Jump to content

Dexie

Honorary Members
  • Posts

    27
  • Joined

  • Last visited

Everything posted by Dexie

  1. Yes, i know how to boot i to safe.mode. however i cannot boot into a workable safe mode as the computer disables it and i see a mirage of command.com ... if i do work around and get into anything that will kill it, it forces a restart. i have several copies on usb stick however now 3 of them are paperweights. They have been over written with a manifest file of some sort. None of the files can be copied unfortunately or accessed. Everything is protected against me with the TrustedPlatform and bitlocker. It seems there is a PE environment created by the MB (asus) company for testing which is what is being used and i am only a user with no permissions. All the programs/scripts are/seem to be Microsoft. I have never seen anything so aggressive and sturdy as what this seems to be. Any ideas?
  2. Im sorry that it has taken so long to reply, everything i do is monitored and i could not go to the website. Computer is completely disabled at this point. The files seem to be stored in virtual memory or as virtual memory. Virtual memory should reset when cmos is cleared, however this is not the case... they remain. I cannot manipulate much except to change the format after many tries but it never will allow deletion. I have removed 3 sticks of ram and booted with only one. I cannot be sure but it looks like it is using a raid set up across the ram and gpu ram. I can see the multiple hidden encrypted partitions on the ssd. Some are lba, some are not, the formats range from fat 12- fat 32 and any variation in between. 12 parts in total. They do not identify as partitions and therefore i cannot delete them or 00 them out. I can see there are commands being executed via wmic but cannot view or remove them. I think powershell is the answer to removal, unfortunately im not fluent in that. I can send a few pics i have taken with my phone if u would like. Thank you, Dexie
  3. It didnt like what we did yesterday... so no internet access for me today. Lol i am trying to access the files on the virtual drive. Will let you know and send logfile asap. I ran power explorer and then it uploaded to a hybrid analysis. I did keep both reports. Thank yiu again.
  4. Thank you so very much for working with me, I am having a new modem brought in tomorrow. I built this PC in may, the thought of trashing it in the garbage is killing me. I am not a programmer, but I am an advanced user with hardware and software. Seems as if I need a programmer of sorts. I am willing to do whatever you think might work. :) We have been working with this for 12 hours at least. I wish I could buy you a cup of coffee at the very least. Dex
  5. How do you suggest I get rid of the trojan ? I did not bother to update anything since it is rewriting everything I download. The files are located in the VRAM and are re-infecting the OS as it is reloaded. I have flashed the BIOS, secure erased the drives, put in new SSD drive .. removed all devices except 1 stick of memory, flashed BIOS and it still remains. I appreciate the things you were able to remove, but it just reinstalls another. Before infection, everything was up to date. It has been almost 2 months and I cannot find a solution. There are files written on the back end of the SSD, from what I have read these will not be scanned or picked up by virus scanners.
  6. I think the virus disabled much of this scanner, it finished rather quickly
  7. I do not have email set up or used on this computer. Upon reading more about this "worm", it is also known as .E variant and a few other names. NoAdware keeps deleting it but it finds it again on the next scan.
  8. this log was created using process explorer. Thank you so much for all of your help. You have not commented so not sure what you would like me to scan to get rid of this virus. It is finding a virus called MyDoom.B and after cleaning it finds it again. Please advise.
