Jump to content

Rootkit/ bootkit that has taken over my entire house .. please help.


Dexie
 Share

Recommended Posts

It would not let me copy and paste the information I only successfully uploaded the text document after many tries and many new windows.  It seems to be a kernel based rootkit bootloader residing in my vram. Anything I have tried to use gets disabled.  Most websites are unavailable to me. 

Link to post
Share on other sites

  • Root Admin

Nothing really found. Please try the following

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 
Spoiler

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites

OTL Extras logfile created on: 12/2/2021 5:11:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\cricket\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.19041.0)
Locale: 00000409 | Country:  | Language: ENU | Date Format: M/d/yyyy
 
63.83 Gb Total Physical Memory | 59.23 Gb Available Physical Memory | 92.80% Memory free
73.33 Gb Paging File | 67.06 Gb Available in Paging File | 91.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.97 Gb Total Space | 815.00 Gb Free Space | 87.54% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP-UHM6OA6 | User Name: cricket | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av]
"DataMigrated" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{1122B19A-E671-38EC-8EAC-87048FD4528D}]
"GUID" = {1122B19A-E671-38EC-8EAC-87048FD4528D}
"DISPLAYNAME" = Norton Security
"STATE" = 331776
"PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.20.2.57\WSCStub.exe
"REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.20.2.57\nsWscSvc.exe
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}]
"GUID" = {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
"DISPLAYNAME" = Norton Security
"STATE" = 331776
"PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.21.5.44\WSCStub.exe
"REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.21.5.44\nsWscSvc.exe
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}]
"GUID" = {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
"DISPLAYNAME" = Norton Security
"STATE" = 331776
"PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.21.10.40\WSCStub.exe -- (NortonLifeLock Inc.)
"REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.21.10.40\nsWscSvc.exe -- (NortonLifeLock Inc.)
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}]
"GUID" = {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
"DISPLAYNAME" = Microsoft Defender Antivirus
"STATE" = 393472
"PRODUCTEXE" = windowsdefender://
"REPORTINGEXE" = %ProgramFiles%\Windows Defender\MsMpeng.exe -- (Microsoft Corporation)
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw]
"DataMigrated" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{291930BF-AC1E-39B4-A5F3-2E31710715F6}]
"GUID" = {291930BF-AC1E-39B4-A5F3-2E31710715F6}
"DISPLAYNAME" = Norton Security
"STATE" = 331776
"PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.20.2.57\WSCStub.exe
"REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.20.2.57\WSCStub.exe
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{96F5A003-BE88-6851-3AAD-B25C2F288CAB}]
"GUID" = {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
"DISPLAYNAME" = Norton Security
"STATE" = 331776
"PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.21.10.40\WSCStub.exe -- (NortonLifeLock Inc.)
"REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.21.10.40\WSCStub.exe -- (NortonLifeLock Inc.)
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{A6045214-8EAD-7B9C-2E68-BA2B11C858F1}]
"GUID" = {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
"DISPLAYNAME" = Norton Security
"STATE" = 331776
"PRODUCTEXE" = C:\Program Files\Norton Security\Engine\22.21.5.44\WSCStub.exe
"REPORTINGEXE" = C:\Program Files\Norton Security\Engine\22.21.5.44\WSCStub.exe
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration\WicaUpgradableAVs]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 9E AE 06 8A 48 BE D6 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{076858B1-8B7D-484E-935C-C1B7080F8E07}" = lport=8088 | protocol=17 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | 
"{15567F7B-105D-4CA6-B670-AD11B03D266F}" = lport=48010 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | 
"{21A6AA1D-B0EC-4EDF-BF6A-95A39497C0FB}" = lport=57621 | protocol=17 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | 
