Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide: Hotspot Shield VPN review

Persistent files. Stay even after I reinstall Windows. Is it malware?

Started by Madmatt85 , Oct 27 2023 06:22 AM

This topic is locked

21 replies to this topic

#1 Madmatt85

Members
24 posts
OFFLINE

Posted 27 October 2023 - 06:22 AM

I bought an old Lenovo t430 at a pawn shop for 20 bucks. It seems there is something strange going on with it. I have reinstalled windows numerous times but for some reason certain files stay with the same old date. 7/19. There also seems to be a ton of strange firewall rules. If someone could help me finally get it free of whatever is on it I'd greatly appreciate it. Thanks!!!

Edited by Madmatt85, 27 October 2023 - 06:24 AM.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 MoxieMomma

BC Advisor
2,346 posts
OFFLINE

Gender:Not Telling
Local time:10:57 PM

Posted 27 October 2023 - 06:28 AM

Hello and welcome to BC:

We need more information in order to better assist you.

FIRST: Please download, install and run the Free version of Speccy from here: https://www.ccleaner.com/speccy.

Then, go to File > Publish Snapshot

Click YES > Copy to Clipboard

Then please post the LINK by pasting it into your next reply.

ALSO:

Please download and install MiniToolBox from here: https://www.bleepingcomputer.com/download/minitoolbox/

Place a checkmark in the following boxes:

List Last 10 Event Viewer Errors
List Installed Programs
List Problematic Devices
List Users, Partitions and Memory size

Click “GO”
Please post the results here by pasting them in your next reply in this thread.

#3 MoxieMomma

BC Advisor
2,346 posts
OFFLINE

Gender:Not Telling
Local time:10:57 PM

Posted 27 October 2023 - 06:37 AM

While you're working on those....

Did you wipe the drive and delete all the existing partitions before reinstalling Windows?

#4 Madmatt85

Topic Starter

Members
24 posts
OFFLINE

Posted 27 October 2023 - 06:50 AM

Yes I wiped it. I will post the requested info as soon as I get back to my machine. Thanks so much for the quick response.

#5 Pkshadow

BC Advisor
12,306 posts
OFFLINE

Gender:Not Telling
Location:On the Brow of the Hill, West Coast, Canada
Local time:08:57 PM

Posted 27 October 2023 - 08:13 PM

So you deleted UEFI and System Partition as well as C: ?

If so there is no such thing as persistent files.

It would be something you are installing.

" mosquitoes really wake up everyday and choose violence " — dalia (@_dalia7)
www.cnn.com/2020/07/23/health/mosquitoes-attraction-humans-future-wellness-scn/index.html

I-7 ASUS ROG Rampage II Extreme / ASUS TUF Gaming F17 / I-7 4770K ASUS ROG Maximus VI Extreme

#6 Madmatt85

Topic Starter

Members
24 posts
OFFLINE

Posted 28 October 2023 - 01:18 AM

I definitely did. Thats why im confused and the same date from 2019 is on all of them. I will have the requested info in just a sec.

#7 Pkshadow

BC Advisor
12,306 posts
OFFLINE

Gender:Not Telling
Location:On the Brow of the Hill, West Coast, Canada
Local time:08:57 PM

Posted 28 October 2023 - 02:36 AM

So ya no such thing if have wiped the drive including any partitions that Lenovo has for recovery.

Your Support Page : https://pcsupport.lenovo.com/ca/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430/downloads

So ya you were asked for :

Please Post a "link" of Speccy Report.
Please install Speccy Free : https://m.majorgeeks.com/files/details/speccy.html
Use Custom Install
At the Top Left Corner of Speccy --> Click File and then Click Publish Snapshot Report, a window will popup and Click YES. --> Another popup will appear and then Click "Copy To Clipboard" then Paste that "link" to your next reply in your thread.

Download Minitoolbox from the below link :
http://www.bleepingcomputer.com/download/minitoolbox/
Run the tool and only select the following tick boxes.
    -List last 10 Event viewer errors
    -List installed programs
    -List devices
    -List users, partition and memory size
Now click "Go" and Copy/Paste and post the output text in your next reply

" mosquitoes really wake up everyday and choose violence " — dalia (@_dalia7)
www.cnn.com/2020/07/23/health/mosquitoes-attraction-humans-future-wellness-scn/index.html

I-7 ASUS ROG Rampage II Extreme / ASUS TUF Gaming F17 / I-7 4770K ASUS ROG Maximus VI Extreme

#8 Madmatt85

Topic Starter

Members
24 posts
OFFLINE

Posted 28 October 2023 - 03:07 AM

http://speccy.piriform.com/results/w8KVdRCz5elfWrnMUUBtGF2

MiniToolBox by Farbar Version: 13-05-2022

Ran by FUKdafedgov (administrator) on 28-10-2023 at 03:18:53

Running from "C:\Users\FUKdafedgov\Downloads"

Microsoft Windows 10 Pro (X64)

Model: 23474R7 Manufacturer: LENOVO

Boot Mode: Normal

***************************************************************************

========================= Event log errors: ===============================

Application errors:

==================

Error: (10/27/2023 07:26:15 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program SearchApp.exe version 10.0.19041.3570 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1d80