  9. Date(2-12-2021) Time(19-34-23).txt ScanLogDate(2-12-2021) Time(19-33-1).txt
  10. It is disabling the software from running properly and picking up certain things. I have used all of these.
  11. OTL Extras logfile created on: 12/2/2021 5:11:44 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cricket\Downloads 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.19041.0) Locale: 00000409 | Country: | Language: ENU | Date Format: M/d/yyyy 63.83 Gb Total Physical Memory | 59.23 Gb Available Physical Memory | 92.80% Memory free 73.33 Gb Paging File | 67.06 Gb Available in Paging File | 91.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 930.97 Gb Total Space | 815.00 Gb Free Space | 87.54% Space Free | Partition Type: NTFS Computer Name: DESKTOP-UHM6OA6 | User Name: cricket | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (All) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation) Directory [UpdateEncryptionSettings] -- Reg Error: Key error. Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation) Directory [UpdateEncryptionSettings] -- Reg Error: Key error. Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av] "DataMigrated" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{1122B19A-E671-38EC-8EAC-87048FD4528D}] "GUID" = {1122B19A-E671-38EC-8EAC-87048FD4528D} "DISPLAYNAME" = Norton Security "STATE" = 331776 "PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.20.2.57\WSCStub.exe "REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.20.2.57\nsWscSvc.exe 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}] "GUID" = {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A} "DISPLAYNAME" = Norton Security "STATE" = 331776 "PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.21.5.44\WSCStub.exe "REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.21.5.44\nsWscSvc.exe 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}] "GUID" = {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0} "DISPLAYNAME" = Norton Security "STATE" = 331776 "PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.21.10.40\WSCStub.exe -- (NortonLifeLock Inc.) "REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.21.10.40\nsWscSvc.exe -- (NortonLifeLock Inc.) 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}] "GUID" = {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} "DISPLAYNAME" = Microsoft Defender Antivirus "STATE" = 393472 "PRODUCTEXE" = windowsdefender:// "REPORTINGEXE" = %ProgramFiles%\Windows Defender\MsMpeng.exe -- (Microsoft Corporation) 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw] "DataMigrated" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{291930BF-AC1E-39B4-A5F3-2E31710715F6}] "GUID" = {291930BF-AC1E-39B4-A5F3-2E31710715F6} "DISPLAYNAME" = Norton Security "STATE" = 331776 "PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.20.2.57\WSCStub.exe "REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.20.2.57\WSCStub.exe 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{96F5A003-BE88-6851-3AAD-B25C2F288CAB}] "GUID" = {96F5A003-BE88-6851-3AAD-B25C2F288CAB} "DISPLAYNAME" = Norton Security "STATE" = 331776 "PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.21.10.40\WSCStub.exe -- (NortonLifeLock Inc.) "REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.21.10.40\WSCStub.exe -- (NortonLifeLock Inc.) 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{A6045214-8EAD-7B9C-2E68-BA2B11C858F1}] "GUID" = {A6045214-8EAD-7B9C-2E68-BA2B11C858F1} "DISPLAYNAME" = Norton Security "STATE" = 331776 "PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.21.5.44\WSCStub.exe "REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.21.5.44\WSCStub.exe 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration\WicaUpgradableAVs] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 9E AE 06 8A 48 BE D6 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{076858B1-8B7D-484E-935C-C1B7080F8E07}" = lport=8088 | protocol=17 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | "{15567F7B-105D-4CA6-B670-AD11B03D266F}" = lport=48010 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | "{21A6AA1D-B0EC-4EDF-BF6A-95A39497C0FB}" = lport=57621 | protocol=17 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | "{74BB29A7-3B8F-48B0-AC5E-6B501F87CF35}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | "{7DD0D3D9-59E4-4FC8-B17C-8D4A307F419F}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{890C8136-3775-4252-9C77-E748475B253C}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{89742FDF-A5EF-4B8C-A915-1412F53873DF}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | "{B8A6E6E8-9065-4665-86EA-BE788C33BB9A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | "{E13BC654-A762-4EC1-B673-D29EF45DF9F2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft\edge\application\msedge.exe | "{E1D0D201-D36F-476F-996C-76832AD1EB68}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{F6FBECE6-F0AD-43EE-B6C0-78737C425B6E}" = lport=8088 | protocol=6 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0086C5DF-E3EC-45D6-849F-1BCEB531AEF1}" = dir=in | app=c:\program files (x86)\ostotosoft\drivertalent\download\minithunderplatform.exe | "{03679272-247D-4F42-9D2E-6F094CF544A8}" = dir=in | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{043CCCF4-B3A3-4C48-B56B-6B77C164D701}" = dir=in | name=@{microsoft.desktopappinstaller_1.16.12986.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} | "{043EF9D6-DEB0-4A6D-940F-207890B5C531}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{04F1052D-FDDE-4B0B-B05E-2F58C1A87E36}" = dir=out | name=skype | "{06117A68-53C9-40E0-A271-B3914EF990A5}" = dir=out | name=@{microsoft.mspaint_6.2105.4017.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mspaint/resources/appname} | "{06681C14-7E36-449F-8E9A-61A40D584C69}" = dir=in | name=@{microsoft.win32webviewhost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{07DCE17C-7F6D-4DC7-B541-7C84A8ABB38E}" = dir=out | name=microsoft pay | "{0882D563-CC17-47AF-9ABA-A02478C69028}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe | "{0BE348C2-AA12-4838-9CA1-22470B7B3BF0}" = protocol=6 | dir=in | app=c:\program files (x86)\overwolf\0.157.2.17\overwolfbrowser.exe | "{0C647DE8-9303-41FF-A2C5-32E5886AAA66}" = dir=in | app=c:\program files (x86)\asus\gamefirst\gameturbo.exe | "{110DBBC2-1579-4FC2-9978-710E6642D481}" = dir=out | name=xbox tcui | "{11B28C62-7D3E-4C83-AA90-B5010A087124}" = dir=in | name=@{microsoft.zunemusic_10.21102.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{12D18ECC-E957-4D28-9CE1-065DD735567D}" = dir=out | name=@{microsoft.windows.sechealthui_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} | "{15DE14A3-B2B0-4537-B59D-5D81871EA986}" = dir=out | name=@{microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{17F87FE7-61EA-4309-91F2-CB73F58C3F23}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{195EC3C5-7746-4950-9B8F-974869337D14}" = dir=out | name=disney+ | "{1A88C776-7146-431F-8A90-68E508409FC8}" = dir=out | name=xbox game bar plugin | "{1F0B72A5-96D4-4ADB-96FD-C01A7715902C}" = dir=out | name=@{microsoft.windows.search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{1FD03AD5-DA35-4365-9E76-E3CE14ACDC8C}" = dir=in | name=@{microsoft.yourphone_1.21102.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} | "{243C39A8-9EB5-41C6-83E0-27AE167DE85E}" = dir=in | name=@{microsoft.microsoftedge_44.19041.423.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{24B2CBFA-AB32-4653-8C0E-F5F762A8FDD9}" = dir=out | name=ncsiuwpapp | "{262AD912-AA9A-4B6A-90C9-3CE9DE735A39}" = protocol=6 | dir=in | app=c:\program files (x86)\overwolf\0.184.0.35\overwolfbrowser.exe | "{28E93013-366B-43A7-A124-55D075DC1FB0}" = dir=in | name=@{microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{2AC8B35E-9692-40BD-925E-1183ADC7B933}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{2B11A5D0-E5A0-4461-A65C-8705D511E1FF}" = dir=out | name=cortana | "{2C99D015-EEEA-488A-8E9E-38D5F5A3C939}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{2CDDB682-7414-40D9-89D1-56EDC4D1DF84}" = protocol=6 | dir=out | app=c:\program files\windowsapps\microsoft.skypeapp_15.78.159.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{2CF0A015-275B-47C9-859F-0661CA6B43C5}" = dir=out | name=@{microsoft.windows.narratorquickstart_10.0.19041.423_neutral_neutral_8wekyb3d8bbwe?ms-resource://microsoft.windows.narratorquickstart/resources/appdisplayname} | "{34954B92-71D3-4C6A-AC3E-7BF45E41F717}" = dir=out | name=@{microsoft.yourphone_1.21102.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} | "{34C69255-3DB8-4FBF-B65B-76BB375012FE}" = dir=out | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{3519F915-02F4-4CB2-8AE5-8B4244EB443D}" = dir=in | app=c:\program files (x86)\asus\gamefirst\dututil.exe | "{356DFBE0-0B40-4952-8594-EF1EFC88062D}" = dir=out | name=@{microsoft.people_10.2105.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | "{3969355C-8FBA-4186-BB6D-09D62D23426A}" = dir=out | name=@{microsoft.desktopappinstaller_1.16.12986.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} | "{3AF6561C-4A25-43FA-9170-6DE7393C055D}" = dir=out | name=ncsiuwpapp | "{3B3C1597-F925-421B-8D5E-63082EAB1E7F}" = dir=out | name=@{microsoft.mixedreality.portal_2000.21051.1282.