"{74BB29A7-3B8F-48B0-AC5E-6B501F87CF35}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | 
"{7DD0D3D9-59E4-4FC8-B17C-8D4A307F419F}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{890C8136-3775-4252-9C77-E748475B253C}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{89742FDF-A5EF-4B8C-A915-1412F53873DF}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | 
"{B8A6E6E8-9065-4665-86EA-BE788C33BB9A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | 
"{E13BC654-A762-4EC1-B673-D29EF45DF9F2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft\edge\application\msedge.exe | 
"{E1D0D201-D36F-476F-996C-76832AD1EB68}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{F6FBECE6-F0AD-43EE-B6C0-78737C425B6E}" = lport=8088 | protocol=6 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0086C5DF-E3EC-45D6-849F-1BCEB531AEF1}" = dir=in | app=c:\program files (x86)\ostotosoft\drivertalent\download\minithunderplatform.exe | 
"{03679272-247D-4F42-9D2E-6F094CF544A8}" = dir=in | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | 
"{043CCCF4-B3A3-4C48-B56B-6B77C164D701}" = dir=in | name=@{microsoft.desktopappinstaller_1.16.12986.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} | 
"{043EF9D6-DEB0-4A6D-940F-207890B5C531}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{04F1052D-FDDE-4B0B-B05E-2F58C1A87E36}" = dir=out | name=skype | 
"{06117A68-53C9-40E0-A271-B3914EF990A5}" = dir=out | name=@{microsoft.mspaint_6.2105.4017.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mspaint/resources/appname} | 
"{06681C14-7E36-449F-8E9A-61A40D584C69}" = dir=in | name=@{microsoft.win32webviewhost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | 
"{07DCE17C-7F6D-4DC7-B541-7C84A8ABB38E}" = dir=out | name=microsoft pay | 
"{0882D563-CC17-47AF-9ABA-A02478C69028}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe | 
"{0BE348C2-AA12-4838-9CA1-22470B7B3BF0}" = protocol=6 | dir=in | app=c:\program files (x86)\overwolf\0.157.2.17\overwolfbrowser.exe | 
"{0C647DE8-9303-41FF-A2C5-32E5886AAA66}" = dir=in | app=c:\program files (x86)\asus\gamefirst\gameturbo.exe | 
"{110DBBC2-1579-4FC2-9978-710E6642D481}" = dir=out | name=xbox tcui | 
"{11B28C62-7D3E-4C83-AA90-B5010A087124}" = dir=in | name=@{microsoft.zunemusic_10.21102.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{12D18ECC-E957-4D28-9CE1-065DD735567D}" = dir=out | name=@{microsoft.windows.sechealthui_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} | 
"{15DE14A3-B2B0-4537-B59D-5D81871EA986}" = dir=out | name=@{microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | 
"{17F87FE7-61EA-4309-91F2-CB73F58C3F23}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{195EC3C5-7746-4950-9B8F-974869337D14}" = dir=out | name=disney+ | 
"{1A88C776-7146-431F-8A90-68E508409FC8}" = dir=out | name=xbox game bar plugin | 
"{1F0B72A5-96D4-4ADB-96FD-C01A7715902C}" = dir=out | name=@{microsoft.windows.search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | 
"{1FD03AD5-DA35-4365-9E76-E3CE14ACDC8C}" = dir=in | name=@{microsoft.yourphone_1.21102.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} | 
"{243C39A8-9EB5-41C6-83E0-27AE167DE85E}" = dir=in | name=@{microsoft.microsoftedge_44.19041.423.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{24B2CBFA-AB32-4653-8C0E-F5F762A8FDD9}" = dir=out | name=ncsiuwpapp | 
"{262AD912-AA9A-4B6A-90C9-3CE9DE735A39}" = protocol=6 | dir=in | app=c:\program files (x86)\overwolf\0.184.0.35\overwolfbrowser.exe | 
"{28E93013-366B-43A7-A124-55D075DC1FB0}" = dir=in | name=@{microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | 
"{2AC8B35E-9692-40BD-925E-1183ADC7B933}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | 
"{2B11A5D0-E5A0-4461-A65C-8705D511E1FF}" = dir=out | name=cortana | 
"{2C99D015-EEEA-488A-8E9E-38D5F5A3C939}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{2CDDB682-7414-40D9-89D1-56EDC4D1DF84}" = protocol=6 | dir=out | app=c:\program files\windowsapps\microsoft.skypeapp_15.78.159.0_x86__kzf8qxf38zg5c\skype\skype.exe | 
"{2CF0A015-275B-47C9-859F-0661CA6B43C5}" = dir=out | name=@{microsoft.windows.narratorquickstart_10.0.19041.423_neutral_neutral_8wekyb3d8bbwe?ms-resource://microsoft.windows.narratorquickstart/resources/appdisplayname} | 
"{34954B92-71D3-4C6A-AC3E-7BF45E41F717}" = dir=out | name=@{microsoft.yourphone_1.21102.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} | 
"{34C69255-3DB8-4FBF-B65B-76BB375012FE}" = dir=out | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | 
