100%; Total: 29%; ETA: 0:00:17 ..

18853 large file records processed.
Phase duration (Orphan file record recovery): 0.00 milliseconds.
Progress: 0 of 0 done; Stage: 99%; Total: 29%; ETA: 0:00:17 ...

0 bad file records processed.
Phase duration (Bad file record checking): 0.04 milliseconds.

Stage 2: Examining file name linkage ...
Progress: 80118 of 1669350 done; Stage: 4%; Total: 31%; ETA: 0:00:17
Progress: 189288 of 1669350 done; Stage: 11%; Total: 33%; ETA: 0:00:17 .
Progress: 288928 of 1669350 done; Stage: 17%; Total: 35%; ETA: 0:00:15 ..
Progress: 467696 of 1669350 done; Stage: 28%; Total: 39%; ETA: 0:00:14 ...
Progress: 768483 of 1669350 done; Stage: 46%; Total: 46%; ETA: 0:00:12
Progress: 961554 of 1669350 done; Stage: 57%; Total: 50%; ETA: 0:00:11 .
Progress: 1070778 of 1669350 done; Stage: 64%; Total: 52%; ETA: 0:00:11 ..
Progress: 1167103 of 1669350 done; Stage: 69%; Total: 54%; ETA: 0:00:09 ...
Progress: 808 of 808 done; Stage: 100%; Total: 58%; ETA: 0:00:09

808 reparse records processed.
Progress: 1350367 of 1669350 done; Stage: 80%; Total: 58%; ETA: 0:00:09 .
Progress: 1355869 of 1669350 done; Stage: 81%; Total: 60%; ETA: 0:00:09 ..
Progress: 1361086 of 1669350 done; Stage: 81%; Total: 61%; ETA: 0:00:09 ...
Progress: 1367264 of 1669350 done; Stage: 81%; Total: 61%; ETA: 0:00:09
Progress: 1371378 of 1669350 done; Stage: 82%; Total: 62%; ETA: 0:00:09 .
Progress: 1374480 of 1669350 done; Stage: 82%; Total: 64%; ETA: 0:00:09 ..
Progress: 1383486 of 1669350 done; Stage: 82%; Total: 65%; ETA: 0:00:08 ...
Progress: 1387986 of 1669350 done; Stage: 83%; Total: 68%; ETA: 0:00:07
Progress: 1399423 of 1669350 done; Stage: 83%; Total: 70%; ETA: 0:00:07 .
Progress: 1408864 of 1669350 done; Stage: 84%; Total: 73%; ETA: 0:00:06 ..
Progress: 1418648 of 1669350 done; Stage: 84%; Total: 73%; ETA: 0:00:06 ...
Progress: 1428631 of 1669350 done; Stage: 85%; Total: 74%; ETA: 0:00:06
Progress: 1443803 of 1669350 done; Stage: 86%; Total: 76%; ETA: 0:00:06 .
Progress: 1468988 of 1669350 done; Stage: 87%; Total: 77%; ETA: 0:00:06 ..
Progress: 1488245 of 1669350 done; Stage: 89%; Total: 78%; ETA: 0:00:06 ...
Progress: 1669350 of 1669350 done; Stage: 100%; Total: 79%; ETA: 0:00:06

1669350 index entries processed.
Index verification completed.
Phase duration (Index verification): 12.23 seconds.
Progress: 1 of 0 done; Stage: 99%; Total: 79%; ETA: 0:00:06 .
Progress: 0 of 0 done; Stage: 99%; Total: 79%; ETA: 0:00:06 ..

0 unindexed files scanned.
Phase duration (Orphan reconnection): 8.02 seconds.
Progress: 0 of 0 done; Stage: 99%; Total: 79%; ETA: 0:00:06 ...

0 unindexed files recovered to lost and found.
Phase duration (Orphan recovery to lost and found): 0.04 milliseconds.
Progress: 808 of 808 done; Stage: 100%; Total: 79%; ETA: 0:00:06

808 reparse records processed.
Phase duration (Reparse point and Object ID verification): 5.44 milliseconds.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Phase duration (Security descriptor verification): 43.55 milliseconds.
Progress: 19 of 19 done; Stage: 100%; Total: 99%; ETA: 0:00:00 .

160244 data files processed.
Phase duration (Data attribute verification): 0.04 milliseconds.
CHKDSK is verifying Usn Journal...
Progress: 4937 of 4937 done; Stage: 100%; Total: 97%; ETA: 0:00:00 ..

40449808 USN bytes processed.
Usn Journal verification completed.
Phase duration (USN journal verification): 111.85 milliseconds.

Windows has scanned the file system and found no problems.
No further action is required.

480141639 KB total disk space.
335102560 KB in 503848 files.
348724 KB in 160245 indexes.
0 KB in bad sectors.
1478239 KB in use by the system.
65536 KB occupied by the log file.
143212116 KB available on disk.

4096 bytes in each allocation unit.
120035409 total allocation units on disk.
35803029 allocation units available on disk.
Total duration: 27.65 seconds (27653 ms).