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mixedreality.portal/resources/pkgdisplayname} | "{3D62299A-6AD5-4C6F-8EFC-643E68A9A714}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | "{3F1A2B80-98B6-423A-90EE-75D634752983}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{3F722C7D-20A3-43F0-AD25-19AEC190309F}" = dir=out | name=sonic radar 3 | "{417075CA-10ED-4F42-9000-891E536FFA6F}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{41BB7A0F-EE2B-44AE-AF53-B86B25FF5BC3}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | "{491B6DAD-5C71-487D-8BBD-DFD5DAE24945}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.2111.3171.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | "{499F8135-1214-4982-B28E-B5E918326F8F}" = protocol=6 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | "{4D22687E-11C4-4343-A814-B8D2BD4A6C15}" = protocol=17 | dir=out | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | "{4D32556A-6372-481E-BDE9-84FE1DB6AEB7}" = dir=in | name=xbox game bar | "{54681E2F-237B-4B88-BA95-A2053B1AD224}" = dir=out | name=@{microsoft.windowscalculator_10.2103.8.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscalculator/resources/appstorename} | "{56379379-6A8A-4BBC-94BE-865C638BC74A}" = dir=in | name=microsoft solitaire collection | "{5B938936-6420-4293-9A90-6F5EDEDCCC56}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} | "{6373EF39-9445-4855-8743-4CD0CCFB59A1}" = dir=in | app=c:\program files\daemon tools lite\discsoftbusservicelite.exe | "{65EB5800-0430-4487-B393-35B42AB929C2}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} | "{66F59FA4-E4DD-479A-9019-477443A69125}" = dir=out | name=@{microsoft.xboxidentityprovider_12.83.12001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} | "{685311C0-7929-492C-8EAA-CE394A394C13}" = dir=out | name=@{microsoft.windowscamera_2021.105.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscamera/lenssdk/resources/appstorename} | "{68AD39E5-5795-4152-9B83-C75FE619126D}" = dir=in | name=@{microsoft.microsoftedge_44.19041.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{68FCB526-0D86-45A0-8ED4-936CEF093B77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{6D4D5EED-3C91-4AFE-9C8A-C09E69D78E9D}" = dir=out | name=microsoft edge | "{6E3342A0-38D1-4750-915F-9C6D3B5DFF8A}" = dir=out | name=@{microsoft.getstarted_10.2110.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | "{7699878B-3D02-4259-993C-9FA6BE361E5A}" = dir=out | name=onenote for windows 10 | "{78A94296-F442-4D65-96E1-98CEF729FA3B}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{797A3BB6-CF0F-4AE8-87F8-095DC258E449}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{7A0F55E9-0319-4318-A0E9-64054B855E55}" = dir=out | name=ux.client.st | "{7C7D2F17-AB09-4839-9928-FF756BFFDEE2}" = dir=out | name=@{microsoft.lockapp_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{7D10542B-5176-469E-85F7-11D5F0A426DD}" = dir=out | name=@{microsoft.bingweather_4.46.32012.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{7DB9A56A-840D-4749-BC7D-8F12A0D086B5}" = dir=out | name=office | "{7E054308-F90B-412B-BA2D-804DDD6077BC}" = dir=in | name=onenote for windows 10 | "{7E6A45F4-5548-47E4-BB4E-302FA980DE09}" = dir=out | name=@{microsoft.zunevideo_10.21092.10731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{804D3236-F0F6-4CFD-A150-E8137E6270B3}" = dir=out | name=@{microsoft.accountscontrol_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{816BB322-B77E-48FF-B5A0-2F0DF4702D06}" = protocol=17 | dir=in | app=c:\program files (x86)\overwolf\0.184.0.35\overwolfbrowser.exe | "{8193EDEC-4ECF-4BDD-86CE-2CD828E272D2}" = dir=out | name=@{microsoft.storepurchaseapp_12109.1001.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.storepurchaseapp/resources/displaytitle} | "{85C5FDDD-E193-4D5A-B66C-4CAD828ED67D}" = dir=out | name=@{microsoft.microsoftedge_44.19041.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{865A76A9-A82D-4313-B32D-DAC3E61F881E}" = dir=in | name=@{microsoft.windows.search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{87DE6502-12C8-4FF5-942C-21712D5BAE2E}" = dir=in | name=microsoft edge | "{8C2359F5-B0CD-41F4-92D1-18A78D6B959A}" = protocol=6 | dir=in | app=c:\program files\windowsapps\microsoft.skypeapp_15.78.159.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{8CD6F66D-FA05-46E8-93E5-7CEA1159B043}" = dir=in | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{8D35C0A9-7027-400C-B135-FAD574C1170A}" = protocol=17 | dir=in | app=c:\program files (x86)\overwolf\0.157.2.17\overwolfbrowser.exe | "{8E289104-9DAE-480B-8E7B-9560A9A82DE5}" = dir=out | name=@{microsoft.gethelp_10.2109.42921.