Jump to content

malwareismyfriend

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Right I know about svchost, and the dozens of services that run that as a parent process. But I am specifically talking about the system process with PID 4.
  2. These are connections that are made to PID 4 which is a process that runs in Windows 11. This has nothing to do with my router. The firewall is a software based firewall called Tinywall, which is how I am able to see where these connections are being made. Is the PID 4 SYSTEM even supposed to have any external based TCP connections?
  3. yes still issues. lots of TIME WAIT connections in my firewall with SYSTEM process 4 connecting to masked IP addresses like 35.186.227.140 72.21.91.29 20.60.179.4 172.67.185.102 34.120.5.221 172.67.155.249 52.170.249.225 192.0.73.2 ....and more, I can see usually see at least 10 or more more of them at a time using netstat or simply looking at my firewall status.These are all on port 443 or 80, all in TIME WAIT status with SYSTEM as the PID. Other strange activity as well.
  4. I have never been on the TOR network, can you tell me how to uninstall whatever you are talking about? I have uninstalled VdhCoApp, don't even use it either. I also downloaded qtorrent.I I used a program called "Patch my PC updater" to update all the programs, patchmypc.com FRST.txtAddition.txt
  5. SecurityCheck.txt ' I've had it on the network since I first msged you, but I block all outgoing and incoming requests with TinyWall when I'm not using it to run these security apps. I've gone into process explorer and found a bunch of very odd looking processes, further investigation in the properties that a lot of these processes have in common. They all have administrator flagged for DENY. The owner is NT AUTHORITY/LogonSessionID_0_1053163. Most run from "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\", and there is about 30-40 processes using svchost. and some operating system files are not signed. Looking at the TCP connections, there is a lot of SYSTEM connections with "TIME WAIT" going to a random IP hosted by amazon or some other big provider.
  6. it took over 6 hours to complete this scan, it didn't detect much of anything. report_2022.09.29_14.42.09.klr.txt
  7. okay i got it running from my desktop. this log looks completely different from the one above, very odd. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022 Ran by God (administrator) on FAST-DELL (Dell Inc. Inspiron 3891) (29-09-2022 00:16:11) Running from C:\Users\gngn1\Desktop Loaded Profiles: God Platform: Microsoft Windows 11 Home Version 21H2 22000.978 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe (C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe (C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCopyAccelerator.exe (DriverStore\FileRepository\cui_dch.inf_amd64_ca344d3091c489b2\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ca344d3091c489b2\igfxEM.exe (explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe (explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (services.exe ->) (Code Sector -> ) C:\Program Files\TeraCopy\TeraCopyService.exe (services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Fusion\FusionService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ca344d3091c489b2\igfxCUIService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_f83b924791f3a52a\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9b8a04f8c64efd94\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9b8a04f8c64efd94\IntelCpHeciSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d4564390a9b1e980\WMIRegistrationService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_7aa6ca9dbb25bff8\jhi_service.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_5d10f2aad7f84bec\LMS.exe (services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_68966115f2eef4e5\RstMwService.exe (services.exe ->) (Károly Pados -> Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe <3> (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe (services.exe ->) (PhaseFive Systems LLC -> Phase Five Systems) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.7.69.0\JumpConnect.exe (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (services.exe ->) (voidtools -> voidtools) C:\Users\gngn1\Downloads\Everything-1.4.1.1020.x64\Everything.exe (services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe (sihost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.4447.0_x64__8wekyb3d8bbwe\PAD.Console.Host.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22072.207.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed] HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech) HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1687616 2022-02-21] (Logitech Inc -> Logitech, Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1067528 2022-07-25] (Adobe Inc. -> Adobe Inc.) HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-1789883001-303321401-512692908-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2630024 2022-09-26] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1789883001-303321401-512692908-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1789883001-303321401-512692908-1001\...\Run: [MicrosoftEdgeAutoLaunch_C0A32B37347337D257B1541CA93F7472] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795376 2022-09-25] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1789883001-303321401-512692908-1001\...\Policies\Explorer: [HideSCAMeetNow] 1 HKU\S-1-5-21-1789883001-303321401-512692908-1003\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2630024 2022-09-26] (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\gngn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-12-30] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) AlternateShell: HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION HKU\S-1-5-21-1789883001-303321401-512692908-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02FEA731-D2DD-4A8E-A439-563F55D53DFC} - System32\Tasks\Opera scheduled Autoupdate 1638694259 => C:\Program Files\Opera\launcher.exe [2538448 2022-09-05] (Opera Norway AS -> Opera Software) Task: {0335EFB7-AF7E-416D-9978-D34ABA156C86} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-18] (Microsoft Corporation -> Microsoft Corporation) Task: {05297C63-34A6-4FCA-A5F8-891900D5D30E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {0AA9AE9F-7BC1-4CF7-B0D0-942E8D8AB388} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {193C0CD3-8DE7-4B74-A2DD-718AAF02C2ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1AEF3D55-5909-4E1E-8853-22E99F844F7C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-18] (Microsoft Corporation -> Microsoft Corporation) Task: {487D899D-40F2-476C-BEF0-2FF05589EC63} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {500823C9-7F32-4788-B34D-40329A313066} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1789883001-303321401-512692908-1003 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165520 2022-09-26] (Microsoft Corporation -> Microsoft Corporation) Task: {5FD92CFE-F4D2-4D63-9C80-AC2D101820F1} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1789883001-303321401-512692908-1002 => C:\Users\gngn1\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File) Task: {6500E3AE-98EC-4892-B4CC-620672E1ECD0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-18] (Microsoft Corporation -> Microsoft Corporation) Task: {6D5E4CE5-B360-40C2-82EA-F9193CE82B45} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2021-09-08] () [File not signed] Task: {81645350-7A7E-4586-930D-AA1963354214} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {87B48BF5-2794-481C-9766-B28425BE7E49} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\gngn1\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-09-21] (ESET, spol. s r.o. -> ESET) Task: {940B0A62-EB07-406B-AF8C-69A42C245B77} - System32\Tasks\Opera scheduled assistant Autoupdate 1638694264 => C:\Program Files\Opera\launcher.exe [2538448 2022-09-05] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0) Task: {A7D8C990-6422-4667-87E3-FA40C47BB4B1} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\gngn1\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-09-21] (ESET, spol. s r.o. -> ESET) Task: {AC1FBF05-8B10-4509-AEF9-AB30ECDDC41C} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} Task: {B0DE073A-B771-46E8-8A43-62AAF41CD5E2} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165520 2022-09-26] (Microsoft Corporation -> Microsoft Corporation) Task: {C2820938-5262-4E5B-BA4C-08EE29C71694} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-18] (Microsoft Corporation -> Microsoft Corporation) Task: {CFB3D3C2-5ED7-4025-973B-4173E78BFF79} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D15035A4-388C-4B0C-B13E-2588A970C419} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64408 2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Task: {D24345F4-A990-448B-97A8-778C14BE4C7C} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {E13FF481-BB09-4CA9-9478-463D38661FA9} - System32\Tasks\TinyWall Controller => C:\Program Files (x86)\TinyWall\TinyWall.exe [867080 2021-10-26] (Károly Pados -> Károly Pados) Task: {FA7BFA7D-63B4-4DE5-8D36-09A74B86FCA2} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1789883001-303321401-512692908-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165520 2022-09-26] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 9.9.9.9 149.112.112.112 Tcpip\..\Interfaces\{666ad4d3-6ec5-4013-a092-a6d61e020286}: [DhcpNameServer] 9.9.9.9 149.112.112.112 Edge: ======= Edge Profile: C:\Users\gngn1\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-27] Edge Extension: (Microsoft Power Automate) - C:\Users\gngn1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\njjljiblognghfjfpcdpdbpbfcmhgafg [2022-08-08] Edge HKU\S-1-5-21-1789883001-303321401-512692908-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [njjljiblognghfjfpcdpdbpbfcmhgafg] FireFox: ======== FF DefaultProfile: cb410ea4.default FF ProfilePath: C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\cb410ea4.default [2021-12-15] FF ProfilePath: C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release [2022-09-28] FF Session Restore: Mozilla\Firefox\Profiles\za350ywr.default-release -> is enabled. FF Notifications: Mozilla\Firefox\Profiles\za350ywr.default-release -> hxxps://web.telegram.org; hxxps://www.kiiroo.com; hxxps://electrothreads.com FF Extension: (Disconnect) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\2.0@disconnect.me.xpi [2022-01-11] FF Extension: (Google Container) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\@contain-google.xpi [2022-01-11] FF Extension: (Keepa - Amazon Price Tracker) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\amptra@keepa.com.xpi [2022-04-18] FF Extension: (OneNote Web Clipper) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\Clipper@OneNote.com.xpi [2022-04-14] FF Extension: (Don't ***** With Paste) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\Dont*****WithPaste@raim.ist.xpi [2022-01-11] FF Extension: (Folx) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\folx5@eltima.com.xpi [2022-01-11] FF Extension: (Disable WebRTC) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2022-01-11] FF Extension: (Honey) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2022-01-11] FF Extension: (Decentraleyes) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2022-02-01] FF Extension: (I don't care about cookies) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2022-09-15] FF Extension: (Double-click Image Downloader) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\jid1-xgtdawe3yyUeBQ@jetpack.xpi [2022-01-11] FF Extension: (Reddit Enhancement Suite) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2022-02-02] FF Extension: (Pinterest Save Button) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2022-03-02] FF Extension: (JSONovich) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\jsonovich@lackoftalent.org.xpi [2022-04-05] FF Extension: (IDM Integration Module) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2022-05-27] FF Extension: (Download Manager (S3)) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\s3download@statusbar.xpi [2022-01-11] FF Extension: (Save webP as PNG or JPEG) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\savewebpas@jeffersonscher.com.xpi [2022-09-23] FF Extension: (LastPass: Free Password Manager) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\support@lastpass.com.xpi [2022-08-06] FF Extension: (Google Translator for Firefox) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\translator@zoli.bod.xpi [2022-01-11] FF Extension: (uBlock Origin) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-09-20] FF Extension: (Paste n' Go) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{000a756d-5efb-4897-b40c-57ef8c5caa59}.xpi [2022-01-11] FF Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2022-09-15] FF Extension: (CSS Toggler) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{16898b73-edd0-419f-a0a9-e5afd2a4c904}.xpi [2022-05-02] FF Extension: (Download All Images) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2022-08-22] FF Extension: (Send to VLC (VideoLAN) media player) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{3e0ac434-26e0-4c03-b757-3078486800c3}.xpi [2022-01-11] FF Extension: (Disable JavaScript) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{41f9e51d-35e4-4b29-af66-422ff81c8b41}.xpi [2022-01-11] FF Extension: (Eno® from Capital One®) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2022-07-20] FF Extension: (Science Fiction Florest) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{4d6138be-7d98-4fed-8cb9-277c3a351183}.xpi [2022-01-11] FF Extension: (Blue Carbon Fiber) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{5ab03bdd-3d91-4c73-801e-607ca27458d0}.xpi [2022-01-11] FF Extension: (ColorZilla) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2022-01-11] FF Extension: (Hot air balloons v5 by CP) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{790388bf-f135-4368-ab9b-36c8062a09c2}.xpi [2022-01-11] FF Extension: (Plexus Crystals (Yellow)) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{826d3ea1-5a85-4e6c-8749-aff3f72ccc5d}.xpi [2022-01-11] FF Extension: (Clippings) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}.xpi [2022-09-19] FF Extension: (Absolute Right Click) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{9350bc42-47fb-4598-ae0f-825e3dd9ceba}.xpi [2022-01-11] FF Extension: (RESTClient) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi [2022-04-05] FF Extension: (Capital One Shopping: Online Coupon Tool) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2022-09-26] FF Extension: (The universe of ancient times.) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{b6d370bd-f532-4049-9a82-f53b47f369b3}.xpi [2022-01-11] FF Extension: (Video DownloadHelper) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-05-12] FF Extension: (flashy pastel rainbow) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{ced18bb2-3a5e-4d85-b0ad-5b99cb34fa73}.xpi [2022-01-11] FF Extension: (Polynial design) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{d7dce9c0-165e-44ff-90b9-c5ce9f7a7721}.xpi [2022-01-11] FF Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{ddc62400-f22d-4dd3-8b4a-05837de53c2e}.xpi [2022-09-01] FF Extension: (Matte Black (Orange)) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{e7c9fb23-17c0-4bb6-a8ba-ff52a7770b89}.xpi [2022-02-24] FF Extension: (Plexus Crystals (Violet)) - C:\Users\gngn1\AppData\Roaming\Mozilla\Firefox\Profiles\za350ywr.default-release\Extensions\{ff571d12-dfde-4e8f-be1d-38c145a98443}.xpi [2022-02-24] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-07] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2022-07-25] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-07] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2022-07-25] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR HKU\S-1-5-21-1789883001-303321401-512692908-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gjgfobnenmnljakmhboildkafdkicala] Opera: ======= OPR Profile: C:\Users\gngn1\AppData\Roaming\Opera Software\Opera Stable [2022-09-26] OPR Notifications: Opera Stable -> hxxps://web.telegram.org; hxxps://www.philadelphiaeagles.com OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\gngn1\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-07-28] OPR Extension: (Opera Crypto Wallet) - C:\Users\gngn1\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2022-07-28] OPR Extension: (Amazon Assistant Promotion) - C:\Users\gngn1\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-12-20] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [923656 2022-07-25] (Adobe Inc. -> Adobe Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12131256 2022-09-18] (Microsoft Corporation -> Microsoft Corporation) S3 dcsvc; C:\Windows\system32\dcsvc.dll [831488 2022-09-13] (Microsoft Windows -> Microsoft Corporation) R2 Everything; C:\Users\gngn1\Downloads\Everything-1.4.1.1020.x64\Everything.exe [2266128 2022-09-22] (voidtools -> voidtools) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncHelper.exe [3383688 2022-09-26] (Microsoft Corporation -> Microsoft Corporation) R2 FusionService; C:\Program Files\Dell\Fusion\FusionService.exe [19096 2021-10-13] (Dell Inc -> Dell Inc.) R2 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.7.69.0\JumpConnect.exe [154080 2022-01-07] (PhaseFive Systems LLC -> Phase Five Systems) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-05] (Malwarebytes Inc -> Malwarebytes) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.191.0911.0001\OneDriveUpdaterService.exe [3804032 2022-09-26] (Microsoft Corporation -> Microsoft Corporation) R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [17029376 2022-09-12] (Logitech Inc -> Logitech, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12912936 2021-11-16] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 TeraCopyService.exe; C:\Program Files\TeraCopy\TeraCopyService.exe [114384 2021-04-21] (Code Sector -> ) R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [867080 2021-10-26] (Károly Pados -> Károly Pados) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [X] R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\gngn1\AppData\Roaming\Zoom" ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies) R0 fse; C:\Windows\System32\drivers\fse.sys [193888 2022-05-11] (Microsoft Windows -> Microsoft Corporation) S3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_c08af0e43cbc91c3\gna.sys [83856 2020-08-04] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2022-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2022-03-27] (Malwarebytes Inc -> Malwarebytes) R3 MpKsl84bd6d14; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E54752FF-50C6-4067-A464-757ABA79C676}\MpKslDrv.sys [228600 2022-09-28] (Microsoft Windows -> Microsoft Corporation) S3 MYFAULT; C:\Windows\system32\drivers\myfault.sys [27848 2022-09-27] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals) R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [72792 2021-11-30] (Insecure.Com LLC -> Insecure.Com LLC.) U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [95632 2022-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com) R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap) S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [90112 2022-04-06] (Microsoft Windows -> ) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation) R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_f0ed422f0b4a6c99\WiManH\WiManH.sys [172896 2020-11-23] (Intel Wireless Driver -> ) U4 npcap_wifi; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-09-29 00:16 - 2022-09-29 00:16 - 000031964 _____ C:\Users\gngn1\Desktop\FRST.txt 2022-09-29 00:16 - 2022-09-29 00:16 - 000000000 ____D C:\FRST 2022-09-29 00:14 - 2022-09-29 00:15 - 002371072 _____ (Farbar) C:\Users\gngn1\Desktop\frst64.exe 2022-09-28 22:41 - 2022-09-28 22:41 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2022-09-28 13:35 - 2022-09-28 13:35 - 000000519 _____ C:\Users\gngn1\Desktop\OS (C) - Shortcut.lnk 2022-09-27 03:10 - 2022-09-27 03:10 - 000027848 _____ (Sysinternals) C:\Windows\system32\Drivers\myfault.sys 2022-09-26 22:56 - 2022-09-26 22:56 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2022-09-26 22:56 - 2022-09-26 22:56 - 000002104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-09-26 05:16 - 2022-09-26 05:16 - 000095632 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS 2022-09-26 01:57 - 2022-09-26 01:57 - 000000000 ____D C:\Users\Sokka\AppData\Local\ClassicShell 2022-09-26 01:56 - 2022-09-26 01:56 - 000000000 ____D C:\Users\Sokka\AppData\Roaming\ClassicShell 2022-09-26 01:33 - 2022-09-26 01:33 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2022-09-26 00:31 - 2022-09-26 00:31 - 000000000 ____D C:\Users\Sokka\AppData\Local\Comms 2022-09-26 00:30 - 2022-09-26 00:30 - 000000000 ____D C:\Users\Sokka\AppData\Roaming\Mozilla 2022-09-26 00:30 - 2022-09-26 00:30 - 000000000 ____D C:\Users\Sokka\AppData\LocalLow\Mozilla 2022-09-26 00:30 - 2022-09-26 00:30 - 000000000 ____D C:\Users\Sokka\AppData\Local\Mozilla 2022-09-26 00:16 - 2022-09-26 