Windows security not working and shows me blank page, could you please help me?

**Rustys** · 09-19-2023, 04:39 PM

Your duplicate post has been deleted

Probably because Ocean of Games is a hack scam here are a few sites explaining that.

https://www.quora.com/Is-Ocean-of-Games-real

[MEDIA=reddit]PiratedGames/comments/11ycfa8[/MEDIA]

Oceanofgames Reviews and Ratings - MouthShut.com

https://www.mouthshut.com/websites/Oceanofgames-com-reviews-925872111

Rated 4.08/5 by MouthShut users | Help millions of users by writing reviews on MouthShut.com

You need to remove the hacked games and then post in the Malware removal section.

Following the posting instructions and read the PINED messages.

Forums - PC Help Forum

https://pchelpforum.net/f/malware-removal.53/

PCHF Forums

**MaXz** · 09-20-2023, 01:04 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2023

Code:

Ran by ozaga (administrator) on DESKTOP-LO8ADMA (LENOVO 82B5) (20-09-2023 15:55:23)
Running from C:\Users\ozaga\OneDrive\Desktop\FRST64.exe
Loaded Profiles: ozaga
Platform: Microsoft Windows 11 Home Version 22H2 22621.2283 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE → Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE → Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo → Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo → Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo → Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoGamingSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo → Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo → Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.31\msedgewebview2.exe <7>
(C:\Stores\steam\steam.exe ->) (Valve Corp. → Valve Corporation) C:\Stores\steam\bin\cef\cef.win7x64\steamwebhelper.exe <6>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo → Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Chris Andriessen) [File not signed] D:\TaskbarX_1.6.9.0_x64\TaskbarX.exe
(cmd.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(Discord Inc. → Discord Inc.) C:\Users\ozaga\AppData\Local\Discord\app-1.0.9018\Discord.exe <6>
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe ->) (Dolby Laboratories, Inc. → ) C:\ProgramData\Dolby\DAX3\RADARHOST\DSRHost.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe ->) (Dolby Laboratories, Inc. → Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe ->) (Lenovo → Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe ->) (Lenovo → Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\FnHotkeyUtility.exe
(DriverStore\FileRepository\u0359763.inf_amd64_cbe903b159d3b969\B359805\atiesrxx.exe ->) (Advanced Micro Devices, Inc. → AMD) C:\Windows\System32\DriverStore\FileRepository\u0359763.inf_amd64_cbe903b159d3b969\B359805\atieclxx.exe
(explorer.exe ->) (Google LLC → Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12>
(explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Ryochan7) [File not signed] D:\GAMES\ps4\DS4Windows\DS4Windows.exe
(explorer.exe ->) (Valve Corp. → Valve Corporation) C:\Stores\steam\steam.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Nvidia Corporation → Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Adobe Inc. → Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. → AMD) C:\Windows\System32\DriverStore\FileRepository\u0359763.inf_amd64_cbe903b159d3b969\B359805\atiesrxx.exe
(services.exe ->) (Dolby Laboratories, Inc. → Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe
(services.exe ->) (Lenovo → Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo → Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
(services.exe ->) (Lenovo → Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher → Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Novabench Inc. → Novabench Inc.) C:\Program Files\Novabench\resources\NovabenchService.exe
(services.exe ->) (Nvidia Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_f313b6b92f428254\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Valve Corp. → Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 → ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2321.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21472.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21472.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows → ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082672 2020-06-29] (Realtek Semiconductor Corp. → Realtek Semiconductor)
HKLM-x32...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-21] (Microsoft Corporation → Microsoft Corporation)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. → Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\Software\Policies...\system: [EnableSmartScreen] 0
HKU\S-1-5-19...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607648 2023-09-20] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-20...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607648 2023-09-20] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607648 2023-09-20] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\Run: [Discord] => C:\Users\ozaga\AppData\Local\Discord\Update.exe [1525016 2022-12-09] (Discord Inc. → GitHub)
HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\Run: [Steam] => C:\Stores\steam\steam.exe [4374888 2023-09-12] (Valve Corp. → Valve Corporation)
HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37097936 2023-09-13] (Epic Games Inc. → Epic Games, Inc.)
HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\Run: [MicrosoftEdgeAutoLaunch_4EE067D57FD0D0922B95ED503D6EB1D6] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start /prefetch:5 [4219448 2023-09-15] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\MountPoints2: {e0ba2707-b295-11ed-b788-8cc681edac3c} - “E:\setup.exe”
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] → C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files\Google\Chrome\Application\116.0.5845.188\Installer\chrmstp.exe [2023-09-13] (Google LLC → Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] → C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
HKLM\Software...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] →

