www.bleepingcomputer.com
Open in
urlscan Pro
104.20.60.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/765204/downloaded-and-ran-a-exe-file-and-got-a-virus/#entry5295649
Effective URL: https://www.bleepingcomputer.com/forums/t/765204/downloaded-and-ran-a-exe-file-and-got-a-virus/
Submission: On December 15 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/765204/downloaded-and-ran-a-exe-file-and-got-a-virus/
Submission: On December 15 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:765204" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="765204">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/765204/downloaded-and-ran-a-exe-file-and-got-a-virus/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
* Sign In
* Create Account
Search Advanced This topic
* Search section:
* This topic
* Forums
* Members
* Help Files
* Calendar
*
* View New Content
* Forum Rules
* BleepingComputer.com
* Forums
* Members
* Tutorials
* Startup List
* Virus Removal
* Downloads
* Uninstall List
* Welcome Guide
* More
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please
re-enable javascript to access full functionality.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come
together to discuss and learn how to use their computers. Using the site is easy
and fun. As a guest, you can browse and view the various discussions in the
forums, but can not create a new topic or reply to an existing one unless you
are logged in. Other benefits of registering an account are subscribing to
topics and forums, creating a blog, and having no ads shown anywhere on the
site.
Click here to Register a free account now! or read our Welcome Guide to learn
how to use this site.
Latest News: Telecom operators targeted in recent espionage hacking campaign
Featured Deal: Want to learn how to program? This deal helps you get started
DOWNLOADED AND RAN A .EXE FILE AND GOT A VIRUS.
Started by RPGTurtle53 , Dec 12 2021 01:13 PM
* Page 1 of 2
* 1
* 2
* Next
* This topic is locked
18 replies to this topic
#1 RPGTURTLE53
RPGTurtle53
*
* Members
* 10 posts
* OFFLINE
Posted 12 December 2021 - 01:13 PM
I was trying to download airserver with an activation key and got a virus when I
ran the file.
Windows started popping the virus and threat protection prompt a bunch of times
and a pop up saying that the application cant run was displayed a bunch of
times.
After a while my pc was getting slow and some cmd pages started to appear, didnt
have time to read because I was scared and I shut down my pc.
Can I use Kaspersky to solve this?
Any tips please
Edited by hamluis, 12 December 2021 - 01:46 PM.
Moved from W10 to Malware Forum - Hamluis.
* Back to top
--------------------------------------------------------------------------------
BC ADBOT (LOGIN TO REMOVE)
*
* BleepingComputer.com
*
* Register to remove ads
PLAY Top Articles Video Settings Full Screen About Connatix V142603 Read More
Read More Read More Read More Read More Read More Telecom operators targeted in
recent espionagehacking campaign 1/1 Skip Ad Continue watching after the ad
Visit Advertiser website GO TO PAGE
--------------------------------------------------------------------------------
#2 HAMLUIS
hamluis
Moderator
*
* Moderator
* 62,230 posts
* OFFLINE
* Gender:Male
* Location:Killeen, TX
* Local time:06:33 AM
Posted 12 December 2021 - 01:47 PM
Please provide the FRST data requested for malware issues. See link to BC
Malware Forum in my signature.
Louis
BC Malware Forum
BC Crashes/BSODs Forum
Forum Rules
BC Tutorials
Even if you are perfect...your computer and your data are NOT. Use a 3d-party
backup program.
* Back to top
--------------------------------------------------------------------------------
#3 RPGTURTLE53
RPGTurtle53
* Topic Starter
*
* Members
* 10 posts
* OFFLINE
Posted 12 December 2021 - 02:02 PM
hamluis, on 12 Dec 2021 - 6:47 PM, said:
> Please provide the FRST data requested for malware issues. See link to BC
> Malware Forum in my signature.
>
> Louis
Hi Louis, I am really scared to boot up my pc, can a virus steal information or
what can it do, I can format my disk if this is an easy option or can I install
FRST in windows safe mode?
* Back to top
--------------------------------------------------------------------------------
#4 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 14,636 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:33 AM
Posted 12 December 2021 - 04:28 PM
Hi. Welcome.
You can download FRST on another computer, save it in a USB drive, and run it
from there in the affected computer. You can also use Safe Mode with Networking.
In any event, you will need to boot the computer to run the application.
No request for help throughout private messaging will be attended.
If I have helped you, consider making a donation to help me continue the fight
against Malware!
* Back to top
--------------------------------------------------------------------------------
#5 RPGTURTLE53
RPGTurtle53
* Topic Starter
*
* Members
* 10 posts
* OFFLINE
Posted 13 December 2021 - 09:13 AM
JSntgRvr, on 12 Dec 2021 - 9:28 PM, said:
> Hi. Welcome.
>
> You can download FRST on another computer, save it in a USB drive, and run it
> from there in the affected computer. You can also use Safe Mode with
> Networking. In any event, you will need to boot the computer to run the
> application.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021
Ran by rpgtu (administrator) on DESKTOP-H5DFB75 (13-12-2021 16:04:35)
Running from F:\
Loaded Profiles: rpgtu
Platform: Microsoft Windows 10 Pro Version 20H2 19042.1348 (X64) Language:
English (United States)
Default browser: Opera
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe <15>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [PentabletService] => D:\DOWNLOADS\Pentablet\PentabletService.exe
[2242328 2020-07-20] (Guangzhou Ugee Computers Technology Co.,Ltd -> Ugee
Technology Company Ltd)
HKLM\...\Run: [RegHost] => C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost.exe
[3286528 2021-12-12] () [File not signed]
HKLM-x32\...\Run: [Discord] =>
C:\ProgramData\SquirrelMachineInstalls\Discord.exe [68822328 2021-03-21]
(Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe
Creative Cloud Experience\CCXProcess.exe [114824 2021-11-22] (Adobe Inc. -> )
HKLM-x32\...\Run: [VM_STI] => C:\Windows\VM_STI.exe [40960 2004-06-09]
(Microsoft Windows Hardware Compatibility Publisher -> BIGDOG)
HKLM-x32\...\Run: [BigDogPath] => C:\Windows\VM_STI.exe [40960 2004-06-09]
(Microsoft Windows Hardware Compatibility Publisher -> BIGDOG)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [Steam] =>
C:\Program Files (x86)\Steam\steam.exe [4267432 2021-11-23] (Valve Corp. ->
Valve Corporation)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [Discord] =>
C:\Users\rpgtu\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord
Inc. -> GitHub)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run:
[com.squirrel.Teams.Teams] =>
C:\Users\rpgtu\AppData\Local\Microsoft\Teams\Update.exe [2459280 2021-11-22]
(Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [EpicGamesLauncher]
=> D:\EPIC GAMES\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
[33616864 2021-12-10] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [Opera GX Browser
Assistant] => C:\Users\rpgtu\AppData\Local\Programs\Opera
GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS ->
Opera Software)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [CCXProcess] =>
C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
[114824 2021-11-22] (Adobe Inc. -> )
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [FACEIT] =>
C:\Users\rpgtu\AppData\Local\FACEIT\update.exe [2277496 2021-09-26] (FACE IT
LIMITED -> )
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [Synapse3] =>
C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer
Synapse 3.exe [3524216 2021-11-18] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [LGHUB] =>
C:\Program Files\LGHUB\lghub.exe [136443968 2021-11-21] (Logitech Inc ->
Logitech, Inc.)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [REFLECTOR4] => [X]
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [RegHost] =>
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost.exe [3286528 2021-12-12] ()
[File not signed]
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\MountPoints2:
{3d388ba2-8d9d-11eb-ba76-7085c2480fe3} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4059296222-1974293382-1207419619-1002\...\RunOnce: [OneDrive] =>
C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2367352 2021-11-20]
(Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files
(x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
[3524216 2021-11-18] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program
Files\Google\Chrome\Application\96.0.4664.93\Installer\chrmstp.exe [2021-12-07]
(Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Startup\TrayMin210.exe.lnk [2021-12-01]
ShortcutTarget: TrayMin210.exe.lnk -> C:\Program Files (x86)\Philips\Philips
SPC210NC Webcam\TrayMin210.exe () [File not signed]
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {022FCFA2-2031-49F6-987D-6952EF6F8C2C} - System32\Tasks\Firefox Default
Browser Agent 526B46154BA35D37 => C:\Users\rpgtu\AppData\Roaming\biursvf [186368
2021-06-13] () [File not signed] <==== ATTENTION
Task: {02B4A0BC-8C2D-4712-B008-0C84FF71A61D} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-28] (Google LLC -> Google
LLC)
Task: {05F591B4-B101-4CCF-9876-17CDE982A9C1} - System32\Tasks\Opera GX scheduled
assistant Autoupdate 1616665334 => C:\Users\rpgtu\AppData\Local\Programs\Opera
GX\launcher.exe [2201808 2021-11-24] (Opera Software AS -> Opera Software) ->
--scheduledautoupdate --component-name=assistant
--component-path="C:\Users\rpgtu\AppData\Local\Programs\Opera GX\assistant"
$(Arg0)
Task: {0EA92CB3-2C29-4B4A-9757-B55427CE67B2} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program
Files (x86)\Microsoft Office\root\Office16\msoia.exe [6331288 2021-12-10]
(Microsoft Corporation -> Microsoft Corporation)
Task: {0ED1FBF5-4444-47B6-9D65-B62C94CAA093} - System32\Tasks\Opera GX scheduled
Autoupdate 1616357225 => C:\Users\rpgtu\AppData\Local\Programs\Opera
GX\launcher.exe [2201808 2021-11-24] (Opera Software AS -> Opera Software)
Task: {12E6B340-0D72-4579-ACE2-87E2C90F80EA} -
System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
=> C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024
2021-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program
Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f
C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {14A59B09-A0CE-4D1C-98EC-0DAF4BAF34A6} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe
[901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {407653D8-3F34-417C-8920-48112C6B405B} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
=> C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe
[901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {54E54314-B9AF-447C-9652-70C748D97E73} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program
Files (x86)\Microsoft Office\root\Office16\msoia.exe [6331288 2021-12-10]
(Microsoft Corporation -> Microsoft Corporation)
Task: {568D0281-E9F6-4131-AC43-8E0ED0269A95} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled
Scan => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {5DE0384D-9A36-45B3-B62D-7C25EEFFB8C8} -
System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files
(x86)\Microsoft Office\root\Office16\sdxhelper.exe [111032 2021-12-10]
(Microsoft Corporation -> Microsoft Corporation)
Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} - System32\Tasks\bLowiBoQzbLXENDkOt
=>
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
[6906368 2021-12-08] () [File not signed] <==== ATTENTION
Task: {69C16BB5-E0DF-417A-94AE-616D29940E02} -
System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {717BFD11-B22A-4D41-9C0C-C50E491EA6AB} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {728F4767-1270-4E16-8F34-5337741FECBF} -
System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files
(x86)\Microsoft Office\root\Office16\sdxhelper.exe [111032 2021-12-10]
(Microsoft Corporation -> Microsoft Corporation)
Task: {7355D59D-693C-4643-A539-AA9E4384B714} -
System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {8F41504E-CC50-4AAF-A3C0-847A5D38233A} -
System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647376
2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9F188369-4F8F-4AF2-B9AA-194EF7FA4083} - System32\Tasks\NVIDIA GeForce
Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program
Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
[3339464 2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A0D2598B-0724-43EB-89DA-31FA0E2DCD6E} -
System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {D2B19E88-C150-405D-B2FD-3301B1884102} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-28] (Google LLC -> Google
LLC)
Task: {D432A13B-7597-402D-8669-D087D9356351} - System32\Tasks\OneDrive
Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft
OneDrive\OneDriveStandaloneUpdater.exe [3060072 2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
Task: {DC1D7D75-73BE-47AB-9C8C-AE81097CEC5C} -
System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22799320
2021-12-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF923587-C895-41E1-BD34-2653372A1187} -
System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {E680B70E-0F17-4443-9249-3F193E5C9894} - System32\Tasks\bxXVHDbGydkxZRRGGJ
=>
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
[6711296 2021-12-12] () [File not signed] <==== ATTENTION
Task: {E92EEC92-F00B-470B-A5DC-889529D5F3A4} -
System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22799320
2021-12-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA88D267-FB94-4E6F-867D-D889FFA1B2DC} -
System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904
2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FFC545F5-025D-48F8-80F5-92352E3BB60E} -
System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904
2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job =>
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
Task: C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job =>
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job =>
C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ed5a3e7-df04-40b6-904b-0df025866331}: [DhcpNameServer]
192.168.0.1
Edge:
=======
Edge Profile: C:\Users\rpgtu\AppData\Local\Microsoft\Edge\User Data\Default
[2021-12-13]
Edge DownloadDir: Default -> D:\DOWNLOADS
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program
Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files
(x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla
Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-18] (Microsoft Corporation ->
Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files
(x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-18] (Microsoft
Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\rpgtu\AppData\Local\Google\Chrome\User Data\Default
[2021-12-12]
CHR Extension: (Slides) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-28]
CHR Extension: (Docs) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-28]
CHR Extension: (Google Drive) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-28]
CHR Extension: (YouTube) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-28]
CHR Extension: (Sheets) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-28]
CHR Extension: (Ronin Wallet) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fnjhmkhhmkbjkkabndcnnogagogbneec [2021-11-26]
CHR Extension: (Google Docs Offline) -
C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-28]
CHR Extension: (One Click Translater) -
C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\hcfdbehehcacbdgcgamehlnhkfokohdc [2021-12-12]
CHR Extension: (Google Translate) -
C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jfhgpjbcoignfibliobpclhpfnadhofn [2021-12-12]
CHR Extension: (MetaMask) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-11-26]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-28]
CHR Extension: (Gmail) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-28]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-4059296222-1974293382-1207419619-1001) Opera
GXStable - "C:\Users\rpgtu\AppData\Local\Programs\Opera GX\Launcher.exe"
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\OfficeClickToRun.exe [12129160 2021-12-02] (Microsoft
Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856
2021-06-25] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EQU8_19; C:\ProgramData\EQU8\Totally Accurate
Battlegrounds\bin\anticheat.x64.equ8.exe [5673048 2021-04-21] (Int3 Software AB
-> Int3 Software AB)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\FileSyncHelper.exe [2448232 2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
S2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [11162688
2021-11-21] (Logitech Inc -> Logitech, Inc.)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\OneDriveUpdaterService.exe [2836840 2021-11-20]
(Microsoft Corporation -> Microsoft Corporation)
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer
Services\GMS\GameManagerService.exe [254224 2021-10-19] (Razer USA Ltd. -> Razer
Inc)
S2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer
Synapse Service.exe [294520 2021-11-18] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; D:\DAVINCI\rockstar\Launcher\RockstarService.exe [2020144
2021-09-14] (Rockstar Games, Inc. -> Rockstar Games)
S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer
Central\RazerCentralService.exe [533824 2021-10-21] (Razer USA Ltd. -> Razer
Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat
Protection\MsSense.exe [6103464 2021-11-10] (Microsoft Windows Publisher ->
Microsoft Corporation)
S2 THXV2HSAService; C:\Windows\System32\THXV2HSAService.exe [264664 2020-11-19]
(Razer USA Ltd. -> THX)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common
Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7374576 2021-09-14] (Wellbia.com
Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe
[2097008 2021-03-25] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 uSHAREitSvc; D:\SHAREiT\SHAREit\SHAREit.Service.exe [33224 2017-09-11]
(SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-03] (Microsoft
Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-03] (Microsoft
Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [7738568 2021-09-19]
(PUBG CORPORATION -> PUBG Corporation)
S2 NVDisplay.ContainerLocalSystem;
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b8346c359fcd6093\Display.NvContainer\NVDisplay.Container.exe
-s NVDisplay.ContainerLocalSystem -f
%ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b8346c359fcd6093\Display.NvContainer\plugins\LocalSystem
-r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976
2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2021-09-13]
(ASROCK Incorporation -> ASRock Incorporation)
S3 AsrDrv102; C:\Windows\SysWOW64\Drivers\AsrDrv102.sys [22248 2021-09-13]
(ASROCK Incorporation -> ASRock Incorporation) [File not signed]
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07]
(Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07]
(Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08]
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 EQU8_HELPER_19; C:\Windows\system32\DRIVERS\EQU8_HELPER_19.sys [38032
2021-04-26] (Int3 Software AB -> )
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200
2021-10-23] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [25928
2021-10-23] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896
2021-10-23] (Logitech Inc -> Logitech)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552
2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA
Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung
Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 sTHXV2VAD; C:\Windows\System32\drivers\THXVAD2.sys [165776 2020-06-09] (Razer
USA Ltd. -> Windows ® Win 7 DDK provider)
R3 vmulti; C:\Windows\System32\drivers\vmulti.sys [10752 2018-12-11] (Microsoft
Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-11-03]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435424 2021-11-03]
(Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-03]
(Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2729456 2021-09-29] (Wellbia.com Co., Ltd.
