Please help me, getting malware vibes something awful

**AMINAL** · 03-11-2023, 09:06 PM

Thanks, sure! I’ve been noticing really strange stuff, hard to describe but you just feel like someone is doing something. For example, I couldn’t install malwarebytes in “C:\Program Files” when I clicked custom destination. I’ve also had a lot of 32 bit applications being installed out of nowhere when first installing windows. Sigh. I’m pretty sure my phones are ****** too.

Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2023
Ran by zebas (administrator) on DESKTOP-5418MRJ (11-03-2023 22:00:12)
Running from C:\Users\zebas\Desktop
Loaded Profiles: zebas
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(cmd.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mew miprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationS ervice.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal .inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation → NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_ dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContai ner\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2300_no ne_7e14edbc7c88b7d5\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1699730293-2890694582-1220986579-1001...\Run: [MicrosoftEdgeAutoLaunch_767B5D1EAE24DD4FF31A0589E4 1760BC] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start /prefetch:5 [4242384 2023-03-09] (Microsoft Corporation → Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip..\Interfaces{13b1e47d-ab29-4f67-b30c-1b0d512330b1}: [DhcpNameServer] 192.168.50.1
[HEADING=1]Edge:[/HEADING]
Edge DefaultProfile: Default
Edge Profile: C:\Users\zebas\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-11]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\zebas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoon bcbacn [2023-03-11]
Edge Extension: (uBlock Origin) - C:\Users\zebas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpch acaeak [2023-03-11]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9084512 2023-03-11] (Malwarebytes Inc. → Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2023-03-11] (Microsoft Windows Publisher → Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2302.3-0\NisSrv.exe [3224328 2023-03-11] (Microsoft Windows Publisher → Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2302.3-0\MsMpEng.exe [133592 2023-03-11] (Microsoft Windows Publisher → Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_ dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContai ner\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSyste m.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_ dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContai ner\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-03-11] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-03-11] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-03-11] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198112 2023-03-11] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77736 2023-03-11] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-03-11] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2023-03-11] (Malwarebytes Inc. → Malwarebytes)
R3 MpKsl2781f930; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{07D37992-7833-454B-A9F5-A9AE33EEA9B5}\MpKslDrv.sys [214280 2023-03-11] (Microsoft Windows → Microsoft Corporation)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [48800 2022-02-23] (SteelSeries ApS → SteelSeries ApS)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49624 2023-03-11] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [495912 2023-03-11] (Microsoft Windows → Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99624 2023-03-11] (Microsoft Windows → Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-12 05:05 - 2023-03-11 20:06 - 000000000 ____D C:\Windows\Panther
2023-03-11 21:59 - 2023-03-11 21:59 - 000181816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-03-11 21:57 - 2023-03-11 22:00 - 000007793 _____ C:\Users\zebas\Desktop\FRST.txt
2023-03-11 21:57 - 2023-03-11 22:00 - 000000000 ____D C:\FRST
2023-03-11 21:56 - 2023-03-11 21:57 - 002378752 _____ (Farbar) C:\Users\zebas\Desktop\FRST64.exe
2023-03-11 21:46 - 2023-03-11 21:46 - 000000000 ___SD C:\Windows\system32\containers
2023-03-11 21:46 - 2023-03-11 21:46 - 000000000 ____D C:\Windows\system32\HvsiSettingsProviders
2023-03-11 21:46 - 2023-03-11 21:46 - 000000000 ____D C:\Program Files\Windows Identity Foundation
2023-03-11 21:46 - 2023-03-11 21:46 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-03-11 21:46 - 2023-03-11 21:46 - 000000000 ____D C:\inetpub
2023-03-11 21:32 - 2023-03-11 21:32 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-03-11 21:32 - 2023-03-11 21:32 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-03-11 21:32 - 2023-03-11 21:32 - 000000000 ____D C:\Users\zebas\AppData\Local\mbam
2023-03-11 21:31 - 2023-03-11 21:31 - 002580896 _____ (Malwarebytes) C:\Users\zebas\Desktop\MBSetup.exe
2023-03-11 21:31 - 2023-03-11 21:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-03-11 21:31 - 2023-03-11 21:31 - 000000000 ____D C:\Program Files\Malwarebytes
2023-03-11 21:29 - 2023-03-11 21:29 - 000000000 ____D C:\Users\zebas\AppData\Local\DBG