22:56 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1789883001-303321401-512692908-1003 2022-09-26 00:16 - 2022-09-26 00:16 - 000000000 ____D C:\Users\Sokka\AppData\Roaming\Logishrd 2022-09-26 00:15 - 2022-09-26 01:57 - 000000000 ____D C:\Users\Sokka\AppData\Local\LogiOptionsPlus 2022-09-26 00:15 - 2022-09-26 00:57 - 000000000 ____D C:\Users\Sokka\AppData\Local\D3DSCache 2022-09-26 00:15 - 2022-09-26 00:31 - 000000000 ____D C:\Users\Sokka\AppData\Local\Packages 2022-09-26 00:15 - 2022-09-26 00:15 - 000002411 _____ C:\Users\Sokka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-09-26 00:15 - 2022-09-26 00:15 - 000000020 ___SH C:\Users\Sokka\ntuser.ini 2022-09-26 00:15 - 2022-09-26 00:15 - 000000000 __SHD C:\Users\Sokka\IntelGraphicsProfiles 2022-09-26 00:15 - 2022-09-26 00:15 - 000000000 ____D C:\Users\Sokka\AppData\Roaming\TinyWall 2022-09-26 00:15 - 2022-09-26 00:15 - 000000000 ____D C:\Users\Sokka\AppData\Roaming\Adobe 2022-09-26 00:15 - 2022-09-26 00:15 - 000000000 ____D C:\Users\Sokka\AppData\LocalLow\Intel 2022-09-26 00:15 - 2022-09-26 00:15 - 000000000 ____D C:\Users\Sokka\AppData\Local\VirtualStore 2022-09-26 00:15 - 2022-09-26 00:15 - 000000000 ____D C:\Users\Sokka\AppData\Local\Publishers 2022-09-26 00:15 - 2022-09-26 00:15 - 000000000 ____D C:\Users\Sokka\AppData\Local\ConnectedDevicesPlatform 2022-09-26 00:15 - 2022-09-26 00:15 - 000000000 ____D C:\Users\Sokka 2022-09-26 00:15 - 2022-08-16 04:55 - 000000000 ___RD C:\Users\Sokka\OneDrive 2022-09-26 00:15 - 2021-06-05 07:04 - 000001281 _____ C:\Users\Sokka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk 2022-09-26 00:15 - 2021-06-05 07:04 - 000000407 _____ C:\Users\Sokka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk 2022-09-26 00:12 - 2022-09-26 00:12 - 000000000 ____D C:\Users\Public\Documents\MDMDiagnostics 2022-09-24 13:51 - 2022-09-25 22:10 - 000000000 ____D C:\TDSSKiller_Quarantine 2022-09-24 13:45 - 2022-09-24 13:45 - 005054744 _____ (AO Kaspersky Lab) C:\Users\gngn1\Downloads\tdsskiller.exe 2022-09-24 13:43 - 2022-09-24 13:44 - 000000000 ____D C:\AdwCleaner 2022-09-24 13:43 - 2022-09-24 13:43 - 008551608 _____ (Malwarebytes) C:\Users\gngn1\Downloads\AdwCleaner.exe 2022-09-23 11:32 - 2022-09-24 11:44 - 000000000 ____D C:\Program Files\Mozilla Firefox 2022-09-23 01:44 - 2022-09-23 01:44 - 000000000 ____D C:\Users\gngn1\AppData\Local\falkon 2022-09-23 01:44 - 2022-09-23 01:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Falkon 2022-09-23 01:44 - 2022-09-23 01:44 - 000000000 ____D C:\Program Files\Falkon 2022-09-23 01:42 - 2022-09-23 01:43 - 065878530 _____ C:\Users\gngn1\Downloads\Falkon.Installer.3.1.0.x64.exe 2022-09-23 01:33 - 2022-09-23 01:33 - 000022555 _____ C:\Users\gngn1\Downloads\surf-2.1.tar.gz 2022-09-23 00:58 - 2022-09-23 00:58 - 001418600 _____ (Thomas E Dickey ) C:\Users\gngn1\Downloads\lynx-newssl-setup.exe 2022-09-22 22:51 - 2022-09-22 22:52 - 000000000 ___HD C:\adobeTemp 2022-09-22 13:36 - 2022-09-22 13:36 - 029933858 _____ C:\Users\gngn1\AppData\LocalLow\wbk28E7.tmp 2022-09-22 12:12 - 2022-06-27 00:17 - 004946512 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw10.sys 2022-09-22 12:12 - 2022-06-27 00:17 - 001626200 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter10.dll 2022-09-22 12:12 - 2022-06-25 21:53 - 055467080 _____ C:\Windows\system32\Drivers\Netwfw10.dat 2022-09-22 11:21 - 2022-09-26 00:14 - 000000000 ____D C:\Users\gngn1\Downloads\Everything-1.4.1.1020.x64 2022-09-22 11:21 - 2022-09-22 11:21 - 001804512 _____ C:\Users\gngn1\Downloads\Everything-1.4.1.1020.x64.zip 2022-09-21 22:30 - 2022-09-21 22:30 - 000003842 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn 2022-09-21 22:30 - 2022-09-21 22:30 - 000003400 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime 2022-09-21 16:58 - 2022-09-21 16:58 - 015274968 _____ (ESET) C:\Users\gngn1\Desktop\esetonlinescanner.exe 2022-09-21 16:58 - 2022-09-21 16:58 - 000001290 _____ C:\Users\gngn1\Desktop\ESET Online Scanner.lnk 2022-09-19 19:18 - 2022-09-19 19:18 - 000134259 _____ C:\Users\gngn1\Downloads\Beautiful identical blondes *****ing - XNXX.COM.mp4 2022-09-19 08:17 - 2022-09-19 08:17 - 000131268 _____ C:\Users\gngn1\Downloads\Blonde Blows and Toes - XNXX.COM.mp4 2022-09-19 02:21 - 2022-09-19 02:21 - 000132024 _____ C:\Users\gngn1\Downloads\Mad land owner put sexy brunette student in bondage and roug.mp4 2022-09-19 02:09 - 2022-09-19 02:09 - 000133819 _____ C:\Users\gngn1\Downloads\Femdom Pegging With Big Strapon - XNXX.COM.mp4 2022-09-17 02:23 - 2022-09-17 02:23 - 000000986 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk 2022-09-15 15:14 - 2022-09-15 15:14 - 000004158 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1638694264 2022-09-13 21:17 - 2022-09-13 21:17 - 000335872 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll 2022-09-13 21:17 - 2022-09-13 21:17 - 000015030 _____ C:\Windows\system32\DrtmAuthTxt.wim 2022-09-13 21:15 - 2022-09-13 21:15 - 000000000 ___HD C:\$WinREAgent 2022-09-13 13:14 - 2022-09-13 13:14 - 000000000 ____D C:\Users\gngn1\AppData\Local\FirmwareUpdateTool 2022-09-12 23:57 - 2022-09-28 22:58 - 000000000 ____D C:\Users\gngn1\AppData\Local\LogiOptionsPlus 2022-09-12 23:57 - 2022-09-22 14:29 - 000000000 ____D C:\Users\gngn1\AppData\Roaming\logioptionsplus 2022-09-12 23:57 - 2022-09-12 23:58 - 000000000 ____D C:\Program Files\LogiOptionsPlus 2022-09-12 23:57 - 2022-09-12 23:57 - 000000931 _____ C:\Users\Public\Desktop\Logi Options+.lnk 2022-09-12 23:57 - 2022-09-12 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi 2022-09-12 23:57 - 2022-09-12 23:57 - 000000000 ____D C:\ProgramData\LogiOptionsPlus 2022-09-07 09:15 - 2022-09-07 09:15 - 000003946 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1638694259 2022-09-07 09:15 - 2022-09-07 09:15 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2022-09-02 20:34 - 2022-09-02 20:41 - 000000000 ____D C:\Users\gngn1\AppData\Roaming\Wireshark 2022-09-02 20:32 - 2022-09-02 20:32 - 000003460 _____ C:\Windows\system32\Tasks\npcapwatchdog 2022-09-02 20:32 - 2022-09-02 20:32 - 000001789 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk 2022-09-02 20:32 - 2022-09-02 20:32 - 000000000 ____D C:\Windows\SysWOW64\Npcap 2022-09-02 20:32 - 2022-09-02 20:32 - 000000000 ____D C:\Windows\system32\Npcap 2022-09-02 20:32 - 2022-09-02 20:32 - 000000000 ____D C:\Program Files\USBPcap 2022-09-02 20:31 - 2022-09-02 20:33 - 000000000 ____D C:\Program Files\Wireshark 2022-09-02 20:31 - 2022-09-02 20:32 - 000000000 ____D C:\Program Files\Npcap 2022-09-02 20:27 - 2022-09-02 20:28 - 077256616 _____ (Wireshark development team) C:\Users\gngn1\Downloads\Wireshark-win64-3.6.7.exe 2022-09-01 10:21 - 2022-09-28 15:26 - 000000000 ____D C:\AITEMP 2022-09-01 08:50 - 2022-09-21 16:58 - 000001396 _____ C:\Users\gngn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2022-09-01 08:50 - 2022-09-21 16:58 - 000000000 ____D C:\Users\gngn1\AppData\Local\ESET ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-09-29 00:15 - 2022-01-11 17:07 - 000000000 ____D C:\Users\gngn1\Documents\Outlook Files 2022-09-29 00:12 - 2021-12-15 02:36 - 