-> Wellbia.com Co., Ltd.)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [432512 2006-06-06]
(Microsoft Windows Hardware Compatibility Publisher -> VM)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-13 16:02 - 2021-12-13 16:06 - 000000000 ____D C:\FRST
2021-12-13 16:01 - 2021-12-13 16:01 - 000000214 _____
C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-12-13 16:00 - 2021-12-13 16:01 - 000164940 _____ C:\Windows\ntbtlog.txt
2021-12-13 15:59 - 2021-12-13 15:59 - 000000258 __RSH C:\ProgramData\ntuser.pol
2021-12-12 17:29 - 2021-12-13 15:59 - 000000526 _____
C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job
2021-12-12 17:29 - 2021-12-13 15:59 - 000000526 _____
C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job
2021-12-12 17:29 - 2021-12-12 17:29 - 001246160 _____ (Mozilla Foundation)
C:\ProgramData\nss3.dll
2021-12-12 17:29 - 2021-12-12 17:29 - 000334288 _____ (Mozilla Foundation)
C:\ProgramData\freebl3.dll
2021-12-12 17:29 - 2021-12-12 17:29 - 000144848 _____ (Mozilla Foundation)
C:\ProgramData\softokn3.dll
2021-12-12 17:29 - 2021-12-12 17:29 - 000137168 _____ (Mozilla Foundation)
C:\ProgramData\mozglue.dll
2021-12-12 17:29 - 2021-12-12 17:29 - 000003728 _____
C:\Windows\system32\Tasks\Firefox Default Browser Agent 526B46154BA35D37
2021-12-12 17:29 - 2021-12-12 17:29 - 000003070 _____
C:\Windows\system32\Tasks\bxXVHDbGydkxZRRGGJ
2021-12-12 17:29 - 2021-12-12 17:29 - 000003070 _____
C:\Windows\system32\Tasks\bLowiBoQzbLXENDkOt
2021-12-12 17:29 - 2021-12-12 17:29 - 000001842 _____
C:\Users\rpgtu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightening
Media Player.lnk
2021-12-12 17:29 - 2021-12-12 17:29 - 000000902 _____
C:\Users\rpgtu\Desktop\Lightening Media Player.lnk
2021-12-12 17:29 - 2021-12-12 17:29 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\AW Manager
2021-12-12 17:29 - 2021-12-12 17:29 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\AdvinstAnalytics
2021-12-12 17:29 - 2021-12-12 17:29 - 000000000 ____D
C:\ProgramData\T1BQ76UIJMRFN8ZVI95WLL3LM
2021-12-12 17:29 - 2021-12-12 17:29 - 000000000 ____D C:\Program Files
(x86)\lighteningplayer
2021-12-12 17:28 - 2021-12-12 17:28 - 003204608 _____
C:\Users\rpgtu\AppData\Roaming\safas2f.exe
2021-12-12 17:28 - 2021-12-12 17:28 - 000948616 _____ (EuLSUkAfN)
C:\Users\rpgtu\AppData\Roaming\whw.exe
2021-12-12 17:28 - 2021-12-12 17:28 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\Yandex
2021-12-12 16:55 - 2021-12-12 16:55 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\Squirrels
2021-12-12 16:55 - 2021-12-12 16:55 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\Reflector 4
2021-12-12 16:55 - 2021-12-12 16:55 - 000000000 ____D C:\ProgramData\Reflector4
2021-12-12 16:53 - 2021-12-12 16:55 - 000000000 ____D C:\ProgramData\Reflector 4
2021-12-12 16:53 - 2021-12-12 16:53 - 000001975 _____
C:\Users\Public\Desktop\Reflector 4.lnk
2021-12-12 16:53 - 2021-12-12 16:53 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reflector 4
2021-12-12 16:53 - 2021-12-12 16:53 - 000000000 ____D C:\Program Files\Reflector
4
2021-12-12 16:27 - 2021-12-12 16:27 - 000000000 ____D C:\Program Files
(x86)\FarLabUninstaller
2021-12-10 18:51 - 2021-12-10 18:51 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Streamlabs Desktop
2021-12-04 10:37 - 2021-12-04 10:37 - 000000000 ____D C:\Users\rpgtu\Creative
Cloud Files
2021-12-01 15:24 - 2021-12-12 17:11 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\slobs-client
2021-12-01 15:24 - 2021-12-01 15:24 - 000001021 _____
C:\Users\Public\Desktop\Streamlabs OBS.lnk
2021-12-01 15:24 - 2021-12-01 15:24 - 000001021 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs OBS.lnk
2021-12-01 15:24 - 2021-12-01 15:24 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Streamlabs OBS
2021-12-01 15:24 - 2021-12-01 15:24 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\slobs-plugins
2021-12-01 15:24 - 2021-12-01 15:24 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\obs-studio-node-server
2021-12-01 15:24 - 2021-12-01 15:24 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\slobs-client-updater
2021-12-01 15:24 - 2021-12-01 15:24 - 000000000 ____D
C:\ProgramData\obs-studio-hook
2021-12-01 13:01 - 2021-12-01 13:14 - 000921624 _____ C:\Windows\00000000.STI
2021-12-01 12:56 - 2021-12-01 12:56 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips SPC210NC Webcam
2021-12-01 12:43 - 2021-12-01 12:56 - 000000000 ___HD C:\Program Files
(x86)\InstallShield Installation Information
2021-12-01 12:43 - 2021-12-01 12:56 - 000000000 ____D C:\Program Files
(x86)\Philips
2021-12-01 12:43 - 2021-12-01 12:43 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips
2021-12-01 12:43 - 2006-08-01 10:40 - 000262254 _____ (Vimicro)
C:\Windows\SysWOW64\VM31bPrp.Ax
2021-12-01 12:43 - 2006-06-06 13:45 - 000432512 _____ (VM)
C:\Windows\system32\Drivers\usbVM31b.sys
2021-12-01 12:43 - 2004-06-09 15:37 - 000040960 _____ (BIGDOG)
C:\Windows\VM_STI.EXE
2021-12-01 12:43 - 2003-05-15 17:17 - 000061440 _____ (VM)
C:\Windows\system32\VM31bSTI.dll
2021-12-01 12:43 - 2002-08-22 16:34 - 000147456 _____ (VM) C:\Windows\VMCap.exe
2021-11-30 22:01 - 2021-11-30 22:13 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Stellarium
2021-11-30 22:01 - 2021-11-30 22:01 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\stellarium
2021-11-30 22:00 - 2021-11-30 22:00 - 000000900 _____
C:\Users\rpgtu\Desktop\Stellarium (ANGLE mode).lnk
2021-11-30 22:00 - 2021-11-30 22:00 - 000000874 _____
C:\Users\rpgtu\Desktop\Stellarium.lnk
2021-11-30 22:00 - 2021-11-30 22:00 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2021-11-30 09:24 - 2021-11-30 09:24 - 000000000 ____D C:\Windows\LastGood
2021-11-26 14:53 - 2021-11-26 14:53 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\blender-benchmark-launcher
2021-11-26 14:34 - 2021-11-26 14:35 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\blender-benchmark-launcher
2021-11-26 14:30 - 2021-11-26 14:30 - 000000000 ____D C:\Users\rpgtu\.thumbnails
2021-11-24 09:09 - 2021-11-24 09:09 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\CrashRpt
2021-11-24 07:48 - 2021-11-24 07:49 - 000000000 ____D
C:\Users\rpgtu\Documents\Avalanche Studios
2021-11-24 07:48 - 2021-11-24 07:48 - 000000222 _____
C:\Users\rpgtu\Desktop\theHunter Call of the Wild™.url
2021-11-22 12:28 - 2021-11-22 12:28 - 000001268 _____
C:\Users\rpgtu\Desktop\Photoshop - Shortcut.lnk
2021-11-22 10:23 - 2021-11-22 10:23 - 000000000 ____D
C:\Users\rpgtu\AppData\LocalLow\Adobe
2021-11-22 09:31 - 2021-11-22 09:31 - 000000817 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk
2021-11-22 08:02 - 2021-11-22 08:02 - 000000650 _____
C:\Users\Public\Desktop\Logitech G HUB.lnk
2021-11-22 08:02 - 2021-11-22 08:02 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-11-22 08:02 - 2021-11-22 08:02 - 000000000 ____D C:\Program Files\LGHUB
2021-11-18 23:04 - 2021-11-20 13:08 - 000003206 _____
C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-11-18 23:04 - 2021-11-18 23:04 - 000000000 ___RD C:\Users\Default\OneDrive
2021-11-18 23:04 - 2021-11-18 23:04 - 000000000 ___RD C:\Users\amali\OneDrive
2021-11-18 23:03 - 2021-11-20 13:08 - 000002194 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-17 21:52 - 2021-11-29 21:23 - 000000000 ____D C:\Program Files
(x86)\Microsoft OneDrive
2021-11-17 21:52 - 2021-11-18 23:04 - 000000000 ___RD C:\Users\rpgtu\OneDrive
2021-11-17 21:52 - 2021-11-17 21:52 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Skype
2021-11-17 21:50 - 2021-11-18 23:03 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-11-17 21:50 - 2021-11-17 21:50 - 000002554 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002523 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002518 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002513 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002512 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002505 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002476 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002475 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002469 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002463 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002455 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-11-17 21:46 - 2021-12-10 14:35 - 000000000 ____D C:\Program Files
(x86)\Microsoft Office
2021-11-17 21:46 - 2021-11-17 21:46 - 000000000 ____D C:\Program Files\Microsoft
Office 15
2021-11-14 14:58 - 2021-11-14 14:58 - 000000000 ____D C:\Windows\LastGood.Tmp
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-13 16:05 - 2020-11-19 09:54 - 000841126 _____
C:\Windows\system32\PerfStringBackup.INI
2021-12-13 16:05 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-12-13 16:00 - 2021-10-28 10:50 - 000000000 ____D C:\Program Files
(x86)\Google
2021-12-13 16:00 - 2021-03-22 06:31 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-13 16:00 - 2021-03-21 22:24 - 000000000 ____D C:\ProgramData\NVIDIA
2021-12-13 16:00 - 2019-12-07 11:14 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2021-12-13 16:00 - 2019-12-07 11:03 - 000786432 _____
C:\Windows\system32\config\BBI
2021-12-13 15:59 - 2021-03-22 13:33 - 000000000 __SHD
C:\Users\rpgtu\IntelGraphicsProfiles
2021-12-13 15:59 - 2021-03-21 21:37 - 000000000 ____D C:\Intel
2021-12-13 15:59 - 2020-11-19 09:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-12-13 15:59 - 2020-11-19 09:43 - 000000000 ____D
C:\Windows\system32\SleepStudy
2021-12-13 15:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2021-12-12 17:29 - 2021-10-23 08:15 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\LGHUB
2021-12-12 17:29 - 2021-03-22 10:08 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\CrashDumps
2021-12-12 17:29 - 2021-03-21 22:15 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\discord
2021-12-12 17:28 - 2021-05-22 18:31 - 000000000 ____D C:\Program Files\Epic
Games
2021-12-12 17:28 - 2021-03-23 09:14 - 000000000 ____D C:\Program Files\Microsoft
Update Health Tools
2021-12-12 17:28 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files
(x86)\Windows Photo Viewer
2021-12-12 17:28 - 2019-12-07 11:14 - 000000000 ____D
C:\Windows\system32\GroupPolicy
2021-12-12 17:26 - 2021-03-21 22:15 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\Discord
2021-12-12 16:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-12-12 16:22 - 2021-03-21 21:45 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\PlaceholderTileLogoFolder
2021-12-12 16:22 - 2021-03-21 21:41 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\Packages
2021-12-12 16:21 - 2019-12-07 11:14 - 000000000 ___HD C:\Program
Files\WindowsApps
2021-12-12 16:13 - 2021-10-23 08:15 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\LGHUB
2021-12-12 16:07 - 2021-03-21 23:13 - 000004168 _____
C:\Windows\system32\Tasks\User_Feed_Synchronization-{0553BF3D-5D66-459C-BC0F-81CF0A4ECF57}
2021-12-12 09:53 - 2020-11-19 09:46 - 000002458 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-10 22:48 - 2021-03-21 21:39 - 000000000 ____D C:\Users\rpgtu
2021-12-10 14:30 - 2020-11-19 09:46 - 000003480 _____
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-10 14:30 - 2020-11-19 09:46 - 000003356 _____
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-12-07 14:05 - 2021-10-28 10:51 - 000002267 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-07 14:05 - 2021-10-28 10:51 - 000002226 _____
C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-04 09:33 - 2021-10-13 16:18 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2021-12-03 22:06 - 2021-03-21 22:14 - 000000000 ____D C:\Program Files
(x86)\Steam
2021-12-01 13:09 - 2021-03-21 22:24 - 000004308 _____
C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003976 _____
C:\Windows\system32\Tasks\NVIDIA GeForce Experience
SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003940 _____
C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003894 _____
C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003654 _____
C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000001467 _____
C:\Users\Public\Desktop\GeForce Experience.lnk
2021-12-01 13:09 - 2021-03-21 22:24 - 000000000 ____D C:\Program Files
(x86)\NVIDIA Corporation
2021-12-01 13:09 - 2021-03-21 21:41 - 000000000 ____D C:\ProgramData\NVIDIA
Corporation
2021-12-01 13:09 - 2021-03-21 21:41 - 000000000 ____D C:\Program Files\NVIDIA
Corporation
2021-11-30 19:35 - 2021-03-21 21:54 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\D3DSCache
2021-11-30 09:24 - 2021-10-13 16:11 - 000000000 ____D C:\Program Files
(x86)\Razer
2021-11-29 15:54 - 2021-11-08 16:44 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\HandBrake
2021-11-29 12:54 - 2021-03-21 22:07 - 000004218 _____
C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1616357225
2021-11-29 12:54 - 2021-03-21 22:07 - 000001458 _____
C:\Users\rpgtu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX
Browser.lnk
2021-11-26 14:32 - 2021-03-21 23:24 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-11-23 17:01 - 2021-10-23 08:13 - 000000000 ____D C:\ProgramData\LGHUB
2021-11-23 09:27 - 2021-03-21 22:24 - 002849992 _____ (NVIDIA Corporation)
C:\Windows\system32\nvspcap64.dll
2021-11-23 09:27 - 2021-03-21 22:24 - 002195656 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvspcap.dll
2021-11-23 09:27 - 2021-03-21 22:24 - 001294032 _____ (NVIDIA Corporation)
C:\Windows\system32\NvRtmpStreamer64.dll
2021-11-22 17:19 - 2021-03-21 22:36 - 000002388 _____
C:\Users\rpgtu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft
Teams.lnk
2021-11-22 17:19 - 2021-03-21 22:36 - 000002380 _____
C:\Users\rpgtu\Desktop\Microsoft Teams.lnk
2021-11-22 14:19 - 2021-05-17 22:10 - 000000435 _____
C:\Users\rpgtu\Desktop\DOGE.txt
2021-11-22 09:32 - 2021-03-22 07:54 - 000000000 ____D
C:\Users\rpgtu\Documents\Adobe
2021-11-22 09:32 - 2021-03-21 21:41 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Adobe
2021-11-22 09:31 - 2021-05-27 21:51 - 000000000 ____D C:\Program Files\Adobe
2021-11-22 09:31 - 2021-05-27 21:49 - 000000000 ____D C:\Program Files\Common
Files\Adobe
2021-11-22 09:31 - 2021-05-27 21:49 - 000000000 ____D C:\Program Files
(x86)\Adobe
2021-11-22 09:28 - 2021-03-22 13:33 - 000000000 ____D
C:\Users\amali\AppData\Roaming\Adobe
2021-11-22 09:28 - 2021-03-21 22:58 - 000000000 ____D C:\ProgramData\Adobe
2021-11-20 15:21 - 2020-11-19 09:48 - 000000000 ____D C:\ProgramData\Packages
2021-11-19 16:55 - 2020-11-19 09:43 - 000439016 _____
C:\Windows\system32\FNTCACHE.DAT
2021-11-18 23:04 - 2021-03-22 13:32 - 000000000 ____D C:\Users\amali
2021-11-18 14:49 - 2019-12-07 11:14 - 000000000 ____D
C:\Windows\LiveKernelReports
2021-11-17 22:59 - 2021-03-21 23:47 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\uTorrent
2021-11-17 22:58 - 2021-03-21 23:47 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\BitTorrentHelper
2021-11-17 21:55 - 2020-11-19 09:48 - 000000000 __RHD
C:\Users\Public\AccountPictures
2021-11-17 21:46 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common
Files\microsoft shared
2021-11-16 20:36 - 2021-03-21 22:24 - 000001951 _____
C:\Windows\NvContainerRecovery.bat
==================== Files in the root of some directories ========
2021-12-12 17:29 - 2021-12-12 17:29 - 000334288 _____ (Mozilla Foundation)
C:\ProgramData\freebl3.dll
2021-12-12 17:29 - 2021-12-12 17:29 - 000137168 _____ (Mozilla Foundation)
C:\ProgramData\mozglue.dll
2021-12-12 17:29 - 2021-12-12 17:29 - 000440120 _____ (Microsoft Corporation)
C:\ProgramData\msvcp140.dll
2021-12-12 17:29 - 2021-12-12 17:29 - 001246160 _____ (Mozilla Foundation)
C:\ProgramData\nss3.dll
2021-12-12 17:29 - 2021-12-12 17:29 - 000144848 _____ (Mozilla Foundation)
C:\ProgramData\softokn3.dll
2021-12-12 17:29 - 2021-12-12 17:29 - 000083784 _____ (Microsoft Corporation)
C:\ProgramData\vcruntime140.dll
2021-06-13 18:35 - 2021-06-13 18:35 - 000186368 ___SH ()
C:\Users\rpgtu\AppData\Roaming\biursvf
2021-12-12 17:28 - 2021-12-12 17:28 - 003204608 _____ ()
C:\Users\rpgtu\AppData\Roaming\safas2f.exe
2021-12-12 17:28 - 2021-12-12 17:28 - 000948616 _____ (EuLSUkAfN)
C:\Users\rpgtu\AppData\Roaming\whw.exe
2021-12-12 17:29 - 2021-12-12 17:29 - 001697280 _____ (Igor Pavlov)
C:\Users\rpgtu\AppData\Roaming\Microsoft\7z.dll
2021-12-12 17:29 - 2021-12-12 17:29 - 000534016 _____ (Igor Pavlov)
C:\Users\rpgtu\AppData\Roaming\Microsoft\7z.exe
2021-12-10 18:06 - 2021-12-10 18:06 - 003174400 _____ ()
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegData_Temp.exe
2021-12-12 17:29 - 2021-12-12 17:29 - 003088938 _____ ()
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegData_Temp.zip
2021-12-12 17:29 - 2021-12-12 17:29 - 003286528 _____ ()
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost.exe
2021-12-10 18:02 - 2021-12-10 18:00 - 008290816 _____ ()
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost_Temp.exe
2021-12-12 17:29 - 2021-12-12 17:29 - 008126274 _____ ()
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost_Temp.zip
2021-09-13 12:33 - 2021-10-04 08:10 - 000007601 _____ ()
C:\Users\rpgtu\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by rpgtu (13-12-2021 16:06:38)
Running from F:\
Microsoft Windows 10 Pro Version 20H2 19042.1348 (X64) (2021-03-21 19:33:42)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4059296222-1974293382-1207419619-500 - Administrator -
Disabled)
amali (S-1-5-21-4059296222-1974293382-1207419619-1002 - Limited - Enabled) =>
C:\Users\amali
DefaultAccount (S-1-5-21-4059296222-1974293382-1207419619-503 - Limited -
Disabled)
Guest (S-1-5-21-4059296222-1974293382-1207419619-501 - Limited - Disabled)
rpgtu (S-1-5-21-4059296222-1974293382-1207419619-1001 - Administrator - Enabled)
=> C:\Users\rpgtu
WDAGUtilityAccount (S-1-5-21-4059296222-1974293382-1207419619-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\uTorrent)
(Version: 3.5.5.46096 - BitTorrent Inc.)
4K YouTube to MP3 (HKLM\...\{0142E874-8564-4F97-B268-F072C26120DF}) (Version:
4.1.3.4340 - Open Media LLC) Hidden
4K YouTube to MP3 (HKLM-x32\...\{715659a1-b348-442f-9f03-cc5f72516426})
(Version: 4.1.3.4340 - Open Media LLC)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_10_0) (Version: 10.0 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe
Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0) (Version: 14.0 - Adobe Inc.)
Blackmagic RAW Common Components
(HKLM\...\{FC105F36-D90B-4135-B954-F50CDCFACA3D}) (Version: 2.1 - Blackmagic
Design)
CPUID CPU-Z 1.96 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.96 - CPUID, Inc.)
CPUID HWMonitor 1.44 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.44 - CPUID,
Inc.)
DaVinci Resolve (HKLM\...\{E6C9DAB6-0743-42CD-8647-08D9FC2E1994}) (Version:
17.1.00024 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{6CA5153C-F6DB-4495-AC9A-380DEAF9E3D5})
(Version: 1.5.2.0 - Blackmagic Design)
Discord (HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Discord)
(Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{A2FB1E1A-55D9-4511-A0BF-DEAD0493FBBC})
(Version: 1.2.11.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64)
(HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic
Games, Inc.) Hidden
FarLabUninstaller v1.53.11113 (HKLM-x32\...\FarLabUninstaller.exe_is1) (Version:
1.53.0.13343 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.93 - Google LLC)
HandBrake 1.4.2 (HKLM-x32\...\HandBrake) (Version: 1.4.2 - )
Immutable 0.13.7
(HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\{6ae4b193-3f11-53fc-9cc5-14b1f1a73184})
(Version: 0.13.7 - Immutable)
Launcher Prerequisites (x64)
(HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic
Games, Inc.) Hidden
Lightening Media Player (HKLM-x32\...\lighteningplayer) (Version: - )
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version:
2021.12.4779 - Logitech)
Luminar AI (HKLM\...\{B8E3AD96-BB3D-4505-A04B-DEDD016C193C}) (Version:
1.0.0.7348 - Skylum) Hidden
Luminar AI (HKLM\...\Luminar AI 1.0.0.7348) (Version: 1.0.0.7348 - Skylum)
Mavis Hub 1.3.0
(HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\{cc9e8b63-ffef-5371-bb50-2dfd3e6be1f2})
(Version: 1.3.0 - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.53 - Microsoft
Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail -
en-us) (Version: 16.0.14701.20226 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 -
Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectPro2019Retail - en-us) (Version:
16.0.14701.20226 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Teams)
(Version: 1.4.00.29469 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76})
(Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visio - en-us (HKLM\...\VisioPro2019Retail - en-us) (Version:
16.0.14701.20226 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
(HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
(HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
(HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 -
Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
(HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
(HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
(HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
(HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660
(HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664
(HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
(HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660
(HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
(HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334
(HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914
(HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 -
Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.11 (x64)
(HKLM-x32\...\{59d2a8eb-a667-428d-a393-42df4da226a4}) (Version: 5.0.11.30524 -
Microsoft Corporation)
MSI Afterburner 4.6.4 Beta 3 (HKLM-x32\...\Afterburner) (Version: 4.6.4 Beta 3 -
MSI Co., LTD)
NVIDIA FrameView SDK 1.2.4999.30397803
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version:
1.2.4999.30397803 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.24.0.123
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version:
3.24.0.123 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.96
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version:
471.96 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version:
1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version:
9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component
(HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14701.20226
- Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration
(HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20210 -
Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component
(HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20226 -
Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component
(HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20118
- Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera GX Stable 81.0.4196.61
(HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Opera GX 81.0.4196.61)
(Version: 81.0.4196.61 - Opera Software)
Pentablet version 1.6.4.210111
(HKLM\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 1.6.4.210111 - )
Philips SPC200NC Webcam (HKLM-x32\...\{2A2646FB-7BAC-451B-BF90-4889C4429C5E})
(Version: 1.0.0.0 - )
Philips SPC210NC Webcam (HKLM-x32\...\{38D95956-E92C-4473-904B-CD877EA04410})
(Version: - )
Raven Core (64-bit)
(HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Raven Core (64-bit))
(Version: 4.3.2 - Raven Core project)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.1201.111814 - Razer
Inc.)
Reflector 4 (HKLM\...\{486CCCF4-3010-488C-B9BA-8F816E7698D9}) (Version: 4.0.3.0
- Squirrels)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit
Technologies Co.Ltd)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellarium 0.21.2 (HKLM\...\Stellarium_is1) (Version: 0.21.2 - Stellarium team)
Streamlabs OBS 1.5.2 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version:
1.5.2 - General Workings, Inc.)
The Sandbox Maker (HKLM\...\sandboxmaker) (Version: 0.6.12.908 - TSB Gaming
Limited)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 126.0.10593 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91})
(Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Youtubers Life (HKLM-x32\...\Youtubers Life_is1) (Version: - )
Packages:
=========
AirServer Windows 10 Desktop Edition -> C:\Program
Files\WindowsApps\F3F176BD.AirServer_2021.2.23.2_x64__p8qzvses5c8me [2021-12-12]
(App Dynamic ehf.) [Startup Task]
Intel® Graphics Command Center -> C:\Program
Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt
[2021-12-05] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program
Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe
[2021-12-10] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program
Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe
[2021-12-04] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program
Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj
[2021-09-16] (NVIDIA Corp.)
Spotify Music -> C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0
[2021-12-10] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
CustomCLSID:
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32
->
C:\Users\rpgtu\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21209.2\x64\Microsoft.Teams.AddinLoader.dll
(Microsoft Corporation -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32
->
C:\Users\rpgtu\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll
=> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] ->
{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common
Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-22] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] ->
{853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common
Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-22] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] ->
{42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common
Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-22] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OneDrive1] ->
{BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] ->
{5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] ->
{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] ->
{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] ->
{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] ->
{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] ->
{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] ->
{BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] ->
{5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] ->
{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] ->
{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] ->
{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] ->
{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] ->
{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>
C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
[2021-11-22] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>
C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
=> C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] ->
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} =>
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b8346c359fcd6093\nvshext.dll
[2021-08-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>
C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
[2021-11-22] (Adobe Inc. -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>
C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
=> C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\rpgtu\Application
Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\rpgtu\Application
Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams:
C:\Users\rpgtu\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams:
C:\Users\rpgtu\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry.
The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft
Office\Office16\OCHelper.dll [2021-11-18] (Microsoft Corporation -> Microsoft
Corporation)
BHO: Microsoft OneDrive for Business Browser Helper ->
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft
Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
[2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper ->
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft
Office\root\Office16\OCHelper.dll [2021-11-18] (Microsoft Corporation ->
Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper ->
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft
Office\root\Office16\GROOVEEX.DLL [2021-12-10] (Microsoft Corporation ->
Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-18]
(Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-18] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-18]
(Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files
(x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-18] (Microsoft
Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site:
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\sharepoint.com ->
hxxps://latcuvoda-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2021-12-12 17:28 - 000000000 _____
C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\Control
Panel\Desktop\\Wallpaper ->
C:\Users\rpgtu\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\steep
screenshot 2020.01.03 - 19.17.57.88.png
HKU\S-1-5-21-4059296222-1974293382-1207419619-1002\Control
Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\StartupApproved\Run: =>
"com.squirrel.Teams.Teams"
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\StartupApproved\Run: =>
"Steam"
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\StartupApproved\Run: =>
"FACEIT"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [{4FE01A60-45DA-407C-B713-450509A3E9AD}] => (Allow) C:\Program
Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{ECCD6312-9D5D-4604-B97F-623FD2241EC5}] => (Allow) C:\Program
Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C75D6DED-38A4-4709-BABA-BA00193CEE0A}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation ->
NVIDIA Corporation)
FirewallRules: [{DAD3BE20-1998-45CD-88E5-5D4CB208A08F}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation ->
NVIDIA Corporation)
FirewallRules: [{83C2C5BC-8171-4087-8690-92052E8A4AB5}] => (Allow) C:\Program
Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve
Corporation)
FirewallRules: [{6C40FDE2-6A87-4556-ABA1-6677AC09B32E}] => (Allow) C:\Program
Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve
Corporation)
FirewallRules: [{8901A33B-4D4B-48D2-A9C7-984B3B4AB58C}] => (Block) D:\LUMINAR AI
CRACKED () <==== ATTENTION [zero byte File/Folder]
FirewallRules: [{7FD2D72F-DE6E-4C8E-9F81-69F0C24E3DDC}] => (Allow)
D:\SHAREiT\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit
Technologies Co.Ltd)
FirewallRules: [{74460B47-3083-4330-8B98-E6A8165B3E24}] => (Allow)
D:\SHAREiT\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit
Technologies Co.Ltd)
FirewallRules: [{0A0C4D4F-EDE9-489E-A5E0-0583B8D987BD}] => (Allow)
D:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan
-> )
FirewallRules: [{4DEF89CA-D322-4E01-877B-A503F7057104}] => (Allow)
D:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan
-> )
FirewallRules: [TCP Query
User{9C4CF469-3FEE-4CC7-821D-3A8A18641EA6}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.415\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
File
FirewallRules: [UDP Query
User{C8814348-E8E2-497D-B8DC-29C574F7A957}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.415\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
File
FirewallRules: [TCP Query
User{0CFD2A9E-F9EA-4434-85DB-400448034BFF}C:\users\rpgtu\appdata\roaming\utorrent\utorrent.exe]
=> (Allow) C:\users\rpgtu\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc
-> BitTorrent Inc.)
FirewallRules: [UDP Query
User{F5A63E81-883A-4282-B138-8E05528B3357}C:\users\rpgtu\appdata\roaming\utorrent\utorrent.exe]
=> (Allow) C:\users\rpgtu\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc
-> BitTorrent Inc.)
