Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Persistent files. Stay even after I reinstall Windows. Is it malware?


  • This topic is locked This topic is locked
21 replies to this topic

#1 Madmatt85

Madmatt85

  •  Avatar image
  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 27 October 2023 - 06:22 AM

I bought an old Lenovo t430 at a pawn shop for 20 bucks. It seems there is something strange going on with it. I have reinstalled windows numerous times but for some reason certain files stay with the same old date. 7/19. There also seems to be a ton of strange firewall rules. If someone could help me finally get it free of whatever is on it I'd greatly appreciate it. Thanks!!!

Edited by Madmatt85, 27 October 2023 - 06:24 AM.


BC AdBot (Login to Remove)

 


#2 MoxieMomma

MoxieMomma

  •  Avatar image
  • BC Advisor
  • 2,346 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:57 PM

Posted 27 October 2023 - 06:28 AM

Hello and welcome to BC:

 

We need more information in order to better assist you.

 

FIRST: Please download, install and run the Free version of Speccy from here: https://www.ccleaner.com/speccy.

 

Then, go to File > Publish Snapshot

Click YES > Copy to Clipboard

 

Then please post the LINK by pasting it into your next reply.

 

ALSO:

 

Please download and install MiniToolBox from here:  https://www.bleepingcomputer.com/download/minitoolbox/

 

 

Place a checkmark in the following boxes:
 
List Last 10 Event Viewer Errors
List Installed Programs
List Problematic Devices 
List Users, Partitions and Memory size

 

Click “GO”
Please post the results here by pasting them in your next reply in this thread.



#3 MoxieMomma

MoxieMomma

  •  Avatar image
  • BC Advisor
  • 2,346 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:57 PM

Posted 27 October 2023 - 06:37 AM

While you're working on those....

 

Did you wipe the drive and delete all the existing partitions before reinstalling Windows?



#4 Madmatt85

Madmatt85
  • Topic Starter

  •  Avatar image
  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 27 October 2023 - 06:50 AM

Yes I wiped it. I will post the requested info as soon as I get back to my machine. Thanks so much for the quick response.

#5 Pkshadow

Pkshadow

  •  Avatar image
  • BC Advisor
  • 12,306 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:On the Brow of the Hill, West Coast, Canada
  • Local time:08:57 PM

Posted 27 October 2023 - 08:13 PM

So you deleted UEFI and System Partition as well as C:  ?

 

If so there is no such thing as persistent files.

 

It would be something you are installing.


" mosquitoes really wake up everyday and choose violence "   — dalia (@_dalia7)
www.cnn.com/2020/07/23/health/mosquitoes-attraction-humans-future-wellness-scn/index.html
 

I-7 ASUS ROG Rampage II Extreme  / ASUS TUF Gaming F17 / I-7 4770K ASUS ROG Maximus VI Extreme


#6 Madmatt85

Madmatt85
  • Topic Starter

  •  Avatar image
  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 28 October 2023 - 01:18 AM

I definitely did. Thats why im confused and the same date from 2019 is on all of them. I will have the requested info in just a sec.



#7 Pkshadow

Pkshadow

  •  Avatar image
  • BC Advisor
  • 12,306 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:On the Brow of the Hill, West Coast, Canada
  • Local time:08:57 PM

Posted 28 October 2023 - 02:36 AM

So ya no such thing if have wiped the drive including any partitions that Lenovo has for recovery.

 

Your Support Page : https://pcsupport.lenovo.com/ca/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430/downloads

 

So ya you were asked for :

Please Post a "link" of Speccy Report.
Please install Speccy Free : https://m.majorgeeks.com/files/details/speccy.html
Use Custom Install
  At the Top Left Corner of Speccy --> Click File and then Click Publish Snapshot Report, a window will popup and Click YES. --> Another popup will appear and then Click "Copy To Clipboard" then Paste that "link" to your next reply in your thread.

 

Download Minitoolbox from the below link :
http://www.bleepingcomputer.com/download/minitoolbox/
  Run the tool and only select the following tick boxes.
    -List last 10 Event viewer errors
    -List installed programs
    -List devices
    -List users, partition and memory size
Now click "Go" and Copy/Paste and post the output text in your next reply


" mosquitoes really wake up everyday and choose violence "   — dalia (@_dalia7)
www.cnn.com/2020/07/23/health/mosquitoes-attraction-humans-future-wellness-scn/index.html
 

I-7 ASUS ROG Rampage II Extreme  / ASUS TUF Gaming F17 / I-7 4770K ASUS ROG Maximus VI Extreme


#8 Madmatt85

Madmatt85
  • Topic Starter

  •  Avatar image
  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 28 October 2023 - 03:07 AM

http://speccy.piriform.com/results/w8KVdRCz5elfWrnMUUBtGF2

 

 

 

 

MiniToolBox by Farbar  Version: 13-05-2022
Ran by FUKdafedgov (administrator) on 28-10-2023 at 03:18:53
Running from "C:\Users\FUKdafedgov\Downloads"
Microsoft Windows 10 Pro  (X64)
Model: 23474R7 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/27/2023 07:26:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3570 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1d80
 
Start Time: 01da08c83f2c0ab9
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 
Report Id: 2166dae6-2ef1-40b5-94ed-6f66ce757955
 
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: ShellFeedsUI
 
Hang type: Quiesce
 
Error: (10/27/2023 07:05:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: brave_vpn_wireguard_service.exe, version: 118.1.59.120, time stamp: 0x652f74a0
Faulting module name: brave_vpn_wireguard_service.exe, version: 118.1.59.120, time stamp: 0x652f74a0
Exception code: 0x80000003
Fault offset: 0x00000000000c93ab
Faulting process id: 0x1fac
Faulting application start time: 0x01da08c57a7bdc63
Faulting application path: C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.120\BraveVpnWireguardService\brave_vpn_wireguard_service.exe
Faulting module path: C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.120\BraveVpnWireguardService\brave_vpn_wireguard_service.exe
Report Id: d13cbf42-8ebe-4116-bc19-5b7eeba41609
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/27/2023 02:05:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1216.
 