000000000 ____D C:\Users\gngn1\AppData\Roaming\TinyWall 2022-09-28 23:59 - 2021-06-05 07:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-09-28 23:47 - 2021-06-05 07:10 - 000000000 ___HD C:\Program Files\WindowsApps 2022-09-28 23:47 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\AppReadiness 2022-09-28 23:11 - 2021-12-06 03:03 - 000000000 ____D C:\Users\gngn1\AppData\Local\ClassicShell 2022-09-28 23:08 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\SystemTemp 2022-09-28 23:03 - 2021-12-15 02:36 - 000000000 ____D C:\ProgramData\TinyWall 2022-09-28 23:03 - 2021-12-05 03:50 - 000000000 ____D C:\Program Files\Opera 2022-09-28 23:03 - 2021-11-09 18:32 - 000980092 _____ C:\Windows\system32\PerfStringBackup.INI 2022-09-28 23:03 - 2021-06-05 07:09 - 000000000 ____D C:\Windows\INF 2022-09-28 22:58 - 2022-03-27 14:36 - 000000000 ____D C:\Intel 2022-09-28 22:58 - 2021-12-05 03:54 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2022-09-28 22:58 - 2021-12-05 03:23 - 000000000 ___RD C:\Users\gngn1\OneDrive 2022-09-28 22:58 - 2021-11-09 18:28 - 000012288 ___SH C:\DumpStack.log.tmp 2022-09-28 22:58 - 2021-11-09 18:28 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2022-09-28 22:57 - 2022-03-27 11:47 - 000692370 _____ C:\Windows\ntbtlog.txt 2022-09-28 22:57 - 2021-06-05 07:01 - 000786432 _____ C:\Windows\system32\config\BBI 2022-09-28 22:38 - 2021-12-05 03:10 - 000000000 ____D C:\Users\gngn1 2022-09-28 22:36 - 2021-12-15 02:18 - 000000000 ____D C:\Users\gngn1\AppData\LocalLow\Mozilla 2022-09-28 22:34 - 2022-03-25 05:54 - 000000000 ____D C:\Users\gngn1\AppData\Roaming\TeraCopy 2022-09-28 22:27 - 2021-11-09 18:28 - 000000000 ____D C:\Windows\system32\SleepStudy 2022-09-28 13:46 - 2022-01-12 13:20 - 000000000 ___RD C:\Users\gngn1\Creative Cloud Files 2022-09-28 13:35 - 2022-03-11 04:25 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS 2022-09-27 22:25 - 2021-12-05 03:22 - 000000000 ____D C:\Users\gngn1\AppData\Local\D3DSCache 2022-09-27 22:08 - 2021-12-05 03:22 - 000000000 ____D C:\Users\gngn1\AppData\Local\Packages 2022-09-27 22:08 - 2021-11-09 18:29 - 000000000 ____D C:\ProgramData\Packages 2022-09-27 22:06 - 2022-08-17 08:58 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2022-09-27 21:15 - 2022-03-11 04:10 - 000000000 ____D C:\sysinternals 2022-09-26 22:56 - 2021-12-15 00:05 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1789883001-303321401-512692908-1001 2022-09-26 12:34 - 2022-04-06 22:49 - 000001623 _____ C:\Windows\system32\config\VSMIDK 2022-09-26 09:15 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\LiveKernelReports 2022-09-26 03:16 - 2022-02-07 01:19 - 000003118 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1789883001-303321401-512692908-1002 2022-09-26 02:18 - 2022-02-12 00:36 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2022-09-26 02:05 - 2022-01-08 17:39 - 000000000 ____D C:\Users\gngn1\AppData\Local\CrashDumps 2022-09-26 00:31 - 2021-06-05 07:10 - 000000000 ___RD C:\Windows\PrintDialog 2022-09-26 00:15 - 2021-11-09 18:52 - 000000000 __RHD C:\Users\Public\AccountPictures 2022-09-26 00:15 - 2021-06-05 07:10 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2022-09-25 23:22 - 2021-12-05 03:22 - 000000000 ____D C:\Users\gngn1\AppData\Roaming\Adobe 2022-09-24 22:56 - 2021-06-05 07:01 - 000000000 ____D C:\Windows\CbsTemp 2022-09-24 11:44 - 2021-12-05 03:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-09-24 11:44 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\ServiceState 2022-09-23 13:32 - 2021-12-05 03:50 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-09-23 13:32 - 2021-12-05 03:50 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2022-09-23 12:35 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\SecurityHealth 2022-09-22 21:52 - 2022-07-08 12:14 - 000000000 ____D C:\ProgramData\boost_interprocess 2022-09-22 13:38 - 2022-01-11 17:45 - 000000000 ____D C:\Users\gngn1\AppData\Roaming\vlc 2022-09-22 11:18 - 2022-08-04 21:50 - 000000000 ____D C:\Users\gngn1\AppData\Roaming\QtProject 2022-09-21 12:09 - 2021-12-22 14:02 - 000000000 ____D C:\Users\gngn1\AppData\Roaming\Telegram Desktop 2022-09-21 12:02 - 2022-01-04 03:43 - 000000000 ____D C:\Users\gngn1\AppData\Roaming\Spotify 2022-09-21 12:00 - 2022-01-15 00:13 - 000000000 ____D C:\Users\gngn1\AppData\Local\Spotify 2022-09-20 17:51 - 2022-05-25 03:10 - 000000000 ____D C:\Users\gngn1\dwhelper 2022-09-18 02:58 - 2021-11-09 18:41 - 000000000 ____D C:\Program Files\Microsoft Office 2022-09-16 09:26 - 2022-02-19 22:29 - 001285856 _____ C:\Windows\system32\FNTCACHE.DAT 2022-09-16 09:26 - 2022-02-03 16:36 - 000000000 ____D C:\ProgramData\Logishrd 2022-09-16 09:25 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\SysWOW64\Dism 2022-09-16 09:25 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\SystemResources 2022-09-16 09:25 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\setup 2022-09-16 09:25 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\oobe 2022-09-16 09:25 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\Dism 2022-09-16 09:25 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\DDFs 2022-09-16 09:25 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\appraiser 2022-09-16 09:25 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\Provisioning 2022-09-16 09:25 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\bcastdvr 2022-09-13 21:21 - 2021-12-06 16:53 - 000000000 ____D C:\Windows\system32\MRT 2022-09-13 21:19 - 2021-12-06 16:53 - 141646296 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2022-09-13 21:17 - 2021-11-09 18:31 - 003103744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2022-09-13 02:12 - 2022-01-12 13:12 - 000000000 ____D C:\Program Files\Common Files\Adobe 2022-09-07 04:33 - 2021-11-09 18:28 - 000000000 ____D C:\Windows\system32\Drivers\wd ==================== Files in the root of some directories ======== 2022-06-23 03:39 - 2022-06-23 03:39 - 000000036 _____ () C:\Users\gngn1\AppData\Local\.__explain_this_is_writeable_not_delete__ 2021-12-06 02:51 - 2022-08-25 23:21 - 000007686 _____ () C:\Users\gngn1\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022 Ran by God (29-09-2022 00:16:53) Running from C:\Users\gngn1\Desktop Microsoft Windows 11 Home Version 21H2 22000.978 (X64) (2021-12-05 08:22:38) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1789883001-303321401-512692908-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1789883001-303321401-512692908-503 - Limited - Disabled) God (S-1-5-21-1789883001-303321401-512692908-1001 - Administrator - Enabled) => C:\Users\gngn1 Guest (S-1-5-21-1789883001-303321401-512692908-501 - Limited - Disabled) Sokka (S-1-5-21-1789883001-303321401-512692908-1003 - Limited - Enabled) => C:\Users\Sokka WDAGUtilityAccount (S-1-5-21-1789883001-303321401-512692908-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov) 7-Zip 21.06 (x64) (HKLM\...\7-Zip) (Version: 21.06 - Igor Pavlov) Adobe Bridge 2022 (HKLM-x32\...\KBRG_12_0_1) (Version: 12.0.1 - Adobe Inc.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.8.0.592 - Adobe Inc.) Adobe Illustrator 2022 (HKLM-x32\...