FirewallRules: [TCP Query
User{7B29153D-A271-4958-BADC-5142399F7E84}D:\amalia\the sims
4\game\bin\ts4_x64.exe] => (Allow) D:\amalia\the sims 4\game\bin\ts4_x64.exe =>
No File
FirewallRules: [UDP Query
User{657B5454-761D-454C-9E20-E0301DA3DE7A}D:\amalia\the sims
4\game\bin\ts4_x64.exe] => (Allow) D:\amalia\the sims 4\game\bin\ts4_x64.exe =>
No File
FirewallRules: [{61060DC5-9E32-4047-96D6-3B416D4E3E8A}] => (Allow)
D:\DAVINCI\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty.
Ltd.)
FirewallRules: [{2D23C63F-79CD-41B1-A387-CF41521EA982}] => (Allow)
D:\DAVINCI\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{63B48A9E-E838-4E80-8A91-5E8FAE462293}] => (Allow)
D:\DAVINCI\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{CF1A41B1-C187-4E99-B30B-93F84F0DC233}] => (Allow)
D:\DAVINCI\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{A9ECAC60-F0D4-4021-AF09-048E6266CBCD}] => (Allow)
D:\DAVINCI\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{F7E3791D-4A2B-44BF-BCC3-180DBE6F2918}] => (Allow)
D:\DAVINCI\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{96AF6259-BD87-4032-819D-583281B15253}] => (Allow)
D:\DAVINCI\ElementsPanelDaemon.exe => No File
FirewallRules: [{18D0E23C-A062-4A49-872D-BCFEA45B8407}] => (Allow)
D:\DAVINCI\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty.
Ltd.)
FirewallRules: [{1877B07A-FAD3-45D6-886B-1FB152B21A25}] => (Allow)
D:\DAVINCI\DPDecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [TCP Query
User{23D72E1C-DD7D-40F3-8265-14D6607D2456}D:\games(cracked)\forza horizon
4\forzahorizon4.exe] => (Allow) D:\games(cracked)\forza horizon
4\forzahorizon4.exe => No File
FirewallRules: [UDP Query
User{5AF50DF4-17A7-47FB-B446-71BEBBAE084E}D:\games(cracked)\forza horizon
4\forzahorizon4.exe] => (Allow) D:\games(cracked)\forza horizon
4\forzahorizon4.exe => No File
FirewallRules: [TCP Query
User{876104B5-39D5-4175-AFAB-69FD0D164161}C:\users\rpgtu\appdata\local\microsoft\teams\current\teams.exe]
=> (Allow) C:\users\rpgtu\appdata\local\microsoft\teams\current\teams.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query
User{73580353-8F4F-4139-841A-157FAE8AFAFC}C:\users\rpgtu\appdata\local\microsoft\teams\current\teams.exe]
=> (Allow) C:\users\rpgtu\appdata\local\microsoft\teams\current\teams.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query
User{B1744124-B325-49C8-AD7C-C03C12CE1233}D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe]
=> (Allow)
D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe
=> No File
FirewallRules: [UDP Query
User{1FC8A136-557B-4B0B-88BA-F4A8EAA53E93}D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe]
=> (Allow)
D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe
=> No File
FirewallRules: [TCP Query
User{44E6C016-A074-47F5-82A1-CC0F379CE699}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.424\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
File
FirewallRules: [UDP Query
User{A6D44DC0-FEFB-4461-A433-7F239237CBBC}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.424\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
File
FirewallRules: [TCP Query
User{E5FCE190-2915-46A5-8544-56EAE3178419}D:\games(cracked)\enlisted\launcher.exe]
=> (Allow) D:\games(cracked)\enlisted\launcher.exe => No File
FirewallRules: [UDP Query
User{A11625BF-3D67-44EE-8731-72629A2ABAEC}D:\games(cracked)\enlisted\launcher.exe]
=> (Allow) D:\games(cracked)\enlisted\launcher.exe => No File
FirewallRules: [{1F1A132C-CC20-4FAC-B9C5-A07A91840F71}] => (Allow)
D:\SteamLibrary\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
=> No File
FirewallRules: [{9FF71E78-93B2-4DC2-B6C6-3A0DE4D9849C}] => (Allow)
D:\SteamLibrary\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
=> No File
FirewallRules: [TCP Query
User{55F0225B-4F93-4321-B79E-77A11CC3A035}D:\games(cracked)\enlisted\win64\enlisted.exe]
=> (Allow) D:\games(cracked)\enlisted\win64\enlisted.exe => No File
FirewallRules: [UDP Query
User{9A674E45-9065-4E98-850E-F628ED60F962}D:\games(cracked)\enlisted\win64\enlisted.exe]
=> (Allow) D:\games(cracked)\enlisted\win64\enlisted.exe => No File
FirewallRules: [TCP Query
User{A0191A24-BEBB-4D86-AB3D-A7049A34E2D1}D:\davinci\dpdecoder.exe] => (Allow)
D:\davinci\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [UDP Query
User{A8C851BA-7343-46AA-9EE1-14881AAD1A9E}D:\davinci\dpdecoder.exe] => (Allow)
D:\davinci\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [TCP Query
User{2F5A7F9A-A150-4703-88BF-05FD7BF663EC}D:\davinci\resolve.exe] => (Allow)
D:\davinci\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty.
Ltd.)
FirewallRules: [UDP Query
User{64A35173-8EDD-4AC5-B5C7-9738D3FD6643}D:\davinci\resolve.exe] => (Allow)
D:\davinci\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty.
Ltd.)
FirewallRules: [TCP Query
User{AEB2DFD1-5933-4A87-8A0E-68C072AE129E}D:\davinci\fuscript.exe] => (Allow)
D:\davinci\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty.
Ltd.)
FirewallRules: [UDP Query
User{00776610-20B3-4BF8-8C5D-C3376B30D8D4}D:\davinci\fuscript.exe] => (Allow)
D:\davinci\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty.
Ltd.)
FirewallRules: [TCP Query
User{715705D1-6376-4D00-9827-DAFC0596E257}D:\davinci\davincipaneldaemon.exe] =>
(Allow) D:\davinci\davincipaneldaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [UDP Query
User{B08F248C-8D1C-4B96-90ED-249AC0C6E2A4}D:\davinci\davincipaneldaemon.exe] =>
(Allow) D:\davinci\davincipaneldaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [TCP Query
User{A2040029-2748-4930-AD6D-C0D99FDE51A2}C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe]
=> (Allow)
C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe
=> No File
FirewallRules: [UDP Query
User{16F75A27-60FA-4377-A76A-2D3D4343B1D3}C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe]
=> (Allow)
C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe
=> No File
FirewallRules: [TCP Query User{9B79285F-46EC-4A4C-A386-95AE374A635D}D:\to the
moon!!!\raven\raven-qt.exe] => (Allow) D:\to the moon!!!\raven\raven-qt.exe ()
[File not signed]
FirewallRules: [UDP Query User{AAE185AD-72D3-4B90-8A3F-4BC42241CABC}D:\to the
moon!!!\raven\raven-qt.exe] => (Allow) D:\to the moon!!!\raven\raven-qt.exe ()
[File not signed]
FirewallRules: [TCP Query User{64110EFA-41DA-4265-884B-9A0A855D9332}D:\to the
moon!!!\raven miner\nbminer_win\nbminer.exe] => (Allow) D:\to the moon!!!\raven
miner\nbminer_win\nbminer.exe => No File
FirewallRules: [UDP Query User{E2D9C474-0282-4EA6-95E8-BEB839F108D0}D:\to the
moon!!!\raven miner\nbminer_win\nbminer.exe] => (Allow) D:\to the moon!!!\raven
miner\nbminer_win\nbminer.exe => No File
FirewallRules: [TCP Query
User{43E70263-95BD-442E-9159-79D0A673F56A}C:\users\rpgtu\appdata\local\programs\opera
gx\75.0.3969.267\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No
File
FirewallRules: [UDP Query
User{BE43E74B-FF3F-483B-B592-4CC364642E29}C:\users\rpgtu\appdata\local\programs\opera
gx\75.0.3969.267\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No
File
FirewallRules: [TCP Query
User{027769A7-DCA8-45D1-8E59-237ED92CD716}D:\games(cracked)\mortal kombat
11\binaries\retail\mk11.exe] => (Allow) D:\games(cracked)\mortal kombat
11\binaries\retail\mk11.exe => No File
FirewallRules: [UDP Query
User{33D109BC-BF9A-482A-9307-5DAF1C6F4101}D:\games(cracked)\mortal kombat
11\binaries\retail\mk11.exe] => (Allow) D:\games(cracked)\mortal kombat
11\binaries\retail\mk11.exe => No File
FirewallRules: [TCP Query
User{C73657CC-0740-4DD1-BB2D-33C3FA0B3C4A}D:\games(cracked)\agfy-dayz\game\dayz_x64.exe]
=> (Allow) D:\games(cracked)\agfy-dayz\game\dayz_x64.exe => No File
FirewallRules: [UDP Query
User{C666CE29-A932-45B5-9F98-473597847944}D:\games(cracked)\agfy-dayz\game\dayz_x64.exe]
=> (Allow) D:\games(cracked)\agfy-dayz\game\dayz_x64.exe => No File
FirewallRules: [{37F515EC-CF1F-48EF-AF02-E55D5990675B}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\launcher.exe => No File
FirewallRules: [{94EED278-BE89-41B1-BE12-23CBE786573B}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\launcher.exe => No File
FirewallRules: [{107600C5-09B4-4BB4-85CC-D1BAA55B4C9E}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\bpreport.exe => No File
FirewallRules: [{5EE03A65-2DFC-400D-8ADA-5C67BF89275A}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\bpreport.exe => No File
FirewallRules: [{FE0AE514-86A9-45A9-BC0A-8804D9052DD5}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win32\bpreport.exe => No File
FirewallRules: [{EF38ABCB-339B-4DC0-81DA-38CB1D67A77B}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win32\bpreport.exe => No File
FirewallRules: [{4FB7E4C3-34B9-41E3-BCE3-2FA7F2B55765}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\gaijin_downloader.exe => No File
FirewallRules: [{10D6F45F-F181-4E80-86B3-0864BAAC6167}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\gaijin_downloader.exe => No File
FirewallRules: [{F6040F79-9E07-4E13-A156-D605CBD7867B}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win64\cuisine_royale.exe => No File
FirewallRules: [{AC665CB7-535D-4C79-833A-E7F5326F196F}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win64\cuisine_royale.exe => No File
FirewallRules: [{407BDD55-8A9A-4A1E-B385-BDD7A8B120A5}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win32\cuisine_royale.exe => No File
FirewallRules: [{02F877F3-B4CD-44EE-BA67-A3D684D21062}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win32\cuisine_royale.exe => No File
FirewallRules: [{0F3C9BF5-7536-4B48-80FD-7491A908FBA9}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\cuisine_royale_eac_launcher.exe => No
File
FirewallRules: [{8FDF9154-B2D8-4537-97B5-9B13CA9C0ABE}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\cuisine_royale_eac_launcher.exe => No
File
FirewallRules: [TCP Query
User{363FDF4A-99B9-426A-BE39-BDFDC714D9AA}D:\steamlibrary\steamapps\common\grand
theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft
auto v\gta5.exe => No File
FirewallRules: [UDP Query
User{DEAF2C47-3249-456B-AB44-E2E8255B40F9}D:\steamlibrary\steamapps\common\grand
theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft
auto v\gta5.exe => No File
FirewallRules: [TCP Query
User{897BA7D4-BDA0-4D68-877F-0EC1E47616DD}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
=> (Allow)
D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No
File
FirewallRules: [UDP Query
User{12B00E99-77A3-4011-860F-F0157F7B0CA6}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
=> (Allow)
D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No
File
FirewallRules: [TCP Query
User{D1D42714-06B6-49F9-9940-D7BB12316F6F}C:\users\rpgtu\appdata\local\programs\opera
gx\76.0.4017.208\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No
File
FirewallRules: [UDP Query
User{074F5752-5DB4-4D03-A315-7D6E64FD2ACB}C:\users\rpgtu\appdata\local\programs\opera
gx\76.0.4017.208\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No
File
FirewallRules: [TCP Query
User{3945A8F6-78A4-4AC0-924A-A94C0D5821AC}D:\games(cracked)\the sims 4 [fitgirl
repack]\sims 4\the sims 4\game\bin\ts4_x64.exe] => (Block) D:\games(cracked)\the
sims 4 [fitgirl repack]\sims 4\the sims 4\game\bin\ts4_x64.exe (Electronic Arts
Inc.) [File not signed]
FirewallRules: [UDP Query
User{698B43CB-6236-4CA3-AA68-8A78EC213640}D:\games(cracked)\the sims 4 [fitgirl
repack]\sims 4\the sims 4\game\bin\ts4_x64.exe] => (Block) D:\games(cracked)\the
sims 4 [fitgirl repack]\sims 4\the sims 4\game\bin\ts4_x64.exe (Electronic Arts
Inc.) [File not signed]
FirewallRules: [TCP Query
User{3AFA2EE9-362A-416E-B005-6BF2564207E0}C:\users\rpgtu\appdata\local\programs\opera
gx\opera.exe] => (Allow) C:\users\rpgtu\appdata\local\programs\opera
gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query
User{1692CB52-69D9-4645-81AB-10E29C1CD7A2}C:\users\rpgtu\appdata\local\programs\opera
gx\opera.exe] => (Allow) C:\users\rpgtu\appdata\local\programs\opera
gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{4AFEA4BD-80EF-432B-9ABF-57B304401E91}] => (Allow)
D:\SteamLibrary\steamapps\common\Liftoff\Liftoff.exe () [File not signed]
FirewallRules: [{0B7004D0-4977-4A6E-A42D-44C407C98B42}] => (Allow)
D:\SteamLibrary\steamapps\common\Liftoff\Liftoff.exe () [File not signed]
FirewallRules: [{45E1E8DC-E796-47FC-BE90-834EEDCAEBDC}] => (Allow) D:\EPIC
GAMES\Steep\steep.exe => No File
FirewallRules: [{D59E1D8D-5C92-4969-B277-9A44A9A5BCEE}] => (Allow)
D:\SteamLibrary\steamapps\common\Euro Truck Simulator
2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{17F96380-199D-4D33-AE37-222E020330D6}] => (Allow)
D:\SteamLibrary\steamapps\common\Euro Truck Simulator
2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{4B87FADF-96C9-49D5-9CB7-58FCF0833442}] => (Allow)
D:\SteamLibrary\steamapps\common\Euro Truck Simulator
2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{FC83D02A-1428-42E4-B391-F183E00BA5BE}] => (Allow)
D:\SteamLibrary\steamapps\common\Euro Truck Simulator
2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [TCP Query User{19870CB1-0EA7-4942-A906-29CC6A4A1245}C:\program
files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{F59A1DA2-F754-4116-B8F7-424062EC6D33}C:\program
files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query
User{8DB215CF-4EE6-49C0-8E68-B546E4218337}C:\users\rpgtu\appdata\local\programs\immutable-launcher\immutable.exe]
=> (Allow)
C:\users\rpgtu\appdata\local\programs\immutable-launcher\immutable.exe (FUEL
GAMES PTY LTD -> Immutable)
FirewallRules: [UDP Query
User{F74F1A88-CAFD-4EB0-936E-A303E926BEC9}C:\users\rpgtu\appdata\local\programs\immutable-launcher\immutable.exe]
=> (Allow)
C:\users\rpgtu\appdata\local\programs\immutable-launcher\immutable.exe (FUEL
GAMES PTY LTD -> Immutable)
FirewallRules: [TCP Query
User{D649B21B-3E02-4276-8837-A26A4387571D}C:\users\rpgtu\appdata\local\godsunchained\gods
unchained\standalonewindows64\gods.exe] => (Allow)
C:\users\rpgtu\appdata\local\godsunchained\gods
unchained\standalonewindows64\gods.exe (FUEL GAMES PTY LTD -> )
FirewallRules: [UDP Query
User{8DFD6025-D8BB-416E-A8E6-51E3274D9131}C:\users\rpgtu\appdata\local\godsunchained\gods
unchained\standalonewindows64\gods.exe] => (Allow)
C:\users\rpgtu\appdata\local\godsunchained\gods
unchained\standalonewindows64\gods.exe (FUEL GAMES PTY LTD -> )
FirewallRules: [{C82FCD49-E6C7-4F90-9B97-1C4D090D5B46}] => (Allow)
D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe =>
No File
FirewallRules: [{2A5B55B7-C007-484C-8E83-8F43E8BF3FF7}] => (Allow)
D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe =>
No File
FirewallRules: [{069099FE-E5F9-4C40-AF1C-99CA3B2984F8}] => (Allow) C:\Program
Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{3AEAA350-377B-4C9A-85D9-FB68A02DAEB5}] => (Allow) C:\Program
Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{9DC94CA3-2DD1-4699-B1E6-885A681A85D1}] => (Allow) C:\Program
Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{5CBD583E-5E1C-4E42-A976-DF3FED7CEF45}] => (Allow) C:\Program
Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{4CCC905C-DB11-4CAB-9B54-27DDB91F2C56}] => (Allow) C:\Program
Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{A45EED77-71A3-4255-9D14-3DCF5F084A17}] => (Allow)
D:\SteamLibrary\steamapps\common\theHunterCotW\theHunterCotW_F.exe () [File not
signed]
FirewallRules: [{1113DA8D-89E1-4356-A41F-7909AA0C74E4}] => (Allow)
D:\SteamLibrary\steamapps\common\theHunterCotW\theHunterCotW_F.exe () [File not
signed]
FirewallRules: [{9A4E9C11-45CB-40A9-A786-9BF3E1AAE8CB}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation ->
NVIDIA Corporation)
FirewallRules: [{D405CEE4-A699-4CBB-BD44-C9B87E4018E3}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation ->
NVIDIA Corporation)
FirewallRules: [{9F66A073-FEAA-46E5-A6D0-24D75B246597}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{895214F1-670F-4639-B05E-3C6650C0E962}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{353DE02B-19FB-4F4C-A767-D0ADFCCB5544}] => (Allow) C:\Program
Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F938DC55-8E00-46A2-878F-BFA48F4AF41F}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{136D97C8-247D-410A-9B3F-8BE25ED0D149}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{EE2D62B1-5094-4784-A105-259D55123A84}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{E8186FA1-A5B8-4528-A70C-158F3E861DAD}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{871E3AFE-BC4D-4BD2-8DB0-7CCFDE80780E}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{2514C11E-1D3C-4F00-A238-0C821E2EECB5}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{C583041B-108A-46BD-9318-658DEFA5015C}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{7B10DC1F-A370-4502-9453-612D5938C3A6}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{F9B4B73D-13BB-4182-A488-546D6ADF528D}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ED39A3C4-1F7D-473C-AD2F-5889A3EC7277}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E2D8236-5CD1-4AF6-9B4D-C21AD309EA3A}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4A9A3525-54D7-44D2-B516-11A7245ACAB0}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{320FB615-E080-4ED4-9534-7C28E5EF19DC}] => (Allow) C:\Program
Files\Reflector 4\Reflector4.exe (Squirrels LLC -> Squirrels)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:111.26 GB) (Free:31.71 GB) (29%)
Check "VSS" service
==================== Faulty Device Manager Devices ============
Name: Microsoft Hyper-V Virtualization Infrastructure Driver
Description: Microsoft Hyper-V Virtualization Infrastructure Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Vid
Problem: : This device is not working properly because Windows cannot load the
drivers required for this device. (Code 31)
Resolution: Update the driver
Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which
starts the Hardware Update wizard.
Name: Intel® Display Audio
Description: Intel® Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcDAud
Problem: : This device is not working properly because Windows cannot load the
drivers required for this device. (Code 31)
Resolution: Update the driver
Name: PCI Memory Controller
Description: PCI Memory Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which
starts the Hardware Update wizard.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which
starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/13/2021 04:00:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (12/13/2021 04:00:19 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID
{4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started.
[0x8007045b, A system shutdown is in progress.
]
Error: (12/13/2021 04:00:18 PM) (Source: Software Protection Platform Service)
(EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent
Error: (12/13/2021 04:00:18 PM) (Source: Software Protection Platform Service)
(EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (12/13/2021 04:00:15 PM) (Source: Software Protection Platform Service)
(EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (12/12/2021 05:29:37 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: IVtdL4y3JfV3BxQG32utbo6w.exe, version:
52.0.0.0, time stamp: 0x61ae1d96
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x130f0d8e
Faulting process id: 0x50b4
Faulting application start time: 0x01d7ef6ceaff5791
Faulting application path: C:\Users\rpgtu\Pictures\Adobe
Films\IVtdL4y3JfV3BxQG32utbo6w.exe
Faulting module path: unknown
Report Id: 5e253373-248e-4075-9628-545bd596129a
Faulting package full name:
Faulting package-relative application ID:
Error: (12/12/2021 05:29:35 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: IVtdL4y3JfV3BxQG32utbo6w.exe, version:
52.0.0.0, time stamp: 0x61ae1d96
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x130f0d8e
Faulting process id: 0x50b4
Faulting application start time: 0x01d7ef6ceaff5791
Faulting application path: C:\Users\rpgtu\Pictures\Adobe
Films\IVtdL4y3JfV3BxQG32utbo6w.exe
Faulting module path: unknown
Report Id: 9f884ab4-9227-49e9-8b75-cdb695b34978
Faulting package full name:
Faulting package-relative application ID:
Error: (12/12/2021 05:29:30 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: IVtdL4y3JfV3BxQG32utbo6w.exe, version:
52.0.0.0, time stamp: 0x61ae1d96
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x130f0d8e
Faulting process id: 0x50b4
Faulting application start time: 0x01d7ef6ceaff5791
Faulting application path: C:\Users\rpgtu\Pictures\Adobe
Films\IVtdL4y3JfV3BxQG32utbo6w.exe
Faulting module path: unknown
Report Id: 91603d9c-fc0a-420f-8fae-0170e124ba6b
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (12/13/2021 04:07:07 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (12/13/2021 04:07:07 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{F087771F-D74F-4C1A-BB8A-E16ACA9124EA}
Error: (12/13/2021 04:07:07 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{6D18AD12-BDE3-4393-B311-099C346E6DF9}
Error: (12/13/2021 04:07:07 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{03CA98D6-FF5D-49B8-ABC6-03DD84127020}
Error: (12/13/2021 04:07:07 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{659CDEA7-489E-11D9-A9CD-000D56965251}
Error: (12/13/2021 04:07:07 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{BB6DF56B-CACE-11DC-9992-0019B93A3A84}
Error: (12/13/2021 04:07:07 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{1ECCA34C-E88A-44E3-8D6A-8921BDE9E452}
Error: (12/13/2021 04:07:07 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{4D233817-B456-4E75-83D2-B17DEC544D12}
Windows Defender:
================
Date: 2021-12-12 17:29:07
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik!MTB&threatid=2147787147&enterprise=0
Name: Trojan:Win32/Sabsik!MTB
Severity: Severe
Category: Trojan
Path:
file:_C:\Users\rpgtu\AppData\Local\Microsoft\Windows\INetCache\IE\BKYKBGYN\Service[1].bmp;
file:_C:\Users\rpgtu\Pictures\Adobe Films\amkBSLIsEXAHOMMY9nHKcxd7.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name:
C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD\Sun141adecb70b222e5e.exe
Security intelligence Version: AV: 1.355.139.0, AS: 1.355.139.0, NIS:
1.355.139.0
Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4
Date: 2021-12-12 17:28:50
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Mokes.B!MTB&threatid=2147783652&enterprise=0
Name: Trojan:MSIL/Mokes.B!MTB
Severity: Severe
Category: Trojan
Path:
file:_C:\Users\rpgtu\AppData\Local\Microsoft\Windows\INetCache\IE\PLE77LH9\Uponrun[1].exe;
file:_C:\Users\rpgtu\Pictures\Adobe Films\W07eNDS7upRRZgfGDd5lak88.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name:
C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD\Sun141adecb70b222e5e.exe
Security intelligence Version: AV: 1.355.139.0, AS: 1.355.139.0, NIS:
1.355.139.0
Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4
Date: 2021-12-12 17:28:38
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik!MTB&threatid=2147787147&enterprise=0
Name: Trojan:Win32/Sabsik!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\rpgtu\Pictures\Adobe Films\amkBSLIsEXAHOMMY9nHKcxd7.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name:
C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD\Sun141adecb70b222e5e.exe
Security intelligence Version: AV: 1.355.139.0, AS: 1.355.139.0, NIS:
1.355.139.0
Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4
Date: 2021-12-12 17:28:31
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Mokes.B!MTB&threatid=2147783652&enterprise=0
Name: Trojan:MSIL/Mokes.B!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\rpgtu\Pictures\Adobe Films\W07eNDS7upRRZgfGDd5lak88.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name:
C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD\Sun141adecb70b222e5e.exe
Security intelligence Version: AV: 1.355.139.0, AS: 1.355.139.0, NIS:
1.355.139.0
Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4
Date: 2021-12-12 16:28:52
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/SmallDownloader!MTB&threatid=2147786787&enterprise=0
Name: Trojan:MSIL/SmallDownloader!MTB
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Users\rpgtu\AppData\Local\Temp\setup_installer.exe;
file:_C:\Users\rpgtu\AppData\Local\Temp\setup_installer.exe->(7zSfx)->Sun1480437ab0bd2d87.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.355.139.0, AS: 1.355.139.0, NIS:
1.355.139.0
Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4
==================== Memory info ===========================
BIOS: American Megatrends Inc. P2.10 05/15/2017
Motherboard: ASRock H270 Pro4
Processor: Intel® Core™ i3-7100 CPU @ 3.90GHz
Percentage of memory in use: 7%
Total physical RAM: 32660.59 MB
Available physical RAM: 30203.48 MB
Total Virtual: 37524.59 MB
Available Virtual: 35224.24 MB
==================== Drives ================================
Drive c: (Fast as bleep,boiiiii) (Fixed) (Total:111.26 GB) (Free:31.71 GB) NTFS
==>[drive with boot components (obtained from BCD)]
Drive d: (Biden's secrets) (Fixed) (Total:931.51 GB) (Free:655.48 GB) NTFS
Drive e: (STICK 4G) (Removable) (Total:3.78 GB) (Free:3.39 GB) FAT32
Drive f: (STICK 1G) (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 513B16F7)
Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4E8329B3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 961 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=961 MB) - (Type=0E)
==========================================================
Disk: 3 (Size: 3.8 GB) (Disk ID: 00072E32)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)
==================== End of Addition.txt =======================
* Back to top
--------------------------------------------------------------------------------
#6 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 14,636 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:33 AM
Posted 13 December 2021 - 09:58 AM
Hi
Welcome
I'll be helping you with your computer.