2023-03-11 21:28 - 2023-03-11 21:59 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2023-03-11 21:12 - 2023-03-11 21:12 - 000000000 ____D C:\Users\zebas\AppData\Local\ElevatedDiagnostics
2023-03-11 20:54 - 2023-03-11 21:08 - 000000000 ____D C:\Users\zebas\AppData\Local\D3DSCache
2023-03-11 20:49 - 2023-03-11 20:49 - 000000000 ____D C:\Users\zebas\AppData\Local\Comms
2023-03-11 20:44 - 2023-03-11 20:44 - 000000000 ___HD C:$WinREAgent
2023-03-11 20:41 - 2023-03-11 20:41 - 000000000 ____D C:\Windows\system32\SteelSeries
2023-03-11 20:35 - 2023-03-11 20:35 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-03-11 20:34 - 2023-03-11 20:57 - 000000000 ____D C:\Users\zebas\AppData\Local\PlaceholderTileLogoFo lder
2023-03-11 20:34 - 2023-03-11 20:55 - 000000000 ___RD C:\Users\zebas\OneDrive
2023-03-11 20:34 - 2023-03-11 20:35 - 000000000 ____D C:\Windows\system32\MRT
2023-03-11 20:34 - 2023-03-11 20:34 - 000000000 ___HD C:\OneDriveTemp
2023-03-11 20:34 - 2023-03-11 20:34 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-03-11 20:32 - 2023-03-11 21:48 - 000000000 ____D C:\Users\zebas\AppData\Local\Packages
2023-03-11 20:32 - 2023-03-11 21:29 - 000000000 ____D C:\Users\zebas\AppData\Local\ConnectedDevicesPlatf orm
2023-03-11 20:32 - 2023-03-11 20:34 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-03-11 20:32 - 2023-03-11 20:32 - 000000000 ___RD C:\Users\zebas\3D Objects
2023-03-11 20:32 - 2023-03-11 20:32 - 000000000 ____D C:\Users\zebas\AppData\Roaming\Adobe
2023-03-11 20:32 - 2023-03-11 20:32 - 000000000 ____D C:\Users\zebas\AppData\Local\VirtualStore
2023-03-11 20:32 - 2023-03-11 20:32 - 000000000 ____D C:\Users\zebas\AppData\Local\Publishers
2023-03-11 20:32 - 2023-03-11 20:32 - 000000000 ____D C:\Users\zebas\AppData\Local\NVIDIA
2023-03-11 20:31 - 2023-03-11 20:34 - 000000000 ____D C:\Users\zebas
2023-03-11 20:31 - 2023-03-11 20:31 - 000000020 ___SH C:\Users\zebas\ntuser.ini
2023-03-11 20:30 - 2023-03-11 21:06 - 000000000 ____D C:\ProgramData\Packages
2023-03-11 20:29 - 2023-03-11 21:59 - 000000000 ____D C:\ProgramData\NVIDIA
2023-03-11 20:29 - 2023-03-11 20:29 - 000000000 ____D C:\Windows\system32\lxss
2023-03-11 20:29 - 2023-03-11 20:29 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2023-03-11 20:29 - 2023-03-11 20:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-03-11 20:29 - 2023-03-11 20:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-03-11 20:29 - 2022-08-23 23:26 - 001905912 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-03-11 20:29 - 2022-08-23 23:26 - 001905912 _____ C:\Windows\system32\vulkaninfo.exe
2023-03-11 20:29 - 2022-08-23 23:26 - 001478408 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-03-11 20:29 - 2022-08-23 23:26 - 001478408 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-03-11 20:29 - 2022-08-23 23:26 - 001145592 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-03-11 20:29 - 2022-08-23 23:26 - 001145592 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-03-11 20:29 - 2022-08-23 23:25 - 001471984 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2023-03-11 20:29 - 2022-08-23 23:25 - 001432312 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-03-11 20:29 - 2022-08-23 23:25 - 001432312 _____ C:\Windows\system32\vulkan-1.dll
2023-03-11 20:29 - 2022-08-23 23:25 - 001213424 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-03-11 20:29 - 2022-08-23 23:22 - 001536512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-03-11 20:29 - 2022-08-23 23:22 - 001182704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-03-11 20:29 - 2022-08-23 23:22 - 000865784 _____ C:\Windows\system32\nvofapi64.dll
2023-03-11 20:29 - 2022-08-23 23:22 - 000771584 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-03-11 20:29 - 2022-08-23 23:22 - 000714752 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-03-11 20:29 - 2022-08-23 23:22 - 000687616 _____ C:\Windows\SysWOW64\nvofapi.dll
2023-03-11 20:29 - 2022-08-23 23:22 - 000139248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2023-03-11 20:29 - 2022-08-23 23:22 - 000052208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2023-03-11 20:29 - 2022-08-23 23:21 - 010269696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-03-11 20:29 - 2022-08-23 23:21 - 008803840 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-03-11 20:29 - 2022-08-23 23:21 - 005362688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-03-11 20:29 - 2022-08-23 23:21 - 003066864 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2023-03-11 20:29 - 2022-08-23 23:21 - 002127856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-03-11 20:29 - 2022-08-23 23:21 - 001607664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-03-11 20:29 - 2022-08-23 23:21 - 001059320 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-03-11 20:29 - 2022-08-23 23:21 - 000845312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-03-11 20:29 - 2022-08-23 23:21 - 000456192 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-03-11 20:29 - 2022-08-23 23:20 - 005735936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-03-11 20:29 - 2022-08-23 23:20 - 000852984 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-03-11 20:29 - 2022-08-23 23:19 - 007483416 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2023-03-11 20:29 - 2022-08-23 23:19 - 006367424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-03-11 20:29 - 2022-08-23 22:57 - 000093241 _____ C:\Windows\system32\nvinfo.pb