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {535E2E54-0B4F-4766-98A8-811B0E964055} - \GoogleUpdateTaskMachineQC → No File <==== ATTENTION
Task: {3218B227-8878-4982-AFE4-B41911EFF41D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. → Adobe Inc.)
Task: {F56E0626-FECF-465E-9DEC-D257A307502A} - System32\Tasks\GoogleUpdateTaskMachineCore{53B6130E-5A71-4C6C-8871-E7BDAB14312B} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-25] (Google LLC → Google LLC)
Task: {CD98FB3A-C19D-4820-9026-CAB022F2A23B} - System32\Tasks\GoogleUpdateTaskMachineUA{670D763E-CBBB-471C-A0C1-2B2E3B86D37D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-25] (Google LLC → Google LLC)
Task: {1D1E611E-3581-419A-87B2-5489F07BA4E8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo → Lenovo Group Ltd.)
Task: {49FA9CC6-25C2-4EB3-AB0B-8CFE2B6E82C7} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows → Microsoft Corporation) → START ImControllerService
Task: {22CA7CEE-2711-4CB1-BC86-6154EC70532D} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [102400 2022-05-07] (Microsoft Windows → Microsoft Corporation) → add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {10546009-89F3-4A75-8C5E-492CA7C9D470} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7090d309-a625-4fd8-90ac-c4717741d408 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo → Lenovo Group Ltd.)
Task: {6C188918-823C-4CA7-BDD7-EC1E972FCD70} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8c32e816-e752-4f37-a16d-5f3826855264 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo → Lenovo Group Ltd.)
Task: {A85B8E4B-9DC0-4F34-BF4F-BDD33524259F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a87b0ac1-3a52-4323-ab64-ecfe9403ee51 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo → Lenovo Group Ltd.)
Task: {1672759A-7C30-4EE2-B201-68A5DAD73249} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b86c1d0b-4ae4-4b43-8a5e-715d3c536a34 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo → Lenovo Group Ltd.)
Task: {4CD36F18-2296-4F0D-981D-9B9CFCB9DCAC} - System32\Tasks\Lenovo\LenovoNowLauncher => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.exe [1627048 2023-08-01] (Lenovo → Lenovo)
Task: {4A9711BC-C7D2-4353-82A6-C35BA2083B5D} - System32\Tasks\Lenovo\LenovoNowQuarterlyLaunch => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe [1557928 2023-08-01] (Lenovo → Lenovo)
Task: {192A559D-BDE1-4606-BC75-A20A384D09FE} - System32\Tasks\Lenovo\LenovoNowTask => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe [1557928 2023-08-01] (Lenovo → Lenovo)
Task: {805D5132-E6A9-488E-93F3-80D9900BAD22} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows → Microsoft Corporation) → start LenovoVantageService
Task: {36558826-84D6-405E-8F75-9D480E534C23} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {EDEA40CF-E271-4E38-88BA-131B4A67FF44} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {8BD9DB07-1E6B-4BD6-859B-7287955DDB10} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {F466E691-D748-41AE-8CD0-CCF252922E7D} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {28BFBAA0-4888-4744-AF61-BA87451ED5A7} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {3E01C31B-3DAE-4DEA-B313-44F27CF5F443} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {A0782901-5023-48AF-9E67-5B7B8F2D4B8B} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {C402F431-49A6-4A70-A27B-1533064445F3} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {2D4435FB-8853-4E78-8559-84E776B58BEE} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {EC11C81C-AD46-480D-AAF7-FFE8A3846CA5} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {60C1AF1A-293B-4730-A6AD-9FA91185111D} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {6A33EC5C-612D-418D-A22D-9035088DDFC8} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo → Lenovo)
Task: {80A7EAC7-2042-4424-A9BA-6515F3AD387D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation → Microsoft Corporation)
Task: {C2CB3F2C-3DA8-4C4F-9B8C-9DA764142F20} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation → Microsoft Corporation)
Task: {2994060A-BDEA-432E-9B13-7A172CEE12AA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Task: {9AB18C10-B427-4F17-BE44-D3CEC096FDD5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Task: {63784B8F-DC2C-421B-A2B2-FB186D8BF7E6} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-03] (Microsoft Corporation → Microsoft Corporation)
Task: {137659AE-EB8D-4684-AD84-BB21B816488A} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4377392 2023-09-01] (Microsoft Corporation → Microsoft Corporation)
Task: {9E5D9671-043F-4369-BCDD-36C89C2E7C99} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\WINDOWS\system32\UCPDMgr.exe [58880 2023-09-19] (Microsoft Windows → Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {23B1CC5B-5DC9-4A7B-90F5-C0FE358AE0B7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {CC8E02B8-2986-4965-A228-C36DA10E55D0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {30D75E1A-FB76-4C6D-B146-2B0723243D93} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {765F6CE4-D431-4B4A-964F-AB1B03A6489F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {2FE935F6-1ADA-4464-8C83-94B538595CF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {625F2FE4-375E-4EE9-96A3-6D9B186D60AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {32DFB72C-80A0-4A5C-B9E5-E15A9441B2F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {8323EC11-80AE-4E84-B844-88DC43823DC7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation → NVIDIA Corporation) → -d “C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {2E7C1E7C-3916-449F-ACA6-422CED09AA24} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation → NVIDIA Corporation)
Task: {D5DCCFE5-ADD9-4BEC-B871-E75118A8BBB8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation → NVIDIA Corporation)
Task: {0ACE4E0B-3D15-42CF-BD8D-FE2BE15F1FCB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation → NVIDIA Corporation)
Task: {643CD418-C45A-4F9F-9CD1-24FE6784754A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation → NVIDIA Corporation)
Task: {266FB736-3981-45F1-9C04-8CEA0FAF6C76} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation → NVIDIA Corporation)
Task: {F676F3C7-06BB-43DB-9A69-FB8F4D1B354E} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation → NVIDIA Corporation)
Task: {DDE7EBC8-4874-4786-B289-15695D6DDA49} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation → NVIDIA Corporation)
Task: {0DA24B46-86A7-4097-AC69-5BABC25F0291} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation → NVIDIA Corporation)
Task: {BB5C16C9-90B6-4C84-B7B8-47E8AC49CEB0} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2023-09-20] (Microsoft Corporation → Microsoft Corporation)
Task: {A75FE1C0-580B-480E-A429-3CD864BE3EBF} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3989784722-1943139329-1569411945-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2023-09-20] (Microsoft Corporation → Microsoft Corporation)
Task: {FA9F67F0-ED28-452D-ABB1-9F17DA5076EF} - System32\Tasks\Opera scheduled Autoupdate 1674164695 => C:\Users\ozaga\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {4B138FA6-3FE9-4DEA-AF6D-36F45C4824A4} - System32\Tasks\TaskbarX DESKTOP-LO8ADMAozaga => D:\TaskbarX_1.6.9.0_x64\TaskbarX.exe [169984 2021-04-11] (Chris Andriessen) [File not signed]
Task: {0533C11C-6E3E-4FAD-9CE3-88D07F8B70BB} - System32\Tasks\ViGEmBus_Updater => D:\GAMES\ps4\ViGEmBus_Updater.exe /silent (No File)
Task: {4EB4D9ED-6F68-4BF2-8F93-973146C8EF6D} - System32\Tasks\Window Update => C:\Users\ozaga\AppData\Local\Updates\Run.vbs [1015 2022-05-09] () [File not signed] <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{0035eb69-e1b9-4151-be7e-ccd8f93785bf}: [DhcpNameServer] 192.168.100.1
Tcpip..\Interfaces{28c08eac-4b1e-434b-bd7c-baee3db5cfee}: [DhcpNameServer] 192.168.1.1
[HEADING=1]Edge:[/HEADING]
Edge Profile: C:\Users\ozaga\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-20]
Edge Extension: (Google Translate) - C:\Users\ozaga\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-03-29]