Error: (10/27/2023 02:05:34 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database (3744,U,98) Catalog Database: Database recovery/restore failed with unexpected error -1216.
 
Error: (10/27/2023 02:05:34 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Catalog Database (3744,U,98) Catalog Database: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
Error: (10/27/2023 02:04:56 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3764,R,98) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU001AF.log.
 
Error: (10/25/2023 12:32:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5
Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19
Exception code: 0xc000041d
Fault offset: 0x00005514
Faulting process id: 0x2050
Faulting application start time: 0x01da06ec0bc9cbb4
Faulting application path: C:\Users\FUKDAF~1\AppData\Local\Temp\is-D1Q9A.tmp\setup.tmp
Faulting module path: botva2.dll
Report Id: 8796619f-f36f-42d5-915b-db363f9d6fea
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/25/2023 12:31:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5
Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x00005514
Faulting process id: 0x2050
Faulting application start time: 0x01da06ec0bc9cbb4
Faulting application path: C:\Users\FUKDAF~1\AppData\Local\Temp\is-D1Q9A.tmp\setup.tmp
Faulting module path: botva2.dll
Report Id: 52e9ae83-0704-4508-9549-0565a865e651
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/24/2023 10:10:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5
Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19
Exception code: 0xc000041d
Fault offset: 0x00005514
Faulting process id: 0x284
Faulting application start time: 0x01da0653c0da7ca7
Faulting application path: C:\Users\FUKDAF~1\AppData\Local\Temp\is-H5CA8.tmp\setup.tmp
Faulting module path: botva2.dll
Report Id: ec4950d5-7fcb-443d-8e25-d2abc60caf90
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/24/2023 10:09:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5
Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x00005514
Faulting process id: 0x284
Faulting application start time: 0x01da0653c0da7ca7
Faulting application path: C:\Users\FUKDAF~1\AppData\Local\Temp\is-H5CA8.tmp\setup.tmp
Faulting module path: botva2.dll
Report Id: ea72af93-0035-4caa-b761-0d5e7ab25180
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (10/27/2023 06:24:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.399.1389.0) - Current Channel (Broad).
 
Error: (10/27/2023 02:04:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NcbService service terminated with the following error: 
%%31 = A device attached to the system is not functioning.
 
Error: (10/26/2023 11:56:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
Error: (10/26/2023 11:54:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Event-ID 10005
 
Error: (10/26/2023 11:54:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Event-ID 10005
 
Error: (10/26/2023 11:49:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Event-ID 10005
 
Error: (10/26/2023 11:49:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Event-ID 10005
 
Error: (10/26/2023 07:25:52 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (10/25/2023 08:43:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
Error: (10/25/2023 08:43:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:42:29 PM on ‎10/‎25/‎2023 was unexpected.
 
 
Windows Defender:
================
Date: 2023-10-27 06:26:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-10-24 05:00:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-10-22 10:09:27
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-10-22 01:57:39
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Bullboka.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\FUKdafedgov\Downloads\FL Studio Producer Edition - v21 Full (2021)\Setup (password is THEPIRATEBAY007)\Setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.399.1099.0, AS: 1.399.1099.0, NIS: 1.399.1099.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007
 
Date: 2023-10-22 01:52:23
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Bullboka.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\FUKdafedgov\Downloads\FL Studio Producer Edition - v21 Full (2021)\Setup (password is THEPIRATEBAY007)\Setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.399.1099.0, AS: 1.399.1099.0, NIS: 1.399.1099.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007
Event[0]:
 
Date: 2023-10-27 02:05:22
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified. 
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0
 
=========================== Installed Programs ============================
 
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15 - tippach engineering)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 118.1.59.124 - Brave Software Inc)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Mooer Studio for GE150 V1.3.7 (HKLM-x32\...\Mooer Studio for GE150 V1.3.7) (Version: V1.3.7 - Mooer Audio Corp)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
Total War: Rome 2 (HKLM-x32\...\Total War: Rome 2_is1) (Version:  - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VPN by Google One (HKLM\...\{A1F022B1-145B-4EBF-9752-95B413C837A3}) (Version: 1.8.0.4 - Google LLC)
 
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10160.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0 [2019-12-07] (Spotify AB) [Startup Task]
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x86__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
 
========================= Devices: ================================
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Device ID: ACPI\LEN0078\5&2890D699&0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 50%
Total physical RAM: 8009.11 MB
Available physical RAM: 3996.91 MB
Total Virtual: 9289.11 MB
Available Virtual: 3785.46 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:297.47 GB) (Free:84.6 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DESKTOP-4H03BFN
 
Administrator            DefaultAccount           FUKdafedgov              
Guest                    WDAGUtilityAccount       
 