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.gethelp/resources/appdisplayname} | "{8E422F69-B292-4E46-AC4A-50E89FE85BB1}" = dir=out | name=@{microsoft.windows.photos_2021.21090.10008.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{8F7F4443-17AA-4561-AABD-680E0A15CE8E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{9066432F-36A8-4996-A6A1-B01637A651EC}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} | "{922FC972-6CFE-4993-88B7-38DA4AD77921}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{97E5E429-A802-43C7-A29C-96597DE7D506}" = dir=in | name=cortana | "{98ABFA1A-C6E7-4576-935B-BE23A690473F}" = dir=in | name=@{microsoft.windows.photos_2021.21090.10008.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{996A0BA6-1F75-475F-BF54-F86D8D17527C}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{9A567C33-F2B2-42B1-AD38-5B5C3AE8D02C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe | "{9CAA1199-A3BC-4FE7-8921-22022000FA7B}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{A1D6891B-7038-488A-B97D-DFE579F71694}" = dir=in | app=c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll | "{A466F654-DFAE-46F1-9DE6-C6474B1921AD}" = dir=out | name=@{microsoft.windows.secureassessmentbrowser_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.secureassessmentbrowser/resources/packagedisplayname} | "{A724DEE8-5911-48CF-8333-10C3E93C479E}" = dir=out | name=@{microsoft.accountscontrol_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{A75BDA22-102B-4869-9597-2C568B3E32F6}" = dir=out | name=windows feature experience pack | "{A81FC364-C9AA-433E-9C1C-376AD8EC762D}" = dir=out | name=@{microsoft.win32webviewhost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{AA2F8075-C3BE-4A1A-867F-07BA6E0A5C9A}" = dir=out | name=microsoft store | "{AB6A5E3F-81FC-4446-9110-D55777DE0AE7}" = dir=out | name=@{microsoft.zunemusic_10.21102.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{AF9C4B24-595F-426B-B0D1-0B2B9C3DE623}" = dir=out | name=@{microsoft.microsoft3dviewer_7.2107.7012.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoft3dviewer/common.view.uwp/resources/storeappname} | "{AFAA2BBE-42A6-428E-AD6E-F514BA499238}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | "{B0AB0FC3-F929-43EB-890A-561E0456292A}" = dir=in | name=microsoft store | "{B2F77664-DDD3-4358-B334-579C0576446A}" = dir=out | name=@{microsoft.windows.sechealthui_10.0.19041.423_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} | "{B38B7E4F-051B-4954-8642-1DFC9CACEFBB}" = dir=out | name=@{microsoft.microsoftedge_44.19041.423.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{B4940B11-A267-44AE-89D2-7DF807CD0D47}" = dir=out | name=@{microsoft.win32webviewhost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{B67EB305-00DC-4F2A-9C89-76DBC85D2C11}" = dir=out | name=@{microsoft.xboxapp_48.78.15001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxapp/xboxapp.resource/resources/app_title} | "{B8CAFA2C-3FBA-4C76-AFD9-3379B03EF4D8}" = dir=out | name=@{microsoft.windows.search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{B8CCACC7-D719-47C1-A9A6-4D946F527419}" = dir=out | name=xbox game bar | "{B95B0CB3-8AD8-40EE-91C7-EB91E5DF0B6A}" = dir=in | name=@{microsoft.zunevideo_10.21092.10731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{BA0C93A8-D6AF-47AF-83BD-80A92739B870}" = dir=out | name=microsoft solitaire collection | "{BA1DC385-6718-4326-8141-B301F705CD37}" = dir=in | name=@{microsoft.windows.search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{BB6434E0-EF6D-4FF5-BFC5-9EB0B6E7EA26}" = dir=out | name=@{microsoft.windows.narratorquickstart_10.0.19041.1_neutral_neutral_8wekyb3d8bbwe?ms-resource://microsoft.windows.narratorquickstart/resources/appdisplayname} | "{BBE64BC5-A7AC-4FFC-B3AC-6B6E76D1475C}" = dir=in | app=c:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe | "{BBFE2A19-3860-4357-BE59-5729325DDFB8}" = dir=in | name=skype | "{BDF83AA0-5686-4221-BABA-38A6FFB8EE5E}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} | "{BFD0D6E0-C010-425A-B6E6-4D5CDC639E6C}" = dir=out | name=@{microsoft.windowsmaps_10.2104.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | "{C00A9393-6F0C-469C-999A-F64437B7E5FE}" = dir=out | name=sonic studio 3 | "{C6E9EDA6-0FA5-4558-AC45-75EA03C9A7E0}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{C72A866B-8A98-48B0-A589-87F0C219D543}" = protocol=17 | dir=in | app=c:\program files\windowsapps\microsoft.skypeapp_15.78.159.