Edge Extension: (Omegle IP locator) - C:\Users\ozaga\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjlelflfdakmhpenaoodokchfhehacmh [2023-05-31]
Edge Extension: (MetaMask) - C:\Users\ozaga\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2023-09-19]
Edge Extension: (Google Docs Offline) - C:\Users\ozaga\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-19]
Edge Extension: (Edge relevant text changes) - C:\Users\ozaga\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-19]
Edge Extension: (uBlock Origin) - C:\Users\ozaga\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-09-19]
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: nv88axkj.default
FF ProfilePath: C:\Users\ozaga\AppData\Roaming\Mozilla\Firefox\Profiles\nv88axkj.default [2023-04-02]
FF ProfilePath: C:\Users\ozaga\AppData\Roaming\Mozilla\Firefox\Profiles\mhidbmt2.default-release [2023-04-02]
FF Plugin: @java.com/DTPlugin,version=11.251.2 → C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2023-09-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.251.2 → C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2023-09-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-03] (Microsoft Corporation → Microsoft Corporation)
FF Plugin: Adobe Acrobat → C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-09-07] (Adobe Inc. → Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 → C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2023-09-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 → C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2023-09-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-03] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-03] (Microsoft Corporation → Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default [2023-09-20]
CHR Extension: (Google Translate) - C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-07-17]
CHR Extension: (uBlock Origin) - C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-09-13]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-08-26]
CHR Extension: (Google Docs Offline) - C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-22]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-09-20]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-09-06]
CHR Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2023-09-17]
CHR Extension: (MetaMask) - C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2023-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-07-17]
CHR HKLM...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM-x32...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. → Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9880840 2023-07-16] (BattlEye Innovations e.K. → )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation → Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe [1928648 2020-05-20] (Dolby Laboratories, Inc. → Dolby Laboratories)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [10933864 2023-08-15] (Electronic Arts, Inc. → Electronic Arts)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [943528 2023-08-04] (EasyAntiCheat Oy → Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. → Epic Games, Inc.)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncHelper.exe [3518480 2023-09-20] (Microsoft Corporation → Microsoft Corporation)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [390400 2020-05-22] (Microsoft Windows Hardware Compatibility Publisher → Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo → Lenovo Group Ltd.)
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe [295904 2023-08-17] (Lenovo → Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe [34176 2023-07-14] (Lenovo → Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9286168 2023-09-14] (Malwarebytes Inc. → Malwarebytes)
R2 NovabenchService5; C:\Program Files\Novabench\resources\NovabenchService.exe [41587096 2023-03-28] (Novabench Inc. → Novabench Inc.)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [46416 2022-05-07] (Microsoft Windows → Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.180.0828.0001\OneDriveUpdaterService.exe [3855376 2023-09-20] (Microsoft Corporation → Microsoft Corporation)
S3 ProtonVPN Service; D:\GAMES\MarvelUA\VPN\v3.0.7\ProtonVPNService.exe [472168 2023-06-01] (Proton Technologies AG → ProtonVPN)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1355760 2023-08-18] (Rockstar Games, Inc. → Rockstar Games)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_f313b6b92f428254\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_f313b6b92f428254\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cpuz157; C:\WINDOWS\temp\cpuz157\cpuz157_x64.sys [43016 2023-09-20] (Microsoft Windows Hardware Compatibility Publisher → CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. → Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222272 2023-09-19] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-05-30] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-08-18] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation → NVIDIA Corporation)
S3 ProtonVPNCallout; D:\GAMES\MarvelUA\VPN\v3.0.7\Resources\ProtonVPN.CalloutDriver.sys [34176 2023-05-23] (Microsoft Windows Hardware Compatibility Publisher → Proton Technologies AG)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows → Realtek)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. → Samsung Electronics Co., Ltd.)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2023-04-17] (Microsoft Windows Hardware Compatibility Publisher → The OpenVPN Project)
S4 UCPD; C:\WINDOWS\System32\drivers\UCPD.sys [29184 2023-09-19] (Microsoft Windows → Microsoft Corporation)
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [249400 2022-08-30] (Microsoft Windows Hardware Compatibility Publisher → Nefarius Software Solutions e.U.)
U4 MsSecFlt; no ImagePath
U4 Sense; no ImagePath
U4 SgrmAgent; no ImagePath
U4 SgrmBroker; no ImagePath
U4 WdBoot; no ImagePath
S4 WdFilter; system32\drivers\WdFilter.sys 
U4 WdNisDrv; no ImagePath
U4 WdNisSvc; no ImagePath
U4 WinDefend; no ImagePath
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-20 15:53 - 2023-09-20 15:55 - 000000000 ____D C:\FRST
2023-09-19 17:07 - 2023-09-19 17:07 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\MKKE
2023-09-19 17:05 - 2023-09-19 17:06 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2023-09-19 17:05 - 2023-09-19 17:05 - 000001956 _____ C:\Users\Public\Desktop\Mortal Kombat Komplete Edition.lnk
2023-09-19 16:57 - 2023-09-19 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mortal Kombat Komplete Edition
2023-09-19 16:42 - 2023-09-19 16:42 - 000000000 ____D C:\Users\ozaga\AppData\Local\PlaceholderTileLogoFolder
2023-09-19 15:48 - 2023-09-19 15:48 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Warner Bros. Interactive Entertainment
2023-09-19 13:31 - 2023-09-19 13:31 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-09-19 13:29 - 2023-09-19 13:29 - 000000000 __D C:\Users\ozaga\AppData\Local\Publishers
2023-09-19 13:27 - 2023-09-19 13:27 - 000000020 SH C:\Users\ozaga\ntuser.ini
2023-09-19 07:01 - 2023-09-20 12:56 - 000000006 H C:\WINDOWS\Tasks\SA.DAT
2023-09-19 07:01 - 2023-09-20 01:14 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3989784722-1943139329-1569411945-1001
2023-09-19 07:01 - 2023-09-20 01:14 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-19 07:01 - 2023-09-19 15:41 - 000852264 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-09-19 07:01 - 2023-09-19 07:01 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2023-09-19 07:01 - 2023-09-19 07:01 - 000011433 _____ C:\WINDOWS\diagerr.xml
2023-09-19 07:01 - 2023-09-19 07:01 - 000003604 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1674164695
2023-09-19 07:01 - 2023-09-19 07:01 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-09-19 07:01 - 2023-09-19 07:01 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-09-19 07:01 - 2023-09-19 07:01 - 000003432 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{670D763E-CBBB-471C-A0C1-2B2E3B86D37D}