 
**** End of log ****
 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2023
Ran by FUKdafedgov (administrator) on DESKTOP-4H03BFN (LENOVO 23474R7) (28-10-2023 03:34:49)
Running from C:\Users\FUKdafedgov\Downloads\FRST64.exe
Loaded Profiles: FUKdafedgov
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Google\VPN by Google One\1.8.0.4\googleone.exe ->) (Google LLC -> ) C:\Program Files\Google\VPN by Google One\1.8.0.4\crashpad_handler.exe <2>
(C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\VPN by Google One\1.8.0.4\googleone.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <44>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\Speccy\Speccy64.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\VPN by Google One\1.8.0.4\VpnByGoogleOneService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\FUKdafedgov\AppData\Local\Microsoft\OneDrive\23.209.1008.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BraveVpnWireguardService] => C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.124\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [11338776 2023-10-25] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.69\Installer\setup.exe [4989992 2023-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\Run: [Microsoft Edge Update] => C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateCore.exe [264264 2023-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\Run: [MicrosoftEdgeAutoLaunch_D93DD99879B1248AC5D84E0F7DF895AD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4187176 2023-10-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\Run: [VPN by Google One] => C:\Program Files\Google\VPN by Google One\1.8.0.4\googleone.exe [10480928 2023-09-18] (Google LLC -> Google LLC)
HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3122200 2023-10-25] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\FUKdafedgov\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [65019816 2023-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\FUKdafedgov\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\RunOnce: [Uninstall 23.204.1001.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\FUKdafedgov\AppData\Local\Microsoft\OneDrive\23.204.1001.0003" [0 2023-10-27] () <==== ATTENTION [zero byte File/Folder]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.124\Installer\chrmstp.exe [2023-10-27] (Brave Software, Inc. -> Brave Software, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {E4B6169B-798D-43B4-A053-E4B7CB16924A} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{D3E7130D-65EB-4AFA-AE91-1ADE2213338F} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-21] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {29FC3410-1165-40EA-93B3-CFEB7E5C7F33} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{6F17244B-9E47-4B71-8374-74C8A23EAC02} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-21] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D4B58C84-E89D-4102-8355-005503D87635} - System32\Tasks\DolbySelectorTask => %ProgramFiles%\Dolby Digital Plus\ddp.exe  -autostart (No File)
Task: {59CA7406-BE54-4187-B854-BBAD3A59651B} - System32\Tasks\GoogleUpdateTaskMachineCore{8CED12B6-05CB-4930-8B39-FCF7AA4C5832} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-10-22] (Google LLC -> Google LLC)
Task: {1A1A1C4A-0293-4123-99E6-475EFA23B825} - System32\Tasks\GoogleUpdateTaskMachineUA{FDE75186-79BE-4A2A-9DBE-26EEB5B2496E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-10-22] (Google LLC -> Google LLC)
Task: {23BF5CCA-7246-40B8-BC5F-14A71A438291} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [129016 2022-12-04] (Lenovo -> Lenovo)
Task: {CA5AADCC-564B-4304-845E-6E8BF4776FAB} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [65016 2022-12-04] (Lenovo -> )
Task: {ABE4446B-BD11-40BB-AB48-11048B739C03} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DD282A26-F783-4B91-BF62-9B9ADB1961F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A627979-24D5-40A9-AFA0-ADC09F55B551} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6027DAB-EDE4-4EF2-A889-ECCECE690964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {76F4BC82-8D90-45CA-AF93-8A5B25F4E06F} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3237366536-3690962144-3967476854-1001Core{E5C455C4-0CAE-4B13-9BB3-8921568BFA16} => C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206288 2023-10-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {222A04CD-47C0-49A2-A4A0-E20E4FAD160B} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3237366536-3690962144-3967476854-1001UA{CE8E0582-50C9-4E51-9589-64E1DB04B72A} => C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206288 2023-10-21] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0af08e33-ca4a-4e37-862c-c9a5e8f5411a}: [NameServer] 8.8.4.4, 8.8.8.8
Tcpip\..\Interfaces\{347968c1-65b2-403a-a080-7ea230b4fc65}: [NameServer] 8.8.4.4, 8.8.8.8
Tcpip\..\Interfaces\{37fcf1e9-18c3-11ea-aa03-806e6f6e6963}: [NameServer] 8.8.4.4, 8.8.8.8
Tcpip\..\Interfaces\{3f0f136d-82ff-4b1b-89c5-81b6258a5ce6}: [NameServer] 8.8.4.4, 8.8.8.8
Tcpip\..\Interfaces\{68d6647d-3ad8-44f9-9d3e-0e12d8e4dcb5}: [NameServer] 8.8.4.4, 8.8.8.8
Tcpip\..\Interfaces\{cf09c478-a718-44b7-ad92-35e41f408ef3}: [NameServer] 8.8.4.4, 8.8.8.8
Tcpip\..\Interfaces\{e1a8be1e-59eb-4859-93f4-b083d0b90418}: [NameServer] 8.8.4.4, 8.8.8.8
Tcpip\..\Interfaces\{e1a8be1e-59eb-4859-93f4-b083d0b90418}: [DhcpNameServer] 192.168.1.254
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\FUKdafedgov\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-28]
Edge Extension: (Google Docs Offline) - C:\Users\FUKdafedgov\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-21]
Edge Extension: (Edge relevant text changes) - C:\Users\FUKdafedgov\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-27]
 