Start Time: 01da08c83f2c0ab9

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: 2166dae6-2ef1-40b5-94ed-6f66ce757955

Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce

Error: (10/27/2023 07:05:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: brave_vpn_wireguard_service.exe, version: 118.1.59.120, time stamp: 0x652f74a0

Faulting module name: brave_vpn_wireguard_service.exe, version: 118.1.59.120, time stamp: 0x652f74a0

Exception code: 0x80000003

Fault offset: 0x00000000000c93ab

Faulting process id: 0x1fac

Faulting application start time: 0x01da08c57a7bdc63

Faulting application path: C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.120\BraveVpnWireguardService\brave_vpn_wireguard_service.exe

Faulting module path: C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.120\BraveVpnWireguardService\brave_vpn_wireguard_service.exe

Report Id: d13cbf42-8ebe-4116-bc19-5b7eeba41609

Faulting package full name:

Faulting package-relative application ID:

Error: (10/27/2023 02:05:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )

Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1216.

Error: (10/27/2023 02:05:34 AM) (Source: ESENT) (EventID: 454) (User: )

Description: Catalog Database (3744,U,98) Catalog Database: Database recovery/restore failed with unexpected error -1216.

Error: (10/27/2023 02:05:34 AM) (Source: ESENT) (EventID: 494) (User: )

Description: Catalog Database (3744,U,98) Catalog Database: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (10/27/2023 02:04:56 AM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (3764,R,98) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU001AF.log.

Error: (10/25/2023 12:32:23 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5

Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19

Exception code: 0xc000041d

Fault offset: 0x00005514

Faulting process id: 0x2050

Faulting application start time: 0x01da06ec0bc9cbb4

Faulting application path: C:\Users\FUKDAF~1\AppData\Local\Temp\is-D1Q9A.tmp\setup.tmp

Faulting module path: botva2.dll

Report Id: 8796619f-f36f-42d5-915b-db363f9d6fea

Faulting package full name:

Faulting package-relative application ID:

Error: (10/25/2023 12:31:43 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5

Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19

Exception code: 0xc0000005

Fault offset: 0x00005514

Faulting process id: 0x2050

Faulting application start time: 0x01da06ec0bc9cbb4

Faulting application path: C:\Users\FUKDAF~1\AppData\Local\Temp\is-D1Q9A.tmp\setup.tmp

Faulting module path: botva2.dll

Report Id: 52e9ae83-0704-4508-9549-0565a865e651

Faulting package full name:

Faulting package-relative application ID:

Error: (10/24/2023 10:10:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5

Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19

Exception code: 0xc000041d

Fault offset: 0x00005514

Faulting process id: 0x284

Faulting application start time: 0x01da0653c0da7ca7

Faulting application path: C:\Users\FUKDAF~1\AppData\Local\Temp\is-H5CA8.tmp\setup.tmp

Faulting module path: botva2.dll

Report Id: ec4950d5-7fcb-443d-8e25-d2abc60caf90

Faulting package full name:

Faulting package-relative application ID:

Error: (10/24/2023 10:09:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5

Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19

Exception code: 0xc0000005

Fault offset: 0x00005514

Faulting process id: 0x284

Faulting application start time: 0x01da0653c0da7ca7

Faulting application path: C:\Users\FUKDAF~1\AppData\Local\Temp\is-H5CA8.tmp\setup.tmp

Faulting module path: botva2.dll

Report Id: ea72af93-0035-4caa-b761-0d5e7ab25180

Faulting package full name:

Faulting package-relative application ID:

System errors:

=============

Error: (10/27/2023 06:24:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.399.1389.0) - Current Channel (Broad).

Error: (10/27/2023 02:04:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The NcbService service terminated with the following error:

%%31 = A device attached to the system is not functioning.

Error: (10/26/2023 11:56:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The luafv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

Error: (10/26/2023 11:54:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: Event-ID 10005

Error: (10/26/2023 11:54:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: Event-ID 10005

Error: (10/26/2023 11:49:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: Event-ID 10005

Error: (10/26/2023 11:49:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: Event-ID 10005

Error: (10/26/2023 07:25:52 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Error: (10/25/2023 08:43:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The luafv service failed to start due to the following error:

%%1275 = This driver has been blocked from loading

Error: (10/25/2023 08:43:17 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 8:42:29 PM on ‎10/‎25/‎2023 was unexpected.

Windows Defender:

================

Date: 2023-10-27 06:26:04

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2023-10-24 05:00:04

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2023-10-22 10:09:27

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2023-10-22 01:57:39

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bullboka.A&threatid=2147842004&enterprise=0

Name: Trojan:Win32/Bullboka.A

Severity: Severe

Category: Trojan

Path: file:_C:\Users\FUKdafedgov\Downloads\FL Studio Producer Edition - v21 Full (2021)\Setup (password is THEPIRATEBAY007)\Setup.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: Real-Time Protection

Process Name: C:\Windows\explorer.exe

Security intelligence Version: AV: 1.399.1099.0, AS: 1.399.1099.0, NIS: 1.399.1099.0

Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007

Date: 2023-10-22 01:52:23

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bullboka.A&threatid=2147842004&enterprise=0

Name: Trojan:Win32/Bullboka.A

Severity: Severe

Category: Trojan

Path: file:_C:\Users\FUKdafedgov\Downloads\FL Studio Producer Edition - v21 Full (2021)\Setup (password is THEPIRATEBAY007)\Setup.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: Real-Time Protection

Process Name: C:\Windows\explorer.exe

Security intelligence Version: AV: 1.399.1099.0, AS: 1.399.1099.0, NIS: 1.399.1099.0

Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007

Event[0]:

Date: 2023-10-27 02:05:22

Description:

Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.