2023-09-19 07:01 - 2023-09-19 07:01 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-19 07:01 - 2023-09-19 07:01 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-09-19 07:01 - 2023-09-19 07:01 - 000003208 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{53B6130E-5A71-4C6C-8871-E7BDAB14312B}
2023-09-19 07:01 - 2023-09-19 07:01 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-19 07:01 - 2023-09-19 07:01 - 000003068 _____ C:\WINDOWS\system32\Tasks\TaskbarX DESKTOP-LO8ADMAozaga
2023-09-19 07:01 - 2023-09-19 07:01 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-19 07:01 - 2023-09-19 07:01 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-19 07:01 - 2023-09-19 07:01 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-19 07:01 - 2023-09-19 07:01 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-19 07:01 - 2023-09-19 07:01 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-19 07:01 - 2023-09-19 07:01 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-19 07:01 - 2023-09-19 07:01 - 000002750 _____ C:\WINDOWS\system32\Tasks\ViGEmBus_Updater
2023-09-19 07:01 - 2023-09-19 07:01 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-19 07:01 - 2023-09-19 07:01 - 000002634 _____ C:\WINDOWS\system32\Tasks\Window Update
2023-09-19 07:01 - 2023-09-19 07:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\NvStray
2023-09-19 07:01 - 2023-09-19 07:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2023-09-19 06:59 - 2023-09-19 06:59 - 000023788 _____ C:\WINDOWS\system32\emptyregdb.dat
2023-09-19 06:59 - 2023-09-19 06:59 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2023-09-19 06:58 - 2023-09-20 12:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-09-19 06:58 - 2023-09-19 07:01 - 000000000 ____D C:\Windows.old
2023-09-19 06:58 - 2023-09-19 06:58 - 000483472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-09-19 06:58 - 2023-09-19 06:58 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-09-19 06:23 - 2023-09-19 06:58 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Crypto
2023-09-19 06:23 - 2023-09-19 06:23 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\SystemCertificates
2023-09-19 06:23 - 2023-09-19 06:23 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Network
2023-09-19 06:11 - 2023-09-19 06:58 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2023-09-19 06:10 - 2023-09-19 14:33 - 000000000 ____D C:\Users\ozaga
2023-09-19 06:10 - 2023-09-19 13:31 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Windows
2023-09-19 06:10 - 2023-09-19 13:27 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Spelling
2023-09-19 06:10 - 2023-09-19 06:11 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-09-19 06:10 - 2023-09-19 06:10 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2023-09-19 06:10 - 2023-09-19 06:10 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-09-19 06:10 - 2023-09-19 06:10 - 000000000 ____D C:\WINDOWS\Lenovo
2023-09-19 06:10 - 2023-09-19 06:10 - 000000000 ____D C:\WINDOWS\Firmware
2023-09-19 06:04 - 2023-09-19 06:04 - 000638976 _____ C:\WINDOWS\system32\smartscreen.exe
2023-09-19 06:02 - 2023-09-19 06:02 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2023-09-19 06:02 - 2023-09-19 06:02 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-09-19 06:02 - 2023-09-19 06:02 - 000000000 ____D C:\WINDOWS\addins
2023-09-19 06:01 - 2023-09-19 06:01 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2023-09-19 06:01 - 2023-09-19 06:01 - 000000000 ____D C:\WINDOWS\system32\ar
2023-09-19 06:01 - 2023-09-19 06:01 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-09-19 06:01 - 2023-09-19 06:01 - 000000000 ____D C:\Program Files\MSBuild
2023-09-19 06:01 - 2023-09-19 06:01 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-09-19 06:01 - 2023-09-19 06:01 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-09-19 05:55 - 2023-09-19 05:55 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2023-09-19 04:14 - 2023-09-19 13:27 - 000000000 ___DC C:\WINDOWS\Panther
2023-09-19 04:13 - 2023-09-19 04:14 - 000000036 _____ C:\WINDOWS\progress.ini
2023-09-19 04:09 - 2023-09-19 04:13 - 000000000 ___HD C:$GetCurrent
2023-09-19 04:09 - 2023-09-19 04:13 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2023-09-19 03:48 - 2023-09-19 03:48 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\CEF
2023-09-19 03:44 - 2023-09-19 03:48 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\NVIDIA Corporation
2023-09-19 03:44 - 2023-09-19 03:44 - 000000000 ____D C:\Users\defaultuser100000\ansel
2023-09-19 03:43 - 2023-09-19 15:00 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\ConnectedDevicesPlatform
2023-09-19 03:43 - 2023-09-19 15:00 - 000000000 ____D C:\Users\defaultuser100000
2023-09-19 03:43 - 2023-09-19 03:50 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\Malwarebytes
2023-09-19 03:43 - 2023-09-19 03:43 - 000000000 ___SD C:\Users\defaultuser100000\AppData\Roaming\Microsoft\SystemCertificates
2023-09-19 03:43 - 2023-09-19 03:43 - 000000000 ___SD C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Protect
2023-09-19 03:43 - 2023-09-19 03:43 - 000000000 ___SD C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Crypto
2023-09-19 03:43 - 2023-09-19 03:43 - 000000000 ___SD C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Credentials
2023-09-19 03:43 - 2023-09-19 03:43 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Windows
2023-09-19 03:43 - 2023-09-19 03:43 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\Packages
2023-09-19 03:43 - 2023-09-19 03:43 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\NVIDIA
2023-09-19 03:43 - 2023-09-19 03:43 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\D3DSCache
2023-09-19 03:43 - 2023-09-19 03:43 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\AMD
2023-09-19 03:43 - 2022-12-29 00:02 - 000000000 ___RD C:\Users\defaultuser100000\OneDrive
2023-09-19 03:37 - 2023-09-19 03:37 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Sun
2023-09-19 03:06 - 2023-09-19 03:06 - 000001245 _____ C:\AiOLog.txt
2023-09-19 03:05 - 2023-09-19 15:00 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2023-09-19 03:05 - 2023-09-19 15:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2023-09-19 03:03 - 2023-09-19 15:00 - 000000000 ____D C:\AiO-Files
2023-09-19 01:30 - 2023-09-20 12:57 - 000000000 ____D C:\Users\ozaga\AppData\Local\Updates
2023-09-19 01:30 - 2023-09-19 15:00 - 000000000 ____D C:\Program Files\Java
2023-09-19 01:30 - 2023-09-19 03:08 - 000000000 ____D C:\Program Files (x86)\OceanofGames.ccom
2023-09-19 01:30 - 2023-09-19 01:30 - 000129192 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2023-09-19 01:30 - 2023-09-19 01:30 - 000014544 _____ (OpenLibSys.org) C:\WINDOWS\system32\WinRing0x64.sys
2023-09-19 01:29 - 2023-09-19 15:00 - 000000000 ____D C:\Program Files (x86)\Java
2023-09-19 01:29 - 2023-09-19 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2023-09-19 01:29 - 2023-09-19 01:29 - 000114344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2023-09-19 01:29 - 2023-09-19 01:29 - 000000000 ____D C:\Users\ozaga\AppData\LocalLow\Sun
2023-09-07 19:01 - 2023-09-07 19:01 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Crystal Dynamics
2023-08-31 11:23 - 2023-08-31 11:24 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\IO Interactive
2023-08-31 08:12 - 2023-08-31 08:12 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\fortnite-mod-menu-nativefier-43365e
2023-08-31 08:09 - 2023-08-31 08:10 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\cheat-lab™-nativefier-330876
2023-08-31 08:08 - 2023-08-31 08:08 - 000001094 _____ C:\Users\ozaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cheat Lab™.lnk
2023-08-28 07:48 - 2023-08-28 07:48 - 000000000 ____D C:\Users\ozaga\AppData\Local\CrashReportClient
2023-08-22 11:40 - 2023-09-20 02:45 - 000000000 ___HD C:\ProgramData\Dllhost
2023-08-22 11:40 - 2023-08-22 11:40 - 000000340 _____ C:\logs.uce
2023-08-22 11:40 - 2023-08-22 11:40 - 000000000 ____D C:\Users\ozaga\AppData\Local\SystemCache