2023-03-11 20:16 - 2023-03-11 21:52 - 000795742 _____ C:\Windows\system32\PerfStringBackup.INI
2023-03-11 20:09 - 2023-03-11 20:09 - 000000000 ____D C:\Windows\CSC
2023-03-11 20:07 - 2023-03-11 20:07 - 000000000 _SHDL C:\Documents and Settings
2023-03-11 20:06 - 2023-03-11 21:59 - 000008192 ___SH C:\DumpStack.log.tmp
2023-03-11 20:06 - 2023-03-11 21:59 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-03-11 20:06 - 2023-03-11 21:47 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2023-03-11 20:06 - 2023-03-11 21:32 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-03-11 20:06 - 2023-03-11 21:06 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-03-11 20:06 - 2023-03-11 21:06 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-03-11 20:06 - 2023-03-11 20:43 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA
2023-03-11 20:06 - 2023-03-11 20:43 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore
2023-03-11 20:06 - 2023-03-11 20:06 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_ 00.Wdf
2023-03-11 20:06 - 2023-03-11 20:06 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-03-11 20:06 - 2023-03-11 20:06 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-12 05:05 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2023-03-11 21:59 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-03-11 21:59 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-03-11 21:59 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-03-11 21:48 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-03-11 21:48 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-03-11 21:46 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemApps
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\inetsrv
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\DDFs
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2023-03-11 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-03-11 21:46 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-03-11 21:39 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2023-03-11 21:38 - 2022-09-08 04:08 - 000883040 _____ (Microsoft Corporation) C:\Windows\system32\hvsimgr.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000671744 _____ C:\Windows\system32\hgattest.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000547680 _____ (Microsoft Corporation) C:\Windows\system32\vmpmem.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000408416 _____ (Microsoft Corporation) C:\Windows\system32\VmSynthNic.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000371448 _____ (Microsoft Corporation) C:\Windows\system32\ActivationVdev.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000344576 _____ (Microsoft Corporation) C:\Windows\system32\TpmEngUM.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000318304 _____ (Microsoft Corporation) C:\Windows\system32\vmiccore.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000293856 _____ (Microsoft Corporation) C:\Windows\system32\TpmEngUM138.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000293728 _____ (Microsoft Corporation) C:\Windows\system32\vmdynmem.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000286520 _____ (Microsoft Corporation) C:\Windows\system32\vmsif.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000282112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nfsrdr.sys
2023-03-11 21:38 - 2022-09-08 04:08 - 000268128 _____ (Microsoft Corporation) C:\Windows\system32\hvsirdpclient.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000260408 _____ (Microsoft Corporation) C:\Windows\system32\hcsdiag.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000238416 _____ (Microsoft Corporation) C:\Windows\system32\CExecSvc.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000222528 _____ (Microsoft Corporation) C:\Windows\system32\NetMgmtIF.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000212832 _____ (Microsoft Corporation) C:\Windows\system32\vmbusvdev.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000210272 _____ (Microsoft Corporation) C:\Windows\system32\gpupvdev.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000185200 _____ C:\Windows\system32\HvsiSettingsWorker.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000176976 _____ (Microsoft Corporation) C:\Windows\system32\vmickrnl.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000169472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000158208 _____ (Microsoft Corporation) C:\Windows\system32\hnsdiag.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000152904 _____ C:\Windows\system32\IsolatedWindowsEnvironmentUtil s.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000151352 _____ C:\Windows\system32\nmscrub.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000147808 _____ (Microsoft Corporation) C:\Windows\system32\hvsirpcd.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\hgclientservice.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rpcxdr.sys