Brave: 
=======
BRA Profile: C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-10-24]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2023-10-21]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-10-24]
BRA Extension: (Brave NTP background images) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2023-10-21]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2023-10-25]
BRA Extension: (Wallet Data Files Updater) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-10-24]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2023-10-25]
BRA Extension: (Brave NTP sponsored images) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2023-10-24]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-10-21]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2023-10-21]
BRA Extension: (Brave Ads Resources) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2023-10-22]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-10-25]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2023-10-24]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\FUKdafedgov\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-24]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-21] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-21] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.124\brave_vpn_helper.exe [3073048 2023-10-25] (Brave Software, Inc. -> Brave Software, Inc.)
S3 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.124\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [11338776 2023-10-25] (Brave Software, Inc. -> Brave Software, Inc.)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 VPN by Google One Service; C:\Program Files\Google\VPN by Google One\1.8.0.4\VpnByGoogleOneService.exe [5451552 2023-09-18] (Google LLC -> Google LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.124\elevation_service.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cpuz149; C:\Users\FUKdafedgov\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2023-10-28] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION
R3 googtun; C:\Windows\System32\drivers\googtun.sys [31296 2023-10-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 MpKsl47f27830; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE41FD14-01D3-4DF1-A69C-8271ADA45D4D}\MpKslDrv.sys [263560 2023-10-28] (Microsoft Windows -> Microsoft Corporation)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 risdxc; C:\Windows\System32\drivers\risdxc64.sys [106496 2013-09-08] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2023-10-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572712 2023-10-21] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105872 2023-10-21] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-10-28 02:22 - 2023-10-28 03:19 - 000014025 _____ C:\Users\FUKdafedgov\Downloads\MTB.txt
2023-10-28 02:20 - 2023-10-28 02:20 - 000956928 _____ (Farbar) C:\Users\FUKdafedgov\Downloads\MiniToolBox.exe
2023-10-28 02:20 - 2023-10-28 02:20 - 000000837 _____ C:\Users\Public\Desktop\Speccy.lnk
2023-10-28 02:20 - 2023-10-28 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2023-10-28 02:19 - 2023-10-28 02:20 - 000000000 ____D C:\Program Files\Speccy
2023-10-28 02:18 - 2023-10-28 02:19 - 008995336 _____ (Piriform Software Ltd) C:\Users\FUKdafedgov\Downloads\spsetup132.exe
2023-10-27 07:26 - 2023-10-27 07:26 - 002383360 _____ (Farbar) C:\Users\FUKdafedgov\Downloads\FRST64.exe
2023-10-27 07:25 - 2023-10-27 07:25 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\OneDrive
2023-10-26 15:47 - 2019-12-07 05:18 - 000000000 ___HD C:\$WinREAgent
2023-10-25 01:08 - 2023-10-25 01:08 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\MMC
2023-10-25 00:32 - 2023-10-25 00:32 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\CrashDumps
2023-10-24 23:50 - 2023-10-28 02:33 - 000022436 _____ C:\Users\FUKdafedgov\Downloads\Addition.txt
2023-10-24 23:45 - 2023-10-24 23:45 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\mbam
2023-10-24 23:32 - 2023-10-25 02:27 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\Malwarebytes
2023-10-24 23:22 - 2023-10-24 23:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-10-24 23:22 - 2023-10-24 23:22 - 000000000 ____D C:\Program Files\Malwarebytes
2023-10-24 23:13 - 2023-10-28 03:38 - 000017836 _____ C:\Users\FUKdafedgov\Downloads\FRST.txt
2023-10-24 23:11 - 2023-10-28 03:36 - 000000000 ____D C:\FRST
2023-10-24 21:33 - 2023-10-24 21:33 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-10-24 19:13 - 2023-10-25 00:27 - 000000000 ___HD C:\Windows\msdownld.tmp
2023-10-24 19:12 - 2023-10-25 00:28 - 000000000 ____D C:\Windows\SysWOW64\directx
2023-10-24 04:27 - 2023-10-24 04:27 - 000001429 _____ C:\Users\Public\Desktop\Total War - Rome 2.lnk
2023-10-24 04:27 - 2023-10-24 04:27 - 000000000 ____D C:\Games
2023-10-24 03:29 - 2023-10-24 03:29 - 000000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-10-22 19:02 - 2019-12-07 05:18 - 000000000 ____D C:\Users\FUKdafedgov\Downloads\Cyberpunk 2077 [FitGirl Repack]
2023-10-22 18:16 - 2023-10-22 23:32 - 000000000 ____D C:\Users\FUKdafedgov\Downloads\Total War - Rome 2 [FitGirl Repack]
2023-10-22 18:09 - 2023-10-22 18:09 - 000001299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPN by Google One.lnk
2023-10-22 18:09 - 2023-10-22 18:09 - 000001287 _____ C:\Users\Public\Desktop\VPN by Google One.lnk
2023-10-22 18:09 - 2023-10-22 18:09 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\Google
2023-10-22 18:09 - 2023-10-22 18:09 - 000000000 ____D C:\Program Files\Google
2023-10-22 18:06 - 2023-10-28 03:11 - 000000000 ____D C:\Program Files (x86)\Google
2023-10-22 18:06 - 2023-10-22 18:06 - 001373744 _____ (Google LLC) C:\Users\FUKdafedgov\Downloads\VpnByGoogleOneSetup.exe
2023-10-22 18:06 - 2023-10-22 18:06 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{FDE75186-79BE-4A2A-9DBE-26EEB5B2496E}
2023-10-22 18:06 - 2023-10-22 18:06 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{8CED12B6-05CB-4930-8B39-FCF7AA4C5832}
2023-10-22 11:50 - 2023-10-22 11:50 - 001016800 _____ (Spotify Ltd) C:\Users\FUKdafedgov\Downloads\SpotifySetup.exe
2023-10-22 10:25 - 2023-10-22 10:25 - 000003342 _____ C:\Windows\system32\Tasks\DolbySelectorTask
2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\Windows\system32\DAX2
2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\Program Files\Realtek
2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\Program Files\Dolby Digital Plus
2023-10-22 10:25 - 2023-10-22 10:25 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-10-22 10:25 - 2015-10-01 07:02 - 000002108 _____ C:\Windows\system32\Drivers\SAMSFPA.DAT
2023-10-22 10:25 - 2015-10-01 07:02 - 000000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.DAT
2023-10-22 10:25 - 2015-10-01 07:02 - 000000098 _____ C:\Windows\system32\Drivers\RTMICAR.DAT
2023-10-22 10:24 - 2015-10-01 08:33 - 003271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2023-10-22 10:24 - 2015-10-01 08:33 - 002954224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2023-10-22 10:24 - 2015-10-01 08:33 - 001352000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2023-10-22 10:24 - 2015-10-01 08:33 - 000447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2023-10-22 10:24 - 2015-10-01 08:33 - 000343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2023-10-22 10:24 - 2015-10-01 08:33 - 000195192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2023-10-22 10:24 - 2015-10-01 08:33 - 000151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2023-10-22 10:24 - 2015-10-01 08:33 - 000134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2023-10-22 10:24 - 2015-10-01 08:33 - 000084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2023-10-22 10:24 - 2015-10-01 08:31 - 003278408 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2023-10-22 10:24 - 2015-10-01 08:30 - 002531696 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2023-10-22 10:24 - 2015-10-01 08:30 - 001965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2023-10-22 10:24 - 2015-10-01 08:30 - 000327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2023-10-22 10:24 - 2015-10-01 08:30 - 000272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2023-10-22 10:24 - 2015-10-01 08:25 - 004603136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2023-10-22 10:24 - 2015-10-01 08:25 - 002997504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2023-10-22 10:24 - 2015-10-01 08:25 - 002711296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2023-10-22 10:24 - 2015-10-01 08:24 - 000023704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2023-10-22 10:24 - 2015-10-01 08:23 - 007172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2023-10-22 10:24 - 2015-10-01 08:23 - 001842432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2023-10-22 10:24 - 2015-10-01 08:22 - 007096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2023-10-22 10:24 - 2015-10-01 08:22 - 000952984 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2023-10-22 10:24 - 2015-10-01 08:22 - 000357528 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2023-10-22 10:24 - 2015-10-01 08:21 - 000122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2023-10-22 10:04 - 2023-10-22 10:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2023-10-22 10:04 - 2023-10-22 10:04 - 000000000 ____D C:\Program Files\Synaptics
2023-10-22 10:02 - 2023-10-22 10:02 - 000000000 ____D C:\Windows\SysWOW64\Lenovo
2023-10-22 10:02 - 2023-10-22 10:02 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2023-10-22 10:02 - 2023-10-22 10:02 - 000000000 ____D C:\Windows\system32\Lenovo
2023-10-22 10:02 - 2023-10-22 10:02 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\Lenovo
2023-10-22 10:02 - 2023-10-22 10:02 - 000000000 ____D C:\ProgramData\Lenovo