"{3519F915-02F4-4CB2-8AE5-8B4244EB443D}" = dir=in | app=c:\program files (x86)\asus\gamefirst\dututil.exe | 
"{356DFBE0-0B40-4952-8594-EF1EFC88062D}" = dir=out | name=@{microsoft.people_10.2105.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | 
"{3969355C-8FBA-4186-BB6D-09D62D23426A}" = dir=out | name=@{microsoft.desktopappinstaller_1.16.12986.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} | 
"{3AF6561C-4A25-43FA-9170-6DE7393C055D}" = dir=out | name=ncsiuwpapp | 
"{3B3C1597-F925-421B-8D5E-63082EAB1E7F}" = dir=out | name=@{microsoft.mixedreality.portal_2000.21051.1282.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mixedreality.portal/resources/pkgdisplayname} | 
"{3D62299A-6AD5-4C6F-8EFC-643E68A9A714}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | 
"{3F1A2B80-98B6-423A-90EE-75D634752983}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{3F722C7D-20A3-43F0-AD25-19AEC190309F}" = dir=out | name=sonic radar 3 | 
"{417075CA-10ED-4F42-9000-891E536FFA6F}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{41BB7A0F-EE2B-44AE-AF53-B86B25FF5BC3}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | 
"{491B6DAD-5C71-487D-8BBD-DFD5DAE24945}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.2111.3171.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | 
"{499F8135-1214-4982-B28E-B5E918326F8F}" = protocol=6 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | 
"{4D22687E-11C4-4343-A814-B8D2BD4A6C15}" = protocol=17 | dir=out | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | 
"{4D32556A-6372-481E-BDE9-84FE1DB6AEB7}" = dir=in | name=xbox game bar | 
"{54681E2F-237B-4B88-BA95-A2053B1AD224}" = dir=out | name=@{microsoft.windowscalculator_10.2103.8.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscalculator/resources/appstorename} | 
"{56379379-6A8A-4BBC-94BE-865C638BC74A}" = dir=in | name=microsoft solitaire collection | 
"{5B938936-6420-4293-9A90-6F5EDEDCCC56}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} | 
"{6373EF39-9445-4855-8743-4CD0CCFB59A1}" = dir=in | app=c:\program files\daemon tools lite\discsoftbusservicelite.exe | 
"{65EB5800-0430-4487-B393-35B42AB929C2}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} | 
"{66F59FA4-E4DD-479A-9019-477443A69125}" = dir=out | name=@{microsoft.xboxidentityprovider_12.83.12001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} | 
"{685311C0-7929-492C-8EAA-CE394A394C13}" = dir=out | name=@{microsoft.windowscamera_2021.105.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscamera/lenssdk/resources/appstorename} | 
"{68AD39E5-5795-4152-9B83-C75FE619126D}" = dir=in | name=@{microsoft.microsoftedge_44.19041.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{68FCB526-0D86-45A0-8ED4-936CEF093B77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6D4D5EED-3C91-4AFE-9C8A-C09E69D78E9D}" = dir=out | name=microsoft edge | 
"{6E3342A0-38D1-4750-915F-9C6D3B5DFF8A}" = dir=out | name=@{microsoft.getstarted_10.2110.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | 
"{7699878B-3D02-4259-993C-9FA6BE361E5A}" = dir=out | name=onenote for windows 10 | 
"{78A94296-F442-4D65-96E1-98CEF729FA3B}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | 
"{797A3BB6-CF0F-4AE8-87F8-095DC258E449}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | 
"{7A0F55E9-0319-4318-A0E9-64054B855E55}" = dir=out | name=ux.client.st | 
"{7C7D2F17-AB09-4839-9928-FF756BFFDEE2}" = dir=out | name=@{microsoft.lockapp_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | 
"{7D10542B-5176-469E-85F7-11D5F0A426DD}" = dir=out | name=@{microsoft.bingweather_4.46.32012.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | 
"{7DB9A56A-840D-4749-BC7D-8F12A0D086B5}" = dir=out | name=office | 
"{7E054308-F90B-412B-BA2D-804DDD6077BC}" = dir=in | name=onenote for windows 10 | 
"{7E6A45F4-5548-47E4-BB4E-302FA980DE09}" = dir=out | name=@{microsoft.zunevideo_10.21092.10731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{804D3236-F0F6-4CFD-A150-E8137E6270B3}" = dir=out | name=@{microsoft.accountscontrol_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | 
"{816BB322-B77E-48FF-B5A0-2F0DF4702D06}" = protocol=17 | dir=in | app=c:\program files (x86)\overwolf\0.184.0.35\overwolfbrowser.exe | 
"{8193EDEC-4ECF-4BDD-86CE-2CD828E272D2}" = dir=out | name=@{microsoft.storepurchaseapp_12109.1001.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.storepurchaseapp/resources/displaytitle} | 