2023-03-11 21:38 - 2022-09-08 04:08 - 000142648 _____ (Microsoft Corporation) C:\Windows\system32\nmbind.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000122168 _____ (Microsoft Corporation) C:\Windows\system32\vmsifcore.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000119296 _____ C:\Windows\system32\hvsiproxyapp.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000111944 _____ C:\Windows\SysWOW64\IsolatedWindowsEnvironmentUtil s.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000109384 _____ (Microsoft Corporation) C:\Windows\system32\vmwpevents.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\nfsclnt.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\umount.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mount.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000087552 _____ C:\Windows\system32\hvsiDspdvcclient.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000086016 _____ C:\Windows\SysWOW64\hvsiproxyapp.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000082760 _____ C:\Windows\system32\HvsiMachinePolicies.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000080720 _____ C:\Windows\system32\hvsifiletrust.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000080240 _____ (Microsoft Corporation) C:\Windows\system32\vmwpctrl.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000076128 _____ (Microsoft Corporation) C:\Windows\system32\hvsimgrps.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000071680 _____ C:\Windows\system32\wdagtool.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000068408 _____ (Microsoft Corporation) C:\Windows\system32\VrdUmed.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000066896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsifltr.sys
2023-03-11 21:38 - 2022-09-08 04:08 - 000062288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pvhdparser.sys
2023-03-11 21:38 - 2022-09-08 04:08 - 000061264 _____ C:\Windows\SysWOW64\hvsifiletrust.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000046392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hvsimgrps.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000044344 _____ C:\Windows\system32\AuditSettingsProvider.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000038176 _____ (Microsoft Corporation) C:\Windows\system32\sbresources.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000036176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocketcontrol.sys
2023-03-11 21:38 - 2022-09-08 04:08 - 000028016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hvsicontainerservice.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000027960 _____ (Microsoft Corporation) C:\Windows\system32\vmsifproxystub.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000021328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hnswfpdriver.sys
2023-03-11 21:38 - 2022-09-08 04:08 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2023-03-11 21:38 - 2022-09-08 04:08 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\VmComputeProxy.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\cngkeyhelper.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngkeyhelper.dll
2023-03-11 21:38 - 2022-09-08 04:08 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2023-03-11 21:38 - 2022-09-08 04:06 - 000256312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbusr.sys
2023-03-11 21:38 - 2022-09-08 04:06 - 000206152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2023-03-11 21:38 - 2022-09-08 04:06 - 000041264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vkrnlintvsc.sys
2023-03-11 21:38 - 2022-09-08 04:06 - 000025928 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspiper.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\nfscimprov.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\nfscommgmt.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000153600 _____ (Microsoft Corporation) C:\Windows\system32\nfsadmin.exe
2023-03-11 21:38 - 2019-12-07 10:10 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\HgsClientWmi.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\rpcinfo.exe
2023-03-11 21:38 - 2019-12-07 10:10 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\nfsnp.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000093510 _____ C:\Windows\system32\nfsmgmt.msc
2023-03-11 21:38 - 2019-12-07 10:10 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\showmount.exe
2023-03-11 21:38 - 2019-12-07 10:10 - 000085512 _____ (Microsoft Corporation) C:\Windows\system32\wcsetupagent.exe
2023-03-11 21:38 - 2019-12-07 10:10 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\nfscprop.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000077624 _____ (Microsoft Corporation) C:\Windows\system32\rtpm.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000057856 _____ C:\Windows\system32\hgsclientplugin.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000043640 _____ (Microsoft Corporation) C:\Windows\system32\vmplatformca.exe