\ILST_26_0_2) (Version: 26.0.2 - Adobe Inc.) Adobe Premiere Rush (HKLM-x32\...\RUSH_2_0) (Version: 2.0 - Adobe Inc.) Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Audacity 3.1.2 (HKLM\...\Audacity_is1) (Version: 3.1.2 - Audacity Team) Autopsy (HKLM\...\{1633CA1B-52C0-47B5-9A31-5A7764F4BA83}) (Version: 4.19.3 - The Sleuth Kit) Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft) Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.) Dell SupportAssist Remediation (HKLM-x32\...\{0b3f567c-a2ee-437a-861f-bb6da9f2111b}) (Version: 5.5.0.16046 - Dell Inc.) Dynamic Application Loader Host Interface Service (HKLM\...\{A28339C8-E641-4CCE-A316-56F405D1C245}) (Version: 1.0.0.0 - Intel Corporation) Hidden EaseUS MobiSaver 8.0.2 (HKLM-x32\...\EaseUS MobiSaver_is1) (Version: - EaseUS) EaseUS MobiUnlock 3.0.1 (HKLM-x32\...\EaseUS MobiUnlock_is1) (Version: - EaseUS) Falkon 3.1.0 x64 (HKLM-x32\...\Falkon) (Version: 3.1.0 x64 - Falkon Team) FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft) FileZilla Client 3.58.0 (HKLM-x32\...\FileZilla Client) (Version: 3.58.0 - Tim Kosse) Fusion Service (HKLM\...\{599709E7-DD10-4FF5-96D5-7C6F6B5F62C0}) (Version: 1.92.22.0 - Dell.Inc) Hidden Fusion Service (HKLM-x32\...\{81ce0187-37c1-4c23-8387-44454e1796ad}) (Version: 1.92.22.0 - Dell.Inc) Google Earth Pro (HKLM\...\{C36E66A6-6EE5-47DB-945F-A6F03225D540}) (Version: 7.3.4.8573 - Google) Intel(R) LMS (HKLM\...\{A0983640-26D2-4CD8-A512-747BF3CF3F82}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2101.15.0.2080 - Intel Corporation) iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.) Jump Desktop (HKLM\...\{388F7980-94E2-4BAD-9123-F07E05BD16A2}) (Version: 8.4.27.0 - Phase Five Systems) Jump Desktop Connect (HKLM-x32\...\{081CADBE-4FE4-4AA9-A187-221A03078C6A}) (Version: 6.7.69.0 - Phase Five Systems) Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.22.5550 - Logitech) Logitech Options (HKLM\...\LogiOptions) (Version: 9.60.87 - Logitech) Malwarebytes version 4.4.11.149 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 - Malwarebytes) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15601.20148 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.53 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.191.0911.0001 - Microsoft Corporation) Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.15601.20148 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{7C0242A3-8B66-35D1-9FE0-13B426ACB609}) (Version: 10.0.60729 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 105.0.1 (x64 en-US)) (Version: 105.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla) Npcap (HKLM-x32\...\NpcapInst) (Version: 1.60 - Nmap Project) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15601.20064 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15601.20148 - Microsoft Corporation) Hidden Opera Stable 90.0.4480.84 (HKLM-x32\...\Opera 90.0.4480.84) (Version: 90.0.4480.84 - Opera Software) PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 220914 - Kakao Corp.) PuTTY release 0.76 (64-bit) (HKLM\...\{1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89}) (Version: 0.76.0.0 - Simon Tatham) qBittorrent 4.3.9 (HKLM-x32\...\qBittorrent) (Version: 4.3.9 - The qBittorrent project) Revo Uninstaller 2.3.8 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.8 - VS Revo Group, Ltd.) Spotify (HKU\S-1-5-21-1789883001-303321401-512692908-1001\...\Spotify) (Version: 1.1.94.870.gf994cb0b - Spotify AB) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.3.3 - Krzysztof Kowalczyk) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.24.5 - TeamViewer) Telegram Desktop version 4.1.1 (HKU\S-1-5-21-1789883001-303321401-512692908-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.1.1 - Telegram FZ-LLC) TeraCopy (HKLM\...\{F8B0BB18-B1E6-4821-8C5B-883AA5DE3EEA}) (Version: 3.9.0 - Code Sector) TinyWall (HKLM-x32\...\{6A366BCB-2A38-4D2A-80FD-A5E0C32C97C8}) (Version: 3.2.3.0 - Károly Pados) USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon) UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.) VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) WinDirStat 1.1.2 (HKU\S-1-5-21-1789883001-303321401-512692908-1001\...\WinDirStat) (Version: - ) WinMerge 2.16.16.0 x64 (HKLM\...\WinMerge_is1) (Version: 2.16.16.0 - Thingamahoochie Software) WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH) Wireshark 3.6.7 64-bit (HKLM-x32\...\Wireshark) (Version: 3.6.7 - The Wireshark developer community, hxxps://www.wireshark.org) XnView 2.50.4 (HKLM-x32\...\XnView_is1) (Version: 2.50.4 - Gougelet Pierre-e) Zoom (HKLM-x32\...\{1B8D4A17-201A-4113-A512-B7DEEF293AF1}) (Version: 5.8.2048 - Zoom) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2022-04-28] (Adobe Systems Incorporated) Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnectPlus_4.1.8330.0_x64__0vhbc3ng4wbp0 [2022-09-26] (Screenovate Technologies) Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1032.0_x64__8j3eq9eme6ctt [2022-09-26] (INTEL CORP) MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-09-26] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-04-02] (Microsoft Corporation) Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.4447.0_x64__8wekyb3d8bbwe [2022-09-26] (Microsoft Corporation) [Startup Task] Unigram—Telegram for Windows -> C:\Program Files\WindowsApps\38833FF26BA1D.UnigramPreview_8.9.7687.0_x64__g9c9v27vpyspw [2022-09-05] (Unigram, Inc.) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1789883001-303321401-512692908-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-231FB76D9980} -> [Creative Cloud Files] => C:\Users\gngn1\Creative Cloud Files [2022-01-12 13:20] CustomCLSID: HKU\S-1-5-21-1789883001-303321401-512692908-1001_Classes\CLSID\{23B3E3D8-C162-4A8B-AB0C-0905DCB1DF19}\InprocServer32 -> C:\Users\gngn1\AppData\Local\Packages\Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe\TempState\RDP\DVCPlugin\x64\Microsoft.Flow.RPA.Desktop.UIAutomation.RDP.DVC.Plugin.dll (Microsoft Corporation -> ) CustomCLSID: HKU\S-1-5-21-1789883001-303321401-512692908-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) CustomCLSID: HKU\S-1-5-21-1789883001-303321401-512692908-1001_Classes\CLSID\{375360E1-2D4B-4DEB-9C05-B3A3CA553923}\InprocServer32 -> C:\Program Files\Mozilla Firefox\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation) CustomCLSID: HKU\S-1-5-21-1789883001-303321401-512692908-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_ff8d0bd695f4bb2e\OptaneShellExt.dll [2022-02-07] (Intel Corporation -> ) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> ) ContextMenuHandlers1: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-04-21] (Code Sector -> Code Sector) ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2021-10-02] (Takashi Sawanaka -> hxxps://winmerge.org) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-04-21] (Code Sector -> Code Sector) ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2021-10-02] (Takashi Sawanaka -> hxxps://winmerge.org) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-05] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_ff8d0bd695f4bb2e\OptaneShellExt.dll [2022-02-07] (Intel Corporation -> ) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-04-21] (Code Sector -> Code Sector) ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2021-10-02] (Takashi Sawanaka -> hxxps://winmerge.org) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.191.0911.0001\FileSyncShell64.dll [2022-09-26] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2021-10-02] (Takashi Sawanaka -> hxxps://winmerge.org) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-05] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed] ContextMenuHandlers6: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-04-21] (Code Sector -> Code Sector) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2022-02-21 11:25 - 2022-02-21 11:25 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll 2022-02-21 11:25 - 2022-02-21 11:25 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll 2021-12-05 03:51 - 2021-11-24 09:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2017-08-13 09:49 - 2017-08-13 09:49 - 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll 2017-08-13 09:49 - 2017-08-13 09:49 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll 2021-11-09 18:41 - 2021-11-09 18:41 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll 2021-11-09 18:41 - 2021-11-09 18:41 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll 2022-01-07 10:41 - 2022-01-07 10:41 - 013733888 _____ (Phase Five Systems) [File not signed] C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.7.69.0\JumpConnectCore.dll 2022-02-21 11:25 - 2022-02-21 11:25 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll 2022-02-21 11:25 - 2022-02-21 11:25 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll 2022-02-21 11:25 - 2022-02-21 11:25 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65395606.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\65395606.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== URLSearchHook: [S-1-5-21-1789883001-303321401-512692908-1001] ATTENTION => Default URLSearchHook is missing BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-16] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-08] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2021-06-05 07:08 - 2021-10-11 02:45 - 000334861 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 abcstats.com 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 csh.actiondesk.com 0.0.0.0 ads.activepower.net 0.0.0.0 app.activetrail.com 0.0.0.0 ad2games.com 0.0.0.0 adadvisor.net 0.0.0.0 www.adchimp.com 0.0.0.0 pixel.adcrowd.com 0.0.0.0 ct1.addthis.com 0.0.0.0 static.uk.addynamo.com 0.0.0.0 adexc.net 0.0.0.0 static.adfclick1.com 0.0.0.0 server.adformdsp.net 0.0.0.0 s.adframesrc.com 0.0.0.0 media.adfrontiers.com 0.0.0.0 www.adgitize.com 0.0.0.0 www.ad-groups.com #[Ban Man Pro Banner Code] 0.0.0.0 adgrx.com 0.0.0.0 adhall.com 0.0.0.0 adhitzads.com 0.0.0.0 aj.adjungle.com 0.0.0.0 adserver-e7.com 0.0.0.0 n.admagnet.net There are 8702 more lines. 2022-01-20 10:16 - 2022-08-07 23:11 - 000000374 _____ C:\Windows\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1789883001-303321401-512692908-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\gngn1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-1789883001-303321401-512692908-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 9.9.9.9 - 149.112.112.112 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Bluetooth Network Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "Everything" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "Opera Browser Assistant" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant" HKU\S-1-5-21-1789883001-303321401-512692908-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-1789883001-303321401-512692908-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C0A32B37347337D257B1541CA93F7472" HKU\S-1-5-21-1789883001-303321401-512692908-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-1789883001-303321401-512692908-1001\...\StartupApproved\Run: => "Speech Recognition" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C2A5E20E-1F04-4D7D-ADAA-9026D35A3B26}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{027E032D-A7ED-45B3-AB1D-5C808C685D7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{4665FCD0-7E10-41E1-90FE-309580DEF7CD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1E860482-8990-4E25-9246-9A99F50B6E0E}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.7.69.0\JumpConnect.exe (PhaseFive Systems LLC -> Phase Five Systems) FirewallRules: [{380E5FDE-93A1-4238-BE5C-FEF5E36946D7}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.7.69.0\JumpConnect.exe (PhaseFive Systems LLC -> Phase Five Systems) FirewallRules: [{B5C81192-EC77-485C-99B4-B8AAB7195F28}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.) FirewallRules: [{93AB2033-C6B3-4FC4-9928-E46BFC60D137}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22055.502.1226.2344_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{97046305-7548-4DED-B501-487DBADD4D15}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22055.502.1226.2344_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EA21E87C-9F2A-4449-8408-C08AF06912CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File FirewallRules: [{EF0DC3B7-2A94-41EF-9F5A-7678A08AD664}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File FirewallRules: [{2AE5D8DA-0340-43A6-A8DB-4DC1A0D30C42}] => (Allow) C:\Program Files\Opera\90.0.4480.54\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [{8FEE7E9A-04FF-4D4E-9C6E-0149217D6928}] => (Allow) C:\Program Files\Opera\90.0.4480.84\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [{BC39B814-683D-46EE-9ECB-9C7F751AA32E}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.) ==================== Restore Points ========================= 28-09-2022 23:00:02 Removed Bonjour 28-09-2022 23:01:27 Removed 7-Zip 19.00 (x64 edition) ==================== Faulty Device Manager Devices ============ Name: Realtek PCIe GbE Family Controller Description: Realtek PCIe GbE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: rt640x64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (09/28/2022 10:38:42 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (09/28/2022 10:38:42 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (09/28/2022 10:38:42 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (09/28/2022 10:38:42 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (09/28/2022 01:39:17 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 10.0.22000.978 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1e84 Start Time: 01d8d36839d9a69c Termination Time: 20 Application Path: C:\Windows\explorer.exe Report Id: 9e6212d3-1134-4a4f-b69b-c2ec549a2dbf Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (09/28/2022 01:38:56 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location B:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (09/28/2022 01:31:31 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: ) Description: Event-ID 12007 Error: (09/28/2022 01:31:31 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: ) Description: Event-ID 0 System errors: ============= Error: (09/28/2022 11:58:48 PM) (Source: Schannel) (EventID: 4108) (User: FAST-DELL) Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The TLS connection request has failed. The attached data contains the server certificate. The SSPI client process is LogiLuUpdater (PID: 15420). Error: (09/28/2022 11:28:54 PM) (Source: Schannel) (EventID: 4108) (User: FAST-DELL) Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The TLS connection request has failed. The attached data contains the server certificate. The SSPI client process is LogiLuUpdater (PID: 11432). Error: (09/28/2022 11:08:48 PM) (Source: Schannel) (EventID: 4108) (User: FAST-DELL) Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The TLS connection request has failed. The attached data contains the server certificate. The SSPI client process is LogiLuUpdater (PID: 16948). Error: (09/28/2022 11:08:48 PM) (Source: Schannel) (EventID: 4108) (User: FAST-DELL) Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The TLS connection request has failed. The attached data contains the server certificate. The SSPI client process is LogiLuUpdater (PID: 16600). Error: (09/28/2022 11:08:48 PM) (Source: Schannel) (EventID: 4108) (User: FAST-DELL) Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The TLS connection request has failed. The attached data contains the server certificate. The SSPI client process is LogiLuUpdater (PID: 16476). Error: (09/28/2022 11:08:48 PM) (Source: Schannel) (EventID: 4108) (User: FAST-DELL) Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The TLS connection request has failed. The attached data contains the server certificate. The SSPI client process is LogiLuUpdater (PID: 15328). Error: (09/28/2022 11:08:48 PM) (Source: Schannel) (EventID: 4108) (User: FAST-DELL) Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The TLS connection request has failed. The attached data contains the server certificate. The SSPI client process is LogiLuUpdater (PID: 16400). Error: (09/28/2022 11:08:48 PM) (Source: Schannel) (EventID: 4108) (User: FAST-DELL) Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The TLS connection request has failed. The attached data contains the server certificate. The SSPI client process is LogiLuUpdater (PID: 16516). Windows Defender: ================ Date: 2022-09-26 10:30:42 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0 Name: SettingsModifier:Win32/PossibleHostsFileHijack Severity: Medium Category: Settings Modifier Path: file:_C:\Windows\System32\drivers\etc\hosts Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.375.1016.0, AS: 1.375.1016.0, NIS: 1.375.1016.0 Engine Version: AM: 1.1.19600.3, NIS: 1.1.19600.3 Date: 2022-09-26 10:30:30 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0 Name: SettingsModifier:Win32/PossibleHostsFileHijack Severity: Medium Category: Settings Modifier Path: file:_C:\Windows\System32\drivers\etc\hosts Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.375.1016.0, AS: 1.375.1016.0, NIS: 1.375.1016.0 Engine Version: AM: 1.1.19600.3, NIS: 1.1.19600.3 Date: 2022-09-26 02:23:28 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0 Name: SettingsModifier:Win32/PossibleHostsFileHijack Severity: Medium Category: Settings Modifier Path: file:_C:\Windows\System32\drivers\etc\hosts Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: C:\Users\gngn1\Desktop\FRST64.exe Security intelligence Version: AV: 1.375.1016.0, AS: 1.375.1016.0, NIS: 1.375.1016.0 Engine Version: AM: 1.1.19600.3, NIS: 1.1.19600.3 Date: 2022-09-26 01:58:41 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0 Name: SettingsModifier:Win32/PossibleHostsFileHijack Severity: Medium Category: Settings Modifier Path: file:_C:\Windows\System32\drivers\etc\hosts Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.375.1016.0, AS: 1.375.1016.0, NIS: 1.375.1016.0 Engine Version: AM: 1.1.19600.3, NIS: 1.1.19600.3 Date: 2022-09-26 00:15:31 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0 Name: SettingsModifier:Win32/PossibleHostsFileHijack Severity: Medium Category: Settings Modifier Path: file:_C:\Windows\System32\drivers\etc\hosts Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.375.1006.0, AS: 1.375.1006.0, NIS: 1.375.1006.0 Engine Version: AM: 1.1.19600.3, NIS: 1.1.19600.3 Event[0] Date: 2022-09-28 22:41:33 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2022-09-28 22:37:32 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.375.1177.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19600.3 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2022-09-28 13:39:15 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.375.1134.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19600.3 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =============== Date: 2022-09-28 23:19:07 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9b8a04f8c64efd94\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2022-09-28 22:32:20 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. 1.5.0 02/11/2022 Motherboard: Dell Inc. 0YF8P5 Processor: Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz Percentage of memory in use: 41% Total physical RAM: 12021.07 MB Available physical RAM: 7019.64 MB Total Virtual: 28838.92 MB Available Virtual: 23710.69 MB ==================== Drives ================================ Drive a: (1TB-LT) (Fixed) (Total:917.04 GB) (Free:297.48 GB) (Model: TOSHIBA MQ01ABD100) NTFS Drive c: (OS) (Fixed) (Total:460.75 GB) (Free:50.22 GB) (Model: NVMe BC711 NVMe SK hynix 512GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:13.24 GB) (Free:1.57 GB) (Model: TOSHIBA MQ01ABD100) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{8a3cbc66-ab72-496a-8c28-f1c9d89e1ff4}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.36 GB) NTFS \\?\Volume{e7899493-836e-40e2-a860-993bc8fe0b89}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.48 GB) NTFS \\?\Volume{25391c42-c24a-4412-a42b-0763395eec6d}\ (Image) (Fixed) (Total:13.58 GB) (Free:0.15 GB) NTFS \\?\Volume{7aa07a21-543e-4687-bcaf-54e5b284a176}\ (DELLSUPPORT) (Fixed) (Total:1.36 GB) (Free:0.53 GB) NTFS \\?\Volume{e3bd6638-6fd2-43f2-9f08-688f4c1389b4}\ () (Fixed) (Total:0.25 GB) (Free:0.14 GB) FAT32 \\?\Volume{d88befe7-be9f-42cc-886d-d916edbba0ff}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D) Partition: GPT. ========================================================== Disk: 1 (Size: 476.9 GB) (Disk ID: 416A8FEC) Partition: GPT. ==================== End of Addition.txt =======================
  8. put a USB drive in my computer a few days ago, computer started acting strangly. Adobe Illustrator not working properly, anti-virus programs not working properly, even FRST didn't load correctly until I re-downloaded it. I notice a lot of entries in my process list using process explorer and dozens of outbound connections using svchost and system. I had to boot in safe mode and run an old copy of FRST because I couldn't downlaod a fresh copy without networking. Addition.txtFRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.