Please read this post completely before beginning. If there's anything that you
do not understand, please don't hesitate to ask before proceeding.
Please take note of the guidelines for this fix:
* Please note that I am a volunteer. I do have a family, a career, and other
endeavors that may prevent immediate responses that meet your schedule. Do
note that the differences in time zones could present a problem as well. Your
patience and understanding will be greatly appreciated.
* First of all, the procedures we are about to perform are specific to your
problem and should only be used on this specific computer.
* Do not make any changes to your computer that include installing/uninstalling
programs, deleting files, modifying the registry, nor running scanners or
tools of any kind unless specifically requested by me.
* Please read ALL instructions carefully and perform the steps fully and in the
order they are written.
* If things appear to be better, let me know. Just because the symptoms no
longer exist as before, does not mean that you are clean.
* Continue to read and follow my instructions until I tell you that your
machine is clean.
* If you have any questions at all, please do not hesitate to ask before
performing the task that I ask of you, and please wait for my reply before
you proceed.
* Scanning with programs and reading the logs do take a fair amount of time.
Again, your patience will be necessary.
Let's begin...
* Highlight the entire content of the quote box below.
Quote
> Start::
> CloseProcesses:
> AlternateDataStreams: C:\Users\rpgtu\Application
> Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
> AlternateDataStreams: C:\Users\rpgtu\Application
> Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
> AlternateDataStreams:
> C:\Users\rpgtu\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
> AlternateDataStreams:
> C:\Users\rpgtu\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
> HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [REFLECTOR4] =>
> [X]
> 2021-12-12 17:29 - 2021-12-12 17:29 - 000000000 ____D
> C:\ProgramData\T1BQ76UIJMRFN8ZVI95WLL3LM
> 2021-12-12 16:55 - 2021-12-12 16:55 - 000000000 ____D
> C:\ProgramData\Reflector4
> 2021-12-12 16:53 - 2021-12-12 16:55 - 000000000 ____D C:\ProgramData\Reflector
> 4
> 2021-12-12 16:53 - 2021-12-12 16:53 - 000000000 ____D
> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reflector 4
> Task: {022FCFA2-2031-49F6-987D-6952EF6F8C2C} - System32\Tasks\Firefox Default
> Browser Agent 526B46154BA35D37 => C:\Users\rpgtu\AppData\Roaming\biursvf
> [186368 2021-06-13] () [File not signed] <==== ATTENTION
> Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} -
> System32\Tasks\bLowiBoQzbLXENDkOt =>
> C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> [6906368 2021-12-08] () [File not signed] <==== ATTENTION
> Task: {E680B70E-0F17-4443-9249-3F193E5C9894} -
> System32\Tasks\bxXVHDbGydkxZRRGGJ =>
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> [6711296 2021-12-12] () [File not signed] <==== ATTENTION
> C:\Users\rpgtu\AppData\Roaming\biursvf
> C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
> C:\Windows\System32\Tasks\Firefox Default Browser Agent 526B46154BA35D37
> C:\WindowsSystem32\Tasks\bLowiBoQzbLXENDkOt
> C:\WindowsSystem32\Tasks\bxXVHDbGydkxZRRGGJ
> D:\LUMINAR AI CRACKED ()
> FirewallRules: [{8901A33B-4D4B-48D2-A9C7-984B3B4AB58C}] => (Block) D:\LUMINAR
> AI CRACKED () <==== ATTENTION [zero byte File/Folder]
> CustomCLSID:
> HKU\S-1-5-21-4059296222-1974293382-1207419619-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32
> ->
> C:\Users\rpgtu\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll
> => No File
> FirewallRules: [TCP Query
> User{9C4CF469-3FEE-4CC7-821D-3A8A18641EA6}C:\users\rpgtu\appdata\local\programs\opera
> gx\73.0.3856.415\opera.exe] => (Allow)
> C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
> File
> FirewallRules: [UDP Query
> User{C8814348-E8E2-497D-B8DC-29C574F7A957}C:\users\rpgtu\appdata\local\programs\opera
> gx\73.0.3856.415\opera.exe] => (Allow)
> C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
> File
> FirewallRules: [TCP Query
> User{7B29153D-A271-4958-BADC-5142399F7E84}D:\amalia\the sims
> 4\game\bin\ts4_x64.exe] => (Allow) D:\amalia\the sims 4\game\bin\ts4_x64.exe
> => No File
> FirewallRules: [UDP Query
> User{657B5454-761D-454C-9E20-E0301DA3DE7A}D:\amalia\the sims
> 4\game\bin\ts4_x64.exe] => (Allow) D:\amalia\the sims 4\game\bin\ts4_x64.exe
> => No File
> FirewallRules: [{96AF6259-BD87-4032-819D-583281B15253}] => (Allow)
> D:\DAVINCI\ElementsPanelDaemon.exe => No File
> FirewallRules: [TCP Query
> User{23D72E1C-DD7D-40F3-8265-14D6607D2456}D:\games(cracked)\forza horizon
> 4\forzahorizon4.exe] => (Allow) D:\games(cracked)\forza horizon
> 4\forzahorizon4.exe => No File
> FirewallRules: [UDP Query
> User{5AF50DF4-17A7-47FB-B446-71BEBBAE084E}D:\games(cracked)\forza horizon
> 4\forzahorizon4.exe] => (Allow) D:\games(cracked)\forza horizon
> 4\forzahorizon4.exe => No File
> FirewallRules: [TCP Query
> User{B1744124-B325-49C8-AD7C-C03C12CE1233}D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe]
> => (Allow)
> D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe
> => No File
> FirewallRules: [UDP Query
> User{1FC8A136-557B-4B0B-88BA-F4A8EAA53E93}D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe]
> => (Allow)
> D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe
> => No File
> FirewallRules: [TCP Query
> User{44E6C016-A074-47F5-82A1-CC0F379CE699}C:\users\rpgtu\appdata\local\programs\opera
> gx\73.0.3856.424\opera.exe] => (Allow)
> C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
> File
> FirewallRules: [UDP Query
> User{A6D44DC0-FEFB-4461-A433-7F239237CBBC}C:\users\rpgtu\appdata\local\programs\opera
> gx\73.0.3856.424\opera.exe] => (Allow)
> C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
> File
> FirewallRules: [TCP Query
> User{E5FCE190-2915-46A5-8544-56EAE3178419}D:\games(cracked)\enlisted\launcher.exe]
> => (Allow) D:\games(cracked)\enlisted\launcher.exe => No File
> FirewallRules: [UDP Query
> User{A11625BF-3D67-44EE-8731-72629A2ABAEC}D:\games(cracked)\enlisted\launcher.exe]
> => (Allow) D:\games(cracked)\enlisted\launcher.exe => No File
> FirewallRules: [{1F1A132C-CC20-4FAC-B9C5-A07A91840F71}] => (Allow)
> D:\SteamLibrary\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
> => No File
> FirewallRules: [{9FF71E78-93B2-4DC2-B6C6-3A0DE4D9849C}] => (Allow)
> D:\SteamLibrary\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
> => No File
> FirewallRules: [TCP Query
> User{55F0225B-4F93-4321-B79E-77A11CC3A035}D:\games(cracked)\enlisted\win64\enlisted.exe]
> => (Allow) D:\games(cracked)\enlisted\win64\enlisted.exe => No File
> FirewallRules: [UDP Query
> User{9A674E45-9065-4E98-850E-F628ED60F962}D:\games(cracked)\enlisted\win64\enlisted.exe]
> => (Allow) D:\games(cracked)\enlisted\win64\enlisted.exe => No File
> FirewallRules: [TCP Query
> User{A2040029-2748-4930-AD6D-C0D99FDE51A2}C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe]
> => (Allow)
> C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe
> => No File
> FirewallRules: [UDP Query
> User{16F75A27-60FA-4377-A76A-2D3D4343B1D3}C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe]
> => (Allow)
> C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe
> => No File
> FirewallRules: [TCP Query User{64110EFA-41DA-4265-884B-9A0A855D9332}D:\to the
> moon!!!\raven miner\nbminer_win\nbminer.exe] => (Allow) D:\to the
> moon!!!\raven miner\nbminer_win\nbminer.exe => No File
> FirewallRules: [UDP Query User{E2D9C474-0282-4EA6-95E8-BEB839F108D0}D:\to the
> moon!!!\raven miner\nbminer_win\nbminer.exe] => (Allow) D:\to the
> moon!!!\raven miner\nbminer_win\nbminer.exe => No File
> FirewallRules: [TCP Query
> User{43E70263-95BD-442E-9159-79D0A673F56A}C:\users\rpgtu\appdata\local\programs\opera
> gx\75.0.3969.267\opera.exe] => (Allow)
> C:\users\rpgtu\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No
> File
> FirewallRules: [UDP Query
> User{BE43E74B-FF3F-483B-B592-4CC364642E29}C:\users\rpgtu\appdata\local\programs\opera
> gx\75.0.3969.267\opera.exe] => (Allow)
> C:\users\rpgtu\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No
> File
> FirewallRules: [TCP Query
> User{027769A7-DCA8-45D1-8E59-237ED92CD716}D:\games(cracked)\mortal kombat
> 11\binaries\retail\mk11.exe] => (Allow) D:\games(cracked)\mortal kombat
> 11\binaries\retail\mk11.exe => No File
> FirewallRules: [UDP Query
> User{33D109BC-BF9A-482A-9307-5DAF1C6F4101}D:\games(cracked)\mortal kombat
> 11\binaries\retail\mk11.exe] => (Allow) D:\games(cracked)\mortal kombat
> 11\binaries\retail\mk11.exe => No File
> FirewallRules: [TCP Query
> User{C73657CC-0740-4DD1-BB2D-33C3FA0B3C4A}D:\games(cracked)\agfy-dayz\game\dayz_x64.exe]
> => (Allow) D:\games(cracked)\agfy-dayz\game\dayz_x64.exe => No File
> FirewallRules: [UDP Query
> User{C666CE29-A932-45B5-9F98-473597847944}D:\games(cracked)\agfy-dayz\game\dayz_x64.exe]
> => (Allow) D:\games(cracked)\agfy-dayz\game\dayz_x64.exe => No File
> FirewallRules: [{37F515EC-CF1F-48EF-AF02-E55D5990675B}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\launcher.exe => No File
> FirewallRules: [{94EED278-BE89-41B1-BE12-23CBE786573B}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\launcher.exe => No File
> FirewallRules: [{107600C5-09B4-4BB4-85CC-D1BAA55B4C9E}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\bpreport.exe => No File
> FirewallRules: [{5EE03A65-2DFC-400D-8ADA-5C67BF89275A}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\bpreport.exe => No File
> FirewallRules: [{FE0AE514-86A9-45A9-BC0A-8804D9052DD5}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\win32\bpreport.exe => No File
> FirewallRules: [{EF38ABCB-339B-4DC0-81DA-38CB1D67A77B}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\win32\bpreport.exe => No File
> FirewallRules: [{4FB7E4C3-34B9-41E3-BCE3-2FA7F2B55765}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\gaijin_downloader.exe => No File
> FirewallRules: [{10D6F45F-F181-4E80-86B3-0864BAAC6167}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\gaijin_downloader.exe => No File
> FirewallRules: [{F6040F79-9E07-4E13-A156-D605CBD7867B}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\win64\cuisine_royale.exe => No File
> FirewallRules: [{AC665CB7-535D-4C79-833A-E7F5326F196F}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\win64\cuisine_royale.exe => No File
> FirewallRules: [{407BDD55-8A9A-4A1E-B385-BDD7A8B120A5}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\win32\cuisine_royale.exe => No File
> FirewallRules: [{02F877F3-B4CD-44EE-BA67-A3D684D21062}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\win32\cuisine_royale.exe => No File
> FirewallRules: [{0F3C9BF5-7536-4B48-80FD-7491A908FBA9}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\cuisine_royale_eac_launcher.exe => No
> File
> FirewallRules: [{8FDF9154-B2D8-4537-97B5-9B13CA9C0ABE}] => (Allow)
> D:\SteamLibrary\steamapps\common\CRSED\cuisine_royale_eac_launcher.exe => No
> File
> FirewallRules: [TCP Query
> User{363FDF4A-99B9-426A-BE39-BDFDC714D9AA}D:\steamlibrary\steamapps\common\grand
> theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft
> auto v\gta5.exe => No File
> FirewallRules: [UDP Query
> User{DEAF2C47-3249-456B-AB44-E2E8255B40F9}D:\steamlibrary\steamapps\common\grand
> theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft
> auto v\gta5.exe => No File
> FirewallRules: [TCP Query
> User{897BA7D4-BDA0-4D68-877F-0EC1E47616DD}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
> => (Allow)
> D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No
> File
> FirewallRules: [UDP Query
> User{12B00E99-77A3-4011-860F-F0157F7B0CA6}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
> => (Allow)
> D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No
> File
> FirewallRules: [TCP Query
> User{D1D42714-06B6-49F9-9940-D7BB12316F6F}C:\users\rpgtu\appdata\local\programs\opera
> gx\76.0.4017.208\opera.exe] => (Allow)
> C:\users\rpgtu\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No
> File
> FirewallRules: [UDP Query
> User{074F5752-5DB4-4D03-A315-7D6E64FD2ACB}C:\users\rpgtu\appdata\local\programs\opera
> gx\76.0.4017.208\opera.exe] => (Allow)
> C:\users\rpgtu\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No
> File
> FirewallRules: [{45E1E8DC-E796-47FC-BE90-834EEDCAEBDC}] => (Allow) D:\EPIC
> GAMES\Steep\steep.exe => No File
> FirewallRules: [{D59E1D8D-5C92-4969-B277-9A44A9A5BCEE}] => (Allow)
> D:\SteamLibrary\steamapps\common\Euro Truck Simulator
> 2\bin\win_x64\eurotrucks2.exe => No File
> FirewallRules: [{17F96380-199D-4D33-AE37-222E020330D6}] => (Allow)
> D:\SteamLibrary\steamapps\common\Euro Truck Simulator
> 2\bin\win_x64\eurotrucks2.exe => No File
> FirewallRules: [{4B87FADF-96C9-49D5-9CB7-58FCF0833442}] => (Allow)
> D:\SteamLibrary\steamapps\common\Euro Truck Simulator
> 2\bin\win_x86\eurotrucks2.exe => No File
> FirewallRules: [{FC83D02A-1428-42E4-B391-F183E00BA5BE}] => (Allow)
> D:\SteamLibrary\steamapps\common\Euro Truck Simulator
> 2\bin\win_x86\eurotrucks2.exe => No File
> FirewallRules: [{C82FCD49-E6C7-4F90-9B97-1C4D090D5B46}] => (Allow)
> D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe
> => No File
> FirewallRules: [{2A5B55B7-C007-484C-8E83-8F43E8BF3FF7}] => (Allow)
> D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe
> => No File
> Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} -
> System32\Tasks\bLowiBoQzbLXENDkOt =>
> C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> [6906368 2021-12-08] () [File not signed] <==== ATTENTION
> Task: {E680B70E-0F17-4443-9249-3F193E5C9894} -
> System32\Tasks\bxXVHDbGydkxZRRGGJ =>
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> [6711296 2021-12-12] () [File not signed] <==== ATTENTION
> Task: C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job =>
> C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> Task: C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job =>
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} -
> System32\Tasks\bLowiBoQzbLXENDkOt =>
> C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> [6906368 2021-12-08] () [File not signed] <==== ATTENTION
> Task: {E680B70E-0F17-4443-9249-3F193E5C9894} -
> System32\Tasks\bxXVHDbGydkxZRRGGJ =>
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> [6711296 2021-12-12] () [File not signed] <==== ATTENTION
> Task: C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job =>
> C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> Task: C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job =>
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} -
> System32\Tasks\bLowiBoQzbLXENDkOt =>
> C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> [6906368 2021-12-08] () [File not signed] <==== ATTENTION
> Task: {E680B70E-0F17-4443-9249-3F193E5C9894} -
> System32\Tasks\bxXVHDbGydkxZRRGGJ =>
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> [6711296 2021-12-12] () [File not signed] <==== ATTENTION
> Task: C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job =>
> C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> Task: C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job =>
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt
> C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
> C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD
> C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
> C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
> C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt
> C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
> C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
> C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job
> C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job
> C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
> C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
> CustomCLSID:
> HKU\S-1-5-21-4059296222-1974293382-1207419619-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32
> ->
> C:\Users\rpgtu\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll
> => No File
> C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD
> C:\Users\rpgtu\AppData\Local\Temp\setup_installer.exe
> 2021-12-10 18:06 - 2021-12-10 18:06 - 003174400 _____ ()
> C:\Users\rpgtu\AppData\Roaming\Microsoft\RegData_Temp.exe
> 2021-12-12 17:29 - 2021-12-12 17:29 - 003088938 _____ ()
> C:\Users\rpgtu\AppData\Roaming\Microsoft\RegData_Temp.zip
> 2021-12-10 18:02 - 2021-12-10 18:00 - 008290816 _____ ()
> C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost_Temp.exe
> 2021-12-12 17:29 - 2021-12-12 17:29 - 008126274 _____ ()
> C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost_Temp.zip
> CMD: "C:\WINDOWS\SYSTEM32\lodctr.exe" /R
> CMD: "C:\WINDOWS\SysWOW64\lodctr.exe" /R
> HOSTS:
> Removeproxy:
> CMD: fltmc instances
> CMD: netsh advfirewall reset
> CMD: netsh advfirewall set allprofiles state ON
> CMD: ipconfig /flushdns
> CMD: netsh winsock reset catalog
> CMD: netsh int ip reset C:\resettcpip.txt
> CMD: Bitsadmin /Reset /Allusers
> EMPTYTEMP:
> End::
* Right click on the highlighted text and select Copy.
* Start FRST (FRST64) with Administrator privileges
* Press the Fix button. FRST will process the lines copied above from the
clipboard.
* When finished, a log file (Fixlog.txt) will pop up and saved in the same
location the tool was ran from.
Please copy and paste its contents in your next reply.
Download AdwCleaner and save it to your desktop.
* Double click AdwCleaner.exe to run it.
* Click Scan Now ...
* When the scan has finished a Scan Results window will open.
* Click Cancel (at this point do not attempt to Quarantine anything that is
found)
* Now click the Log Files tab ...
* Double click on the latest scan log (Scan logs have a [S0*] suffix, where *
is replaced by a number, the latest scan will have the largest number)
* A Notepad file will open containing the results of the scan.
Please post the contents of the file in your next reply.
No request for help throughout private messaging will be attended.
If I have helped you, consider making a donation to help me continue the fight
against Malware!
* Back to top
--------------------------------------------------------------------------------
#7 RPGTURTLE53
RPGTurtle53
* Topic Starter
*
* Members
* 10 posts
* OFFLINE
Posted 13 December 2021 - 10:21 AM
JSntgRvr, on 13 Dec 2021 - 2:58 PM, said:
> Hi
>
> Welcome
>
> I'll be helping you with your computer.
>
> Please read this post completely before beginning. If there's anything that
> you do not understand, please don't hesitate to ask before proceeding.
>
> Please take note of the guidelines for this fix:
>
> * Please note that I am a volunteer. I do have a family, a career, and other
> endeavors that may prevent immediate responses that meet your schedule. Do
> note that the differences in time zones could present a problem as well.
> Your patience and understanding will be greatly appreciated.
> * First of all, the procedures we are about to perform are specific to your
> problem and should only be used on this specific computer.
> * Do not make any changes to your computer that include
> installing/uninstalling programs, deleting files, modifying the registry,
> nor running scanners or tools of any kind unless specifically requested by
> me.
> * Please read ALL instructions carefully and perform the steps fully and in
> the order they are written.
> * If things appear to be better, let me know. Just because the symptoms no
> longer exist as before, does not mean that you are clean.
> * Continue to read and follow my instructions until I tell you that your
> machine is clean.
> * If you have any questions at all, please do not hesitate to ask before
> performing the task that I ask of you, and please wait for my reply before
> you proceed.
> * Scanning with programs and reading the logs do take a fair amount of time.
> Again, your patience will be necessary.
>
> Let's begin...
>
> * Highlight the entire content of the quote box below.