2023-03-11 21:38 - 2019-12-07 10:10 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\AttestationWmiProvider.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000028984 _____ (Microsoft Corporation) C:\Windows\system32\UtilityVmSysprep.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000016384 _____ C:\Windows\system32\hgclientserviceps.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\HostGuardianServiceClientResou rces.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000012088 _____ (Microsoft Corporation) C:\Windows\system32\c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll
2023-03-11 21:38 - 2019-12-07 10:10 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\nfsrc.dll
2023-03-11 21:38 - 2019-12-07 10:09 - 000058888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\l2bridge.sys
2023-03-11 21:38 - 2019-12-07 10:09 - 000041784 _____ (Microsoft Corporation) C:\Windows\system32\NvAgent.dll
2023-03-11 21:38 - 2019-12-07 10:09 - 000039440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\passthruparser.sys
2023-03-11 21:38 - 2019-12-07 10:09 - 000031544 _____ (Microsoft Corporation) C:\Windows\system32\vmcomputeeventlog.dll
2023-03-11 21:38 - 2019-12-07 10:09 - 000012816 _____ (Microsoft Corporation) C:\Windows\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2023-03-11 21:38 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\Windows\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2023-03-11 21:38 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\Windows\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2023-03-11 21:38 - 2019-12-07 10:09 - 000012304 _____ (Microsoft Corporation) C:\Windows\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
2023-03-11 21:38 - 2019-12-07 10:07 - 000044344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vkrnlintvsp.sys
2023-03-11 21:32 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-03-11 21:32 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-03-11 21:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-03-11 20:49 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2023-03-11 20:49 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2023-03-11 20:49 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-03-11 20:49 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2023-03-11 20:48 - 2019-12-07 10:52 - 000000000 ____D C:\Windows\OCR
2023-03-11 20:41 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2023-03-11 20:38 - 2022-09-08 04:08 - 000014848 _____ C:\Windows\system32\hnsproxy.dll
2023-03-11 20:38 - 2019-12-07 10:09 - 000006658 _____ C:\Windows\system32\VmChipset Third-Party Notices.txt
2023-03-11 20:35 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-03-11 20:29 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2023-03-11 20:27 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2023-03-11 20:09 - 2019-12-07 10:51 - 000000000 ____D C:\Windows\system32\FxsTmp
2023-03-11 20:09 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\spool
2023-03-11 20:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2023
Ran by zebas (11-03-2023 22:01:26)
Running from C:\Users\zebas\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) (2023-03-11 19:07:25)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1699730293-2890694582-1220986579-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1699730293-2890694582-1220986579-503 - Limited - Disabled)
Guest (S-1-5-21-1699730293-2890694582-1220986579-501 - Limited - Disabled)
User (S-1-5-21-1699730293-2890694582-1220986579-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1699730293-2890694582-1220986579-504 - Limited - Disabled)
zebas (S-1-5-21-1699730293-2890694582-1220986579-1001 - Administrator - Enabled) => C:\Users\zebas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Malwarebytes version 4.5.24.248 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.24.248 - Malwarebytes)
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 110.0.1587.69 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 110.0.1587.63 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
NVIDIA Graphics Driver 516.94 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.94 - NVIDIA Corporation)
[HEADING=1]Packages:[/HEADING]
Cortana → C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.2 1713.0_x64__8wekyb3d8bbwe [2023-03-11] (Microsoft Corporation)
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 08.3.0_x64__8wekyb3d8bbwe [2023-03-11] (Microsoft Corporation) [MS Ad]
MSN Weather → C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211 .0_x64__8wekyb3d8bbwe [2023-03-11] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel → C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8. 1.964.0_x64__56jybvy8sckqj [2023-03-11] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-11] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_ dispig.inf_amd64_ee20464bb4ac57f4\nvshext.dll [2022-08-23] (Nvidia Corporation → NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-11] (Malwarebytes Inc. → Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1699730293-2890694582-1220986579-1001\Control Panel\Desktop\Wallpaper → C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.50.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1699730293-2890694582-1220986579-1001...\StartupApproved\Run: => “OneDrive”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