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-20 15:55 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-09-20 15:41 - 2023-08-02 00:04 - 000000000 ____D C:\Users\ozaga\AppData\Local\Malwarebytes
2023-09-20 15:01 - 2022-12-25 13:38 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-20 14:56 - 2023-07-17 00:28 - 000000000 ____D C:\Users\ozaga\AppData\Local\Discord
2023-09-20 14:04 - 2022-12-25 14:53 - 000000000 ____D C:\ProgramData\NVIDIA
2023-09-20 14:04 - 2022-05-07 08:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-20 13:47 - 2022-12-24 18:33 - 000000000 ____D C:\Users\ozaga\AppData\Local\D3DSCache
2023-09-20 13:03 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-09-20 12:56 - 2022-12-30 12:51 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-20 12:56 - 2022-12-25 14:06 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\discord
2023-09-20 12:56 - 2022-12-25 05:18 - 000012288 ___SH C:\DumpStack.log.tmp
2023-09-20 12:56 - 2022-12-24 18:31 - 000000000 ___RD C:\Users\ozaga\OneDrive
2023-09-20 12:56 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-09-20 12:55 - 2023-01-29 22:01 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\WeMod
2023-09-20 12:55 - 2022-05-07 08:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-09-20 01:26 - 2022-12-24 18:30 - 000000000 ____D C:\Users\ozaga\AppData\Local\Packages
2023-09-20 01:14 - 2022-12-29 00:02 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-20 01:14 - 2022-05-07 08:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-20 01:08 - 2023-07-23 02:30 - 000000000 ____D C:\Users\ozaga\AppData\Local\CrashDumps
2023-09-19 17:07 - 2022-12-24 18:33 - 000000000 ____D C:\Users\ozaga\OneDrive\Documents\CPY_SAVES
2023-09-19 17:04 - 2023-01-19 22:51 - 000000000 ____D C:\Stores
2023-09-19 16:55 - 2022-05-07 08:22 - 000000000 ____D C:\WINDOWS\INF
2023-09-19 16:04 - 2023-08-02 00:04 - 000000000 ____D C:\Users\ozaga\AppData\Local\VirtualStore
2023-09-19 16:04 - 2022-12-25 15:52 - 000000000 ____D C:\Program Files\WinRAR
2023-09-19 16:04 - 2022-12-24 18:30 - 000000000 ____D C:\ProgramData\Packages
2023-09-19 15:36 - 2023-02-23 20:16 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\DS4Windows
2023-09-19 15:00 - 2022-12-25 14:53 - 000000000 ____D C:\ProgramData\Package Cache
2023-09-19 14:40 - 2023-07-23 02:13 - 000000000 ____D C:\Users\ozaga\AppData\Local\ElevatedDiagnostics
2023-09-19 14:18 - 2022-05-07 08:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-09-19 14:18 - 2022-05-07 08:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-09-19 14:16 - 2022-05-07 08:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-09-19 14:16 - 2022-05-07 08:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-09-19 14:04 - 2023-03-21 23:28 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\MMC
2023-09-19 13:59 - 2022-05-07 08:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-09-19 13:45 - 2022-05-07 08:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-19 13:43 - 2022-05-07 08:17 - 000000000 ____D C:\WINDOWS\servicing
2023-09-19 13:36 - 2022-12-25 18:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-09-19 13:33 - 2022-12-25 18:37 - 177941912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-09-19 13:33 - 2022-12-25 14:27 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-19 13:31 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-09-19 13:27 - 2022-12-24 18:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-09-19 07:05 - 2019-12-07 12:14 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2023-09-19 07:01 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-09-19 07:01 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\Registration
2023-09-19 07:00 - 2022-12-25 13:39 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-19 06:59 - 2022-12-24 18:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2023-09-19 06:59 - 2022-05-07 08:24 - 000000000 __RHD C:\Users\Public\Libraries
2023-09-19 06:59 - 2022-05-07 08:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-09-19 06:58 - 2023-06-26 14:01 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2023-09-19 06:58 - 2023-06-26 14:00 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2023-09-19 06:58 - 2023-06-10 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
2023-09-19 06:58 - 2023-05-14 00:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2023-09-19 06:58 - 2023-05-11 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2023-09-19 06:58 - 2023-04-21 16:02 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-09-19 06:58 - 2023-04-21 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2023-09-19 06:58 - 2023-02-28 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2023-09-19 06:58 - 2023-02-26 17:25 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2023-09-19 06:58 - 2023-02-17 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5
2023-09-19 06:58 - 2023-01-29 22:01 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2023-09-19 06:58 - 2023-01-19 23:04 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-09-19 06:58 - 2023-01-19 22:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2023-09-19 06:58 - 2022-12-28 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-09-19 06:58 - 2022-12-25 15:52 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-09-19 06:58 - 2022-12-25 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-09-19 06:58 - 2022-12-25 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-09-19 06:58 - 2022-12-25 14:06 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2023-09-19 06:58 - 2022-12-25 05:19 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-19 06:58 - 2022-05-07 08:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-09-19 06:58 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-09-19 06:58 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-09-19 06:58 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2023-09-19 06:58 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-09-19 06:58 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-09-19 06:58 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-09-19 06:11 - 2023-06-28 03:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2023-09-19 06:11 - 2023-01-05 15:02 - 000000000 ____D C:\Program Files (x86)\Razer
2023-09-19 06:10 - 2022-05-07 08:28 - 000000000 ____D C:\WINDOWS\Setup
2023-09-19 06:10 - 2022-05-07 08:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\WUModels
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\UUS
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-09-19 06:09 - 2022-05-07 08:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-09-19 06:08 - 2022-05-07 09:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-09-19 06:08 - 2022-05-07 09:10 - 000023775 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2023-09-19 06:08 - 2022-05-07 08:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-09-19 06:08 - 2022-05-07 08:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-09-19 06:03 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\OCR
2023-09-19 06:03 - 2022-05-07 08:20 - 000520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2023-09-19 06:03 - 2022-05-07 08:20 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2023-09-19 06:03 - 2022-05-07 08:20 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2023-09-19 06:03 - 2022-05-07 08:20 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2023-09-19 06:03 - 2022-05-07 08:20 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2023-09-19 06:01 - 2022-05-07 09:10 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-09-19 06:01 - 2022-05-07 09:10 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-09-19 06:01 - 2022-05-07 09:01 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2023-09-19 06:01 - 2022-05-07 09:01 - 000000000 ____D C:\WINDOWS\system32\WCN
2023-09-19 06:01 - 2022-05-07 08:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-09-19 06:01 - 2022-05-07 08:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-09-19 06:01 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2023-09-19 06:01 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-09-19 06:01 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-09-19 06:01 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2023-09-19 06:01 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\IME
2023-09-17 13:34 - 2022-12-28 23:29 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-15 00:24 - 2022-12-25 19:26 - 000002083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-09-12 00:25 - 2023-07-29 03:12 - 000000000 ____D C:\Users\ozaga\AppData\Local\WeMod
2023-09-12 00:25 - 2023-07-17 00:28 - 000000000 ____D C:\Users\ozaga\AppData\Local\SquirrelTemp
2023-09-06 16:14 - 2022-12-25 14:28 - 000000000 ____D C:\Program Files (x86)\Lenovo
2023-08-29 09:40 - 2022-12-29 14:14 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\UProof
2023-08-21 14:18 - 2023-01-21 19:59 - 000000000 ____D C:\Users\ozaga\AppData\Roaming\Microsoft\Excel