>
> Quote
>
> > Start::
> > CloseProcesses:
> > AlternateDataStreams: C:\Users\rpgtu\Application
> > Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
> > AlternateDataStreams: C:\Users\rpgtu\Application
> > Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
> > AlternateDataStreams:
> > C:\Users\rpgtu\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
> > AlternateDataStreams:
> > C:\Users\rpgtu\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
> > HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [REFLECTOR4] =>
> > [X]
> > 2021-12-12 17:29 - 2021-12-12 17:29 - 000000000 ____D
> > C:\ProgramData\T1BQ76UIJMRFN8ZVI95WLL3LM
> > 2021-12-12 16:55 - 2021-12-12 16:55 - 000000000 ____D
> > C:\ProgramData\Reflector4
> > 2021-12-12 16:53 - 2021-12-12 16:55 - 000000000 ____D
> > C:\ProgramData\Reflector 4
> > 2021-12-12 16:53 - 2021-12-12 16:53 - 000000000 ____D
> > C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reflector 4
> > Task: {022FCFA2-2031-49F6-987D-6952EF6F8C2C} - System32\Tasks\Firefox
> > Default Browser Agent 526B46154BA35D37 =>
> > C:\Users\rpgtu\AppData\Roaming\biursvf [186368 2021-06-13] () [File not
> > signed] <==== ATTENTION
> > Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} -
> > System32\Tasks\bLowiBoQzbLXENDkOt =>
> > C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> > [6906368 2021-12-08] () [File not signed] <==== ATTENTION
> > Task: {E680B70E-0F17-4443-9249-3F193E5C9894} -
> > System32\Tasks\bxXVHDbGydkxZRRGGJ =>
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> > [6711296 2021-12-12] () [File not signed] <==== ATTENTION
> > C:\Users\rpgtu\AppData\Roaming\biursvf
> > C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
> > C:\Windows\System32\Tasks\Firefox Default Browser Agent 526B46154BA35D37
> > C:\WindowsSystem32\Tasks\bLowiBoQzbLXENDkOt
> > C:\WindowsSystem32\Tasks\bxXVHDbGydkxZRRGGJ
> > D:\LUMINAR AI CRACKED ()
> > FirewallRules: [{8901A33B-4D4B-48D2-A9C7-984B3B4AB58C}] => (Block)
> > D:\LUMINAR AI CRACKED () <==== ATTENTION [zero byte File/Folder]
> > CustomCLSID:
> > HKU\S-1-5-21-4059296222-1974293382-1207419619-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32
> > ->
> > C:\Users\rpgtu\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll
> > => No File
> > FirewallRules: [TCP Query
> > User{9C4CF469-3FEE-4CC7-821D-3A8A18641EA6}C:\users\rpgtu\appdata\local\programs\opera
> > gx\73.0.3856.415\opera.exe] => (Allow)
> > C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
> > File
> > FirewallRules: [UDP Query
> > User{C8814348-E8E2-497D-B8DC-29C574F7A957}C:\users\rpgtu\appdata\local\programs\opera
> > gx\73.0.3856.415\opera.exe] => (Allow)
> > C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
> > File
> > FirewallRules: [TCP Query
> > User{7B29153D-A271-4958-BADC-5142399F7E84}D:\amalia\the sims
> > 4\game\bin\ts4_x64.exe] => (Allow) D:\amalia\the sims 4\game\bin\ts4_x64.exe
> > => No File
> > FirewallRules: [UDP Query
> > User{657B5454-761D-454C-9E20-E0301DA3DE7A}D:\amalia\the sims
> > 4\game\bin\ts4_x64.exe] => (Allow) D:\amalia\the sims 4\game\bin\ts4_x64.exe
> > => No File
> > FirewallRules: [{96AF6259-BD87-4032-819D-583281B15253}] => (Allow)
> > D:\DAVINCI\ElementsPanelDaemon.exe => No File
> > FirewallRules: [TCP Query
> > User{23D72E1C-DD7D-40F3-8265-14D6607D2456}D:\games(cracked)\forza horizon
> > 4\forzahorizon4.exe] => (Allow) D:\games(cracked)\forza horizon
> > 4\forzahorizon4.exe => No File
> > FirewallRules: [UDP Query
> > User{5AF50DF4-17A7-47FB-B446-71BEBBAE084E}D:\games(cracked)\forza horizon
> > 4\forzahorizon4.exe] => (Allow) D:\games(cracked)\forza horizon
> > 4\forzahorizon4.exe => No File
> > FirewallRules: [TCP Query
> > User{B1744124-B325-49C8-AD7C-C03C12CE1233}D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe]
> > => (Allow)
> > D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe
> > => No File
> > FirewallRules: [UDP Query
> > User{1FC8A136-557B-4B0B-88BA-F4A8EAA53E93}D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe]
> > => (Allow)
> > D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe
> > => No File
> > FirewallRules: [TCP Query
> > User{44E6C016-A074-47F5-82A1-CC0F379CE699}C:\users\rpgtu\appdata\local\programs\opera
> > gx\73.0.3856.424\opera.exe] => (Allow)
> > C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
> > File
> > FirewallRules: [UDP Query
> > User{A6D44DC0-FEFB-4461-A433-7F239237CBBC}C:\users\rpgtu\appdata\local\programs\opera
> > gx\73.0.3856.424\opera.exe] => (Allow)
> > C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
> > File
> > FirewallRules: [TCP Query
> > User{E5FCE190-2915-46A5-8544-56EAE3178419}D:\games(cracked)\enlisted\launcher.exe]
> > => (Allow) D:\games(cracked)\enlisted\launcher.exe => No File
> > FirewallRules: [UDP Query
> > User{A11625BF-3D67-44EE-8731-72629A2ABAEC}D:\games(cracked)\enlisted\launcher.exe]
> > => (Allow) D:\games(cracked)\enlisted\launcher.exe => No File
> > FirewallRules: [{1F1A132C-CC20-4FAC-B9C5-A07A91840F71}] => (Allow)
> > D:\SteamLibrary\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
> > => No File
> > FirewallRules: [{9FF71E78-93B2-4DC2-B6C6-3A0DE4D9849C}] => (Allow)
> > D:\SteamLibrary\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
> > => No File
> > FirewallRules: [TCP Query
> > User{55F0225B-4F93-4321-B79E-77A11CC3A035}D:\games(cracked)\enlisted\win64\enlisted.exe]
> > => (Allow) D:\games(cracked)\enlisted\win64\enlisted.exe => No File
> > FirewallRules: [UDP Query
> > User{9A674E45-9065-4E98-850E-F628ED60F962}D:\games(cracked)\enlisted\win64\enlisted.exe]
> > => (Allow) D:\games(cracked)\enlisted\win64\enlisted.exe => No File
> > FirewallRules: [TCP Query
> > User{A2040029-2748-4930-AD6D-C0D99FDE51A2}C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe]
> > => (Allow)
> > C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe
> > => No File
> > FirewallRules: [UDP Query
> > User{16F75A27-60FA-4377-A76A-2D3D4343B1D3}C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe]
> > => (Allow)
> > C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe
> > => No File
> > FirewallRules: [TCP Query User{64110EFA-41DA-4265-884B-9A0A855D9332}D:\to
> > the moon!!!\raven miner\nbminer_win\nbminer.exe] => (Allow) D:\to the
> > moon!!!\raven miner\nbminer_win\nbminer.exe => No File
> > FirewallRules: [UDP Query User{E2D9C474-0282-4EA6-95E8-BEB839F108D0}D:\to
> > the moon!!!\raven miner\nbminer_win\nbminer.exe] => (Allow) D:\to the
> > moon!!!\raven miner\nbminer_win\nbminer.exe => No File
> > FirewallRules: [TCP Query
> > User{43E70263-95BD-442E-9159-79D0A673F56A}C:\users\rpgtu\appdata\local\programs\opera
> > gx\75.0.3969.267\opera.exe] => (Allow)
> > C:\users\rpgtu\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No
> > File
> > FirewallRules: [UDP Query
> > User{BE43E74B-FF3F-483B-B592-4CC364642E29}C:\users\rpgtu\appdata\local\programs\opera
> > gx\75.0.3969.267\opera.exe] => (Allow)
> > C:\users\rpgtu\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No
> > File
> > FirewallRules: [TCP Query
> > User{027769A7-DCA8-45D1-8E59-237ED92CD716}D:\games(cracked)\mortal kombat
> > 11\binaries\retail\mk11.exe] => (Allow) D:\games(cracked)\mortal kombat
> > 11\binaries\retail\mk11.exe => No File
> > FirewallRules: [UDP Query
> > User{33D109BC-BF9A-482A-9307-5DAF1C6F4101}D:\games(cracked)\mortal kombat
> > 11\binaries\retail\mk11.exe] => (Allow) D:\games(cracked)\mortal kombat
> > 11\binaries\retail\mk11.exe => No File
> > FirewallRules: [TCP Query
> > User{C73657CC-0740-4DD1-BB2D-33C3FA0B3C4A}D:\games(cracked)\agfy-dayz\game\dayz_x64.exe]
> > => (Allow) D:\games(cracked)\agfy-dayz\game\dayz_x64.exe => No File
> > FirewallRules: [UDP Query
> > User{C666CE29-A932-45B5-9F98-473597847944}D:\games(cracked)\agfy-dayz\game\dayz_x64.exe]
> > => (Allow) D:\games(cracked)\agfy-dayz\game\dayz_x64.exe => No File
> > FirewallRules: [{37F515EC-CF1F-48EF-AF02-E55D5990675B}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\launcher.exe => No File
> > FirewallRules: [{94EED278-BE89-41B1-BE12-23CBE786573B}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\launcher.exe => No File
> > FirewallRules: [{107600C5-09B4-4BB4-85CC-D1BAA55B4C9E}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\bpreport.exe => No File
> > FirewallRules: [{5EE03A65-2DFC-400D-8ADA-5C67BF89275A}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\bpreport.exe => No File
> > FirewallRules: [{FE0AE514-86A9-45A9-BC0A-8804D9052DD5}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\win32\bpreport.exe => No File
> > FirewallRules: [{EF38ABCB-339B-4DC0-81DA-38CB1D67A77B}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\win32\bpreport.exe => No File
> > FirewallRules: [{4FB7E4C3-34B9-41E3-BCE3-2FA7F2B55765}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\gaijin_downloader.exe => No File
> > FirewallRules: [{10D6F45F-F181-4E80-86B3-0864BAAC6167}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\gaijin_downloader.exe => No File
> > FirewallRules: [{F6040F79-9E07-4E13-A156-D605CBD7867B}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\win64\cuisine_royale.exe => No File
> > FirewallRules: [{AC665CB7-535D-4C79-833A-E7F5326F196F}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\win64\cuisine_royale.exe => No File
> > FirewallRules: [{407BDD55-8A9A-4A1E-B385-BDD7A8B120A5}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\win32\cuisine_royale.exe => No File
> > FirewallRules: [{02F877F3-B4CD-44EE-BA67-A3D684D21062}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\win32\cuisine_royale.exe => No File
> > FirewallRules: [{0F3C9BF5-7536-4B48-80FD-7491A908FBA9}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\cuisine_royale_eac_launcher.exe => No
> > File
> > FirewallRules: [{8FDF9154-B2D8-4537-97B5-9B13CA9C0ABE}] => (Allow)
> > D:\SteamLibrary\steamapps\common\CRSED\cuisine_royale_eac_launcher.exe => No
> > File
> > FirewallRules: [TCP Query
> > User{363FDF4A-99B9-426A-BE39-BDFDC714D9AA}D:\steamlibrary\steamapps\common\grand
> > theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand
> > theft auto v\gta5.exe => No File
> > FirewallRules: [UDP Query
> > User{DEAF2C47-3249-456B-AB44-E2E8255B40F9}D:\steamlibrary\steamapps\common\grand
> > theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand
> > theft auto v\gta5.exe => No File
> > FirewallRules: [TCP Query
> > User{897BA7D4-BDA0-4D68-877F-0EC1E47616DD}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
> > => (Allow)
> > D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe =>
> > No File
> > FirewallRules: [UDP Query
> > User{12B00E99-77A3-4011-860F-F0157F7B0CA6}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
> > => (Allow)
> > D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe =>
> > No File
> > FirewallRules: [TCP Query
> > User{D1D42714-06B6-49F9-9940-D7BB12316F6F}C:\users\rpgtu\appdata\local\programs\opera
> > gx\76.0.4017.208\opera.exe] => (Allow)
> > C:\users\rpgtu\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No
> > File
> > FirewallRules: [UDP Query
> > User{074F5752-5DB4-4D03-A315-7D6E64FD2ACB}C:\users\rpgtu\appdata\local\programs\opera
> > gx\76.0.4017.208\opera.exe] => (Allow)
> > C:\users\rpgtu\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No
> > File
> > FirewallRules: [{45E1E8DC-E796-47FC-BE90-834EEDCAEBDC}] => (Allow) D:\EPIC
> > GAMES\Steep\steep.exe => No File
> > FirewallRules: [{D59E1D8D-5C92-4969-B277-9A44A9A5BCEE}] => (Allow)
> > D:\SteamLibrary\steamapps\common\Euro Truck Simulator
> > 2\bin\win_x64\eurotrucks2.exe => No File
> > FirewallRules: [{17F96380-199D-4D33-AE37-222E020330D6}] => (Allow)
> > D:\SteamLibrary\steamapps\common\Euro Truck Simulator
> > 2\bin\win_x64\eurotrucks2.exe => No File
> > FirewallRules: [{4B87FADF-96C9-49D5-9CB7-58FCF0833442}] => (Allow)
> > D:\SteamLibrary\steamapps\common\Euro Truck Simulator
> > 2\bin\win_x86\eurotrucks2.exe => No File
> > FirewallRules: [{FC83D02A-1428-42E4-B391-F183E00BA5BE}] => (Allow)
> > D:\SteamLibrary\steamapps\common\Euro Truck Simulator
> > 2\bin\win_x86\eurotrucks2.exe => No File
> > FirewallRules: [{C82FCD49-E6C7-4F90-9B97-1C4D090D5B46}] => (Allow)
> > D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe
> > => No File
> > FirewallRules: [{2A5B55B7-C007-484C-8E83-8F43E8BF3FF7}] => (Allow)
> > D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe
> > => No File
> > Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} -
> > System32\Tasks\bLowiBoQzbLXENDkOt =>
> > C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> > [6906368 2021-12-08] () [File not signed] <==== ATTENTION
> > Task: {E680B70E-0F17-4443-9249-3F193E5C9894} -
> > System32\Tasks\bxXVHDbGydkxZRRGGJ =>
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> > [6711296 2021-12-12] () [File not signed] <==== ATTENTION
> > Task: C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job =>
> > C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> > Task: C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job =>
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> > Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} -
> > System32\Tasks\bLowiBoQzbLXENDkOt =>
> > C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> > [6906368 2021-12-08] () [File not signed] <==== ATTENTION
> > Task: {E680B70E-0F17-4443-9249-3F193E5C9894} -
> > System32\Tasks\bxXVHDbGydkxZRRGGJ =>
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> > [6711296 2021-12-12] () [File not signed] <==== ATTENTION
> > Task: C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job =>
> > C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> > Task: C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job =>
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> > Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} -
> > System32\Tasks\bLowiBoQzbLXENDkOt =>
> > C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> > [6906368 2021-12-08] () [File not signed] <==== ATTENTION
> > Task: {E680B70E-0F17-4443-9249-3F193E5C9894} -
> > System32\Tasks\bxXVHDbGydkxZRRGGJ =>
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> > [6711296 2021-12-12] () [File not signed] <==== ATTENTION
> > Task: C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job =>
> > C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
> > Task: C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job =>
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
> > C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt
> > C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
> > C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD
> > C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
> > C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
> > C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt
> > C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
> > C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
> > C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job
> > C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job
> > C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
> > C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
> > CustomCLSID:
> > HKU\S-1-5-21-4059296222-1974293382-1207419619-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32
> > ->
> > C:\Users\rpgtu\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll
> > => No File
> > C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD
> > C:\Users\rpgtu\AppData\Local\Temp\setup_installer.exe
> > 2021-12-10 18:06 - 2021-12-10 18:06 - 003174400 _____ ()
> > C:\Users\rpgtu\AppData\Roaming\Microsoft\RegData_Temp.exe
> > 2021-12-12 17:29 - 2021-12-12 17:29 - 003088938 _____ ()
> > C:\Users\rpgtu\AppData\Roaming\Microsoft\RegData_Temp.zip
> > 2021-12-10 18:02 - 2021-12-10 18:00 - 008290816 _____ ()
> > C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost_Temp.exe
> > 2021-12-12 17:29 - 2021-12-12 17:29 - 008126274 _____ ()
> > C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost_Temp.zip
> > CMD: "C:\WINDOWS\SYSTEM32\lodctr.exe" /R
> > CMD: "C:\WINDOWS\SysWOW64\lodctr.exe" /R
> > HOSTS:
> > Removeproxy:
> > CMD: fltmc instances
> > CMD: netsh advfirewall reset
> > CMD: netsh advfirewall set allprofiles state ON
> > CMD: ipconfig /flushdns
> > CMD: netsh winsock reset catalog
> > CMD: netsh int ip reset C:\resettcpip.txt
> > CMD: Bitsadmin /Reset /Allusers
> > EMPTYTEMP:
> > End::
>
> * Right click on the highlighted text and select Copy.
> * Start FRST (FRST64) with Administrator privileges
> * Press the Fix button. FRST will process the lines copied above from the
> clipboard.
> * When finished, a log file (Fixlog.txt) will pop up and saved in the same
> location the tool was ran from.
>
> Please copy and paste its contents in your next reply.
>
> Download AdwCleaner and save it to your desktop.
>
> * Double click AdwCleaner.exe to run it.
> * Click Scan Now ...
> * When the scan has finished a Scan Results window will open.
> * Click Cancel (at this point do not attempt to Quarantine anything that is
> found)
> * Now click the Log Files tab ...
> * Double click on the latest scan log (Scan logs have a [S0*] suffix, where *
> is replaced by a number, the latest scan will have the largest number)
> * A Notepad file will open containing the results of the scan.
>
> Please post the contents of the file in your next reply
After I sent the FRST results I ran malwarebytes and quarantined the files, can
I still do these actions that you provided?
* Back to top
--------------------------------------------------------------------------------
#8 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 14,636 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:33 AM
Posted 13 December 2021 - 10:23 AM
Yes. Everything. and post the results.
No request for help throughout private messaging will be attended.
If I have helped you, consider making a donation to help me continue the fight
against Malware!
* Back to top
--------------------------------------------------------------------------------
#9 RPGTURTLE53
RPGTurtle53
* Topic Starter
*
* Members
* 10 posts
* OFFLINE
Posted 13 December 2021 - 12:44 PM
JSntgRvr, on 13 Dec 2021 - 3:23 PM, said:
> Yes. Everything. and post the results.
How much time do these scans usually take?
* Back to top
--------------------------------------------------------------------------------
#10 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 14,636 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:33 AM
Posted 13 December 2021 - 02:23 PM
Not long. Do you really want our help?
No request for help throughout private messaging will be attended.
If I have helped you, consider making a donation to help me continue the fight
against Malware!
* Back to top
--------------------------------------------------------------------------------
#11 RPGTURTLE53
RPGTurtle53
* Topic Starter
*
* Members
* 10 posts
* OFFLINE
Posted 13 December 2021 - 02:29 PM
JSntgRvr, on 13 Dec 2021 - 7:23 PM, said:
> Not long. Do you really want our help?
Yes, I really want help, and I appreciate that you are doing this for me, it's
just that the scan is stuck at deleting temp files for 3 hours...