Security intelligence Attempted: Current

Error Code: 0x80070003

Error description: The system cannot find the path specified.

Security intelligence Version: 0.0.0.0;0.0.0.0

Engine Version: 0.0.0.0

=========================== Installed Programs ============================

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15 - tippach engineering)

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 118.1.59.124 - Brave Software Inc)

Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)

FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)

FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)

Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)

Mooer Studio for GE150 V1.3.7 (HKLM-x32\...\Mooer Studio for GE150 V1.3.7) (Version: V1.3.7 - Mooer Audio Corp)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)

Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)

Total War: Rome 2 (HKLM-x32\...\Total War: Rome 2_is1) (Version: - )

Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)

VPN by Google One (HKLM\...\{A1F022B1-145B-4EBF-9752-95B413C837A3}) (Version: 1.8.0.4 - Google LLC)

Packages:

=========

Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)

Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10160.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Studios) [MS Ad]

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0 [2019-12-07] (Spotify AB) [Startup Task]

WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)

WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x86__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)

WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)

WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)

========================= Devices: ================================

Name:

Description:

Class Guid:

Manufacturer:

Service:

Device ID: ACPI\LEN0078\5&2890D699&0

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Memory info: ===================================

Percentage of memory in use: 50%

Total physical RAM: 8009.11 MB

Available physical RAM: 3996.91 MB

Total Virtual: 9289.11 MB

Available Virtual: 3785.46 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.47 GB) (Free:84.6 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-4H03BFN

Administrator DefaultAccount FUKdafedgov

Guest WDAGUtilityAccount

**** End of log ****

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2023

Ran by FUKdafedgov (administrator) on DESKTOP-4H03BFN (LENOVO 23474R7) (28-10-2023 03:34:49)

Running from C:\Users\FUKdafedgov\Downloads\FRST64.exe

Loaded Profiles: FUKdafedgov

Platform: Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Google\VPN by Google One\1.8.0.4\googleone.exe ->) (Google LLC -> ) C:\Program Files\Google\VPN by Google One\1.8.0.4\crashpad_handler.exe <2>

(C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\VPN by Google One\1.8.0.4\googleone.exe

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <44>

(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>

(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe <2>

(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\Speccy\Speccy64.exe

(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe

(services.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\VPN by Google One\1.8.0.4\VpnByGoogleOneService.exe

(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe

(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\FUKdafedgov\AppData\Local\Microsoft\OneDrive\23.209.1008.0002\FileCoAuth.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BraveVpnWireguardService] => C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.124\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [11338776 2023-10-25] (Brave Software, Inc. -> Brave Software, Inc.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.69\Installer\setup.exe [4989992 2023-10-27] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\Run: [Microsoft Edge Update] => C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateCore.exe [264264 2023-10-27] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\Run: [MicrosoftEdgeAutoLaunch_D93DD99879B1248AC5D84E0F7DF895AD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4187176 2023-10-24] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\Run: [VPN by Google One] => C:\Program Files\Google\VPN by Google One\1.8.0.4\googleone.exe [10480928 2023-09-18] (Google LLC -> Google LLC)

HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3122200 2023-10-25] (Brave Software, Inc. -> Brave Software, Inc.)

HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\FUKdafedgov\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [65019816 2023-10-27] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\FUKdafedgov\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)

HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\RunOnce: [Uninstall 23.204.1001.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\FUKdafedgov\AppData\Local\Microsoft\OneDrive\23.204.1001.0003" [0 2023-10-27] () <==== ATTENTION [zero byte File/Folder]

HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.124\Installer\chrmstp.exe [2023-10-27] (Brave Software, Inc. -> Brave Software, Inc.)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {E4B6169B-798D-43B4-A053-E4B7CB16924A} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{D3E7130D-65EB-4AFA-AE91-1ADE2213338F} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-21] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {29FC3410-1165-40EA-93B3-CFEB7E5C7F33} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{6F17244B-9E47-4B71-8374-74C8A23EAC02} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-21] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {D4B58C84-E89D-4102-8355-005503D87635} - System32\Tasks\DolbySelectorTask => %ProgramFiles%\Dolby Digital Plus\ddp.exe -autostart (No File)

Task: {59CA7406-BE54-4187-B854-BBAD3A59651B} - System32\Tasks\GoogleUpdateTaskMachineCore{8CED12B6-05CB-4930-8B39-FCF7AA4C5832} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-10-22] (Google LLC -> Google LLC)