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{CC040024-B8D3-4A24-9A85-9422BAB84C6A}" = dir=in | name=@{microsoft.xboxapp_48.78.15001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxapp/xboxapp.resource/resources/app_title} | "{CD65C83E-EC26-4FA5-9DA9-AEC5900C2C35}" = protocol=6 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | "{CDEAD757-3FD1-4670-88CB-674157ADE317}" = protocol=17 | dir=out | app=c:\program files\windowsapps\microsoft.skypeapp_15.78.159.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{D294E647-6D2B-4A6B-916D-F4FCE0470741}" = dir=out | name=@{microsoft.lockapp_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{D2E0FC2C-FB54-491A-97EF-FB48DD4A7108}" = protocol=6 | dir=out | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | "{D91E811D-7B41-48A9-A83A-15D21087FCB7}" = protocol=6 | dir=in | app=c:\program files (x86)\overwolf\0.184.0.35\overwolfbrowser.exe | "{E1DE7385-9F9F-46EE-BC1C-297345FEAF5C}" = dir=out | name=windows_ie_ac_001 | "{E1ED5C3F-2BC9-4563-B3AA-7F2542AF3319}" = dir=in | name=@{microsoft.microsoftstickynotes_4.1.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftstickynotes/resources/stickynotesstoreappname} | "{E4E7515B-38AA-4C29-BA81-0A30AD82496E}" = dir=out | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{E4F5E42F-AB36-44A5-A1A7-DB48BC0D0754}" = protocol=6 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | "{E71EC2FC-7509-495C-872F-1F2A2D680B4E}" = dir=out | name=@{microsoft.microsoftstickynotes_4.1.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftstickynotes/resources/stickynotesstoreappname} | "{E7A14E18-1357-472A-AB0E-88073187B926}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{E8A87AC7-6111-4DBE-B9E3-FCCB02840CA6}" = dir=in | name=@{microsoft.win32webviewhost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{EB55CF67-4BA3-47CE-940B-D8022D827F36}" = dir=out | name=@{microsoft.windows.secureassessmentbrowser_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.secureassessmentbrowser/resources/packagedisplayname} | "{ECC9DD38-9F19-4C04-B343-CCBAA2118400}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{EEBBCCBA-2D39-4664-AEE6-75B9664A980D}" = dir=out | name=spotify music | "{F2B7F88E-C4F9-4278-9107-82A1D9FCAF84}" = dir=out | name=nvidia control panel | "{F51AB8BC-847B-4A6D-A283-F8BEEBAB084B}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | "{F55C34E8-4702-432A-86FD-2F81DFE080A0}" = dir=in | name=disney+ | "{F8F0D269-C898-4842-A1CB-3B95FD602EDC}" = protocol=17 | dir=in | app=c:\program files (x86)\overwolf\0.184.0.35\overwolfbrowser.exe | "{FBC93A05-C97B-4EF2-B244-5884B517ECEE}" = dir=out | app=c:\program files\daemon tools lite\discsoftbusservicelite.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0093C20C-273D-4397-B623-515CB8616CB9}" = Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.22.27821 "{06D713D6-9845-436D-B857-5BF2596B4554}" = Intel(R) Chipset Device Software "{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components "{29B15818-E79F-4AB0-8938-9410C807AD76}" = Microsoft Update Health Tools "{6E2C7A8E-B17A-4637-9CE9-F0B1157CF378}" = Microsoft Visual C++ 2019 X64 Additional Runtime - 14.22.27821 "{7F696527-F804-4A45-854D-8A6AA9B8A6F3}" = Intel(R) Management Engine Components "{83CD9ADB-99FB-4891-B5FE-E15C61EC49C4}" = Intel(R) Management Engine Components "{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}" = Intel(R) Serial IO "{A5530342-3F3E-4C02-9ECA-20DC35944BFD}" = Intel(R) Serial IO "{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}" = Windows PC Health Check "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 496.13 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 3.23.0.74 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 38.0.8.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.21.0713 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 38.0.8.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk" = NVIDIA FrameView SDK 1.1.4923.29968894 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = NVIDIA SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GpxCommon.Oss" = GPX Common OSS (POCO, OpenSSL) and libprotobuf binaries "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.38.92 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvAbHub" = NVIDIA ABHub "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend" = NVIDIA Backend "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer" = NVIDIA Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper" = NVIDIA TelemetryApi helper for NvContainer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem" = NVIDIA LocalSystem Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus" = NVIDIA Message Bus for NvContainer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor" = NVAPI