2023-10-22 10:02 - 2022-12-04 23:06 - 005492696 _____ (Lenovo Group Limited) C:\Windows\SysWOW64\PWMTR32V.dll
2023-10-22 10:02 - 2022-12-04 23:06 - 000065016 _____ () C:\Windows\SysWOW64\PowerMgrInst.exe
2023-10-22 10:02 - 2022-12-04 23:04 - 002352344 _____ (Lenovo Group Limited) C:\Windows\SysWOW64\EasyResume.exe
2023-10-22 10:02 - 2022-12-04 23:04 - 000173008 _____ (Lenovo) C:\Windows\SysWOW64\InstHelper.dll
2023-10-22 10:02 - 2022-12-04 23:04 - 000105424 _____ (Lenovo) C:\Windows\SysWOW64\EventLogger.dll
2023-10-22 04:28 - 2023-10-22 15:42 - 000000000 ____D C:\Users\FUKdafedgov\Documents\Image-Line
2023-10-22 04:24 - 2023-10-22 04:24 - 000001882 _____ C:\Users\Public\Desktop\FL Studio 20.lnk
2023-10-22 04:24 - 2023-10-22 04:24 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2023-10-22 04:24 - 2023-10-22 04:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2023-10-22 04:24 - 2023-10-22 04:24 - 000000000 ____D C:\Program Files\Common Files\VST2
2023-10-22 04:24 - 2023-10-22 04:24 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2023-10-22 04:24 - 2023-10-22 04:24 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2023-10-22 04:18 - 2023-10-22 04:24 - 000000000 ____D C:\Program Files\Image-Line
2023-10-22 03:56 - 2023-10-22 09:38 - 000002284 _____ C:\Users\FUKdafedgov\Desktop\Mooer Studio for GE150.lnk
2023-10-22 03:48 - 2023-10-22 03:58 - 000000000 ____D C:\Users\FUKdafedgov\Downloads\GE150_V1.3.7_Win
2023-10-22 03:45 - 2023-10-22 03:56 - 000000000 ____D C:\ProgramData\Package Cache
2023-10-22 02:05 - 2023-10-22 02:05 - 000000000 ____D C:\Users\FUKdafedgov\Downloads\FL_Studio_Producer_Edition_20.6.2_Build_1549
2023-10-22 00:44 - 2023-10-22 00:44 - 000000000 ____D C:\Program Files (x86)\Mooer Audio Corp
2023-10-22 00:00 - 2023-10-25 07:34 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\BitTorrentHelper
2023-10-21 23:59 - 2023-10-21 23:59 - 000000000 ____D C:\Users\FUKdafedgov\AppData\LocalLow\uTorrent.WebView2
2023-10-21 23:58 - 2023-10-21 23:58 - 000000902 _____ C:\Users\FUKdafedgov\Desktop\µTorrent.lnk
2023-10-21 23:58 - 2023-10-21 23:58 - 000000882 _____ C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2023-10-21 23:58 - 2019-12-07 05:18 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Roaming\utorrent
2023-10-21 23:56 - 2023-10-21 23:56 - 001734112 _____ ( ) C:\Users\FUKdafedgov\Downloads\utorrent_installer.exe
2023-10-21 23:48 - 2023-10-22 00:42 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\PlaceholderTileLogoFolder
2023-10-21 04:58 - 2023-10-27 07:04 - 000000000 __SHD C:\Users\FUKdafedgov\IntelGraphicsProfiles
2023-10-21 04:58 - 2023-10-22 10:22 - 000000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2023-10-21 04:58 - 2023-10-21 04:58 - 000000000 ____D C:\ProgramData\PLUG
2023-10-21 04:02 - 2023-10-21 04:02 - 000016059 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-10-21 03:30 - 2023-10-27 06:09 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-10-21 03:24 - 2023-10-22 10:13 - 000000000 ____D C:\Intel
2023-10-21 03:24 - 2023-10-21 03:24 - 000000000 ____D C:\Program Files\Intel
2023-10-21 03:24 - 2023-10-21 03:24 - 000000000 ____D C:\Program Files (x86)\Intel
2023-10-21 03:19 - 2023-10-21 03:19 - 000000000 ____D C:\Program Files\RUXIM
2023-10-21 03:13 - 2023-10-21 03:18 - 000000000 ____D C:\Windows\system32\MRT
2023-10-21 03:04 - 2023-10-21 03:05 - 017130548 _____ C:\Users\FUKdafedgov\Downloads\GE150_V1.3.7_Win.zip
2023-10-21 03:02 - 2023-10-27 18:05 - 000003886 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3237366536-3690962144-3967476854-1001UA{CE8E0582-50C9-4E51-9589-64E1DB04B72A}
2023-10-21 03:02 - 2023-10-27 18:05 - 000003834 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3237366536-3690962144-3967476854-1001Core{E5C455C4-0CAE-4B13-9BB3-8921568BFA16}
2023-10-21 03:02 - 2023-10-21 03:02 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\D3DSCache
2023-10-21 03:01 - 2023-10-21 03:01 - 000002483 _____ C:\Users\FUKdafedgov\Downloads\ACDC mio.mo
2023-10-21 03:00 - 2023-10-27 11:08 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-10-21 03:00 - 2023-10-22 03:52 - 000002032 _____ C:\Users\FUKdafedgov\Desktop\ASIO4ALL Web Site.lnk
2023-10-21 03:00 - 2023-10-22 03:52 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2023-10-21 03:00 - 2023-10-21 03:00 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2023-10-21 03:00 - 2023-10-21 03:00 - 000000000 ____D C:\ProgramData\BraveSoftware
2023-10-21 02:59 - 2023-10-21 02:59 - 000000000 ____D C:\Program Files\BraveSoftware
2023-10-21 02:58 - 2023-10-21 03:06 - 000003566 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{6F17244B-9E47-4B71-8374-74C8A23EAC02}
2023-10-21 02:58 - 2023-10-21 03:06 - 000003442 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{D3E7130D-65EB-4AFA-AE91-1ADE2213338F}
2023-10-21 02:58 - 2023-10-21 02:58 - 000317560 _____ C:\Users\FUKdafedgov\Downloads\ASIO4ALL_2_15_English.exe
2023-10-21 02:57 - 2023-10-21 03:00 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\BraveSoftware
2023-10-21 02:57 - 2023-10-21 02:57 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2023-10-21 02:56 - 2023-10-27 07:09 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3237366536-3690962144-3967476854-1001
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-10-28 03:33 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-28 03:21 - 2019-12-07 04:11 - 000000000 ____D C:\Users\FUKdafedgov\AppData\Local\Packages
2023-10-28 03:11 - 2023-05-05 08:27 - 000000000 ____D C:\Windows\SystemTemp
2023-10-28 02:23 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2023-10-28 02:13 - 2019-12-07 03:29 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-27 07:09 - 2019-12-07 04:17 - 000003392 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3237366536-3690962144-3967476854-1001
2023-10-27 07:09 - 2019-12-07 04:10 - 000002401 _____ C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-10-27 07:04 - 2019-12-07 04:10 - 000000000 ____D C:\Users\FUKdafedgov
2023-10-27 06:23 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2023-10-27 06:22 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-27 06:22 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2023-10-27 06:11 - 2019-12-07 03:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-27 06:10 - 2019-12-07 03:41 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-27 02:04 - 2019-12-07 03:29 - 000008192 ___SH C:\DumpStack.log.tmp
2023-10-27 02:04 - 2019-12-07 03:29 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-10-26 23:51 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-10-26 23:51 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-10-24 02:42 - 2019-12-07 03:30 - 000003534 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-10-24 02:42 - 2019-12-07 03:30 - 000003410 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-10-22 18:11 - 2019-12-07 04:11 - 000000000 ___SD C:\Users\FUKdafedgov\AppData\Roaming\Microsoft\Credentials
2023-10-22 10:21 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-10-22 00:48 - 2019-12-07 04:12 - 000000000 ____D C:\ProgramData\Packages
2023-10-21 04:49 - 2019-12-07 03:29 - 000259496 _____ C:\Windows\system32\FNTCACHE.DAT
2023-10-21 04:28 - 2019-12-07 03:29 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-10-21 04:25 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-10-21 04:25 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2023-10-21 04:25 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2023-10-21 04:01 - 2019-12-07 03:32 - 003014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-10-21 03:42 - 2019-12-07 03:28 - 000000000 ____D C:\Windows\Panther
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by FUKdafedgov (28-10-2023 03:45:15)
Running from C:\Users\FUKdafedgov\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) (2019-12-07 07:37:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3237366536-3690962144-3967476854-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3237366536-3690962144-3967476854-503 - Limited - Disabled)
FUKdafedgov (S-1-5-21-3237366536-3690962144-3967476854-1001 - Administrator - Enabled) => C:\Users\FUKdafedgov
Guest (S-1-5-21-3237366536-3690962144-3967476854-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3237366536-3690962144-3967476854-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\uTorrent) (Version: 3.6.0.46902 - BitTorrent Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15 - tippach engineering)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 118.1.59.124 - Brave Software Inc)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 118.0.2088.69 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 118.0.2088.69 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\OneDriveSetup.exe) (Version: 23.209.1008.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24123 (HKLM\...\{21134089-9B59-34C8-BE11-929D26AD5207}) (Version: 14.0.24123 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24123 (HKLM\...\{FDBE9DB4-7A91-3A28-B27E-705EF7CFAE57}) (Version: 14.0.24123 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24123 (HKLM-x32\...\{03AC7A79-F8AF-38FC-9DA0-98DAB4F4B1CD}) (Version: 14.0.24123 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24123 (HKLM-x32\...\{06AE3BCC-7612-39D3-9F3B-B6601D877D02}) (Version: 14.0.24123 - Microsoft Corporation) Hidden
Mooer Studio for GE150 V1.3.7 (HKLM-x32\...\Mooer Studio for GE150 V1.3.7) (Version: V1.3.7 - Mooer Audio Corp)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
Total War: Rome 2 (HKLM-x32\...\Total War: Rome 2_is1) (Version:  - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VPN by Google One (HKLM\...\{A1F022B1-145B-4EBF-9752-95B413C837A3}) (Version: 1.8.0.4 - Google LLC)
 