"{85C5FDDD-E193-4D5A-B66C-4CAD828ED67D}" = dir=out | name=@{microsoft.microsoftedge_44.19041.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{865A76A9-A82D-4313-B32D-DAC3E61F881E}" = dir=in | name=@{microsoft.windows.search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | 
"{87DE6502-12C8-4FF5-942C-21712D5BAE2E}" = dir=in | name=microsoft edge | 
"{8C2359F5-B0CD-41F4-92D1-18A78D6B959A}" = protocol=6 | dir=in | app=c:\program files\windowsapps\microsoft.skypeapp_15.78.159.0_x86__kzf8qxf38zg5c\skype\skype.exe | 
"{8CD6F66D-FA05-46E8-93E5-7CEA1159B043}" = dir=in | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | 
"{8D35C0A9-7027-400C-B135-FAD574C1170A}" = protocol=17 | dir=in | app=c:\program files (x86)\overwolf\0.157.2.17\overwolfbrowser.exe | 
"{8E289104-9DAE-480B-8E7B-9560A9A82DE5}" = dir=out | name=@{microsoft.gethelp_10.2109.42921.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.gethelp/resources/appdisplayname} | 
"{8E422F69-B292-4E46-AC4A-50E89FE85BB1}" = dir=out | name=@{microsoft.windows.photos_2021.21090.10008.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | 
"{8F7F4443-17AA-4561-AABD-680E0A15CE8E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9066432F-36A8-4996-A6A1-B01637A651EC}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} | 
"{922FC972-6CFE-4993-88B7-38DA4AD77921}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{97E5E429-A802-43C7-A29C-96597DE7D506}" = dir=in | name=cortana | 
"{98ABFA1A-C6E7-4576-935B-BE23A690473F}" = dir=in | name=@{microsoft.windows.photos_2021.21090.10008.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | 
"{996A0BA6-1F75-475F-BF54-F86D8D17527C}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | 
"{9A567C33-F2B2-42B1-AD38-5B5C3AE8D02C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe | 
"{9CAA1199-A3BC-4FE7-8921-22022000FA7B}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | 
"{A1D6891B-7038-488A-B97D-DFE579F71694}" = dir=in | app=c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll | 
"{A466F654-DFAE-46F1-9DE6-C6474B1921AD}" = dir=out | name=@{microsoft.windows.secureassessmentbrowser_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.secureassessmentbrowser/resources/packagedisplayname} | 
"{A724DEE8-5911-48CF-8333-10C3E93C479E}" = dir=out | name=@{microsoft.accountscontrol_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | 
"{A75BDA22-102B-4869-9597-2C568B3E32F6}" = dir=out | name=windows feature experience pack | 
"{A81FC364-C9AA-433E-9C1C-376AD8EC762D}" = dir=out | name=@{microsoft.win32webviewhost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | 
"{AA2F8075-C3BE-4A1A-867F-07BA6E0A5C9A}" = dir=out | name=microsoft store | 
"{AB6A5E3F-81FC-4446-9110-D55777DE0AE7}" = dir=out | name=@{microsoft.zunemusic_10.21102.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{AF9C4B24-595F-426B-B0D1-0B2B9C3DE623}" = dir=out | name=@{microsoft.microsoft3dviewer_7.2107.7012.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoft3dviewer/common.view.uwp/resources/storeappname} | 
"{AFAA2BBE-42A6-428E-AD6E-F514BA499238}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | 
"{B0AB0FC3-F929-43EB-890A-561E0456292A}" = dir=in | name=microsoft store | 
"{B2F77664-DDD3-4358-B334-579C0576446A}" = dir=out | name=@{microsoft.windows.sechealthui_10.0.19041.423_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} | 
"{B38B7E4F-051B-4954-8642-1DFC9CACEFBB}" = dir=out | name=@{microsoft.microsoftedge_44.19041.423.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | 
"{B4940B11-A267-44AE-89D2-7DF807CD0D47}" = dir=out | name=@{microsoft.win32webviewhost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | 
"{B67EB305-00DC-4F2A-9C89-76DBC85D2C11}" = dir=out | name=@{microsoft.xboxapp_48.78.15001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxapp/xboxapp.resource/resources/app_title} | 
"{B8CAFA2C-3FBA-4C76-AFD9-3379B03EF4D8}" = dir=out | name=@{microsoft.windows.search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | 
"{B8CCACC7-D719-47C1-A9A6-4D946F527419}" = dir=out | name=xbox game bar | 
"{B95B0CB3-8AD8-40EE-91C7-EB91E5DF0B6A}" = dir=in | name=@{microsoft.zunevideo_10.21092.10731.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{BA0C93A8-D6AF-47AF-83BD-80A92739B870}" = dir=out | name=microsoft solitaire collection | 
"{BA1DC385-6718-4326-8141-B301F705CD37}" = dir=in | name=@{microsoft.windows.search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | 