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 04:47:19 ====

Attached Files

LAPTOP-8JBASMB5.zip 580.62KB 1 downloads
Fixlog.txt 10.23KB 1 downloads

Edited by Oh My!, 23 February 2024 - 08:45 AM.

#9 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:08:56 PM

Posted 23 February 2024 - 08:58 AM

Please take a screen shot of the command processor window and attach it to your reply.

Please do this. Please be sure to copy and paste the contents of the Fixlog.txt document in your reply.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
StartPowershell:
Get-BitsTransfer -AllUsers | select -ExpandProperty FileList
EndPowershell:
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Farbar Recovery Scan Tool SearchAll

--------------------

Right click on FRST and select Run as administrator
Copy/paste the following in the Search: box

SearchAll: CityDoveD;{35375F56-08BD-475E-8142-4CC2993FE765}

Click Search Files button
When completed click OK and a Search.txt document will open on your desktop
Copy and paste the report information in your reply

===================================================

Process Monitor Boot Log

--------------------

Download Process Monitor and save it to your Desktop
Right click on Procmon and select Run as administrator
Agree to any permission requests
Hit Ctrl + E to stop capturing events
Hit Ctrl + X at the same time to clear the display
Click Options then Enable Boot Logging
Place a check mark in Generate thread profiling events
Click OK
Close Process Monitor
Close any open programs and shut down your computer
Start your computer and allow the boot up process to complete, including logging in if you use a password
Wait 15 minutes before doing anything further
Right click on Process Monitor and select Run as administrator
Click Yes on the next window that appears and save the boot-time activity log onto your desktop using the default name
Please zip and upload the file to GoFile or the file hosting site of your choice and send me a Personal Message with download link

Screenshot
Fixlog
Search.txt
Download link

Edited by Oh My!, 23 February 2024 - 09:55 AM.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#10 dockarnavalla

Topic Starter

Members
17 posts
OFFLINE

Posted 23 February 2024 - 03:39 PM

Hi again. I am not sure if this was the screenshot you asked for. Please correct me if anything here is wrong. The link is send to your mailbox.

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.02.2024
Ran by ataca (23-02-2024 20:40:31) Run:5
Running from C:\Users\ataca\OneDrive\Desktop
Loaded Profiles: ataca
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
StartPowershell:
Get-BitsTransfer -AllUsers | select -ExpandProperty FileList
EndPowershell:
End::
*****************

========= Powershell: =========

RemoteName : http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/hb24fnxzbb67xgfuynutqnb4hy_2024.2.21.0/
niikhdgajlphfehepabhhblakbdgeefj_2024.02.21.00_all_byuuqzp2h3uttzf2nfyd42zic4.crx3
LocalName : C:\Users\ataca\AppData\Local\Temp\chrome_BITS_18344_154952170\niikhdgajlphfehepabhhblakbdgeefj_202
4.02.21.00_all_byuuqzp2h3uttzf2nfyd42zic4.crx3
IsTransferComplete : False
BytesTotal : 18446744073709551615
BytesTransferred : 0

RemoteName : http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb0
1uSGNvRHZ2Tm5HQQ/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
LocalName : C:\Users\ataca\AppData\Local\Temp\chrome_BITS_19776_1430311491\1.0.0.15_llkgjffcdpffmhiakmfcdcbloh
ccpfmo.crx
IsTransferComplete : False
BytesTotal : 18446744073709551615
BytesTransferred : 0

========= End of Powershell: =========

==== End of Fixlog 20:40:33 ====

Farbar Recovery Scan Tool (x64) Version: 23.02.2024
Ran by ataca (23-02-2024 20:41:28)
Running from C:\Users\ataca\OneDrive\Desktop
Boot Mode: Normal

================== Search Files: "SearchAll: CityDoveD;{35375F56-08BD-475E-8142-4CC2993FE765}" =============

File:
========
C:\FRST\Quarantine\C\Program Files (x86)\Common Files\CityDoveD\CityDoveD.exe
[2022-03-31 15:29][2022-03-31 15:29] 007262608 _____ (LakeWeb Co) 57895A38ADA42FA0234A1C0314002688 [File not signed]

folder:
========
2022-04-04 15:33 - 2022-04-04 15:33 _____ C:\FRST\Quarantine\C\Program Files (x86)\Common Files\CityDoveD

Registry:
========

===================== Search result for "CityDoveD" ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CityDoveD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CityDoveD]
"ImagePath"="C:\Program Files (x86)\Common Files\CityDoveD\CityDoveD.exe -StartService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CityDoveD]
"DisplayName"="CityDoveD"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CityDoveD]
"Description"="CityDoveD"

[HKEY_USERS\S-1-5-21-3062927071-2835298068-3034318602-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="C:\Program Files (x86)\Common Files\CityDoveD\mag.ico"

[HKEY_USERS\S-1-5-21-3062927071-2835298068-3034318602-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Common Files\CityDoveD\uninstall.exe"="0x5341435001000000000000000700000028000000001B03009D9905000100000000000000000001060001000050BB64EDDDACD501000000000000000002000000280000000000000000000040000200000000000000000000000000000D0B0000000000000100000001000000"

===================== Search result for "{35375F56-08BD-475E-8142-4CC2993FE765}" ==========

====== End of Search ======

Attached Files

Fixlog.txt 1.48KB 1 downloads
Search.txt 1.84KB 1 downloads
Ekran görüntüsü 2024-02-23 213633.png 54.82KB 0 downloads

Edited by Oh My!, 23 February 2024 - 03:42 PM.