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10160.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0 [2019-12-07] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3237366536-3690962144-3967476854-1001_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3237366536-3690962144-3967476854-1001_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3237366536-3690962144-3967476854-1001_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3237366536-3690962144-3967476854-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3237366536-3690962144-3967476854-1001_Classes\CLSID\{E3D57E77-FE71-4D06-BD34-D48820074909}\InprocServer32 -> C:\Users\FUKdafedgov\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2023-10-22 18:09 - 1980-01-01 01:00 - 000393728 _____ (Google) [File not signed] C:\Program Files\Google\VPN by Google One\1.8.0.4\googtun.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.4.4 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3863DE9B-5BED-4C1E-B7FE-78FD68A61989}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{135491B9-B7A0-41F0-8832-D5224DFCDCC5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A30FE73-6D56-460C-9020-1E3156EFFC31}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B457A4CB-A033-467D-A674-F5F2669D83B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66535A9D-1995-4563-A77C-41278923E414}] => (Allow) C:\Users\FUKdafedgov\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{96185350-F1AE-41B4-9110-8B670505A96B}] => (Allow) C:\Users\FUKdafedgov\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{C003D50A-F52E-45FC-B1A7-91BC12B0D385}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CE6290E3-30EC-472A-890F-1BB718469B2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B26B881B-3767-4AC9-9EDE-25BC5CB64368}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{619F7963-A9AB-4DBE-A35B-9B92F400A47F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2E879E27-DF4E-48A5-A4E9-860202F5FCCB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{17A91241-4C48-4778-862B-44164E983433}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E496B3DD-E0E2-4D9B-A124-6E9B3CB5BF3E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E6C6D1DC-F5CB-4CC1-B812-ABAC396897CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BE12D9F4-0920-4EF1-92D1-F617269491BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B369252F-9AEF-45EA-A14C-A9F184922681}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{238810F8-6C05-4A23-9241-C25992305402}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1B0A723-0A3C-4EE7-B3E1-FF43F064354A}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{FD51D39A-07F0-4D3D-AB75-BE2929638C7E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
21-10-2023 05:01:52 Windows Modules Installer
24-10-2023 21:27:08 Windows Modules Installer
26-10-2023 15:50:43 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/27/2023 07:26:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3570 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1d80
 