"{BB6434E0-EF6D-4FF5-BFC5-9EB0B6E7EA26}" = dir=out | name=@{microsoft.windows.narratorquickstart_10.0.19041.1_neutral_neutral_8wekyb3d8bbwe?ms-resource://microsoft.windows.narratorquickstart/resources/appdisplayname} | 
"{BBE64BC5-A7AC-4FFC-B3AC-6B6E76D1475C}" = dir=in | app=c:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe | 
"{BBFE2A19-3860-4357-BE59-5729325DDFB8}" = dir=in | name=skype | 
"{BDF83AA0-5686-4221-BABA-38A6FFB8EE5E}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} | 
"{BFD0D6E0-C010-425A-B6E6-4D5CDC639E6C}" = dir=out | name=@{microsoft.windowsmaps_10.2104.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | 
"{C00A9393-6F0C-469C-999A-F64437B7E5FE}" = dir=out | name=sonic studio 3 | 
"{C6E9EDA6-0FA5-4558-AC45-75EA03C9A7E0}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | 
"{C72A866B-8A98-48B0-A589-87F0C219D543}" = protocol=17 | dir=in | app=c:\program files\windowsapps\microsoft.skypeapp_15.78.159.0_x86__kzf8qxf38zg5c\skype\skype.exe | 
"{CC040024-B8D3-4A24-9A85-9422BAB84C6A}" = dir=in | name=@{microsoft.xboxapp_48.78.15001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxapp/xboxapp.resource/resources/app_title} | 
"{CD65C83E-EC26-4FA5-9DA9-AEC5900C2C35}" = protocol=6 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | 
"{CDEAD757-3FD1-4670-88CB-674157ADE317}" = protocol=17 | dir=out | app=c:\program files\windowsapps\microsoft.skypeapp_15.78.159.0_x86__kzf8qxf38zg5c\skype\skype.exe | 
"{D294E647-6D2B-4A6B-916D-F4FCE0470741}" = dir=out | name=@{microsoft.lockapp_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | 
"{D2E0FC2C-FB54-491A-97EF-FB48DD4A7108}" = protocol=6 | dir=out | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | 
"{D91E811D-7B41-48A9-A83A-15D21087FCB7}" = protocol=6 | dir=in | app=c:\program files (x86)\overwolf\0.184.0.35\overwolfbrowser.exe | 
"{E1DE7385-9F9F-46EE-BC1C-297345FEAF5C}" = dir=out | name=windows_ie_ac_001 | 
"{E1ED5C3F-2BC9-4563-B3AA-7F2542AF3319}" = dir=in | name=@{microsoft.microsoftstickynotes_4.1.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftstickynotes/resources/stickynotesstoreappname} | 
"{E4E7515B-38AA-4C29-BA81-0A30AD82496E}" = dir=out | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | 
"{E4F5E42F-AB36-44A5-A1A7-DB48BC0D0754}" = protocol=6 | dir=in | app=c:\program files\windowsapps\spotifyab.spotifymusic_1.173.517.0_x86__zpdnekdrzrea0\spotify.exe | 
"{E71EC2FC-7509-495C-872F-1F2A2D680B4E}" = dir=out | name=@{microsoft.microsoftstickynotes_4.1.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftstickynotes/resources/stickynotesstoreappname} | 
"{E7A14E18-1357-472A-AB0E-88073187B926}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | 
"{E8A87AC7-6111-4DBE-B9E3-FCCB02840CA6}" = dir=in | name=@{microsoft.win32webviewhost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | 
"{EB55CF67-4BA3-47CE-940B-D8022D827F36}" = dir=out | name=@{microsoft.windows.secureassessmentbrowser_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.secureassessmentbrowser/resources/packagedisplayname} | 
"{ECC9DD38-9F19-4C04-B343-CCBAA2118400}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | 
"{EEBBCCBA-2D39-4664-AEE6-75B9664A980D}" = dir=out | name=spotify music | 
"{F2B7F88E-C4F9-4278-9107-82A1D9FCAF84}" = dir=out | name=nvidia control panel | 
"{F51AB8BC-847B-4A6D-A283-F8BEEBAB084B}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | 
"{F55C34E8-4702-432A-86FD-2F81DFE080A0}" = dir=in | name=disney+ | 
"{F8F0D269-C898-4842-A1CB-3B95FD602EDC}" = protocol=17 | dir=in | app=c:\program files (x86)\overwolf\0.184.0.35\overwolfbrowser.exe | 
"{FBC93A05-C97B-4EF2-B244-5884B517ECEE}" = dir=out | app=c:\program files\daemon tools lite\discsoftbusservicelite.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0093C20C-273D-4397-B623-515CB8616CB9}" = Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.22.27821
"{06D713D6-9845-436D-B857-5BF2596B4554}" = Intel(R) Chipset Device Software
"{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components
"{29B15818-E79F-4AB0-8938-9410C807AD76}" = Microsoft Update Health Tools
"{6E2C7A8E-B17A-4637-9CE9-F0B1157CF378}" = Microsoft Visual C++ 2019 X64 Additional Runtime - 14.22.27821
"{7F696527-F804-4A45-854D-8A6AA9B8A6F3}" = Intel(R) Management Engine Components
"{83CD9ADB-99FB-4891-B5FE-E15C61EC49C4}" = Intel(R) Management Engine Components
"{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}" = Intel(R) Serial IO