#11 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:08:56 PM

Posted 23 February 2024 - 03:52 PM

Greetings.

You did the Process Monitor steps perfectly.

Please be sure to copy and paste the contents of the Fixlog.txt document in your reply.

If you could copy and paste the report information in your reply unless asked to provide it a different way that will help me help you.

~~I am looking for the window that is asking you to grant permission.~~

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
CloseProcesses:
C:\Users\ataca\AppData\Local\Temp\chrome_BITS_18344_154952170\niikhdgajlphfehepabhhblakbdgeefj_2024.02.21.00_all_byuuqzp2h3uttzf2nfyd42zic4.crx3
C:\Users\ataca\AppData\Local\Temp\chrome_BITS_19776_1430311491\1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CityDoveD
DeleteValue: HKEY_USERS\S-1-5-21-3062927071-2835298068-3034318602-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List|File1
DeleteValue: HKEY_USERS\S-1-5-21-3062927071-2835298068-3034318602-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Common Files\CityDoveD\uninstall.exe
Folder: C:\Users\ataca\AppData\Local\Temp\vtcmsqob
File: C:\Users\ataca\AppData\Local\Temp\vtcmsqob
C:\Users\ataca\AppData\Local\Temp\vtcmsqob
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Fixlog

Edited by Oh My!, 23 February 2024 - 04:02 PM.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#12 dockarnavalla

Topic Starter

Members
17 posts
OFFLINE

Posted 23 February 2024 - 05:19 PM

System auto rebooted after the process. Here are the results:

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.02.2024

Ran by ataca (23-02-2024 23:15:59) Run:6

Running from C:\Users\ataca\OneDrive\Desktop

Loaded Profiles: ataca

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start::

CloseProcesses:

C:\Users\ataca\AppData\Local\Temp\chrome_BITS_18344_154952170\niikhdgajlphfehepabhhblakbdgeefj_2024.02.21.00_all_byuuqzp2h3uttzf2nfyd42zic4.crx3

C:\Users\ataca\AppData\Local\Temp\chrome_BITS_19776_1430311491\1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CityDoveD

DeleteValue: HKEY_USERS\S-1-5-21-3062927071-2835298068-3034318602-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List|File1

DeleteValue: HKEY_USERS\S-1-5-21-3062927071-2835298068-3034318602-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Common Files\CityDoveD\uninstall.exe

Folder: C:\Users\ataca\AppData\Local\Temp\vtcmsqob

File: C:\Users\ataca\AppData\Local\Temp\vtcmsqob

C:\Users\ataca\AppData\Local\Temp\vtcmsqob

End::

*****************

Processes closed successfully.

"C:\Users\ataca\AppData\Local\Temp\chrome_BITS_18344_154952170\niikhdgajlphfehepabhhblakbdgeefj_2024.02.21.00_all_byuuqzp2h3uttzf2nfyd42zic4.crx3" => not found

"C:\Users\ataca\AppData\Local\Temp\chrome_BITS_19776_1430311491\1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx" => not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CityDoveD => removed successfully

"HKEY_USERS\S-1-5-21-3062927071-2835298068-3034318602-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List\\File1" => removed successfully

"HKEY_USERS\S-1-5-21-3062927071-2835298068-3034318602-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\Common Files\CityDoveD\uninstall.exe" => removed successfully

========================= Folder: C:\Users\ataca\AppData\Local\Temp\vtcmsqob ========================

not found.

====== End of Folder: ======

========================= File: C:\Users\ataca\AppData\Local\Temp\vtcmsqob ========================

"C:\Users\ataca\AppData\Local\Temp\vtcmsqob" => not found

====== End of File: ======

"C:\Users\ataca\AppData\Local\Temp\vtcmsqob" => not found

The system needed a reboot.

==== End of Fixlog 23:16:03 ====

#13 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:08:56 PM

Posted 23 February 2024 - 08:56 PM

Can you post a screen shot of the window you are seeing asking for permission to run something?

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#14 dockarnavalla

Topic Starter

Members
17 posts
OFFLINE

Posted 23 February 2024 - 09:21 PM

It won't let me say no and reappear immediately until I say yes.

Attached Files

20240224_031458.jpg 106.87KB 0 downloads

#15 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:08:56 PM

Posted 23 February 2024 - 09:31 PM

Thank you.

Please run this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
CloseProcesses:
Startup: C:\Users\ataca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HelpMonitor.lnk [2024-02-20]
C:\Users\ataca\AppData\Roaming\Taskstream_CPE
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
Upon reboot check for the window

Fixlog
Popup screen gone?

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69