Task: {1A1A1C4A-0293-4123-99E6-475EFA23B825} - System32\Tasks\GoogleUpdateTaskMachineUA{FDE75186-79BE-4A2A-9DBE-26EEB5B2496E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-10-22] (Google LLC -> Google LLC)

Task: {23BF5CCA-7246-40B8-BC5F-14A71A438291} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [129016 2022-12-04] (Lenovo -> Lenovo)

Task: {CA5AADCC-564B-4304-845E-6E8BF4776FAB} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [65016 2022-12-04] (Lenovo -> )

Task: {ABE4446B-BD11-40BB-AB48-11048B739C03} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {DD282A26-F783-4B91-BF62-9B9ADB1961F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {2A627979-24D5-40A9-AFA0-ADC09F55B551} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {B6027DAB-EDE4-4EF2-A889-ECCECE690964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {76F4BC82-8D90-45CA-AF93-8A5B25F4E06F} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3237366536-3690962144-3967476854-1001Core{E5C455C4-0CAE-4B13-9BB3-8921568BFA16} => C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206288 2023-10-21] (Microsoft Corporation -> Microsoft Corporation)

Task: {222A04CD-47C0-49A2-A4A0-E20E4FAD160B} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3237366536-3690962144-3967476854-1001UA{CE8E0582-50C9-4E51-9589-64E1DB04B72A} => C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206288 2023-10-21] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{0af08e33-ca4a-4e37-862c-c9a5e8f5411a}: [NameServer] 8.8.4.4, 8.8.8.8

Tcpip\..\Interfaces\{347968c1-65b2-403a-a080-7ea230b4fc65}: [NameServer] 8.8.4.4, 8.8.8.8

Tcpip\..\Interfaces\{37fcf1e9-18c3-11ea-aa03-806e6f6e6963}: [NameServer] 8.8.4.4, 8.8.8.8

Tcpip\..\Interfaces\{3f0f136d-82ff-4b1b-89c5-81b6258a5ce6}: [NameServer] 8.8.4.4, 8.8.8.8

Tcpip\..\Interfaces\{68d6647d-3ad8-44f9-9d3e-0e12d8e4dcb5}: [NameServer] 8.8.4.4, 8.8.8.8

Tcpip\..\Interfaces\{cf09c478-a718-44b7-ad92-35e41f408ef3}: [NameServer] 8.8.4.4, 8.8.8.8

Tcpip\..\Interfaces\{e1a8be1e-59eb-4859-93f4-b083d0b90418}: [NameServer] 8.8.4.4, 8.8.8.8

Tcpip\..\Interfaces\{e1a8be1e-59eb-4859-93f4-b083d0b90418}: [DhcpNameServer] 192.168.1.254

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\FUKdafedgov\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-28]

Edge Extension: (Google Docs Offline) - C:\Users\FUKdafedgov\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-21]

Edge Extension: (Edge relevant text changes) - C:\Users\FUKdafedgov\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-27]

Brave:

=======

BRA Profile: C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-10-24]

BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2023-10-21]

BRA Extension: (Brave Local Data Files Updater) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-10-24]

BRA Extension: (Brave NTP background images) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2023-10-21]

BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2023-10-25]

BRA Extension: (Wallet Data Files Updater) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-10-24]

BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2023-10-25]

BRA Extension: (Brave NTP sponsored images) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2023-10-24]

BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-10-21]

BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2023-10-21]

BRA Extension: (Brave Ads Resources) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2023-10-22]

BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-10-25]

BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2023-10-24]

BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-24]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-21] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-21] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.124\brave_vpn_helper.exe [3073048 2023-10-25] (Brave Software, Inc. -> Brave Software, Inc.)

S3 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.124\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [11338776 2023-10-25] (Brave Software, Inc. -> Brave Software, Inc.)

S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)

R3 VPN by Google One Service; C:\Program Files\Google\VPN by Google One\1.8.0.4\VpnByGoogleOneService.exe [5451552 2023-09-18] (Google LLC -> Google LLC)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.124\elevation_service.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cpuz149; C:\Users\FUKdafedgov\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2023-10-28] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION

R3 googtun; C:\Windows\System32\drivers\googtun.sys [31296 2023-10-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

R3 MpKsl47f27830; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE41FD14-01D3-4DF1-A69C-8271ADA45D4D}\MpKslDrv.sys [263560 2023-10-28] (Microsoft Windows -> Microsoft Corporation)

R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)

R3 risdxc; C:\Windows\System32\drivers\risdxc64.sys [106496 2013-09-08] (Microsoft Windows Hardware Compatibility Publisher -> REDC)

S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2023-10-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572712 2023-10-21] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105872 2023-10-21] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-28 02:22 - 2023-10-28 03:19 - 000014025 _____ C:\Users\FUKdafedgov\Downloads\MTB.txt

2023-10-28 02:20 - 2023-10-28 02:20 - 000956928 _____ (Farbar) C:\Users\FUKdafedgov\Downloads\MiniToolBox.exe

2023-10-28 02:20 - 2023-10-28 02:20 - 000000837 _____ C:\Users\Public\Desktop\Speccy.lnk

2023-10-28 02:20 - 2023-10-28 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2023-10-28 02:19 - 2023-10-28 02:20 - 000000000 ____D C:\Program Files\Speccy