"{A5530342-3F3E-4C02-9ECA-20DC35944BFD}" = Intel(R) Serial IO
"{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}" = Windows PC Health Check
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 496.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 3.23.0.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 38.0.8.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.21.0713
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 38.0.8.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk" = NVIDIA FrameView SDK 1.1.4923.29968894
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = NVIDIA SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GpxCommon.Oss" = GPX Common OSS (POCO, OpenSSL) and libprotobuf binaries
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.38.92
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvAbHub" = NVIDIA ABHub
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend" = NVIDIA Backend
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer" = NVIDIA Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper" = NVIDIA TelemetryApi helper for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem" = NVIDIA LocalSystem Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus" = NVIDIA Message Bus for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor" = NVAPI Monitor plugin for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ServiceUser" = NVIDIA NetworkService Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session" = NVIDIA Session Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User" = NVIDIA User Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver" = NvModuleTracker
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs" = NVIDIA NodeJS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog" = NVIDIA Watchdog Plugin for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry" = NVIDIA Telemetry Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvVHCI" = NVIDIA Virtual Host Controller
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC" = Nvidia Share
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 3.23.0.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = NVIDIA SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 4.13.0.0
"{B79C1034-3537-496B-8B38-D7904E89D236}" = Intel(R) Management Engine Driver
"{BD4A7638-B2A8-4EB6-BD09-1AFB09A08F22}" = Dynamic Application Loader Host Interface Service
"{DECE4F3D-08CD-4114-A595-B3EB61891E64}" = GameFirst VI
"{E5ABFC9E-69D6-4179-9FC3-86A2F0B56AF8}" = Intel(R) LMS
"CPUID ROG CPU-Z_is1" = CPUID ROG CPU-Z 1.94
"DAEMON Tools Lite" = DAEMON Tools Lite
"WinRAR archiver" = WinRAR 5.91 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A46A65D-89AC-464C-8026-3CD44960BD04}" = Realtek USB Audio
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1E6FC929-567E-4D22-9206-C5B83F0A21B9}" = Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821
"{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1" = Driver  Talent
"{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}" = Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821
"{5bfc1380-fd35-4b85-9715-7351535d077e}" = Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6361b579-2795-4886-b2a8-53d5239b6452}" = Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{99926fb7-5da9-4101-b79f-eec3674ca64b}" = Intel(R) Chipset Device Software
"{CD36E28B-6023-469A-91E7-049A2874EC13}" = AI Suite 3
"{f14a2334-0511-4225-9f2a-2d55fb683e6c}" = Path of Exile
"GameFirst VI 6.1.14.2" = GameFirst VI
"Google Chrome" = Google Chrome
"Microsoft Edge" = Microsoft Edge
"Microsoft Edge Update" = Microsoft Edge Update
"NGC" = Norton Security
"Overwolf" = Overwolf
"RamCache III" = RamCache III
"Steam" = Steam
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2682989856-1497868599-2340528856-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Overwolf_ldmmalmbjlcemihhmfljjlomgnglefflkggmmloh" = GameFirst VI
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/23/2021 12:34:15 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x800704CF
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error - 11/23/2021 1:36:59 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 10.0.19041.610 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Security and Maintenance control panel.    Process
 ID: 18ec    Start Time: 01d7e0909a3d0ff8    Termination Time: 0    Application Path: C:\Windows\explorer.exe