11-03-2023 20:27:51 Windows Modules Installer
11-03-2023 20:35:01 1

==================== Faulty Device Manager Devices ============

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name: Microsoft Windows Trusted Runtime Secure Service
Description: Microsoft Windows Trusted Runtime Secure Service
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: WindowsTrustedRTProxy
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (03/11/2023 09:59:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/11/2023 09:59:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (03/11/2023 09:59:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/11/2023 09:59:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (03/11/2023 09:59:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/11/2023 09:59:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (03/11/2023 09:59:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/11/2023 09:59:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
[HEADING=1]System errors:[/HEADING]
Error: (03/11/2023 09:47:33 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {a70ff94f-570b-4979-ba5c-e59c9feab61b} to channel Microsoft-Windows-WinINet/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (03/11/2023 09:47:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The hvsics service depends on the CmService service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/11/2023 09:47:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Intel(R) TPM Provisioning Service service to connect.

Error: (03/11/2023 09:47:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Intel(R) Capability Licensing Service TCP IP Interface service to connect.

Error: (03/11/2023 09:47:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The CmService service depends on the hns service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/11/2023 09:47:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VMSP service failed to start due to the following error:
Insufficient system resources exist to complete the requested service.

Error: (03/11/2023 09:47:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The hns service depends on the VfpExt service which failed to start because of the following error:
A device attached to the system is not functioning.

Error: (03/11/2023 09:29:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: 2023-02 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5022834).
[HEADING=1]Windows Defender:[/HEADING]
Date: 2023-03-11 21:45:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-03-11 21:40:54
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.383.1585.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20000.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 3006 10/12/2021
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX Z390-I GAMING
Processor: Intel(R) Core™ i5-9600K CPU @ 3.70GHz
Percentage of memory in use: 26%
Total physical RAM: 16300.97 MB
Available physical RAM: 12059.6 MB
Total Virtual: 19244.97 MB
Available Virtual: 13294.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.13 GB) (Free:428.19 GB) (Model: Samsung SSD 970 EVO 500GB) (Protected) NTFS

\?\Volume{28c1163b-cd9a-4a95-bf7c-ff897f9a3523}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.49 GB) NTFS
\?\Volume{8b03dcf0-0a6b-4682-8d0a-69b61c1e69d5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

================================================== ========
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Thanks again for the help!

**AMINAL** · 03-12-2023, 01:31 AM

I’m very sure this exploit is the culprit: s6_pcie_microblaze/python/payloads/DmaBackdoorHv/README.MD at master · Cr4sh/s6_pcie_microblaze · GitHub

But how?

**Malnutrition** · 03-13-2023, 11:43 PM

Sorry about the delay. A close friend of mine passed away, and I just have not felt up to doing this. You can wait a couple more days or seek help elsewhere.

**AMINAL** · 03-14-2023, 10:08 AM

I’m so sorry for your loss. I completely understand.

My PC seems to be acting fine as of now, if anything irregular comes up again I’ll look elsewhere.

Thank you for your excellent support.

**Malnutrition** · 03-20-2023, 11:59 PM

@AMINAL you still require assistance?

**AMINAL** · 03-21-2023, 11:46 AM

Originally posted by Malnutrition

@AMINAL you still require assistance?

No, thanks. You can close this thread. Pretty sure I was being paranoid from reading too much infosec stuff.
Computer is running fine now. Thanks for the help!

Please help me, getting malware vibes something awful

Comment

Comment

Comment

Comment

Comment

Comment