Start Time: 01da08c83f2c0ab9
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 
Report Id: 2166dae6-2ef1-40b5-94ed-6f66ce757955
 
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: ShellFeedsUI
 
Hang type: Quiesce
 
Error: (10/27/2023 07:05:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: brave_vpn_wireguard_service.exe, version: 118.1.59.120, time stamp: 0x652f74a0
Faulting module name: brave_vpn_wireguard_service.exe, version: 118.1.59.120, time stamp: 0x652f74a0
Exception code: 0x80000003
Fault offset: 0x00000000000c93ab
Faulting process id: 0x1fac
Faulting application start time: 0x01da08c57a7bdc63
Faulting application path: C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.120\BraveVpnWireguardService\brave_vpn_wireguard_service.exe
Faulting module path: C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.120\BraveVpnWireguardService\brave_vpn_wireguard_service.exe
Report Id: d13cbf42-8ebe-4116-bc19-5b7eeba41609
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/27/2023 02:05:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1216.
 
Error: (10/27/2023 02:05:34 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database (3744,U,98) Catalog Database: Database recovery/restore failed with unexpected error -1216.
 
Error: (10/27/2023 02:05:34 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Catalog Database (3744,U,98) Catalog Database: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
Error: (10/27/2023 02:04:56 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3764,R,98) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU001AF.log.
 
Error: (10/25/2023 12:32:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5
Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19
Exception code: 0xc000041d
Fault offset: 0x00005514
Faulting process id: 0x2050
Faulting application start time: 0x01da06ec0bc9cbb4
Faulting application path: C:\Users\FUKDAF~1\AppData\Local\Temp\is-D1Q9A.tmp\setup.tmp
Faulting module path: botva2.dll
Report Id: 8796619f-f36f-42d5-915b-db363f9d6fea
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/25/2023 12:31:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5
Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x00005514
Faulting process id: 0x2050
Faulting application start time: 0x01da06ec0bc9cbb4
Faulting application path: C:\Users\FUKDAF~1\AppData\Local\Temp\is-D1Q9A.tmp\setup.tmp
Faulting module path: botva2.dll
Report Id: 52e9ae83-0704-4508-9549-0565a865e651
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (10/27/2023 06:24:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.399.1389.0) - Current Channel (Broad).
 
Error: (10/27/2023 02:04:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NcbService service terminated with the following error: 
A device attached to the system is not functioning.
 