Report
 Id: 016e13cd-df41-4c10-98ca-d25902838998    Faulting package full name: ?    Faulting package-relative
 application ID: ?    Hang type: Unknown  
 
Error - 11/23/2021 2:09:24 PM | Computer Name = DESKTOP-UHM6OA6 | Source = ESENT | ID = 474
Description = taskhostw (7224,D,22) WebCacheLocal: The database page read from the
 file "C:\Users\cricket\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
 at offset 1966080 (0x00000000001e0000) (database page 59 (0x3B)) for 32768 (0x00008000)
 bytes failed verification due to a page checksum mismatch.  The stored checksum
 was [fa4705b86ff72feb:000000000000003b:000000000000003b:03fb03fb0130003f] and the
 computed checksum was [fa4705b86ff72feb:000000000000003b:000000000000003b:0393fc6c018c003f].
  The read operation will fail with error -1018 (0xfffffc06).  If this condition
 persists then please restore the database from a previous backup.  This problem
 is likely due to faulty hardware. Please contact your hardware vendor for further
 assistance diagnosing the problem.
 
Error - 11/25/2021 1:06:52 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Hang | ID = 1002
Description = The program identity_helper.exe version 96.0.1054.34 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Security and Maintenance control panel.    Process
 ID: d18    Start Time: 01d7e21ec4daefcd    Termination Time: 4294967295    Application Path:
 C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\identity_helper.exe