Monitor plugin for NvContainer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ServiceUser" = NVIDIA NetworkService Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session" = NVIDIA Session Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User" = NVIDIA User Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver" = NvModuleTracker "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs" = NVIDIA NodeJS "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog" = NVIDIA Watchdog Plugin for NvContainer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry" = NVIDIA Telemetry Client "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvVHCI" = NVIDIA Virtual Host Controller "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC" = Nvidia Share "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 3.23.0.74 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = NVIDIA SHIELD Wireless Controller Driver "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 4.13.0.0 "{B79C1034-3537-496B-8B38-D7904E89D236}" = Intel(R) Management Engine Driver "{BD4A7638-B2A8-4EB6-BD09-1AFB09A08F22}" = Dynamic Application Loader Host Interface Service "{DECE4F3D-08CD-4114-A595-B3EB61891E64}" = GameFirst VI "{E5ABFC9E-69D6-4179-9FC3-86A2F0B56AF8}" = Intel(R) LMS "CPUID ROG CPU-Z_is1" = CPUID ROG CPU-Z 1.94 "DAEMON Tools Lite" = DAEMON Tools Lite "WinRAR archiver" = WinRAR 5.91 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A46A65D-89AC-464C-8026-3CD44960BD04}" = Realtek USB Audio "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1E6FC929-567E-4D22-9206-C5B83F0A21B9}" = Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 "{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1" = Driver Talent "{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}" = Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 "{5bfc1380-fd35-4b85-9715-7351535d077e}" = Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{6361b579-2795-4886-b2a8-53d5239b6452}" = Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 "{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile "{99926fb7-5da9-4101-b79f-eec3674ca64b}" = Intel(R) Chipset Device Software "{CD36E28B-6023-469A-91E7-049A2874EC13}" = AI Suite 3 "{f14a2334-0511-4225-9f2a-2d55fb683e6c}" = Path of Exile "GameFirst VI 6.1.14.2" = GameFirst VI "Google Chrome" = Google Chrome "Microsoft Edge" = Microsoft Edge "Microsoft Edge Update" = Microsoft Edge Update "NGC" = Norton Security "Overwolf" = Overwolf "RamCache III" = RamCache III "Steam" = Steam ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2682989856-1497868599-2340528856-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Overwolf_ldmmalmbjlcemihhmfljjlomgnglefflkggmmloh" = GameFirst VI ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/23/2021 12:34:15 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Software Protection Platform Service | ID = 8198 Description = License Activation (slui.exe) failed with the following error code: hr=0x800704CF Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable Error - 11/23/2021 1:36:59 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Hang | ID = 1002 Description = The program explorer.exe version 10.0.19041.610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 18ec Start Time: 01d7e0909a3d0ff8 Termination Time: 0 Application Path: C:\Windows\explorer.exe Report Id: 016e13cd-df41-4c10-98ca-d25902838998 Faulting package full name: ? Faulting package-relative application ID: ? Hang type: Unknown Error - 11/23/2021 2:09:24 PM | Computer Name = DESKTOP-UHM6OA6 | Source = ESENT | ID = 474 Description = taskhostw (7224,D,22) WebCacheLocal: The database page read from the file "C:\Users\cricket\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 1966080 (0x00000000001e0000) (database page 59 (0x3B)) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The stored checksum was [fa4705b86ff72feb:000000000000003b:000000000000003b:03fb03fb0130003f] and the computed checksum was [fa4705b86ff72feb:000000000000003b:000000000000003b:0393fc6c018c003f]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error - 11/25/2021 1:06:52 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Hang | ID = 1002 Description = The program identity_helper.exe version 96.0.1054.34 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: d18 Start Time: 01d7e21ec4daefcd Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\identity_helper.exe Report Id: 09a8a28f-874c-40d6-94e5-89f54343976c Faulting package full name: Microsoft.MicrosoftEdge.Stable_96.0.1054.29_neutral__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce Error - 11/28/2021 8:59:37 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Error | ID = 1000 Description = Faulting application name: SearchApp.exe, version: 10.0.19041.1320, time stamp: 0xbdfaf044 Faulting module name: KERNELBASE.dll, version: 10.0.19041.1348, time stamp: 0x76fcd692 Exception code: 0xc000027b Fault offset: 0x000000000010b302 Faulting process id: 0x2838 Faulting application start time: 0x01d7e41eae370099 Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 297a7431-6e6f-49e1-b3c9-0ab793b15e07 Faulting package full name: Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: ShellFeedsUI Error - 11/28/2021 10:04:56 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-PerfNet | ID = 2004 Description = Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error - 11/28/2021 12:28:59 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-PerfNet | ID = 2004 Description = Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error - 11/28/2021 4:06:26 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Error | ID = 1000 Description = Faulting application name: UnrealTournament.exe, version: 0.0.0.0, time stamp: 0x39f657b0 Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0x027db076 Exception code: 0xc0000005 Fault offset: 0x00044073 Faulting process id: 0x1368 Faulting application start time: 0x01d7e48c2a005c45 Faulting application path: C:\UnrealTournament\System\UnrealTournament.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 956cc1cc-01cf-4eed-b291-fe014c4e93aa Faulting package full name: ? Faulting package-relative application ID: ? Error - 12/2/2021 1:32:00 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Hang | ID = 1002 Description = The program identity_helper.exe version 96.0.1054.41 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3520 Start Time: 01d7e73ddb744604 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.41\identity_helper.exe Report Id: 11f6d457-291d-4264-a1eb-bd284b939911 Faulting package full name: Microsoft.MicrosoftEdge.Stable_96.0.1054.34_neutral__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce Error - 12/2/2021 6:01:04 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Error | ID = 1000 Description = Faulting application name: UnrealTournament.exe, version: 0.0.0.0, time stamp: 0x39f657b0 Faulting module name: nvoglv32.dll, version: 30.0.14.9613, time stamp: 0x615df42b Exception code: 0xc0000005 Fault offset: 0x00106e73 Faulting process id: 0x1094 Faulting application start time: 0x01d7e75488f822e6 Faulting application path: C:\UnrealTournament\System\UnrealTournament.exe Faulting module path: C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5292bbfbf575e2d2\nvoglv32.dll Report Id: 6d092fac-2fcf-4139-a908-e392af299dce Faulting package full name: ? Faulting package-relative application ID: ? [ Parameters Events ] OTL encountered an error while reading this event log. It may be corrupt. [ State Events ] OTL encountered an error while reading this event log. It may be corrupt. Error - 11/30/2021 5:23:52 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error - 11/30/2021 12:21:00 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error - 11/30/2021 12:21:01 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error - 11/30/2021 12:21:36 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error - 11/30/2021 2:31:21 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-Ntfs | ID = 98 Description = Error - 11/30/2021 2:43:14 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error - 11/30/2021 2:43:14 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Service Control Manager | ID = 7000 Description = The Steam Client Service service failed to start due to the following error: %%1053 Error - 12/1/2021 1:07:14 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-Kernel-Boot | ID = 29 Description = Error - 12/1/2021 1:08:28 AM | Computer Name = DESKTOP-UHM6OA6 | Source = EventLog | ID = 6008 Description = The previous system shutdown at 5:51:36 PM on ?11/?30/?2021 was unexpected. Error - 12/2/2021 6:06:00 AM | Computer Name = DESKTOP-UHM6OA6 | Source = DCOM | ID = 10010 Description = < End of report >
  12. Thank you very much for your assistance!! This is driving me over the edge.
  13. It would not let me copy and paste the information I only successfully uploaded the text document after many tries and many new windows. It seems to be a kernel based rootkit bootloader residing in my vram. Anything I have tried to use gets disabled. Most websites are unavailable to me.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.