Error: (10/26/2023 11:56:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (10/26/2023 11:54:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
 
Error: (10/26/2023 11:54:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
 
Error: (10/26/2023 11:49:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
 
Error: (10/26/2023 11:49:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
 
Error: (10/26/2023 07:25:52 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
 
Windows Defender:
================
Date: 2023-10-27 06:26:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-10-24 05:00:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-10-22 10:09:27
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-10-22 01:57:39
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Bullboka.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\FUKdafedgov\Downloads\FL Studio Producer Edition - v21 Full (2021)\Setup (password is THEPIRATEBAY007)\Setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.399.1099.0, AS: 1.399.1099.0, NIS: 1.399.1099.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007
 
Date: 2023-10-22 01:52:23
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Bullboka.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\FUKdafedgov\Downloads\FL Studio Producer Edition - v21 Full (2021)\Setup (password is THEPIRATEBAY007)\Setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.399.1099.0, AS: 1.399.1099.0, NIS: 1.399.1099.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007
Event[0]:
 
Date: 2023-10-27 02:05:22
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified. 
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0
 
==================== Memory info =========================== 
 
BIOS: LENOVO G1ET98WW (2.58 ) 10/23/2013
Motherboard: LENOVO 23474R7
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 62%
Total physical RAM: 8009.11 MB
Available physical RAM: 2985.48 MB
Total Virtual: 9289.11 MB
Available Virtual: 2418.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.47 GB) (Free:83.88 GB) (Model: HGST HTS725032A7E630) NTFS
 
\\?\Volume{79d1f38a-64e0-4d0b-866d-0ba3aa65bef7}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{1b048364-9539-47f8-b581-ffdf0475acbd}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1563D013)
 
Partition: GPT.
 
==================== End of Addition.txt =======================


#9 Madmatt85

Madmatt85
  • Topic Starter

  •  Avatar image
  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 28 October 2023 - 03:11 AM

so ya i know  thats why i said i will have you the requested info shorty. so ya



#10 MoxieMomma

MoxieMomma

  •  Avatar image
  • BC Advisor
  • 2,346 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:57 PM

Posted 28 October 2023 - 03:56 AM

Hi:

 

For starters, it appears that you’ve been using torrents, which is a great way to get infected.
As such, Defender has detected evidence of malware in an installed program. (NOTE: this is consistent with what we suspected, as a true, clean Windows install after removing partitions would NOT include malware. The malware did not “survive” Windows reinstall – you installed a program with the malware.)

You might want to head over to the malware removal section for expert help with diagnosis and cleanup.
First: please read & follow THESE INSTRUCTIONS: https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Then, please post the requested logs in a new topic HERE: https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/

Once you have done so, please post back in this thread with the link to the new malware removal forum topic.
The Mod Team will then (temporarily) lock this thread until your malware helper gives you the “all clear”. Other issues can be addressed after the malware cleanup.
-------------------

Date: 2023-10-22 01:57:39
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bullboka.A&threatid=2147842004&enterprise=0
Name: Trojan:Win32/Bullboka.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\FUKdafedgov\Downloads\FL Studio Producer Edition - v21 Full (2021)\Setup (password is THEPIRATEBAY007)\Setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.399.1099.0, AS: 1.399.1099.0, NIS: 1.399.1099.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007

Date: 2023-10-22 01:52:23
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bullboka.A&threatid=2147842004&enterprise=0
Name: Trojan:Win32/Bullboka.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\FUKdafedgov\Downloads\FL Studio Producer Edition - v21 Full (2021)\Setup (password is THEPIRATEBAY007)\Setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.399.1099.0, AS: 1.399.1099.0, NIS: 1.399.1099.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007
Event[0]:

 


#11 Madmatt85

Madmatt85
  • Topic Starter

  •  Avatar image
  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 28 October 2023 - 08:06 AM

yeah but the issue was before that even before i was torrenting things the files with the 7/19 date are all over the place.  You certainly have the right to scold me over the torrents but the issue was already there before i even got the torrent program.



#12 Madmatt85

Madmatt85
  • Topic Starter

  •  Avatar image
  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 28 October 2023 - 08:10 AM

i just kind figured well something weird is going on anyway so why not. im gonna post a screenshot of my program files



#13 Madmatt85

Madmatt85
  • Topic Starter

  •  Avatar image
  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 28 October 2023 - 08:27 AM

Sorry for the crudeness of the photo I had to have someone who is near it to send me the pic. But you can see all the dates modified as 12/7/2019. Thats way before i was torrenting anything I reinstalled windows on october 22 2023.

Attached Files



#14 Pkshadow

Pkshadow

  •  Avatar image
  • BC Advisor
  • 12,306 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:On the Brow of the Hill, West Coast, Canada
  • Local time:08:57 PM

Posted 28 October 2023 - 01:58 PM

Please find from the bottom of your ThinkPad the proper name and the Serial Number.

 

What is showing does not match information.

 

Lenovo Model: 23474R7 gives me this Page : https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430/2347/downloads/driver-list/component?name=BIOS%2FUEFI&id=5AC6A815-321D-440E-8833-B07A93E0428C

 

Which shows the BIOS Version that is released : 2.82    Released  21 Aug 2019 

 

yet the Speccy Report shows that you are running BIOS Version  : G1ET98WW (2.58 ) Date: 10/23/2013 there fore the serial # is needed to properly identify.    Provide the info please.

=======================================================================================================================

 

What Install media are you using to do your Clean Install. ??  Where is it from ???

 

Or the URL for your correct Support Page.


" mosquitoes really wake up everyday and choose violence "   — dalia (@_dalia7)
www.cnn.com/2020/07/23/health/mosquitoes-attraction-humans-future-wellness-scn/index.html
 

I-7 ASUS ROG Rampage II Extreme  / ASUS TUF Gaming F17 / I-7 4770K ASUS ROG Maximus VI Extreme


#15 Pkshadow

Pkshadow

  •  Avatar image
  • BC Advisor
  • 12,306 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:On the Brow of the Hill, West Coast, Canada
  • Local time:08:57 PM

Posted 28 October 2023 - 02:00 PM

Please provide the above and also Open a new Topic as has been recommended in the Malware Removal Forum please.


" mosquitoes really wake up everyday and choose violence "   — dalia (@_dalia7)
www.cnn.com/2020/07/23/health/mosquitoes-attraction-humans-future-wellness-scn/index.html
 

I-7 ASUS ROG Rampage II Extreme  / ASUS TUF Gaming F17 / I-7 4770K ASUS ROG Maximus VI Extreme





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users