==================== Files in the root of some directories ========

2023-07-14 16:41 - 2023-07-16 13:54 - 000000032 _____ () C:\Users\ozaga\AppData\Roaming.machineId

==================== FLock ==============================

2023-09-19 06:04 C:\WINDOWS\system32\smartscreen.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2023
Ran by ozaga (20-09-2023 15:56:27)
Running from C:\Users\ozaga\OneDrive\Desktop
Microsoft Windows 11 Home Version 22H2 22621.2283 (X64) (2023-09-19 04:01:36)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3989784722-1943139329-1569411945-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3989784722-1943139329-1569411945-503 - Limited - Disabled)
Guest (S-1-5-21-3989784722-1943139329-1569411945-501 - Limited - Disabled)
ozaga (S-1-5-21-3989784722-1943139329-1569411945-1001 - Administrator - Enabled) => C:\Users\ozaga
WDAGUtilityAccount (S-1-5-21-3989784722-1943139329-1569411945-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM...{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.006.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32...{AC76BA86-0804-1033-1959-018244601052}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Blitz (HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\153f8ce0-b97a-575b-ba12-4ff8b1481894) (Version: 2.1.52 - Blitz, Inc.)
CPUID CPU-Z 2.06 (HKLM...\CPUID CPU-Z_is1) (Version: 2.06 - CPUID, Inc.)
Discord (HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\Discord) (Version: 1.0.9008 - Discord Inc.)
EA app (HKLM...{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.4.0.5517 - Electronic Arts) Hidden
EA app (HKLM-x32...{3334fbf5-65e0-4fde-8578-77988a93f0c1}) (Version: 13.4.0.5517 - Electronic Arts)
Epic Games Launcher (HKLM-x32...{20235E2B-1E9F-473D-A215-B2467F1F06E3}) (Version: 1.3.51.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM...{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32...{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)
Injustice 2 (HKLM-x32...\Injustice 2_is1) (Version: - )
Java 8 Update 251 (64-bit) (HKLM...{26A24AE4-039D-4CA4-87B4-2F64180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Java 8 Update 251 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32...{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Legion Arena (HKLM-x32...\Legion Arena_is1) (Version: 1.3.1.1 - Lenovo Group Ltd.)
Lenovo Now (HKLM-x32...\Lenovo Now) (Version: 3.10.1.2 - Lenovo Group Ltd.)
Lenovo Vantage Service (HKLM-x32...\VantageSRV_is1) (Version: 3.13.72.0 - Lenovo Group Ltd.)
Malwarebytes version 4.6.1.280 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.1.280 - Malwarebytes)
Marvel Ultimate Alliance 2 (HKLM-x32...\Marvel Ultimate Alliance 2_is1) (Version: - )
Microsoft .NET Host - 6.0.14 (x64) (HKLM...{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM...{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM...{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - en-us (HKLM...\O365ProPlusRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft ASP.NET Core 6.0.13 - Shared Framework (x64) (HKLM-x32...{373915e3-2fa6-41a5-80e3-49fe1115263d}) (Version: 6.0.13.22580 - Microsoft Corporation)
Microsoft ASP.NET Core 6.0.13 Shared Framework (x64) (HKLM...{A6500837-F3BE-357E-9A21-6A78D098659F}) (Version: 6.0.13.22580 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 117.0.2045.31 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 117.0.2045.31 - Microsoft Corporation)
Microsoft OneDrive (HKLM...\OneDriveSetup.exe) (Version: 23.180.0828.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\Teams) (Version: 1.5.00.8070 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM...{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM...{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM...{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM...{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32...{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32...{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32...{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32...{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32...{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32...{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM...{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM...{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.14 (x64) (HKLM...{424D9E0C-14D9-4D4B-9562-845689D972F6}) (Version: 48.59.55235 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.14 (x64) (HKLM-x32...{c4558324-5b32-43fc-9ac2-423fee96dae0}) (Version: 6.0.14.32124 - Microsoft Corporation)
Mortal Kombat Komplete Edition MULTi7 - ElAmigos version 1.0 u2 (HKLM-x32...{5C7E5033-C921-4C97-8523-62C1DB74CBF1}_is1) (Version: 1.0 u2 - Warner Bros)
MSI Afterburner 4.6.5 (HKLM-x32...\Afterburner) (Version: 4.6.5 - MSI Co., LTD)
Novabench (HKLM...{EC2EF57B-081B-48B0-9AD3-7BB5CD7CBA4A}) (Version: 5.2.4 - Novabench Inc.)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Graphics Driver 536.40 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.40 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32...\OBS Studio) (Version: 29.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Process Hacker 2.39 (r124) (HKLM...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Proton VPN (HKLM...\Proton VPN_is1) (Version: 3.0.7 - Proton AG)
PyCharm Community Edition 2022.2.1 (HKLM-x32...\PyCharm Community Edition 2022.2.1) (Version: 222.3739.56 - JetBrains s.r.o.)
Python 3.9.13 (64-bit) (HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...{f599560c-4808-4daa-85d8-15f363099f67}) (Version: 3.9.13150.0 - Python Software Foundation)
Python 3.9.13 Core Interpreter (64-bit) (HKLM...{D7536B55-7339-436F-A2B3-8B8C0240DF32}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden
Python 3.9.13 Development Libraries (64-bit) (HKLM...{A621340A-3F22-40D3-9CCD-50B048EBB48E}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden
Python 3.9.13 Documentation (64-bit) (HKLM...{1FB094A5-7604-4C0F-A1FB-EAB7ED730DE2}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden
Python 3.9.13 Executables (64-bit) (HKLM...{D497CDAE-43AC-4397-A1C6-B66A7A8F8010}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden
Python 3.9.13 pip Bootstrap (64-bit) (HKLM...{72964D30-1BFE-459F-B218-D267EBE0D5B2}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden
Python 3.9.13 Standard Library (64-bit) (HKLM...{90A30DAB-6FD8-4CF8-BB8B-C0DB21C69F20}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden
Python 3.9.13 Tcl/Tk Support (64-bit) (HKLM...{E7233E87-1712-40E0-8207-17C8D0157FCC}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden
Python 3.9.13 Test Suite (64-bit) (HKLM...{7491B488-F171-4A97-935A-9098E7CE2A26}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden
Python 3.9.13 Utility Scripts (64-bit) (HKLM...{618E9DD0-9212-486C-AB4A-023ACAB7CD36}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32...{1A8286E4-2F70-4165-B2BF-CC6B49664005}) (Version: 3.9.7806.0 - Python Software Foundation)
RivaTuner Statistics Server 7.3.4 (HKLM-x32...\RTSS) (Version: 7.3.4 - Unwinder)
Roblox Player for ozaga (HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\roblox-player) (Version: - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32...\Rockstar Games Launcher) (Version: 1.0.76.1567 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32...\Rockstar Games Social Club) (Version: 2.1.9.2 - Rockstar Games)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32...{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation)
TechPowerUp GPU-Z (HKLM-x32...{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: 2.54.0 - TechPowerUp)
ViGEm Bus Driver (HKLM...{9C581C76-2D68-40F8-AA6F-94D3C5215C05}) (Version: 1.21.442 - Nefarius Software Solutions e.U.)
WeMod (HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\WeMod) (Version: 8.11.2 - WeMod)
Windows 11 Installation Assistant (HKLM-x32...{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.2063 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\ZoomUMX) (Version: 5.13.11 (13434) - Zoom Video Communications, Inc.)
[HEADING=1]Packages:[/HEADING]
AMD Radeon Software → C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m [2023-09-19] (Advanced Micro Devices Inc.) [Startup Task]
Dolby Atmos for Gaming → C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosforGaming_3.20602.609.0_x64__rz1tebttyb220 [2023-09-19] (Dolby Laboratories)
Lenovo Companion → C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2308.29.0_x64__k1h2ywk1493x8 [2023-09-19] (LENOVO INC.)
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-09-19] (Microsoft Corporation) [MS Ad]
Microsoft Family → C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2023-09-19] (Microsoft Corp.)
Microsoft.WindowsAppRuntime.CBS → C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-19] (Microsoft Corporation)
MicrosoftWindows.Client.FileExp → C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-19] (Microsoft Corporation)
NVIDIA Control Panel → C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-09-19] (NVIDIA Corp.)
Outlook for Windows → C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.526.0_x64__8wekyb3d8bbwe [2023-09-19] (Microsoft Corporation)
Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-09-19] (Microsoft Corporation)
Realtek Audio Control → C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2023-09-19] (Realtek Semiconductor Corp)
Solitaire & Casual Games → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-09-19] (Microsoft Studios) [MS Ad]
WhatsApp → C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2321.4.0_x64__cv1g1gvanyjgm [2023-09-19] (WhatsApp Inc.) [Startup Task]
WinRAR → C:\Program Files\WinRAR [2023-09-19] (win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3989784722-1943139329-1569411945-1001_Classes\CLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 → C:\Users\ozaga\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22062.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3989784722-1943139329-1569411945-1001_Classes\CLSID{1f2907a4-dcbc-5d1c-2783-85d60ccd745a}\localserver32 → D:\GAMES\MarvelUA\VPN\v3.0.5\ProtonVPN.exe (Proton Technologies AG → )
ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-30] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-20] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_f313b6b92f428254\nvshext.dll [2023-06-26] (NVIDIA Corporation → NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-30] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers6: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH → Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2023-02-23 20:14 - 2022-08-08 06:02 - 000019968 _____ () [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\SharpOSC.dll
2023-02-23 20:14 - 2023-01-05 23:51 - 000269312 _____ (Benjamin Höglinger-Stelzer) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Nefarius.Utilities.DeviceManagement.dll
2023-02-23 20:14 - 2022-01-17 10:30 - 000090624 _____ (Bernhard Millauer,Uwe Mayer, Konrad Mattheis) [File not signed] D:\GAMES\ps4\DS4Windows\WPFLocalizeExtension.dll
2023-02-23 20:14 - 2022-04-05 15:57 - 001199104 _____ (DotNetProjects) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\DotNetProjects.Wpf.Extended.Toolkit.dll
2017-03-02 15:19 - 2017-03-02 15:19 - 000310272 ____N (easyhook.codeplex.com) [File not signed] C:\ProgramData\Dolby\DAX3\RADARHOST\EasyHook64.dll
2023-02-23 20:14 - 2022-02-11 02:07 - 000336896 _____ (GitHub Community) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Microsoft.Win32.TaskScheduler.dll
2023-02-23 20:14 - 2022-11-08 19:46 - 000339456 _____ (havendv → Lakritzator and Philipp Sumi) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\H.NotifyIcon.dll
2023-02-23 20:14 - 2022-11-08 19:47 - 000109568 _____ (havendv → Lakritzator and Philipp Sumi) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\H.NotifyIcon.Wpf.dll
2023-02-23 20:14 - 2022-09-08 10:16 - 000017920 _____ (Michael Denny, Contributors (see GitHub repo)) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\WpfScreenHelper.dll
2023-02-23 20:14 - 2022-10-26 05:21 - 000212992 _____ (Nefarius Software Solutions e.U.) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Nefarius.ViGEm.Client.dll
2023-09-19 15:36 - 2023-09-19 15:36 - 000174592 _____ (Nefarius Software Solutions e.U.) [File not signed] C:\Users\ozaga\AppData\Local\Temp\Costura\B4046D3CFAA9590D376E0436D537BF26\64\vigemclient.dll
2023-02-23 20:14 - 2022-12-30 02:01 - 000837120 _____ (NLog) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\NLog.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 003742720 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\DS4Windows.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000011776 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\ar\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000011776 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\cs\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000017920 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\de\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000010752 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\es\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000011264 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\fr\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000011264 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\he\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000010752 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\hu-HU\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000010240 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\it\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000019968 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\ja\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000010752 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\nl\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000010752 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\pl\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000011264 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\pt\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000010752 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\pt-BR\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000665600 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\ru\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000016896 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\se\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000011264 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\uk-UA\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000020480 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\zh-Hans\DS4Windows.resources.dll
2023-02-23 20:14 - 2023-02-05 23:52 - 000016896 _____ (Ryochan7) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\Lang\zh-Hant\DS4Windows.resources.dll
2023-02-23 20:14 - 2022-01-17 10:12 - 000036864 _____ (Uwe Mayer,Konrad Mattheis,Bernhard Millauer) [File not signed] [File is in use] D:\GAMES\ps4\DS4Windows\XAMLMarkupExtensions.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ozaga\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-3989784722-1943139329-1569411945-1001 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-03] (Microsoft Corporation → Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2023-09-19] (Oracle America, Inc. → Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2023-09-19] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-03] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2023-09-19] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2023-09-19] (Oracle America, Inc. → Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo → Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo → Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo → Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3989784722-1943139329-1569411945-1001...\sharepoint.com → hxxps://iubhfs-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 12:14 - 2023-06-14 13:39 - 000002748 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 avast.com
0.0.0.0 www.avast.com
0.0.0.0 totalav.com
0.0.0.0 www.totalav.com
0.0.0.0 scanguard.com
0.0.0.0 www.scanguard.com
0.0.0.0 totaladblock.com
0.0.0.0 www.totaladblock.com
0.0.0.0 pcprotect.com
0.0.0.0 www.pcprotect.com
0.0.0.0 mcafee.com
0.0.0.0 www.mcafee.com
0.0.0.0 bitdefender.com
0.0.0.0 www.bitdefender.com
0.0.0.0 us.norton.com
0.0.0.0 www.us.norton.com
0.0.0.0 avg.com
0.0.0.0 www.avg.com
0.0.0.0 malwarebytes.com
0.0.0.0 www.malwarebytes.com
0.0.0.0 pandasecurity.com
0.0.0.0 www.pandasecurity.com
0.0.0.0 surfshark.com
0.0.0.0 www.surfshark.com
0.0.0.0 avira.com
0.0.0.0 www.avira.com
0.0.0.0 norton.com
0.0.0.0 www.norton.com
0.0.0.0 eset.com
0.0.0.0 www.eset.com