Report
 Id: 09a8a28f-874c-40d6-94e5-89f54343976c    Faulting package full name: Microsoft.MicrosoftEdge.Stable_96.0.1054.29_neutral__8wekyb3d8bbwe

Faulting
 package-relative application ID: App    Hang type: Quiesce  
 
Error - 11/28/2021 8:59:37 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Error | ID = 1000
Description = Faulting application name: SearchApp.exe, version: 10.0.19041.1320,
 time stamp: 0xbdfaf044  Faulting module name: KERNELBASE.dll, version: 10.0.19041.1348,
 time stamp: 0x76fcd692  Exception code: 0xc000027b  Fault offset: 0x000000000010b302
Faulting
 process id: 0x2838  Faulting application start time: 0x01d7e41eae370099  Faulting application
 path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting
 module path: C:\Windows\System32\KERNELBASE.dll  Report Id: 297a7431-6e6f-49e1-b3c9-0ab793b15e07
Faulting
 package full name: Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy
Faulting
 package-relative application ID: ShellFeedsUI
 
Error - 11/28/2021 10:04:56 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-PerfNet | ID = 2004
Description = Unable to open the Server service performance object. The first four
 bytes (DWORD) of the Data section contains the status code.
 
Error - 11/28/2021 12:28:59 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-PerfNet | ID = 2004
Description = Unable to open the Server service performance object. The first four
 bytes (DWORD) of the Data section contains the status code.
 
Error - 11/28/2021 4:06:26 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Error | ID = 1000
Description = Faulting application name: UnrealTournament.exe, version: 0.0.0.0,
 time stamp: 0x39f657b0  Faulting module name: ntdll.dll, version: 10.0.19041.1288,
 time stamp: 0x027db076  Exception code: 0xc0000005  Fault offset: 0x00044073  Faulting
 process id: 0x1368  Faulting application start time: 0x01d7e48c2a005c45  Faulting application
 path: C:\UnrealTournament\System\UnrealTournament.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 956cc1cc-01cf-4eed-b291-fe014c4e93aa  Faulting package full name: ?  Faulting package-relative
 application ID: ?
 
Error - 12/2/2021 1:32:00 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Hang | ID = 1002
Description = The program identity_helper.exe version 96.0.1054.41 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Security and Maintenance control panel.    Process
 ID: 3520    Start Time: 01d7e73ddb744604    Termination Time: 4294967295    Application Path:
 C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.41\identity_helper.exe

Report
 Id: 11f6d457-291d-4264-a1eb-bd284b939911    Faulting package full name: Microsoft.MicrosoftEdge.Stable_96.0.1054.34_neutral__8wekyb3d8bbwe

Faulting
 package-relative application ID: App    Hang type: Quiesce  
 
Error - 12/2/2021 6:01:04 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Application Error | ID = 1000
Description = Faulting application name: UnrealTournament.exe, version: 0.0.0.0,
 time stamp: 0x39f657b0  Faulting module name: nvoglv32.dll, version: 30.0.14.9613,
 time stamp: 0x615df42b  Exception code: 0xc0000005  Fault offset: 0x00106e73  Faulting
 process id: 0x1094  Faulting application start time: 0x01d7e75488f822e6  Faulting application
 path: C:\UnrealTournament\System\UnrealTournament.exe  Faulting module path: C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5292bbfbf575e2d2\nvoglv32.dll
Report
 Id: 6d092fac-2fcf-4139-a908-e392af299dce  Faulting package full name: ?  Faulting package-relative
 application ID: ?
 
[ Parameters Events ]
OTL encountered an error while reading this event log. It may be corrupt.
[ State Events ]
OTL encountered an error while reading this event log. It may be corrupt.
Error - 11/30/2021 5:23:52 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\system32\IntelIHVRouter08.dll

 
Error - 11/30/2021 12:21:00 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\system32\IntelIHVRouter08.dll

 
Error - 11/30/2021 12:21:01 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\system32\IntelIHVRouter08.dll

 
Error - 11/30/2021 12:21:36 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\system32\IntelIHVRouter08.dll

 
Error - 11/30/2021 2:31:21 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-Ntfs | ID = 98
Description = 
 
Error - 11/30/2021 2:43:14 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.
 
Error - 11/30/2021 2:43:14 PM | Computer Name = DESKTOP-UHM6OA6 | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053
 
Error - 12/1/2021 1:07:14 AM | Computer Name = DESKTOP-UHM6OA6 | Source = Microsoft-Windows-Kernel-Boot | ID = 29
Description = 
 
Error - 12/1/2021 1:08:28 AM | Computer Name = DESKTOP-UHM6OA6 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:51:36 PM on ?11/?30/?2021 was unexpected.
 
Error - 12/2/2021 6:06:00 AM | Computer Name = DESKTOP-UHM6OA6 | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
 

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

this log was created using process explorer.  Thank you so much for all of your help. You have not commented so not sure what you would like me to scan to get rid of this virus.  It is finding a virus called MyDoom.B  and after cleaning it finds it again. Please advise. 

Link to post
Share on other sites

  • Root Admin

Please do not run unrequested scans or install other software at this time unless requested.

Let me have you run the following please.

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

Thank you

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.