2023-10-28 02:18 - 2023-10-28 02:19 - 008995336 _____ (Piriform Software Ltd) C:\Users\FUKdafedgov\Downloads\spsetup132.exe

2023-10-27 07:26 - 2023-10-27 07:26 - 002383360 _____ (Farbar) C:\Users\FUKdafedgov\Downloads\FRST64.exe

2023-10-27 07:25 - 2023-10-27 07:25 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\OneDrive

2023-10-26 15:47 - 2019-12-07 05:18 - 000000000 ___HD C:\$WinREAgent

2023-10-25 01:08 - 2023-10-25 01:08 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\MMC

2023-10-25 00:32 - 2023-10-25 00:32 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\CrashDumps

2023-10-24 23:50 - 2023-10-28 02:33 - 000022436 _____ C:\Users\FUKdafedgov\Downloads\Addition.txt

2023-10-24 23:45 - 2023-10-24 23:45 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\mbam

2023-10-24 23:32 - 2023-10-25 02:27 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\Malwarebytes

2023-10-24 23:22 - 2023-10-24 23:22 - 000000000 ____D C:\ProgramData\Malwarebytes

2023-10-24 23:22 - 2023-10-24 23:22 - 000000000 ____D C:\Program Files\Malwarebytes

2023-10-24 23:13 - 2023-10-28 03:38 - 000017836 _____ C:\Users\FUKdafedgov\Downloads\FRST.txt

2023-10-24 23:11 - 2023-10-28 03:36 - 000000000 ____D C:\FRST

2023-10-24 21:33 - 2023-10-24 21:33 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies

2023-10-24 19:13 - 2023-10-25 00:27 - 000000000 ___HD C:\Windows\msdownld.tmp

2023-10-24 19:12 - 2023-10-25 00:28 - 000000000 ____D C:\Windows\SysWOW64\directx

2023-10-24 04:27 - 2023-10-24 04:27 - 000001429 _____ C:\Users\Public\Desktop\Total War - Rome 2.lnk

2023-10-24 04:27 - 2023-10-24 04:27 - 000000000 ____D C:\Games

2023-10-24 03:29 - 2023-10-24 03:29 - 000000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2023-10-22 19:02 - 2019-12-07 05:18 - 000000000 ____D C:\Users\FUKdafedgov\Downloads\Cyberpunk 2077 [FitGirl Repack]

2023-10-22 18:16 - 2023-10-22 23:32 - 000000000 ____D C:\Users\FUKdafedgov\Downloads\Total War - Rome 2 [FitGirl Repack]

2023-10-22 18:09 - 2023-10-22 18:09 - 000001299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPN by Google One.lnk

2023-10-22 18:09 - 2023-10-22 18:09 - 000001287 _____ C:\Users\Public\Desktop\VPN by Google One.lnk

2023-10-22 18:09 - 2023-10-22 18:09 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\Google

2023-10-22 18:09 - 2023-10-22 18:09 - 000000000 ____D C:\Program Files\Google

2023-10-22 18:06 - 2023-10-28 03:11 - 000000000 ____D C:\Program Files (x86)\Google

2023-10-22 18:06 - 2023-10-22 18:06 - 001373744 _____ (Google LLC) C:\Users\FUKdafedgov\Downloads\VpnByGoogleOneSetup.exe

2023-10-22 18:06 - 2023-10-22 18:06 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{FDE75186-79BE-4A2A-9DBE-26EEB5B2496E}

2023-10-22 18:06 - 2023-10-22 18:06 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{8CED12B6-05CB-4930-8B39-FCF7AA4C5832}

2023-10-22 11:50 - 2023-10-22 11:50 - 001016800 _____ (Spotify Ltd) C:\Users\FUKdafedgov\Downloads\SpotifySetup.exe

2023-10-22 10:25 - 2023-10-22 10:25 - 000003342 _____ C:\Windows\system32\Tasks\DolbySelectorTask

2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____H C:\ProgramData\DP45977C.lfl

2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\Windows\SysWOW64\RTCOM

2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\Windows\system32\DAX2

2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby

2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\Program Files\Realtek

2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\Program Files\Dolby Digital Plus

2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\Program Files (x86)\Realtek

2023-10-22 10:25 - 2015-10-01 07:02 - 000002108 _____ C:\Windows\system32\Drivers\SAMSFPA.DAT

2023-10-22 10:25 - 2015-10-01 07:02 - 000000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.DAT

2023-10-22 10:25 - 2015-10-01 07:02 - 000000098 _____ C:\Windows\system32\Drivers\RTMICAR.DAT

2023-10-22 10:24 - 2015-10-01 08:33 - 003271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll

2023-10-22 10:24 - 2015-10-01 08:33 - 002954224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll

2023-10-22 10:24 - 2015-10-01 08:33 - 001352000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll

2023-10-22 10:24 - 2015-10-01 08:33 - 000447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll

2023-10-22 10:24 - 2015-10-01 08:33 - 000343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll

2023-10-22 10:24 - 2015-10-01 08:33 - 000195192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll

2023-10-22 10:24 - 2015-10-01 08:33 - 000151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll

2023-10-22 10:24 - 2015-10-01 08:33 - 000134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll

2023-10-22 10:24 - 2015-10-01 08:33 - 000084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll

2023-10-22 10:24 - 2015-10-01 08:31 - 003278408 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll

2023-10-22 10:24 - 2015-10-01 08:30 - 002531696 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll

2023-10-22 10:24 - 2015-10-01 08:30 - 001965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll

2023-10-22 10:24 - 2015-10-01 08:30 - 000327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll

2023-10-22 10:24 - 2015-10-01 08:30 - 000272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll

2023-10-22 10:24 - 2015-10-01 08:25 - 004603136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys

2023-10-22 10:24 - 2015-10-01 08:25 - 002997504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll

2023-10-22 10:24 - 2015-10-01 08:25 - 002711296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl

2023-10-22 10:24 - 2015-10-01 08:24 - 000023704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll

2023-10-22 10:24 - 2015-10-01 08:23 - 007172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll

2023-10-22 10:24 - 2015-10-01 08:23 - 001842432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll

2023-10-22 10:24 - 2015-10-01 08:22 - 007096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll

2023-10-22 10:24 - 2015-10-01 08:22 - 000952984 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll

2023-10-22 10:24 - 2015-10-01 08:22 - 000357528 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll

2023-10-22 10:24 - 2015-10-01 08:21 - 000122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll

2023-10-22 10:04 - 2023-10-22 10:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf

2023-10-22 10:04 - 2023-10-22 10:04 - 000000000 ____D C:\Program Files\Synaptics

2023-10-22 10:02 - 2023-10-22 10:02 - 000000000 ____D C:\Windows\SysWOW64\Lenovo

2023-10-22 10:02 - 2023-10-22 10:02 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo

2023-10-22 10:02 - 2023-10-22 10:02 - 000000000 ____D C:\Windows\system32\Lenovo

2023-10-22 10:02 - 2023-10-22 10:02 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\Lenovo

2023-10-22 10:02 - 2023-10-22 10:02 - 000000000 ____D C:\ProgramData\Lenovo

2023-10-22 10:02 - 2022-12-04 23:06 - 005492696 _____ (Lenovo Group Limited) C:\Windows\SysWOW64\PWMTR32V.dll

2023-10-22 10:02 - 2022-12-04 23:06 - 000065016 _____ () C:\Windows\SysWOW64\PowerMgrInst.exe

2023-10-22 10:02 - 2022-12-04 23:04 - 002352344 _____ (Lenovo Group Limited) C:\Windows\SysWOW64\EasyResume.exe

2023-10-22 10:02 - 2022-12-04 23:04 - 000173008 _____ (Lenovo) C:\Windows\SysWOW64\InstHelper.dll

2023-10-22 10:02 - 2022-12-04 23:04 - 000105424 _____ (Lenovo) C:\Windows\SysWOW64\EventLogger.dll

2023-10-22 04:28 - 2023-10-22 15:42 - 000000000 ____D C:\Users\FUKdafedgov\Documents\Image-Line

2023-10-22 04:24 - 2023-10-22 04:24 - 000001882 _____ C:\Users\Public\Desktop\FL Studio 20.lnk

2023-10-22 04:24 - 2023-10-22 04:24 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

2023-10-22 04:24 - 2023-10-22 04:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line

2023-10-22 04:24 - 2023-10-22 04:24 - 000000000 ____D C:\Program Files\Common Files\VST2

2023-10-22 04:24 - 2023-10-22 04:24 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software

2023-10-22 04:24 - 2023-10-22 04:24 - 000000000 ____D C:\Program Files (x86)\VstPlugins

2023-10-22 04:18 - 2023-10-22 04:24 - 000000000 ____D C:\Program Files\Image-Line

2023-10-22 03:56 - 2023-10-22 09:38 - 000002284 _____ C:\Users\FUKdafedgov\Desktop\Mooer Studio for GE150.lnk

2023-10-22 03:48 - 2023-10-22 03:58 - 000000000 ____D C:\Users\FUKdafedgov\Downloads\GE150_V1.3.7_Win

2023-10-22 03:45 - 2023-10-22 03:56 - 000000000 ____D C:\ProgramData\Package Cache

2023-10-22 02:05 - 2023-10-22 02:05 - 000000000 ____D C:\Users\FUKdafedgov\Downloads\FL_Studio_Producer_Edition_20.6.2_Build_1549

2023-10-22 00:44 - 2023-10-22 00:44 - 000000000 ____D C:\Program Files (x86)\Mooer Audio Corp

2023-10-22 00:00 - 2023-10-25 07:34 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\BitTorrentHelper

2023-10-21 23:59 - 2023-10-21 23:59 - 000000000 ____D C:\Users\FUKdafedgov\AppData\LocalLow\uTorrent.WebView2

2023-10-21 23:58 - 2023-10-21 23:58 - 000000902 _____ C:\Users\FUKdafedgov\Desktop\µTorrent.lnk

2023-10-21 23:58 - 2023-10-21 23:58 - 000000882 _____ C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2023-10-21 23:58 - 2019-12-07 05:18 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Roaming\utorrent