2023-01-19 00:41 - 2023-01-21 15:22 - 000000718 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\OpenSSH
HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\Control Panel\Desktop\Wallpaper → D:\Pictures\1b18a91c4ec64f578ddd0333ae62529d.jpeg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B17F329E-0432-4D45-AF68-203837DD8C50}] => (Allow) C:\Stores\steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe => No File
FirewallRules: [{0E82A596-3659-42F3-8D40-E56B8CDD8885}] => (Allow) C:\Stores\steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe => No File
FirewallRules: [{D358AAFE-EA30-43F6-8102-D0D6759CEB90}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.31\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{29A6D1A1-FFFC-4ADF-B596-439B996611F3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [{C6B95337-65F8-4FCD-BFE5-126DD66B4159}] => (Allow) D:\SteamLibrary\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix LTD → Square Enix)
FirewallRules: [{F8562D88-170F-40EE-A28E-541ED4E5F0FA}] => (Allow) D:\SteamLibrary\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix LTD → Square Enix)
FirewallRules: [{20BC7D6F-2703-4B9F-973A-DB8604697A11}] => (Allow) C:\Stores\steam\steamapps\common\VRChat\launch.exe () [File not signed]
FirewallRules: [{AAE34603-95DB-495D-9809-25F5B92C55E0}] => (Allow) C:\Stores\steam\steamapps\common\VRChat\launch.exe () [File not signed]
FirewallRules: [UDP Query User{B45E4FA5-4E97-46D8-8176-A5E83711AC3D}C:\stores\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\stores\steam\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [TCP Query User{BAD91629-4CA8-472A-9ED6-1E226F09B364}C:\stores\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\stores\steam\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [UDP Query User{18C12B42-427A-4AA3-8E87-64C1CA39206D}D:\games\league\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\league\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [TCP Query User{DB1A566D-FBEB-42B4-84A6-4FE6419E943B}D:\games\league\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\league\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [UDP Query User{6F501AD0-D389-4B05-847E-CAADE534EBE0}C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{F2CDC8A3-8DBE-4B66-9997-D8FFCCC91A01}C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{5CD8F03F-D79C-484D-92E7-3B395D3D0978}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{067BCCF3-E202-45C0-9B41-D5E9B72A24DD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{2FDB2598-B402-4A70-931F-4A8F501743A6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{1726B597-142E-4BBB-9D24-665750378B17}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [UDP Query User{F498C356-1351-47E5-BF6F-69710B437A6D}D:\games\grand theft auto\gtav\gtav\gta5.exe] => (Allow) D:\games\grand theft auto\gtav\gtav\gta5.exe (Rockstar Games, Inc. → Rockstar Games)
FirewallRules: [TCP Query User{0E9878CD-9D85-42DB-8818-2C10FAC507EF}D:\games\grand theft auto\gtav\gtav\gta5.exe] => (Allow) D:\games\grand theft auto\gtav\gtav\gta5.exe (Rockstar Games, Inc. → Rockstar Games)
FirewallRules: [{185B7087-488F-492F-A0D7-3AC42CD07A4F}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [{50D4B651-B4B6-4429-B369-0BF9F1EC045B}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [{526BE98F-6400-4F21-AA0E-37CE25EA6EDA}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe => No File
FirewallRules: [{413B95B5-B137-4A0B-BD8D-E8EA368BF628}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe => No File
FirewallRules: [{3196769F-9B73-4553-83AB-F75CA6D69939}] => (Allow) D:\SteamLibrary\steamapps\common\Bully Scholarship Edition\Bully.exe () [File not signed]
FirewallRules: [{C815B0D5-1984-48E5-8526-6A38896C2373}] => (Allow) D:\SteamLibrary\steamapps\common\Bully Scholarship Edition\Bully.exe () [File not signed]
FirewallRules: [UDP Query User{A8BC5C08-8992-431C-A11C-9A7698A90370}D:\games\borderlands\overcooked2\overcooked2.exe] => (Allow) D:\games\borderlands\overcooked2\overcooked2.exe () [File not signed]
FirewallRules: [TCP Query User{8FC0D5CE-0AED-40E3-8F2A-4697FDE6CECE}D:\games\borderlands\overcooked2\overcooked2.exe] => (Allow) D:\games\borderlands\overcooked2\overcooked2.exe () [File not signed]
FirewallRules: [UDP Query User{89D89014-DBEA-40FC-8C76-3DEBB8E2F54B}D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [TCP Query User{A99AD4DE-9A53-4D18-BF7F-773F1AFA83D9}D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [{38FF2B6C-7453-4EBF-8D05-F3D825AF199C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. → Electronic Arts)
FirewallRules: [{78D9C7AF-9525-4D60-A131-76ECD4CC1F4D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. → Electronic Arts)
FirewallRules: [{5189DC7B-EE55-4B39-91D3-8D69342CA8E1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. → Electronic Arts)
FirewallRules: [{270FE9C9-8283-4F24-9082-FDE0873B829F}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. → Electronic Arts)
FirewallRules: [{AA0A65E8-25C0-4D1A-8AFB-68697ADFF0A9}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. → Electronic Arts)
FirewallRules: [{38620A02-93E8-4F4C-9499-673D87484D9A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. → Electronic Arts)
FirewallRules: [{3F014169-B203-4220-9B4A-9356DEF40D8C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. → Electronic Arts)
FirewallRules: [{679DF6E4-6C68-4476-A868-9AA06A009552}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. → Electronic Arts)
FirewallRules: [{3C7EBE6C-D7AD-43C4-BFC6-3C217922D4AF}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. → Electronic Arts)
FirewallRules: [{382E20B5-61D2-4EB8-9BB4-2F4B01D9791C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. → Electronic Arts)
FirewallRules: [{ACB47BD7-06D6-417F-AD70-57A5F13CF0ED}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. → Electronic Arts)
FirewallRules: [{BA8DBD07-8FAC-4E87-96FC-A3DA29124E42}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{6A81B3C1-7D82-4D83-BC13-F445E1790BAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{80A1DAF3-DB58-48E2-A157-CCEF111C21F2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{1F361156-9A11-4C38-8C0E-569575CA307A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{AE997FE0-1E2A-4C43-B283-DBC830633C3E}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [{15548F6B-6494-4B76-9290-23ABFCAF29C1}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [UDP Query User{4B206071-7192-4062-B2FE-56A37C821EF5}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{DE02E927-1D7F-447E-81F9-30B0BE5FF33B}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [{7EBEFE29-41D7-4603-804A-298BC0C783C0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{07908458-F8E3-4BD3-B32A-4FFA333DA398}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{7A9E266A-6D5F-42E8-A721-A70E1CC95A74}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{31E9E811-F47C-46A0-BC17-43B877AACD92}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{CC309DB8-7F59-4931-ACBA-1D023D123FB1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{C874F933-E41B-46AF-AC9D-5ADA64810C73}] => (Allow) C:\Stores\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{FB3D1211-1373-4372-A2D2-C53EADE07913}] => (Allow) C:\Stores\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [UDP Query User{4FEC17AF-A865-4D21-A530-F116376192EA}C:\stores\steam\steam.exe] => (Allow) C:\stores\steam\steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [TCP Query User{701A796E-57EE-4657-BE34-DFB4824BD699}C:\stores\steam\steam.exe] => (Allow) C:\stores\steam\steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [UDP Query User{03E0C898-74C0-47B1-8B17-CE27CDC00BB4}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [TCP Query User{E5F7A08E-EA7F-427C-840E-7E6094256060}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [UDP Query User{F72ECC34-B603-473A-B1D1-3E6EB6031D4D}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [TCP Query User{83FA4E2A-15A9-401A-AA25-0DA2E91D80E3}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [{914D6588-213D-4D6A-8D26-103BC89FF870}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1102.2360.5430_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{C3449A11-42C7-4488-9C6D-0622A9B54BA0}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1102.2360.5430_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [TCP Query User{D2F0B5FF-C9EB-407A-84D8-0B2B38FF8CA7}C:\stores\mortal kombat komplete edition\disccontentpc\mkke.exe] => (Allow) C:\stores\mortal kombat komplete edition\disccontentpc\mkke.exe () [File not signed]
FirewallRules: [UDP Query User{A885C214-309D-4A61-82B5-FD1C155C88A2}C:\stores\mortal kombat komplete edition\disccontentpc\mkke.exe] => (Allow) C:\stores\mortal kombat komplete edition\disccontentpc\mkke.exe () [File not signed]