* Back to top
--------------------------------------------------------------------------------
#12 RPGTURTLE53
RPGTurtle53
* Topic Starter
*
* Members
* 10 posts
* OFFLINE
Posted 13 December 2021 - 02:49 PM
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by rpgtu (13-12-2021 17:29:19) Run:1
Running from F:\
Loaded Profiles: rpgtu & amali
Boot Mode: Safe Mode (with Networking)
==============================================
fixlist content:
*****************
CloseProcesses:
AlternateDataStreams: C:\Users\rpgtu\Application
Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\rpgtu\Application
Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams:
C:\Users\rpgtu\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams:
C:\Users\rpgtu\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [REFLECTOR4] => [X]
2021-12-12 17:29 - 2021-12-12 17:29 - 000000000 ____D
C:\ProgramData\T1BQ76UIJMRFN8ZVI95WLL3LM
2021-12-12 16:55 - 2021-12-12 16:55 - 000000000 ____D C:\ProgramData\Reflector4
2021-12-12 16:53 - 2021-12-12 16:55 - 000000000 ____D C:\ProgramData\Reflector 4
2021-12-12 16:53 - 2021-12-12 16:53 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reflector 4
Task: {022FCFA2-2031-49F6-987D-6952EF6F8C2C} - System32\Tasks\Firefox Default
Browser Agent 526B46154BA35D37 => C:\Users\rpgtu\AppData\Roaming\biursvf [186368
2021-06-13] () [File not signed] <==== ATTENTION
Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} - System32\Tasks\bLowiBoQzbLXENDkOt
=>
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
[6906368 2021-12-08] () [File not signed] <==== ATTENTION
Task: {E680B70E-0F17-4443-9249-3F193E5C9894} - System32\Tasks\bxXVHDbGydkxZRRGGJ
=>
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
[6711296 2021-12-12] () [File not signed] <==== ATTENTION
C:\Users\rpgtu\AppData\Roaming\biursvf
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
C:\Windows\System32\Tasks\Firefox Default Browser Agent 526B46154BA35D37
C:\WindowsSystem32\Tasks\bLowiBoQzbLXENDkOt
C:\WindowsSystem32\Tasks\bxXVHDbGydkxZRRGGJ
D:\LUMINAR AI CRACKED ()
FirewallRules: [{8901A33B-4D4B-48D2-A9C7-984B3B4AB58C}] => (Block) D:\LUMINAR AI
CRACKED () <==== ATTENTION [zero byte File/Folder]
CustomCLSID:
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32
->
C:\Users\rpgtu\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll
=> No File
FirewallRules: [TCP Query
User{9C4CF469-3FEE-4CC7-821D-3A8A18641EA6}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.415\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
File
FirewallRules: [UDP Query
User{C8814348-E8E2-497D-B8DC-29C574F7A957}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.415\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
File
FirewallRules: [TCP Query
User{7B29153D-A271-4958-BADC-5142399F7E84}D:\amalia\the sims
4\game\bin\ts4_x64.exe] => (Allow) D:\amalia\the sims 4\game\bin\ts4_x64.exe =>
No File
FirewallRules: [UDP Query
User{657B5454-761D-454C-9E20-E0301DA3DE7A}D:\amalia\the sims
4\game\bin\ts4_x64.exe] => (Allow) D:\amalia\the sims 4\game\bin\ts4_x64.exe =>
No File
FirewallRules: [{96AF6259-BD87-4032-819D-583281B15253}] => (Allow)
D:\DAVINCI\ElementsPanelDaemon.exe => No File
FirewallRules: [TCP Query
User{23D72E1C-DD7D-40F3-8265-14D6607D2456}D:\games(cracked)\forza horizon
4\forzahorizon4.exe] => (Allow) D:\games(cracked)\forza horizon
4\forzahorizon4.exe => No File
FirewallRules: [UDP Query
User{5AF50DF4-17A7-47FB-B446-71BEBBAE084E}D:\games(cracked)\forza horizon
4\forzahorizon4.exe] => (Allow) D:\games(cracked)\forza horizon
4\forzahorizon4.exe => No File
FirewallRules: [TCP Query
User{B1744124-B325-49C8-AD7C-C03C12CE1233}D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe]
=> (Allow)
D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe
=> No File
FirewallRules: [UDP Query
User{1FC8A136-557B-4B0B-88BA-F4A8EAA53E93}D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe]
=> (Allow)
D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe
=> No File
FirewallRules: [TCP Query
User{44E6C016-A074-47F5-82A1-CC0F379CE699}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.424\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
File
FirewallRules: [UDP Query
User{A6D44DC0-FEFB-4461-A433-7F239237CBBC}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.424\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
File
FirewallRules: [TCP Query
User{E5FCE190-2915-46A5-8544-56EAE3178419}D:\games(cracked)\enlisted\launcher.exe]
=> (Allow) D:\games(cracked)\enlisted\launcher.exe => No File
FirewallRules: [UDP Query
User{A11625BF-3D67-44EE-8731-72629A2ABAEC}D:\games(cracked)\enlisted\launcher.exe]
=> (Allow) D:\games(cracked)\enlisted\launcher.exe => No File
FirewallRules: [{1F1A132C-CC20-4FAC-B9C5-A07A91840F71}] => (Allow)
D:\SteamLibrary\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
=> No File
FirewallRules: [{9FF71E78-93B2-4DC2-B6C6-3A0DE4D9849C}] => (Allow)
D:\SteamLibrary\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
=> No File
FirewallRules: [TCP Query
User{55F0225B-4F93-4321-B79E-77A11CC3A035}D:\games(cracked)\enlisted\win64\enlisted.exe]
=> (Allow) D:\games(cracked)\enlisted\win64\enlisted.exe => No File
FirewallRules: [UDP Query
User{9A674E45-9065-4E98-850E-F628ED60F962}D:\games(cracked)\enlisted\win64\enlisted.exe]
=> (Allow) D:\games(cracked)\enlisted\win64\enlisted.exe => No File
FirewallRules: [TCP Query
User{A2040029-2748-4930-AD6D-C0D99FDE51A2}C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe]
=> (Allow)
C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe
=> No File
FirewallRules: [UDP Query
User{16F75A27-60FA-4377-A76A-2D3D4343B1D3}C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe]
=> (Allow)
C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe
=> No File
FirewallRules: [TCP Query User{64110EFA-41DA-4265-884B-9A0A855D9332}D:\to the
moon!!!\raven miner\nbminer_win\nbminer.exe] => (Allow) D:\to the moon!!!\raven
miner\nbminer_win\nbminer.exe => No File
FirewallRules: [UDP Query User{E2D9C474-0282-4EA6-95E8-BEB839F108D0}D:\to the
moon!!!\raven miner\nbminer_win\nbminer.exe] => (Allow) D:\to the moon!!!\raven
miner\nbminer_win\nbminer.exe => No File
FirewallRules: [TCP Query
User{43E70263-95BD-442E-9159-79D0A673F56A}C:\users\rpgtu\appdata\local\programs\opera
gx\75.0.3969.267\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No
File
FirewallRules: [UDP Query
User{BE43E74B-FF3F-483B-B592-4CC364642E29}C:\users\rpgtu\appdata\local\programs\opera
gx\75.0.3969.267\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No
File
FirewallRules: [TCP Query
User{027769A7-DCA8-45D1-8E59-237ED92CD716}D:\games(cracked)\mortal kombat
11\binaries\retail\mk11.exe] => (Allow) D:\games(cracked)\mortal kombat
11\binaries\retail\mk11.exe => No File
FirewallRules: [UDP Query
User{33D109BC-BF9A-482A-9307-5DAF1C6F4101}D:\games(cracked)\mortal kombat
11\binaries\retail\mk11.exe] => (Allow) D:\games(cracked)\mortal kombat
11\binaries\retail\mk11.exe => No File
FirewallRules: [TCP Query
User{C73657CC-0740-4DD1-BB2D-33C3FA0B3C4A}D:\games(cracked)\agfy-dayz\game\dayz_x64.exe]
=> (Allow) D:\games(cracked)\agfy-dayz\game\dayz_x64.exe => No File
FirewallRules: [UDP Query
User{C666CE29-A932-45B5-9F98-473597847944}D:\games(cracked)\agfy-dayz\game\dayz_x64.exe]
=> (Allow) D:\games(cracked)\agfy-dayz\game\dayz_x64.exe => No File
FirewallRules: [{37F515EC-CF1F-48EF-AF02-E55D5990675B}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\launcher.exe => No File
FirewallRules: [{94EED278-BE89-41B1-BE12-23CBE786573B}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\launcher.exe => No File
FirewallRules: [{107600C5-09B4-4BB4-85CC-D1BAA55B4C9E}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\bpreport.exe => No File
FirewallRules: [{5EE03A65-2DFC-400D-8ADA-5C67BF89275A}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\bpreport.exe => No File
FirewallRules: [{FE0AE514-86A9-45A9-BC0A-8804D9052DD5}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win32\bpreport.exe => No File
FirewallRules: [{EF38ABCB-339B-4DC0-81DA-38CB1D67A77B}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win32\bpreport.exe => No File
FirewallRules: [{4FB7E4C3-34B9-41E3-BCE3-2FA7F2B55765}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\gaijin_downloader.exe => No File
FirewallRules: [{10D6F45F-F181-4E80-86B3-0864BAAC6167}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\gaijin_downloader.exe => No File
FirewallRules: [{F6040F79-9E07-4E13-A156-D605CBD7867B}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win64\cuisine_royale.exe => No File
FirewallRules: [{AC665CB7-535D-4C79-833A-E7F5326F196F}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win64\cuisine_royale.exe => No File
FirewallRules: [{407BDD55-8A9A-4A1E-B385-BDD7A8B120A5}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win32\cuisine_royale.exe => No File
FirewallRules: [{02F877F3-B4CD-44EE-BA67-A3D684D21062}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\win32\cuisine_royale.exe => No File
FirewallRules: [{0F3C9BF5-7536-4B48-80FD-7491A908FBA9}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\cuisine_royale_eac_launcher.exe => No
File
FirewallRules: [{8FDF9154-B2D8-4537-97B5-9B13CA9C0ABE}] => (Allow)
D:\SteamLibrary\steamapps\common\CRSED\cuisine_royale_eac_launcher.exe => No
File
FirewallRules: [TCP Query
User{363FDF4A-99B9-426A-BE39-BDFDC714D9AA}D:\steamlibrary\steamapps\common\grand
theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft
auto v\gta5.exe => No File
FirewallRules: [UDP Query
User{DEAF2C47-3249-456B-AB44-E2E8255B40F9}D:\steamlibrary\steamapps\common\grand
theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft
auto v\gta5.exe => No File
FirewallRules: [TCP Query
User{897BA7D4-BDA0-4D68-877F-0EC1E47616DD}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
=> (Allow)
D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No
File
FirewallRules: [UDP Query
User{12B00E99-77A3-4011-860F-F0157F7B0CA6}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
=> (Allow)
D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No
File
FirewallRules: [TCP Query
User{D1D42714-06B6-49F9-9940-D7BB12316F6F}C:\users\rpgtu\appdata\local\programs\opera
gx\76.0.4017.208\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No
File
FirewallRules: [UDP Query
User{074F5752-5DB4-4D03-A315-7D6E64FD2ACB}C:\users\rpgtu\appdata\local\programs\opera
gx\76.0.4017.208\opera.exe] => (Allow)
C:\users\rpgtu\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No
File
FirewallRules: [{45E1E8DC-E796-47FC-BE90-834EEDCAEBDC}] => (Allow) D:\EPIC
GAMES\Steep\steep.exe => No File
FirewallRules: [{D59E1D8D-5C92-4969-B277-9A44A9A5BCEE}] => (Allow)
D:\SteamLibrary\steamapps\common\Euro Truck Simulator
2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{17F96380-199D-4D33-AE37-222E020330D6}] => (Allow)
D:\SteamLibrary\steamapps\common\Euro Truck Simulator
2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{4B87FADF-96C9-49D5-9CB7-58FCF0833442}] => (Allow)
D:\SteamLibrary\steamapps\common\Euro Truck Simulator
2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{FC83D02A-1428-42E4-B391-F183E00BA5BE}] => (Allow)
D:\SteamLibrary\steamapps\common\Euro Truck Simulator
2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{C82FCD49-E6C7-4F90-9B97-1C4D090D5B46}] => (Allow)
D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe =>
No File
FirewallRules: [{2A5B55B7-C007-484C-8E83-8F43E8BF3FF7}] => (Allow)
D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe =>
No File
Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} - System32\Tasks\bLowiBoQzbLXENDkOt
=>
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
[6906368 2021-12-08] () [File not signed] <==== ATTENTION
Task: {E680B70E-0F17-4443-9249-3F193E5C9894} - System32\Tasks\bxXVHDbGydkxZRRGGJ
=>
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
[6711296 2021-12-12] () [File not signed] <==== ATTENTION
Task: C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job =>
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
Task: C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job =>
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} - System32\Tasks\bLowiBoQzbLXENDkOt
=>
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
[6906368 2021-12-08] () [File not signed] <==== ATTENTION
Task: {E680B70E-0F17-4443-9249-3F193E5C9894} - System32\Tasks\bxXVHDbGydkxZRRGGJ
=>
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
[6711296 2021-12-12] () [File not signed] <==== ATTENTION
Task: C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job =>
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
Task: C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job =>
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
Task: {62E41E7F-2805-4D6B-B859-6F605B8F130C} - System32\Tasks\bLowiBoQzbLXENDkOt
=>
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
[6906368 2021-12-08] () [File not signed] <==== ATTENTION
Task: {E680B70E-0F17-4443-9249-3F193E5C9894} - System32\Tasks\bxXVHDbGydkxZRRGGJ
=>
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
[6711296 2021-12-12] () [File not signed] <==== ATTENTION
Task: C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job =>
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF\svqxiDUsnpZIatd\mDvUsat.exe
Task: C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job =>
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN\xiEpiqwXxkWUYEe\IEAFCqW.exe
C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD
C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job
C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN
CustomCLSID:
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32
->
C:\Users\rpgtu\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll
=> No File
C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD
C:\Users\rpgtu\AppData\Local\Temp\setup_installer.exe
2021-12-10 18:06 - 2021-12-10 18:06 - 003174400 _____ ()
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegData_Temp.exe
2021-12-12 17:29 - 2021-12-12 17:29 - 003088938 _____ ()
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegData_Temp.zip
2021-12-10 18:02 - 2021-12-10 18:00 - 008290816 _____ ()
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost_Temp.exe
2021-12-12 17:29 - 2021-12-12 17:29 - 008126274 _____ ()
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost_Temp.zip
CMD: "C:\WINDOWS\SYSTEM32\lodctr.exe" /R
CMD: "C:\WINDOWS\SysWOW64\lodctr.exe" /R
HOSTS:
Removeproxy:
CMD: fltmc instances
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
*****************
Processes closed successfully.
C:\Users\rpgtu\Application Data => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS
removed successfully
C:\Users\rpgtu\Application Data => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS
removed successfully
"C:\Users\rpgtu\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not
found.
"C:\Users\rpgtu\AppData\Roaming" => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS not
found.
"HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\Software\Microsoft\Windows\CurrentVersion\Run\\REFLECTOR4"
=> removed successfully
C:\ProgramData\T1BQ76UIJMRFN8ZVI95WLL3LM => moved successfully
C:\ProgramData\Reflector4 => moved successfully
C:\ProgramData\Reflector 4 => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reflector 4 => moved
successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Logon\{022FCFA2-2031-49F6-987D-6952EF6F8C2C}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{022FCFA2-2031-49F6-987D-6952EF6F8C2C}"
=> removed successfully
C:\Windows\System32\Tasks\Firefox Default Browser Agent 526B46154BA35D37 =>
moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\Firefox Default Browser Agent
526B46154BA35D37" => removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{62E41E7F-2805-4D6B-B859-6F605B8F130C}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{62E41E7F-2805-4D6B-B859-6F605B8F130C}"
=> removed successfully
C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\bLowiBoQzbLXENDkOt" => removed
successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{E680B70E-0F17-4443-9249-3F193E5C9894}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{E680B70E-0F17-4443-9249-3F193E5C9894}"
=> removed successfully
C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\bxXVHDbGydkxZRRGGJ" => removed
successfully
"C:\Users\rpgtu\AppData\Roaming\biursvf" => not found
C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF => moved successfully
C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN => moved successfully
"C:\Windows\System32\Tasks\Firefox Default Browser Agent 526B46154BA35D37" =>
not found
"C:\WindowsSystem32\Tasks\bLowiBoQzbLXENDkOt" => not found
"C:\WindowsSystem32\Tasks\bxXVHDbGydkxZRRGGJ" => not found
"D:\LUMINAR AI CRACKED ()" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8901A33B-4D4B-48D2-A9C7-984B3B4AB58C}"
=> removed successfully
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query
User{9C4CF469-3FEE-4CC7-821D-3A8A18641EA6}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.415\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query
User{C8814348-E8E2-497D-B8DC-29C574F7A957}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.415\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{7B29153D-A271-4958-BADC-5142399F7E84}D:\amalia\the sims
4\game\bin\ts4_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{657B5454-761D-454C-9E20-E0301DA3DE7A}D:\amalia\the sims
4\game\bin\ts4_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96AF6259-BD87-4032-819D-583281B15253}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{23D72E1C-DD7D-40F3-8265-14D6607D2456}D:\games(cracked)\forza horizon
4\forzahorizon4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{5AF50DF4-17A7-47FB-B446-71BEBBAE084E}D:\games(cracked)\forza horizon
4\forzahorizon4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query
User{B1744124-B325-49C8-AD7C-C03C12CE1233}D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query
User{1FC8A136-557B-4B0B-88BA-F4A8EAA53E93}D:\games(cracked)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query
User{44E6C016-A074-47F5-82A1-CC0F379CE699}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.424\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query
User{A6D44DC0-FEFB-4461-A433-7F239237CBBC}C:\users\rpgtu\appdata\local\programs\opera
gx\73.0.3856.424\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query
User{E5FCE190-2915-46A5-8544-56EAE3178419}D:\games(cracked)\enlisted\launcher.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query
User{A11625BF-3D67-44EE-8731-72629A2ABAEC}D:\games(cracked)\enlisted\launcher.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F1A132C-CC20-4FAC-B9C5-A07A91840F71}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FF71E78-93B2-4DC2-B6C6-3A0DE4D9849C}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query
User{55F0225B-4F93-4321-B79E-77A11CC3A035}D:\games(cracked)\enlisted\win64\enlisted.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query
User{9A674E45-9065-4E98-850E-F628ED60F962}D:\games(cracked)\enlisted\win64\enlisted.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query
User{A2040029-2748-4930-AD6D-C0D99FDE51A2}C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query
User{16F75A27-60FA-4377-A76A-2D3D4343B1D3}C:\users\rpgtu\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\phoenixminer_5.5c\phoenixminer.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{64110EFA-41DA-4265-884B-9A0A855D9332}D:\to the moon!!!\raven
miner\nbminer_win\nbminer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{E2D9C474-0282-4EA6-95E8-BEB839F108D0}D:\to the moon!!!\raven
miner\nbminer_win\nbminer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query
User{43E70263-95BD-442E-9159-79D0A673F56A}C:\users\rpgtu\appdata\local\programs\opera
gx\75.0.3969.267\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query
User{BE43E74B-FF3F-483B-B592-4CC364642E29}C:\users\rpgtu\appdata\local\programs\opera
gx\75.0.3969.267\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{027769A7-DCA8-45D1-8E59-237ED92CD716}D:\games(cracked)\mortal kombat
11\binaries\retail\mk11.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{33D109BC-BF9A-482A-9307-5DAF1C6F4101}D:\games(cracked)\mortal kombat
11\binaries\retail\mk11.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query
User{C73657CC-0740-4DD1-BB2D-33C3FA0B3C4A}D:\games(cracked)\agfy-dayz\game\dayz_x64.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query
User{C666CE29-A932-45B5-9F98-473597847944}D:\games(cracked)\agfy-dayz\game\dayz_x64.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37F515EC-CF1F-48EF-AF02-E55D5990675B}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{94EED278-BE89-41B1-BE12-23CBE786573B}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{107600C5-09B4-4BB4-85CC-D1BAA55B4C9E}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EE03A65-2DFC-400D-8ADA-5C67BF89275A}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE0AE514-86A9-45A9-BC0A-8804D9052DD5}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF38ABCB-339B-4DC0-81DA-38CB1D67A77B}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FB7E4C3-34B9-41E3-BCE3-2FA7F2B55765}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10D6F45F-F181-4E80-86B3-0864BAAC6167}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6040F79-9E07-4E13-A156-D605CBD7867B}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC665CB7-535D-4C79-833A-E7F5326F196F}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{407BDD55-8A9A-4A1E-B385-BDD7A8B120A5}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02F877F3-B4CD-44EE-BA67-A3D684D21062}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F3C9BF5-7536-4B48-80FD-7491A908FBA9}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FDF9154-B2D8-4537-97B5-9B13CA9C0ABE}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query
User{363FDF4A-99B9-426A-BE39-BDFDC714D9AA}D:\steamlibrary\steamapps\common\grand
theft auto v\gta5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query
User{DEAF2C47-3249-456B-AB44-E2E8255B40F9}D:\steamlibrary\steamapps\common\grand
theft auto v\gta5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query
User{897BA7D4-BDA0-4D68-877F-0EC1E47616DD}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query
User{12B00E99-77A3-4011-860F-F0157F7B0CA6}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query
User{D1D42714-06B6-49F9-9940-D7BB12316F6F}C:\users\rpgtu\appdata\local\programs\opera
gx\76.0.4017.208\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query
User{074F5752-5DB4-4D03-A315-7D6E64FD2ACB}C:\users\rpgtu\appdata\local\programs\opera
gx\76.0.4017.208\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{45E1E8DC-E796-47FC-BE90-834EEDCAEBDC}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D59E1D8D-5C92-4969-B277-9A44A9A5BCEE}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17F96380-199D-4D33-AE37-222E020330D6}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B87FADF-96C9-49D5-9CB7-58FCF0833442}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC83D02A-1428-42E4-B391-F183E00BA5BE}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C82FCD49-E6C7-4F90-9B97-1C4D090D5B46}"
=> removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A5B55B7-C007-484C-8E83-8F43E8BF3FF7}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{62E41E7F-2805-4D6B-B859-6F605B8F130C}"
=> not found
"C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\bLowiBoQzbLXENDkOt" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{E680B70E-0F17-4443-9249-3F193E5C9894}"
=> not found
"C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\bxXVHDbGydkxZRRGGJ" => not found
C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job => moved successfully
C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{62E41E7F-2805-4D6B-B859-6F605B8F130C}"
=> not found
"C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\bLowiBoQzbLXENDkOt" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{E680B70E-0F17-4443-9249-3F193E5C9894}"
=> not found
"C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\bxXVHDbGydkxZRRGGJ" => not found
"C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job" => not found
"C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{62E41E7F-2805-4D6B-B859-6F605B8F130C}"
=> not found
"C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\bLowiBoQzbLXENDkOt" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{E680B70E-0F17-4443-9249-3F193E5C9894}"
=> not found
"C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\bxXVHDbGydkxZRRGGJ" => not found
"C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job" => not found
"C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job" => not found
"C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt" => not found
"C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF" => not found
C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD => moved successfully
"C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ" => not found
"C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN" => not found
"C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job" => not found
"C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN" => not found
"C:\Windows\System32\Tasks\bLowiBoQzbLXENDkOt" => not found
"C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF" => not found
"C:\Windows\System32\Tasks\bxXVHDbGydkxZRRGGJ" => not found
"C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN" => not found
"C:\Windows\Tasks\bLowiBoQzbLXENDkOt.job" => not found
"C:\Windows\Tasks\bxXVHDbGydkxZRRGGJ.job" => not found
"C:\Users\rpgtu\AppData\Local\Temp\CKnNSHmmuepyQIalF" => not found
"C:\Users\rpgtu\AppData\Local\Temp\tVZbqVmvFJKrqKATN" => not found
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}
=> not found
"C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD" => not found
"C:\Users\rpgtu\AppData\Local\Temp\setup_installer.exe" => not found
"C:\Users\rpgtu\AppData\Roaming\Microsoft\RegData_Temp.exe" => not found
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegData_Temp.zip => moved successfully
"C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost_Temp.exe" => not found
C:\Users\rpgtu\AppData\Roaming\Microsoft\RegHost_Temp.zip => moved successfully
========= "C:\WINDOWS\SYSTEM32\lodctr.exe" /R =========
Error: Unable to rebuild performance counter setting from system backup store,
error code is 2
========= End of CMD: =========
========= "C:\WINDOWS\SysWOW64\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4059296222-1974293382-1207419619-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4059296222-1974293382-1207419619-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
========= fltmc instances =========
Filter Volume Name Altitude
Instance Name Frame SprtFtrs VlStatus
-------------------- ------------------------------------- ------------
---------------------- ----- -------- --------
FileInfo C: 40500
FileInfo 0 00000007
FileInfo D: 40500
FileInfo 0 00000007
FileInfo F: 40500
FileInfo 0 00000007
FileInfo E: 40500
FileInfo 0 00000007
FileInfo \Device\Mup 40500
FileInfo 0 00000007
Wof C: 40700 Wof
Instance 0 00000007
Wof D: 40700 Wof
Instance 0 00000007
npsvctrig \Device\NamedPipe 46000
npsvctrig 0 00000000
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Ok.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset C:\resettcpip.txt =========
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
Unable to connect to BITS - 0x8007043c
This service cannot be started in Safe Mode
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache =>
1024311983 B
Java, Flash, Steam htmlcache => 434596466 B
Windows/system/drivers => 217707674 B
Edge => 0 B
Chrome => 538018460 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 86663 B
LocalService => 86663 B
NetworkService => 316473 B
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-13-2021
# Duration: 00:00:45
# OS: Windows 10 Pro
# Scanned: 32006
# Detected: 8
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.FarLab C:\Program Files (x86)\FarLabUninstaller
PUP.Optional.Lightning C:\Program Files (x86)\LighteningPlayer
***** [ Files ] *****
PUP.Optional.Lightning
C:\Users\rpgtu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightening
Media Player.lnk
PUP.Optional.Lightning C:\Users\rpgtu\Desktop\Lightening Media
Player.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.FarLab
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\FarLabUninstaller.exe_is1
PUP.Optional.Lightning
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\LighteningPlayer
PUP.Optional.PowerHandler HKCU\Software\Microsoft\Etsy
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.LenovoSHAREit File C:\Users\Public\Desktop\SHAREit.lnk
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
* Back to top
--------------------------------------------------------------------------------
#13 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 14,636 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:33 AM
Posted 13 December 2021 - 04:04 PM
AdwCleaner - Clean
* Double click AdwCleaner.exe to run it.
* Click Scan Now
* When the scan has finished a Scan Results window will open.
* Please check all boxes and then click Quarantine
* Click Next
* If any pre-installed software was found on your machine, a prompt window
will open ...