2023-10-21 23:56 - 2023-10-21 23:56 - 001734112 _____ ( ) C:\Users\FUKdafedgov\Downloads\utorrent_installer.exe

2023-10-21 23:48 - 2023-10-22 00:42 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\PlaceholderTileLogoFolder

2023-10-21 04:58 - 2023-10-27 07:04 - 000000000 __SHD C:\Users\FUKdafedgov\IntelGraphicsProfiles

2023-10-21 04:58 - 2023-10-22 10:22 - 000000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

2023-10-21 04:58 - 2023-10-21 04:58 - 000000000 ____D C:\ProgramData\PLUG

2023-10-21 04:02 - 2023-10-21 04:02 - 000016059 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json

2023-10-21 03:30 - 2023-10-27 06:09 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2023-10-21 03:24 - 2023-10-22 10:13 - 000000000 ____D C:\Intel

2023-10-21 03:24 - 2023-10-21 03:24 - 000000000 ____D C:\Program Files\Intel

2023-10-21 03:24 - 2023-10-21 03:24 - 000000000 ____D C:\Program Files (x86)\Intel

2023-10-21 03:19 - 2023-10-21 03:19 - 000000000 ____D C:\Program Files\RUXIM

2023-10-21 03:13 - 2023-10-21 03:18 - 000000000 ____D C:\Windows\system32\MRT

2023-10-21 03:04 - 2023-10-21 03:05 - 017130548 _____ C:\Users\FUKdafedgov\Downloads\GE150_V1.3.7_Win.zip

2023-10-21 03:02 - 2023-10-27 18:05 - 000003886 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3237366536-3690962144-3967476854-1001UA{CE8E0582-50C9-4E51-9589-64E1DB04B72A}

2023-10-21 03:02 - 2023-10-27 18:05 - 000003834 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3237366536-3690962144-3967476854-1001Core{E5C455C4-0CAE-4B13-9BB3-8921568BFA16}

2023-10-21 03:02 - 2023-10-21 03:02 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\D3DSCache

2023-10-21 03:01 - 2023-10-21 03:01 - 000002483 _____ C:\Users\FUKdafedgov\Downloads\ACDC mio.mo

2023-10-21 03:00 - 2023-10-27 11:08 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk

2023-10-21 03:00 - 2023-10-22 03:52 - 000002032 _____ C:\Users\FUKdafedgov\Desktop\ASIO4ALL Web Site.lnk

2023-10-21 03:00 - 2023-10-22 03:52 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2

2023-10-21 03:00 - 2023-10-21 03:00 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2

2023-10-21 03:00 - 2023-10-21 03:00 - 000000000 ____D C:\ProgramData\BraveSoftware

2023-10-21 02:59 - 2023-10-21 02:59 - 000000000 ____D C:\Program Files\BraveSoftware

2023-10-21 02:58 - 2023-10-21 03:06 - 000003566 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{6F17244B-9E47-4B71-8374-74C8A23EAC02}

2023-10-21 02:58 - 2023-10-21 03:06 - 000003442 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{D3E7130D-65EB-4AFA-AE91-1ADE2213338F}

2023-10-21 02:58 - 2023-10-21 02:58 - 000317560 _____ C:\Users\FUKdafedgov\Downloads\ASIO4ALL_2_15_English.exe

2023-10-21 02:57 - 2023-10-21 03:00 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\BraveSoftware

2023-10-21 02:57 - 2023-10-21 02:57 - 000000000 ____D C:\Program Files (x86)\BraveSoftware

2023-10-21 02:56 - 2023-10-27 07:09 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3237366536-3690962144-3967476854-1001

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-28 03:33 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2023-10-28 03:21 - 2019-12-07 04:11 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\Packages

2023-10-28 03:11 - 2023-05-05 08:27 - 000000000 ____D C:\Windows\SystemTemp

2023-10-28 02:23 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF

2023-10-28 02:13 - 2019-12-07 03:29 - 000000000 ____D C:\Windows\system32\SleepStudy

2023-10-27 07:09 - 2019-12-07 04:17 - 000003392 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3237366536-3690962144-3967476854-1001

2023-10-27 07:09 - 2019-12-07 04:10 - 000002401 _____ C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2023-10-27 07:04 - 2019-12-07 04:10 - 000000000 ____D C:\Users\FUKdafedgov

2023-10-27 06:23 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp

2023-10-27 06:22 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps

2023-10-27 06:22 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness

2023-10-27 06:11 - 2019-12-07 03:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2023-10-27 06:10 - 2019-12-07 03:41 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI

2023-10-27 02:04 - 2019-12-07 03:29 - 000008192 ___SH C:\DumpStack.log.tmp

2023-10-27 02:04 - 2019-12-07 03:29 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2023-10-26 23:51 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender

2023-10-26 23:51 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender

2023-10-24 02:42 - 2019-12-07 03:30 - 000003534 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2023-10-24 02:42 - 2019-12-07 03:30 - 000003410 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2023-10-22 18:11 - 2019-12-07 04:11 - 000000000 ___SD C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\Credentials

2023-10-22 10:21 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI

2023-10-22 00:48 - 2019-12-07 04:12 - 000000000 ____D C:\ProgramData\Packages

2023-10-21 04:49 - 2019-12-07 03:29 - 000259496 _____ C:\Windows\system32\FNTCACHE.DAT

2023-10-21 04:28 - 2019-12-07 03:29 - 000000000 ____D C:\Windows\system32\Drivers\wd

2023-10-21 04:25 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll

2023-10-21 04:25 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll

2023-10-21 04:25 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll

2023-10-21 04:01 - 2019-12-07 03:32 - 003014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

2023-10-21 03:42 - 2019-12-07 03:28 - 000000000 ____D C:\Windows\Panther

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023

Ran by FUKdafedgov (28-10-2023 03:45:15)

Running from C:\Users\FUKdafedgov\Downloads

Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) (2019-12-07 07:37:52)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3237366536-3690962144-3967476854-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3237366536-3690962144-3967476854-503 - Limited - Disabled)

FUKdafedgov (S-1-5-21-3237366536-3690962144-3967476854-1001 - Administrator - Enabled) => C:\Users\FUKdafedgov

Guest (S-1-5-21-3237366536-3690962144-3967476854-501 - Limited - Disabled)

WDAGUtilityAccount (S-1-5-21-3237366536-3690962144-3967476854-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\uTorrent) (Version: 3.6.0.46902 - BitTorrent Inc.)

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15 - tippach engineering)

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 118.1.59.124 - Brave Software Inc)

Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)

FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)

FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 118.0.2088.69 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 118.0.2088.69 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\OneDriveSetup.exe) (Version: 23.209.1008.0002 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24123 (HKLM\...\{21134089-9B59-34C8-BE11-929D26AD5207}) (Version: 14.0.24123 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24123 (HKLM\...\{FDBE9DB4-7A91-3A28-B27E-705EF7CFAE57}) (Version: 14.0.24123 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24123 (HKLM-x32\...\{03AC7A79-F8AF-38FC-9DA0-98DAB4F4B1CD}) (Version: 14.0.24123 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24123 (HKLM-x32\...\{06AE3BCC-7612-39D3-9F3B-B6601D877D02}) (Version: 14.0.24123 - Microsoft Corporation) Hidden

Mooer Studio for GE150 V1.3.7 (HKLM-x32\...\Mooer Studio for GE150 V1.3.7) (Version: V1.3.7 - Mooer Audio Corp)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)

Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)

Total War: Rome 2 (HKLM-x32\...\Total War: Rome 2_is1) (Version: - )

Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)

VPN by Google One (HKLM\...\{A1F022B1-145B-4EBF-9752-95B413C837A3}) (Version: 1.8.0.4 - Google LLC)

Packages:

=========

Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)

Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10160.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Studios) [MS Ad]

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0 [2019-12-07] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3237366536-3690962144-3967476854-1001_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3237366536-3690962144-3967476854-1001_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3237366536-3690962144-3967476854-1001_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3237366536-3690962144-3967476854-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)

CustomCLSID: HKU\S-1-5-21-3237366536-3690962144-3967476854-1001_Classes\CLSID\{E3D57E77-FE71-4D06-BD34-D48820074909}\InprocServer32 -> C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2023-10-22 18:09 - 1980-01-01 01:00 - 000393728 _____ (Google) [File not signed] C:\Program Files\Google\VPN by Google One\1.8.0.4\googtun.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 8.8.4.4 - 8.8.8.8

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3863DE9B-5BED-4C1E-B7FE-78FD68A61989}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{135491B9-B7A0-41F0-8832-D5224DFCDCC5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{9A30FE73-6D56-460C-9020-1E3156EFFC31}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{B457A4CB-A033-467D-A674-F5F2669D83B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{66535A9D-1995-4563-A77C-41278923E414}] => (Allow) C:\Users\FUKdafedgov\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)

FirewallRules: [{96185350-F1AE-41B4-9110-8B670505A96B}] => (Allow) C:\Users\FUKdafedgov\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)

FirewallRules: [{C003D50A-F52E-45FC-B1A7-91BC12B0D385}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{CE6290E3-30EC-472A-890F-1BB718469B2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{B26B881B-3767-4AC9-9EDE-25BC5CB64368}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{619F7963-A9AB-4DBE-A35B-9B92F400A47F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{2E879E27-DF4E-48A5-A4E9-860202F5FCCB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{17A91241-4C48-4778-862B-44164E983433}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{E496B3DD-E0E2-4D9B-A124-6E9B3CB5BF3E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{E6C6D1DC-F5CB-4CC1-B812-ABAC396897CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{BE12D9F4-0920-4EF1-92D1-F617269491BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{B369252F-9AEF-45EA-A14C-A9F184922681}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{238810F8-6C05-4A23-9241-C25992305402}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{D1B0A723-0A3C-4EE7-B3E1-FF43F064354A}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [{FD51D39A-07F0-4D3D-AB75-BE2929638C7E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

21-10-2023 05:01:52 Windows Modules Installer

24-10-2023 21:27:08 Windows Modules Installer

26-10-2023 15:50:43 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================