* Click OK to close it
* Check any pre-installed software items you want to remove (if they're not
causing you a problem I recommend you don't select any)
* Click Quarantine
* A prompt to save your work will appear ...
* Click Continue when you're ready to proceed.
* A prompt to restart your computer will appear ...
* Click Restart Now
* Once your computer has restarted ...
* If it doesn't open automatically, please start AdwCleaner ...
* Click the Log Files tab ...
* Double click on the latest Clean log (Clean logs have a [C0*] suffix, where
* is replaced by a number, the latest scan will have the largest number)
* A Notepad file will open containing the results of the removal.
Please post the contents of the file in your next reply.
Re-scan with FRST and post new FRST.txt and Addition.txt.
No request for help throughout private messaging will be attended.
If I have helped you, consider making a donation to help me continue the fight
against Malware!
* Back to top
--------------------------------------------------------------------------------
#14 RPGTURTLE53
RPGTurtle53
* Topic Starter
*
* Members
* 10 posts
* OFFLINE
Posted 13 December 2021 - 04:24 PM
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-13-2021
# Duration: 00:00:04
# OS: Windows 10 Pro
# Scanned: 32026
# Detected: 8
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.FarLab C:\Program Files (x86)\FarLabUninstaller
PUP.Optional.Lightning C:\Program Files (x86)\LighteningPlayer
***** [ Files ] *****
PUP.Optional.Lightning
C:\Users\rpgtu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightening
Media Player.lnk
PUP.Optional.Lightning C:\Users\rpgtu\Desktop\Lightening Media
Player.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.FarLab
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\FarLabUninstaller.exe_is1
PUP.Optional.Lightning
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\LighteningPlayer
PUP.Optional.PowerHandler HKCU\Software\Microsoft\Etsy
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.LenovoSHAREit File C:\Users\Public\Desktop\SHAREit.lnk
AdwCleaner[S00].txt - [2024 octets] - [13/12/2021 21:47:28]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021
Ran by rpgtu (administrator) on DESKTOP-H5DFB75 (13-12-2021 23:22:21)
Running from F:\
Loaded Profiles: rpgtu & amali
Platform: Microsoft Windows 10 Pro Version 20H2 19042.1348 (X64) Language:
English (United States)
Default browser: Opera
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(Malwarebytes Inc -> Malwarebytes) C:\Program
Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe <19>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [PentabletService] => D:\DOWNLOADS\Pentablet\PentabletService.exe
[2242328 2020-07-20] (Guangzhou Ugee Computers Technology Co.,Ltd -> Ugee
Technology Company Ltd)
HKLM-x32\...\Run: [Discord] =>
C:\ProgramData\SquirrelMachineInstalls\Discord.exe [68822328 2021-03-21]
(Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe
Creative Cloud Experience\CCXProcess.exe [114824 2021-11-22] (Adobe Inc. -> )
HKLM-x32\...\Run: [VM_STI] => C:\Windows\VM_STI.exe [40960 2004-06-09]
(Microsoft Windows Hardware Compatibility Publisher -> BIGDOG)
HKLM-x32\...\Run: [BigDogPath] => C:\Windows\VM_STI.exe [40960 2004-06-09]
(Microsoft Windows Hardware Compatibility Publisher -> BIGDOG)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [Steam] =>
C:\Program Files (x86)\Steam\steam.exe [4267432 2021-11-23] (Valve Corp. ->
Valve Corporation)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [Discord] =>
C:\Users\rpgtu\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord
Inc. -> GitHub)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run:
[com.squirrel.Teams.Teams] =>
C:\Users\rpgtu\AppData\Local\Microsoft\Teams\Update.exe [2459280 2021-11-22]
(Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [EpicGamesLauncher]
=> D:\EPIC GAMES\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
[33616864 2021-12-10] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [Opera GX Browser
Assistant] => C:\Users\rpgtu\AppData\Local\Programs\Opera
GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS ->
Opera Software)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [CCXProcess] =>
C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
[114824 2021-11-22] (Adobe Inc. -> )
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [FACEIT] =>
C:\Users\rpgtu\AppData\Local\FACEIT\update.exe [2277496 2021-09-26] (FACE IT
LIMITED -> )
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [Synapse3] =>
C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer
Synapse 3.exe [3524216 2021-11-18] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Run: [LGHUB] =>
C:\Program Files\LGHUB\lghub.exe [136443968 2021-11-21] (Logitech Inc ->
Logitech, Inc.)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\MountPoints2:
{3d388ba2-8d9d-11eb-ba76-7085c2480fe3} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4059296222-1974293382-1207419619-1002\...\RunOnce: [OneDrive] =>
C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2367352 2021-11-20]
(Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files
(x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
[3524216 2021-11-18] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program
Files\Google\Chrome\Application\96.0.4664.93\Installer\chrmstp.exe [2021-12-07]
(Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Startup\TrayMin210.exe.lnk [2021-12-01]
ShortcutTarget: TrayMin210.exe.lnk -> C:\Program Files (x86)\Philips\Philips
SPC210NC Webcam\TrayMin210.exe () [File not signed]
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {02B4A0BC-8C2D-4712-B008-0C84FF71A61D} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-28] (Google LLC -> Google
LLC)
Task: {05F591B4-B101-4CCF-9876-17CDE982A9C1} - System32\Tasks\Opera GX scheduled
assistant Autoupdate 1616665334 => C:\Users\rpgtu\AppData\Local\Programs\Opera
GX\launcher.exe [2201808 2021-11-24] (Opera Software AS -> Opera Software) ->
--scheduledautoupdate --component-name=assistant
--component-path="C:\Users\rpgtu\AppData\Local\Programs\Opera GX\assistant"
$(Arg0)
Task: {0EA92CB3-2C29-4B4A-9757-B55427CE67B2} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program
Files (x86)\Microsoft Office\root\Office16\msoia.exe [6331288 2021-12-10]
(Microsoft Corporation -> Microsoft Corporation)
Task: {0ED1FBF5-4444-47B6-9D65-B62C94CAA093} - System32\Tasks\Opera GX scheduled
Autoupdate 1616357225 => C:\Users\rpgtu\AppData\Local\Programs\Opera
GX\launcher.exe [2201808 2021-11-24] (Opera Software AS -> Opera Software)
Task: {12E6B340-0D72-4579-ACE2-87E2C90F80EA} -
System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
=> C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024
2021-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program
Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f
C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {14A59B09-A0CE-4D1C-98EC-0DAF4BAF34A6} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe
[901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {407653D8-3F34-417C-8920-48112C6B405B} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
=> C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe
[901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {54E54314-B9AF-447C-9652-70C748D97E73} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program
Files (x86)\Microsoft Office\root\Office16\msoia.exe [6331288 2021-12-10]
(Microsoft Corporation -> Microsoft Corporation)
Task: {568D0281-E9F6-4131-AC43-8E0ED0269A95} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled
Scan => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {5DE0384D-9A36-45B3-B62D-7C25EEFFB8C8} -
System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files
(x86)\Microsoft Office\root\Office16\sdxhelper.exe [111032 2021-12-10]
(Microsoft Corporation -> Microsoft Corporation)
Task: {69C16BB5-E0DF-417A-94AE-616D29940E02} -
System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {717BFD11-B22A-4D41-9C0C-C50E491EA6AB} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {728F4767-1270-4E16-8F34-5337741FECBF} -
System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files
(x86)\Microsoft Office\root\Office16\sdxhelper.exe [111032 2021-12-10]
(Microsoft Corporation -> Microsoft Corporation)
Task: {7355D59D-693C-4643-A539-AA9E4384B714} -
System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {8F41504E-CC50-4AAF-A3C0-847A5D38233A} -
System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647376
2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9F188369-4F8F-4AF2-B9AA-194EF7FA4083} - System32\Tasks\NVIDIA GeForce
Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program
Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
[3339464 2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A0D2598B-0724-43EB-89DA-31FA0E2DCD6E} -
System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {D2B19E88-C150-405D-B2FD-3301B1884102} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-28] (Google LLC -> Google
LLC)
Task: {D432A13B-7597-402D-8669-D087D9356351} - System32\Tasks\OneDrive
Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft
OneDrive\OneDriveStandaloneUpdater.exe [3060072 2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
Task: {DC1D7D75-73BE-47AB-9C8C-AE81097CEC5C} -
System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22799320
2021-12-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF923587-C895-41E1-BD34-2653372A1187} -
System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {E92EEC92-F00B-470B-A5DC-889529D5F3A4} -
System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22799320
2021-12-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA88D267-FB94-4E6F-867D-D889FFA1B2DC} -
System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904
2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FFC545F5-025D-48F8-80F5-92352E3BB60E} -
System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904
2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job =>
C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ed5a3e7-df04-40b6-904b-0df025866331}: [DhcpNameServer]
192.168.0.1
Edge:
=======
Edge Profile: C:\Users\rpgtu\AppData\Local\Microsoft\Edge\User Data\Default
[2021-12-13]
Edge DownloadDir: Default -> D:\DOWNLOADS
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program
Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files
(x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla
Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-18] (Microsoft Corporation ->
Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files
(x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-18] (Microsoft
Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\rpgtu\AppData\Local\Google\Chrome\User Data\Default
[2021-12-13]
CHR Extension: (Slides) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-28]
CHR Extension: (Docs) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-28]
CHR Extension: (Google Drive) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-28]
CHR Extension: (YouTube) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-28]
CHR Extension: (Sheets) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-28]
CHR Extension: (Ronin Wallet) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fnjhmkhhmkbjkkabndcnnogagogbneec [2021-11-26]
CHR Extension: (Google Docs Offline) -
C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-28]
CHR Extension: (One Click Translater) -
C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\hcfdbehehcacbdgcgamehlnhkfokohdc [2021-12-12]
CHR Extension: (Google Translate) -
C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jfhgpjbcoignfibliobpclhpfnadhofn [2021-12-12]
CHR Extension: (MetaMask) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-11-26]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-28]
CHR Extension: (Gmail) - C:\Users\rpgtu\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-28]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-4059296222-1974293382-1207419619-1001) Opera
GXStable - "C:\Users\rpgtu\AppData\Local\Programs\Opera GX\Launcher.exe"
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\OfficeClickToRun.exe [12129160 2021-12-02] (Microsoft
Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856
2021-06-25] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EQU8_19; C:\ProgramData\EQU8\Totally Accurate
Battlegrounds\bin\anticheat.x64.equ8.exe [5673048 2021-04-21] (Int3 Software AB
-> Int3 Software AB)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\FileSyncHelper.exe [2448232 2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
S2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [11162688
2021-11-21] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
[7901368 2021-12-13] (Malwarebytes Inc -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\OneDriveUpdaterService.exe [2836840 2021-11-20]
(Microsoft Corporation -> Microsoft Corporation)
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer
Services\GMS\GameManagerService.exe [254224 2021-10-19] (Razer USA Ltd. -> Razer
Inc)
S2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer
Synapse Service.exe [294520 2021-11-18] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; D:\DAVINCI\rockstar\Launcher\RockstarService.exe [2020144
2021-09-14] (Rockstar Games, Inc. -> Rockstar Games)
S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer
Central\RazerCentralService.exe [533824 2021-10-21] (Razer USA Ltd. -> Razer
Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat
Protection\MsSense.exe [6103464 2021-11-10] (Microsoft Windows Publisher ->
Microsoft Corporation)
S2 THXV2HSAService; C:\Windows\System32\THXV2HSAService.exe [264664 2020-11-19]
(Razer USA Ltd. -> THX)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common
Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7374576 2021-09-14] (Wellbia.com
Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe
[2097008 2021-03-25] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 uSHAREitSvc; D:\SHAREiT\SHAREit\SHAREit.Service.exe [33224 2017-09-11]
(SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-03] (Microsoft
Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-03] (Microsoft
Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [7738568 2021-09-19]
(PUBG CORPORATION -> PUBG Corporation)
S2 NVDisplay.ContainerLocalSystem;
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b8346c359fcd6093\Display.NvContainer\NVDisplay.Container.exe
-s NVDisplay.ContainerLocalSystem -f
%ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b8346c359fcd6093\Display.NvContainer\plugins\LocalSystem
-r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976
2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2021-09-13]
(ASROCK Incorporation -> ASRock Incorporation)
S3 AsrDrv102; C:\Windows\SysWOW64\Drivers\AsrDrv102.sys [22248 2021-09-13]
(ASROCK Incorporation -> ASRock Incorporation) [File not signed]
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07]
(Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07]
(Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08]
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 EQU8_HELPER_19; C:\Windows\system32\DRIVERS\EQU8_HELPER_19.sys [38032
2021-04-26] (Int3 Software AB -> )
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200
2021-10-23] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [25928
2021-10-23] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896
2021-10-23] (Logitech Inc -> Logitech)
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352
2021-12-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-12-13]
(Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992
2021-12-13] (Malwarebytes Inc -> Malwarebytes)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552
2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA
Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung
Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 sTHXV2VAD; C:\Windows\System32\drivers\THXVAD2.sys [165776 2020-06-09] (Razer
USA Ltd. -> Windows ® Win 7 DDK provider)
R3 vmulti; C:\Windows\System32\drivers\vmulti.sys [10752 2018-12-11] (Microsoft
Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-11-03]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435424 2021-11-03]
(Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-03]
(Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2729456 2021-09-29] (Wellbia.com Co., Ltd.
-> Wellbia.com Co., Ltd.)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [432512 2006-06-06]
(Microsoft Windows Hardware Compatibility Publisher -> VM)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-13 21:46 - 2021-12-13 23:16 - 000000000 ____D C:\AdwCleaner
2021-12-13 16:21 - 2021-12-13 16:21 - 000002053 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-13 16:21 - 2021-12-13 16:21 - 000002041 _____
C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-13 16:21 - 2021-12-13 16:21 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\mbam
2021-12-13 16:20 - 2021-12-13 16:21 - 000210352 _____ (Malwarebytes)
C:\Windows\system32\Drivers\MbamChameleon.sys
2021-12-13 16:20 - 2021-12-13 16:20 - 000248992 _____ (Malwarebytes)
C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-12-13 16:20 - 2021-12-13 16:20 - 000160176 _____ (Malwarebytes)
C:\Windows\system32\Drivers\mbae64.sys
2021-12-13 16:20 - 2021-12-13 16:20 - 000019912 _____ (Malwarebytes)
C:\Windows\system32\Drivers\MbamElam.sys
2021-12-13 16:19 - 2021-12-13 16:19 - 000000000 ____D
C:\ProgramData\Malwarebytes
2021-12-13 16:19 - 2021-12-13 16:19 - 000000000 ____D C:\Program
Files\Malwarebytes
2021-12-13 16:02 - 2021-12-13 23:23 - 000000000 ____D C:\FRST
2021-12-13 16:01 - 2021-12-13 16:01 - 000000214 _____
C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-12-13 16:00 - 2021-12-13 16:20 - 000165066 _____ C:\Windows\ntbtlog.txt
2021-12-13 15:59 - 2021-12-13 15:59 - 000000258 __RSH C:\ProgramData\ntuser.pol
2021-12-12 17:29 - 2021-12-12 17:29 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\AdvinstAnalytics
2021-12-12 17:28 - 2021-12-12 17:28 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\Yandex
2021-12-12 16:55 - 2021-12-12 16:55 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\Squirrels
2021-12-12 16:55 - 2021-12-12 16:55 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\Reflector 4
2021-12-12 16:53 - 2021-12-12 16:53 - 000001975 _____
C:\Users\Public\Desktop\Reflector 4.lnk
2021-12-12 16:53 - 2021-12-12 16:53 - 000000000 ____D C:\Program Files\Reflector
4
2021-12-10 18:51 - 2021-12-10 18:51 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Streamlabs Desktop
2021-12-04 10:37 - 2021-12-04 10:37 - 000000000 ____D C:\Users\rpgtu\Creative
Cloud Files
2021-12-01 15:24 - 2021-12-12 17:11 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\slobs-client
2021-12-01 15:24 - 2021-12-01 15:24 - 000001021 _____
C:\Users\Public\Desktop\Streamlabs OBS.lnk
2021-12-01 15:24 - 2021-12-01 15:24 - 000001021 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs OBS.lnk
2021-12-01 15:24 - 2021-12-01 15:24 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Streamlabs OBS
2021-12-01 15:24 - 2021-12-01 15:24 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\slobs-plugins
2021-12-01 15:24 - 2021-12-01 15:24 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\obs-studio-node-server
2021-12-01 15:24 - 2021-12-01 15:24 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\slobs-client-updater
2021-12-01 15:24 - 2021-12-01 15:24 - 000000000 ____D
C:\ProgramData\obs-studio-hook
2021-12-01 13:01 - 2021-12-01 13:14 - 000921624 _____ C:\Windows\00000000.STI
2021-12-01 12:56 - 2021-12-01 12:56 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips SPC210NC Webcam
2021-12-01 12:43 - 2021-12-01 12:56 - 000000000 ___HD C:\Program Files
(x86)\InstallShield Installation Information
2021-12-01 12:43 - 2021-12-01 12:56 - 000000000 ____D C:\Program Files
(x86)\Philips
2021-12-01 12:43 - 2021-12-01 12:43 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips
2021-12-01 12:43 - 2006-08-01 10:40 - 000262254 _____ (Vimicro)
C:\Windows\SysWOW64\VM31bPrp.Ax
2021-12-01 12:43 - 2006-06-06 13:45 - 000432512 _____ (VM)
C:\Windows\system32\Drivers\usbVM31b.sys
2021-12-01 12:43 - 2004-06-09 15:37 - 000040960 _____ (BIGDOG)
C:\Windows\VM_STI.EXE
2021-12-01 12:43 - 2003-05-15 17:17 - 000061440 _____ (VM)
C:\Windows\system32\VM31bSTI.dll
2021-12-01 12:43 - 2002-08-22 16:34 - 000147456 _____ (VM) C:\Windows\VMCap.exe
2021-11-30 22:01 - 2021-11-30 22:13 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Stellarium
2021-11-30 22:01 - 2021-11-30 22:01 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\stellarium
2021-11-30 22:00 - 2021-11-30 22:00 - 000000900 _____
C:\Users\rpgtu\Desktop\Stellarium (ANGLE mode).lnk
2021-11-30 22:00 - 2021-11-30 22:00 - 000000874 _____
C:\Users\rpgtu\Desktop\Stellarium.lnk
2021-11-30 22:00 - 2021-11-30 22:00 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2021-11-30 09:24 - 2021-11-30 09:24 - 000000000 ____D C:\Windows\LastGood
2021-11-26 14:53 - 2021-11-26 14:53 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\blender-benchmark-launcher
2021-11-26 14:34 - 2021-11-26 14:35 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\blender-benchmark-launcher
2021-11-26 14:30 - 2021-11-26 14:30 - 000000000 ____D C:\Users\rpgtu\.thumbnails
2021-11-24 09:09 - 2021-11-24 09:09 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\CrashRpt
2021-11-24 07:48 - 2021-11-24 07:49 - 000000000 ____D
C:\Users\rpgtu\Documents\Avalanche Studios
2021-11-24 07:48 - 2021-11-24 07:48 - 000000222 _____
C:\Users\rpgtu\Desktop\theHunter Call of the Wild™.url
2021-11-22 12:28 - 2021-11-22 12:28 - 000001268 _____
C:\Users\rpgtu\Desktop\Photoshop - Shortcut.lnk
2021-11-22 10:23 - 2021-11-22 10:23 - 000000000 ____D
C:\Users\rpgtu\AppData\LocalLow\Adobe
2021-11-22 09:31 - 2021-11-22 09:31 - 000000817 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk
2021-11-22 08:02 - 2021-11-22 08:02 - 000000650 _____
C:\Users\Public\Desktop\Logitech G HUB.lnk
2021-11-22 08:02 - 2021-11-22 08:02 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-11-22 08:02 - 2021-11-22 08:02 - 000000000 ____D C:\Program Files\LGHUB
2021-11-18 23:04 - 2021-11-20 13:08 - 000003206 _____
C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-11-18 23:04 - 2021-11-18 23:04 - 000000000 ___RD C:\Users\Default\OneDrive
2021-11-18 23:04 - 2021-11-18 23:04 - 000000000 ___RD C:\Users\amali\OneDrive
2021-11-18 23:03 - 2021-11-20 13:08 - 000002194 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-17 21:52 - 2021-11-29 21:23 - 000000000 ____D C:\Program Files
(x86)\Microsoft OneDrive
2021-11-17 21:52 - 2021-11-18 23:04 - 000000000 ___RD C:\Users\rpgtu\OneDrive
2021-11-17 21:52 - 2021-11-17 21:52 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Skype
2021-11-17 21:50 - 2021-11-18 23:03 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-11-17 21:50 - 2021-11-17 21:50 - 000002554 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002523 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002518 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002513 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002512 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002505 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002476 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002475 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002469 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002463 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-11-17 21:50 - 2021-11-17 21:50 - 000002455 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-11-17 21:46 - 2021-12-10 14:35 - 000000000 ____D C:\Program Files
(x86)\Microsoft Office
2021-11-17 21:46 - 2021-11-17 21:46 - 000000000 ____D C:\Program Files\Microsoft
Office 15
2021-11-14 14:58 - 2021-11-14 14:58 - 000000000 ____D C:\Windows\LastGood.Tmp
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-13 21:26 - 2020-11-19 09:43 - 000000000 ____D
C:\Windows\system32\SleepStudy
2021-12-13 16:26 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files
(x86)\Windows Photo Viewer
2021-12-13 16:20 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-12-13 16:05 - 2020-11-19 09:54 - 000841126 _____
C:\Windows\system32\PerfStringBackup.INI
2021-12-13 16:05 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-12-13 16:00 - 2021-10-28 10:50 - 000000000 ____D C:\Program Files
(x86)\Google
2021-12-13 16:00 - 2021-03-22 06:31 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-13 16:00 - 2021-03-21 22:24 - 000000000 ____D C:\ProgramData\NVIDIA
2021-12-13 16:00 - 2019-12-07 11:14 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2021-12-13 16:00 - 2019-12-07 11:03 - 000786432 _____
C:\Windows\system32\config\BBI
2021-12-13 15:59 - 2021-03-22 13:33 - 000000000 __SHD
C:\Users\rpgtu\IntelGraphicsProfiles
2021-12-13 15:59 - 2021-03-21 21:37 - 000000000 ____D C:\Intel
2021-12-13 15:59 - 2020-11-19 09:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-12-13 15:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2021-12-12 17:29 - 2021-10-23 08:15 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\LGHUB
2021-12-12 17:29 - 2021-03-22 10:08 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\CrashDumps
2021-12-12 17:29 - 2021-03-21 22:15 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\discord
2021-12-12 17:28 - 2021-05-22 18:31 - 000000000 ____D C:\Program Files\Epic
Games
2021-12-12 17:28 - 2021-03-23 09:14 - 000000000 ____D C:\Program Files\Microsoft
Update Health Tools
2021-12-12 17:28 - 2019-12-07 11:14 - 000000000 ____D
C:\Windows\system32\GroupPolicy
2021-12-12 17:26 - 2021-03-21 22:15 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\Discord
2021-12-12 16:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-12-12 16:22 - 2021-03-21 21:45 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\PlaceholderTileLogoFolder
2021-12-12 16:22 - 2021-03-21 21:41 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\Packages
2021-12-12 16:21 - 2019-12-07 11:14 - 000000000 ___HD C:\Program
Files\WindowsApps
2021-12-12 16:13 - 2021-10-23 08:15 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\LGHUB
2021-12-12 16:07 - 2021-03-21 23:13 - 000004168 _____
C:\Windows\system32\Tasks\User_Feed_Synchronization-{0553BF3D-5D66-459C-BC0F-81CF0A4ECF57}
2021-12-12 09:53 - 2020-11-19 09:46 - 000002458 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-10 22:48 - 2021-03-21 21:39 - 000000000 ____D C:\Users\rpgtu
2021-12-10 14:30 - 2020-11-19 09:46 - 000003480 _____
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-10 14:30 - 2020-11-19 09:46 - 000003356 _____
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-12-07 14:05 - 2021-10-28 10:51 - 000002267 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-07 14:05 - 2021-10-28 10:51 - 000002226 _____
C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-04 09:33 - 2021-10-13 16:18 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2021-12-03 22:06 - 2021-03-21 22:14 - 000000000 ____D C:\Program Files
(x86)\Steam
2021-12-01 13:09 - 2021-03-21 22:24 - 000004308 _____
C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003976 _____
C:\Windows\system32\Tasks\NVIDIA GeForce Experience
SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003940 _____
C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003894 _____
C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000003654 _____
C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 13:09 - 2021-03-21 22:24 - 000001467 _____
C:\Users\Public\Desktop\GeForce Experience.lnk
2021-12-01 13:09 - 2021-03-21 22:24 - 000000000 ____D C:\Program Files
(x86)\NVIDIA Corporation
2021-12-01 13:09 - 2021-03-21 21:41 - 000000000 ____D C:\ProgramData\NVIDIA
Corporation
2021-12-01 13:09 - 2021-03-21 21:41 - 000000000 ____D C:\Program Files\NVIDIA
Corporation
2021-11-30 19:35 - 2021-03-21 21:54 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\D3DSCache
2021-11-30 09:24 - 2021-10-13 16:11 - 000000000 ____D C:\Program Files
(x86)\Razer
2021-11-29 15:54 - 2021-11-08 16:44 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\HandBrake
2021-11-29 12:54 - 2021-03-21 22:07 - 000004218 _____
C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1616357225
2021-11-29 12:54 - 2021-03-21 22:07 - 000001458 _____
C:\Users\rpgtu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX
Browser.lnk
2021-11-26 14:32 - 2021-03-21 23:24 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-11-23 17:01 - 2021-10-23 08:13 - 000000000 ____D C:\ProgramData\LGHUB
2021-11-23 09:27 - 2021-03-21 22:24 - 002849992 _____ (NVIDIA Corporation)
C:\Windows\system32\nvspcap64.dll
2021-11-23 09:27 - 2021-03-21 22:24 - 002195656 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvspcap.dll
2021-11-23 09:27 - 2021-03-21 22:24 - 001294032 _____ (NVIDIA Corporation)
C:\Windows\system32\NvRtmpStreamer64.dll
2021-11-22 17:19 - 2021-03-21 22:36 - 000002388 _____
C:\Users\rpgtu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft
Teams.lnk
2021-11-22 17:19 - 2021-03-21 22:36 - 000002380 _____
C:\Users\rpgtu\Desktop\Microsoft Teams.lnk
2021-11-22 14:19 - 2021-05-17 22:10 - 000000435 _____
C:\Users\rpgtu\Desktop\DOGE.txt
2021-11-22 09:32 - 2021-03-22 07:54 - 000000000 ____D
C:\Users\rpgtu\Documents\Adobe
2021-11-22 09:32 - 2021-03-21 21:41 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\Adobe
2021-11-22 09:31 - 2021-05-27 21:51 - 000000000 ____D C:\Program Files\Adobe
2021-11-22 09:31 - 2021-05-27 21:49 - 000000000 ____D C:\Program Files\Common
Files\Adobe
2021-11-22 09:31 - 2021-05-27 21:49 - 000000000 ____D C:\Program Files
(x86)\Adobe
2021-11-22 09:28 - 2021-03-22 13:33 - 000000000 ____D
C:\Users\amali\AppData\Roaming\Adobe
2021-11-22 09:28 - 2021-03-21 22:58 - 000000000 ____D C:\ProgramData\Adobe
2021-11-20 15:21 - 2020-11-19 09:48 - 000000000 ____D C:\ProgramData\Packages
2021-11-19 16:55 - 2020-11-19 09:43 - 000439016 _____
C:\Windows\system32\FNTCACHE.DAT
2021-11-18 23:04 - 2021-03-22 13:32 - 000000000 ____D C:\Users\amali
2021-11-18 14:49 - 2019-12-07 11:14 - 000000000 ____D
C:\Windows\LiveKernelReports
2021-11-17 22:59 - 2021-03-21 23:47 - 000000000 ____D
C:\Users\rpgtu\AppData\Roaming\uTorrent
2021-11-17 22:58 - 2021-03-21 23:47 - 000000000 ____D
C:\Users\rpgtu\AppData\Local\BitTorrentHelper
2021-11-17 21:55 - 2020-11-19 09:48 - 000000000 __RHD
C:\Users\Public\AccountPictures
2021-11-17 21:46 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common
Files\microsoft shared
2021-11-16 20:36 - 2021-03-21 22:24 - 000001951 _____
C:\Windows\NvContainerRecovery.bat
==================== Files in the root of some directories ========
2021-12-12 17:29 - 2021-12-12 17:29 - 001697280 _____ (Igor Pavlov)
C:\Users\rpgtu\AppData\Roaming\Microsoft\7z.dll
2021-12-12 17:29 - 2021-12-12 17:29 - 000534016 _____ (Igor Pavlov)
C:\Users\rpgtu\AppData\Roaming\Microsoft\7z.exe
2021-09-13 12:33 - 2021-10-04 08:10 - 000007601 _____ ()
C:\Users\rpgtu\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by rpgtu (13-12-2021 23:23:35)
Running from F:\
Microsoft Windows 10 Pro Version 20H2 19042.1348 (X64) (2021-03-21 19:33:42)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4059296222-1974293382-1207419619-500 - Administrator -
Disabled)
amali (S-1-5-21-4059296222-1974293382-1207419619-1002 - Limited - Enabled) =>
C:\Users\amali
DefaultAccount (S-1-5-21-4059296222-1974293382-1207419619-503 - Limited -
Disabled)
Guest (S-1-5-21-4059296222-1974293382-1207419619-501 - Limited - Disabled)
rpgtu (S-1-5-21-4059296222-1974293382-1207419619-1001 - Administrator - Enabled)
=> C:\Users\rpgtu
WDAGUtilityAccount (S-1-5-21-4059296222-1974293382-1207419619-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\uTorrent)
(Version: 3.5.5.46096 - BitTorrent Inc.)
4K YouTube to MP3 (HKLM\...\{0142E874-8564-4F97-B268-F072C26120DF}) (Version:
4.1.3.4340 - Open Media LLC) Hidden
4K YouTube to MP3 (HKLM-x32\...\{715659a1-b348-442f-9f03-cc5f72516426})
(Version: 4.1.3.4340 - Open Media LLC)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_10_0) (Version: 10.0 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe
Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0) (Version: 14.0 - Adobe Inc.)
Blackmagic RAW Common Components
(HKLM\...\{FC105F36-D90B-4135-B954-F50CDCFACA3D}) (Version: 2.1 - Blackmagic
Design)
CPUID CPU-Z 1.96 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.96 - CPUID, Inc.)
CPUID HWMonitor 1.44 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.44 - CPUID,
Inc.)
DaVinci Resolve (HKLM\...\{E6C9DAB6-0743-42CD-8647-08D9FC2E1994}) (Version:
17.1.00024 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{6CA5153C-F6DB-4495-AC9A-380DEAF9E3D5})
(Version: 1.5.2.0 - Blackmagic Design)
Discord (HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Discord)
(Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{A2FB1E1A-55D9-4511-A0BF-DEAD0493FBBC})
(Version: 1.2.11.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64)
(HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic
Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.93 - Google LLC)
HandBrake 1.4.2 (HKLM-x32\...\HandBrake) (Version: 1.4.2 - )
Immutable 0.13.7
(HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\{6ae4b193-3f11-53fc-9cc5-14b1f1a73184})
(Version: 0.13.7 - Immutable)
Launcher Prerequisites (x64)
(HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic
Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version:
2021.12.4779 - Logitech)
Luminar AI (HKLM\...\{B8E3AD96-BB3D-4505-A04B-DEDD016C193C}) (Version:
1.0.0.7348 - Skylum) Hidden
Luminar AI (HKLM\...\Luminar AI 1.0.0.7348) (Version: 1.0.0.7348 - Skylum)
Malwarebytes version 4.4.11.149
(HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 -
Malwarebytes)
Mavis Hub 1.3.0
(HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\{cc9e8b63-ffef-5371-bb50-2dfd3e6be1f2})
(Version: 1.3.0 - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.53 - Microsoft
Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail -
en-us) (Version: 16.0.14701.20226 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 -
Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectPro2019Retail - en-us) (Version:
16.0.14701.20226 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Teams)
(Version: 1.4.00.29469 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76})
(Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visio - en-us (HKLM\...\VisioPro2019Retail - en-us) (Version:
16.0.14701.20226 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
(HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
(HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
(HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 -
Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
(HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
(HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
(HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
(HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660
(HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664
(HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
(HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660
(HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
(HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334
(HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914
(HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 -
Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.11 (x64)
(HKLM-x32\...\{59d2a8eb-a667-428d-a393-42df4da226a4}) (Version: 5.0.11.30524 -
Microsoft Corporation)
MSI Afterburner 4.6.4 Beta 3 (HKLM-x32\...\Afterburner) (Version: 4.6.4 Beta 3 -
MSI Co., LTD)
NVIDIA FrameView SDK 1.2.4999.30397803
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version:
1.2.4999.30397803 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.24.0.123
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version:
3.24.0.123 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.96
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version:
471.96 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version:
1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version:
9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component
(HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14701.20226
- Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration
(HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20210 -
Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component
(HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20226 -
Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component
(HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20118
- Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera GX Stable 81.0.4196.61
(HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Opera GX 81.0.4196.61)
(Version: 81.0.4196.61 - Opera Software)
Pentablet version 1.6.4.210111
(HKLM\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 1.6.4.210111 - )
Philips SPC200NC Webcam (HKLM-x32\...\{2A2646FB-7BAC-451B-BF90-4889C4429C5E})
(Version: 1.0.0.0 - )
Philips SPC210NC Webcam (HKLM-x32\...\{38D95956-E92C-4473-904B-CD877EA04410})
(Version: - )
Raven Core (64-bit)
(HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\Raven Core (64-bit))
(Version: 4.3.2 - Raven Core project)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.1201.111814 - Razer
Inc.)
Reflector 4 (HKLM\...\{486CCCF4-3010-488C-B9BA-8F816E7698D9}) (Version: 4.0.3.0
- Squirrels)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit
Technologies Co.Ltd)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellarium 0.21.2 (HKLM\...\Stellarium_is1) (Version: 0.21.2 - Stellarium team)
Streamlabs OBS 1.5.2 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version:
1.5.2 - General Workings, Inc.)
The Sandbox Maker (HKLM\...\sandboxmaker) (Version: 0.6.12.908 - TSB Gaming
Limited)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 126.0.10593 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91})
(Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Youtubers Life (HKLM-x32\...\Youtubers Life_is1) (Version: - )
Packages:
=========
AirServer Windows 10 Desktop Edition -> C:\Program
Files\WindowsApps\F3F176BD.AirServer_2021.2.23.2_x64__p8qzvses5c8me [2021-12-12]
(App Dynamic ehf.) [Startup Task]
Intel® Graphics Command Center -> C:\Program
Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt
[2021-12-05] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program
Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe
[2021-12-10] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program
Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe
[2021-12-04] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program
Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj
[2021-09-16] (NVIDIA Corp.)
Spotify Music -> C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0
[2021-12-10] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
CustomCLSID:
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32
->
C:\Users\rpgtu\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21209.2\x64\Microsoft.Teams.AddinLoader.dll
(Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] ->
{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common
Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-22] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] ->
{853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common
Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-22] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] ->
{42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common
Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-22] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OneDrive1] ->
{BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] ->
{5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] ->
{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] ->
{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] ->
{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] ->
{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] ->
{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] ->
{BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] ->
{5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] ->
{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] ->
{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] ->
{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] ->
{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] ->
{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>
C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
[2021-11-22] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>
C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
=> C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-13]
(Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files (x86)\Microsoft
OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2021-11-20] (Microsoft
Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] ->
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} =>
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b8346c359fcd6093\nvshext.dll
[2021-08-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>
C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
[2021-11-22] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-13]
(Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>
C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
=> C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry.
The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService =>
""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy =>
""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService =>
""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy =>
""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft
Office\Office16\OCHelper.dll [2021-11-18] (Microsoft Corporation -> Microsoft
Corporation)
BHO: Microsoft OneDrive for Business Browser Helper ->
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft
Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
[2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper ->
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft
Office\root\Office16\OCHelper.dll [2021-11-18] (Microsoft Corporation ->
Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper ->
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft
Office\root\Office16\GROOVEEX.DLL [2021-12-10] (Microsoft Corporation ->
Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-18]
(Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-18] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-18]
(Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files
(x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-18] (Microsoft
Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site:
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\sharepoint.com ->
hxxps://latcuvoda-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2021-12-13 17:32 - 000000027 _____
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\Control
Panel\Desktop\\Wallpaper ->
C:\Users\rpgtu\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\steep
screenshot 2020.01.03 - 19.17.57.88.png
HKU\S-1-5-21-4059296222-1974293382-1207419619-1002\Control
Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\StartupApproved\Run: =>
"com.squirrel.Teams.Teams"
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\StartupApproved\Run: =>
"Steam"
HKU\S-1-5-21-4059296222-1974293382-1207419619-1001\...\StartupApproved\Run: =>
"FACEIT"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:111.26 GB) (Free:32.77 GB) (29%)
Check "VSS" service
==================== Faulty Device Manager Devices ============
Name: Microsoft Hyper-V Virtualization Infrastructure Driver
Description: Microsoft Hyper-V Virtualization Infrastructure Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Vid
Problem: : This device is not working properly because Windows cannot load the
drivers required for this device. (Code 31)
Resolution: Update the driver
Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which
starts the Hardware Update wizard.
Name: Intel® Display Audio
Description: Intel® Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcDAud
Problem: : This device is not working properly because Windows cannot load the
drivers required for this device. (Code 31)
Resolution: Update the driver
Name: PCI Memory Controller
Description: PCI Memory Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which
starts the Hardware Update wizard.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which
starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/13/2021 04:00:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (12/13/2021 04:00:19 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID
{4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started.
[0x8007045b, A system shutdown is in progress.
]
Error: (12/13/2021 04:00:18 PM) (Source: Software Protection Platform Service)
(EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent
Error: (12/13/2021 04:00:18 PM) (Source: Software Protection Platform Service)
(EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (12/13/2021 04:00:15 PM) (Source: Software Protection Platform Service)
(EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (12/12/2021 05:29:37 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: IVtdL4y3JfV3BxQG32utbo6w.exe, version:
52.0.0.0, time stamp: 0x61ae1d96
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x130f0d8e
Faulting process id: 0x50b4
Faulting application start time: 0x01d7ef6ceaff5791
Faulting application path: C:\Users\rpgtu\Pictures\Adobe
Films\IVtdL4y3JfV3BxQG32utbo6w.exe
Faulting module path: unknown
Report Id: 5e253373-248e-4075-9628-545bd596129a
Faulting package full name:
Faulting package-relative application ID:
Error: (12/12/2021 05:29:35 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: IVtdL4y3JfV3BxQG32utbo6w.exe, version:
52.0.0.0, time stamp: 0x61ae1d96
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x130f0d8e
Faulting process id: 0x50b4
Faulting application start time: 0x01d7ef6ceaff5791
Faulting application path: C:\Users\rpgtu\Pictures\Adobe
Films\IVtdL4y3JfV3BxQG32utbo6w.exe
Faulting module path: unknown
Report Id: 9f884ab4-9227-49e9-8b75-cdb695b34978
Faulting package full name:
Faulting package-relative application ID:
Error: (12/12/2021 05:29:30 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: IVtdL4y3JfV3BxQG32utbo6w.exe, version:
52.0.0.0, time stamp: 0x61ae1d96
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x130f0d8e
Faulting process id: 0x50b4
Faulting application start time: 0x01d7ef6ceaff5791
Faulting application path: C:\Users\rpgtu\Pictures\Adobe
Films\IVtdL4y3JfV3BxQG32utbo6w.exe
Faulting module path: unknown
Report Id: 91603d9c-fc0a-420f-8fae-0170e124ba6b
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (12/13/2021 11:23:57 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (12/13/2021 11:23:57 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{F087771F-D74F-4C1A-BB8A-E16ACA9124EA}
Error: (12/13/2021 11:23:57 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{6D18AD12-BDE3-4393-B311-099C346E6DF9}
Error: (12/13/2021 11:23:57 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{03CA98D6-FF5D-49B8-ABC6-03DD84127020}
Error: (12/13/2021 11:23:57 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{659CDEA7-489E-11D9-A9CD-000D56965251}
Error: (12/13/2021 11:23:57 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{BB6DF56B-CACE-11DC-9992-0019B93A3A84}
Error: (12/13/2021 11:23:57 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{1ECCA34C-E88A-44E3-8D6A-8921BDE9E452}
Error: (12/13/2021 11:23:57 PM) (Source: DCOM) (EventID: 10005) (User:
DESKTOP-H5DFB75)
Description: DCOM got error "1084" attempting to start the service BITS with
arguments "Unavailable" in order to run the server:
{4D233817-B456-4E75-83D2-B17DEC544D12}
Windows Defender:
================
Date: 2021-12-12 17:29:07
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik!MTB&threatid=2147787147&enterprise=0
Name: Trojan:Win32/Sabsik!MTB
Severity: Severe
Category: Trojan
Path:
file:_C:\Users\rpgtu\AppData\Local\Microsoft\Windows\INetCache\IE\BKYKBGYN\Service[1].bmp;
file:_C:\Users\rpgtu\Pictures\Adobe Films\amkBSLIsEXAHOMMY9nHKcxd7.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name:
C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD\Sun141adecb70b222e5e.exe
Security intelligence Version: AV: 1.355.139.0, AS: 1.355.139.0, NIS:
1.355.139.0
Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4
Date: 2021-12-12 17:28:50
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Mokes.B!MTB&threatid=2147783652&enterprise=0
Name: Trojan:MSIL/Mokes.B!MTB
Severity: Severe
Category: Trojan
Path:
file:_C:\Users\rpgtu\AppData\Local\Microsoft\Windows\INetCache\IE\PLE77LH9\Uponrun[1].exe;
file:_C:\Users\rpgtu\Pictures\Adobe Films\W07eNDS7upRRZgfGDd5lak88.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name:
C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD\Sun141adecb70b222e5e.exe
Security intelligence Version: AV: 1.355.139.0, AS: 1.355.139.0, NIS:
1.355.139.0
Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4
Date: 2021-12-12 17:28:38
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik!MTB&threatid=2147787147&enterprise=0
Name: Trojan:Win32/Sabsik!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\rpgtu\Pictures\Adobe Films\amkBSLIsEXAHOMMY9nHKcxd7.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name:
C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD\Sun141adecb70b222e5e.exe
Security intelligence Version: AV: 1.355.139.0, AS: 1.355.139.0, NIS:
1.355.139.0
Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4
Date: 2021-12-12 17:28:31
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Mokes.B!MTB&threatid=2147783652&enterprise=0
Name: Trojan:MSIL/Mokes.B!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\rpgtu\Pictures\Adobe Films\W07eNDS7upRRZgfGDd5lak88.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name:
C:\Users\rpgtu\AppData\Local\Temp\7zSCAB3C6FD\Sun141adecb70b222e5e.exe
Security intelligence Version: AV: 1.355.139.0, AS: 1.355.139.0, NIS:
1.355.139.0
Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4
Date: 2021-12-12 16:28:52
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/SmallDownloader!MTB&threatid=2147786787&enterprise=0
Name: Trojan:MSIL/SmallDownloader!MTB
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Users\rpgtu\AppData\Local\Temp\setup_installer.exe;
file:_C:\Users\rpgtu\AppData\Local\Temp\setup_installer.exe->(7zSfx)->Sun1480437ab0bd2d87.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.355.139.0, AS: 1.355.139.0, NIS:
1.355.139.0
Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4
==================== Memory info ===========================
BIOS: American Megatrends Inc. P2.10 05/15/2017
Motherboard: ASRock H270 Pro4
Processor: Intel® Core™ i3-7100 CPU @ 3.90GHz
Percentage of memory in use: 10%
Total physical RAM: 32660.59 MB
Available physical RAM: 29274.22 MB
Total Virtual: 37524.59 MB
Available Virtual: 34467.48 MB
==================== Drives ================================
Drive c: (Fast as bleep,boiiiii) (Fixed) (Total:111.26 GB) (Free:32.77 GB) NTFS
==>[drive with boot components (obtained from BCD)]
Drive d: (Biden's secrets) (Fixed) (Total:931.51 GB) (Free:655.48 GB) NTFS
Drive e: (STICK 4G) (Removable) (Total:3.78 GB) (Free:3.39 GB) FAT32
Drive f: (STICK 1G) (Removable) (Total:0.94 GB) (Free:0.92 GB) FAT
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 513B16F7)
Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4E8329B3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 961 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=961 MB) - (Type=0E)
==========================================================
Disk: 3 (Size: 3.8 GB) (Disk ID: 00072E32)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)
==================== End of Addition.txt =======================
* Back to top
--------------------------------------------------------------------------------
#15 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 14,636 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:33 AM
Posted 13 December 2021 - 04:48 PM
The AdwCleaner report submitted was the scan log. You should quarantine the
results.
The following programs have been categorized as undesired:
Lightening Media Player (HKLM-x32\...\lighteningplayer) (Version: - )
FarLabUninstaller v1.53.11113 (HKLM-x32\...\FarLabUninstaller.exe_is1) (Version:
1.53.0.13343 - )
I would recommend you remove those programs.
Everything else looks clear. Boot in Normal Mode and let me know how is the
computer doing.
No request for help throughout private messaging will be attended.
If I have helped you, consider making a donation to help me continue the fight
against Malware!
* Back to top
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
* Page 1 of 2
* 1
* 2
* Next
Back to Virus, Trojan, Spyware, and Malware Removal Help
*
*
*
*
*
*
*
*
*
*
1 USER(S) ARE READING THIS TOPIC
0 members, 1 guests, 0 anonymous users
Reply to quoted posts Clear
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
4. Privacy Policy
5. Rules ·
*
* Help
Advertise | About Us | Terms of Use | Privacy Policy | Sitemap
| Chat | RSS Feeds | Contact Us Tech Support Forums | Virus
Removal Guides | Downloads | Tutorials | The Computer Glossary |
Uninstall List | Startups | The File Database
© 2004-2021 All Rights Reserved Bleeping Computer LLC .
Site Changelog
Community Forum Software by IP.Board
SIGN IN
* Use Twitter
* Need an account? Register now!
* Username
* Forum Password
I've forgotten my password
* Remember me
This is not recommended for shared computers
* Sign in anonymously
Don't add me to the active users list
* Privacy Policy
JUMP TO PAGE
JUMP TO PAGE