==================== Restore Points =========================

19-09-2023 13:28:14 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (09/20/2023 12:56:51 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-LO8ADMA$ via https://amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Wed, 20 Sep 2023 09:56:50 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: e48bbdb3-b000-49ed-b833-f04f0f09dfc5

Method: GET(563ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/20/2023 12:56:50 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Wed, 20 Sep 2023 09:56:49 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 1ad4bf83-40cc-4016-9e53-022242b51450

Method: GET(766ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/20/2023 01:08:35 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-LO8ADMA)
Description: Faulting application name: msteamsupdate.exe, version: 23247.1102.2360.5430, time stamp: 0x64f7888c
Faulting module name: msteamsupdate.exe, version: 23247.1102.2360.5430, time stamp: 0x64f7888c
Exception code: 0xc0000005
Fault offset: 0x000000000006885f
Faulting process id: 0x0x2eb4
Faulting application start time: 0x0x1d9eb45d43e62e4
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1102.2360.5430_x64__8wekyb3d8bbwe\msteamsupdate.exe
Faulting module path: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1102.2360.5430_x64__8wekyb3d8bbwe\msteamsupdate.exe
Report Id: 82e89059-49d1-48ad-a194-4e728c53877c
Faulting package full name: MicrosoftTeams_23247.1102.2360.5430_x64__8wekyb3d8bbwe
Faulting package-relative application ID: msteamsupdate

Error: (09/19/2023 05:05:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Stores\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe”.
Dependent Assembly Microsoft.VC90.OpenMP,processorArchitecture=“x86”,publicKeyToken=“1fc8b3b9a1e18e3b”,type=“win32”,version=“9.0.21022.8” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2023 05:01:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Stores\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe”.
Dependent Assembly Microsoft.VC90.OpenMP,processorArchitecture=“x86”,publicKeyToken=“1fc8b3b9a1e18e3b”,type=“win32”,version=“9.0.21022.8” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2023 05:01:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Stores\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe”.
Dependent Assembly Microsoft.VC90.OpenMP,processorArchitecture=“x86”,publicKeyToken=“1fc8b3b9a1e18e3b”,type=“win32”,version=“9.0.21022.8” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2023 05:01:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Stores\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe”.
Dependent Assembly Microsoft.VC90.OpenMP,processorArchitecture=“x86”,publicKeyToken=“1fc8b3b9a1e18e3b”,type=“win32”,version=“9.0.21022.8” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2023 05:00:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Stores\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe”.
Dependent Assembly Microsoft.VC90.OpenMP,processorArchitecture=“x86”,publicKeyToken=“1fc8b3b9a1e18e3b”,type=“win32”,version=“9.0.21022.8” could not be found.
Please use sxstrace.exe for detailed diagnosis.
[HEADING=1]System errors:[/HEADING]
Error: (09/20/2023 12:58:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-LO8ADMA)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (09/19/2023 03:51:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-LO8ADMA)
Description: The server {20532D01-15BE-4BB9-A727-CA34555D881C} did not register with DCOM within the required timeout.

Error: (09/19/2023 02:21:19 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-LO8ADMA)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (09/19/2023 02:17:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/19/2023 02:00:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/19/2023 01:45:51 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-LO8ADMA)
Description: Unable to start a DCOM Server: 5319275A.WhatsAppDesktop_2.2321.4.0_x64__cv1g1gvanyjgm!App.AppXagyrmpyx1bhhy2gjpvcnfecxpg298mss.mca as Unavailable/Unavailable. The error:
“2147958012”
Happened while starting this command:
“C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2321.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe” -ServerName:App.AppXkf4yh0averk473g9chjmra34tgccdh3d.mca

Error: (09/19/2023 01:45:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience.

Error: (09/19/2023 01:45:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJBMP-MICROSOFT.WINDOWSSTORE.

==================== Memory info ===========================

BIOS: LENOVO EUCN39WW 09/09/2022
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 7 4800H with Radeon Graphics
Percentage of memory in use: 47%
Total physical RAM: 15741.32 MB
Available physical RAM: 8279.5 MB
Total Virtual: 25469.32 MB
Available Virtual: 14464.92 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:930.65 GB) (Free:796.74 GB) (Model: WDC WDS100T2B0C-00PXH0) NTFS
Drive d: (Data) (Fixed) (Total:931.5 GB) (Free:561.23 GB) (Model: ST1000LM035-1RK172) NTFS

\?\Volume{038ca1ef-ff5b-4119-b69b-7ecbf074364f}\ () (Fixed) (Total:0.75 GB) (Free:0.08 GB) NTFS
\?\Volume{88f93c96-fd59-46d0-91e9-af2e891142d1}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3494E854)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B1F9947B)

Partition: GPT.

==================== End of Addition.txt =======================

**Rustys** · 09-20-2023, 03:58 PM

User is going through malware removal thread closed and will be reopened once the malware has been removed.

**Malnutrition** · 09-21-2023, 02:54 AM

@MaXz Disable One drive while we work on this machine.

Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:

start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
Task: {4EB4D9ED-6F68-4BF2-8F93-973146C8EF6D} - System32\Tasks\Window Update => C:\Users\ozaga\AppData\Local\Updates\Run.vbs [1015 2022-05-09] () [File not signed] <==== ATTENTION
C:\Users\ozaga\AppData\Local\Updates
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\...\MountPoints2: {e0ba2707-b295-11ed-b788-8cc681edac3c} - "E:\setup.exe"
Task: {535E2E54-0B4F-4766-98A8-811B0E964055} - \GoogleUpdateTaskMachineQC -> No File <==== ATTENTION
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {23B1CC5B-5DC9-4A7B-90F5-C0FE358AE0B7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {CC8E02B8-2986-4965-A228-C36DA10E55D0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {30D75E1A-FB76-4C6D-B146-2B0723243D93} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {765F6CE4-D431-4B4A-964F-AB1B03A6489F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {2FE935F6-1ADA-4464-8C83-94B538595CF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {625F2FE4-375E-4EE9-96A3-6D9B186D60AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {32DFB72C-80A0-4A5C-B9E5-E15A9441B2F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {FA9F67F0-ED28-452D-ABB1-9F17DA5076EF} - System32\Tasks\Opera scheduled Autoupdate 1674164695 => C:\Users\ozaga\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {0533C11C-6E3E-4FAD-9CE3-88D07F8B70BB} - System32\Tasks\ViGEmBus_Updater => D:\GAMES\ps4\ViGEmBus_Updater.exe /silent (No File)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0035eb69-e1b9-4151-be7e-ccd8f93785bf}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{28c08eac-4b1e-434b-bd7c-baee3db5cfee}: [DhcpNameServer] 192.168.1.1
C:\WINDOWS\system32\Tasks\TaskbarX DESKTOP-LO8ADMAozaga
2023-08-22 11:40 - 2023-09-20 02:45 - 000000000 ___HD C:\ProgramData\Dllhost
2023-07-14 16:41 - 2023-07-16 13:54 - 000000032 _____ () C:\Users\ozaga\AppData\Roaming\.machineId
C:\WINDOWS\system32\drivers\etc\hosts
C:\WINDOWS\system32\drivers\etc\hosts.ics
Hosts:
FirewallRules: [{B17F329E-0432-4D45-AF68-203837DD8C50}] => (Allow) C:\Stores\steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe => No File
FirewallRules: [{0E82A596-3659-42F3-8D40-E56B8CDD8885}] => (Allow) C:\Stores\steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe => No File
FirewallRules: [UDP Query User{B45E4FA5-4E97-46D8-8176-A5E83711AC3D}C:\stores\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\stores\steam\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [TCP Query User{BAD91629-4CA8-472A-9ED6-1E226F09B364}C:\stores\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\stores\steam\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [UDP Query User{18C12B42-427A-4AA3-8E87-64C1CA39206D}D:\games\league\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\league\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [TCP Query User{DB1A566D-FBEB-42B4-84A6-4FE6419E943B}D:\games\league\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\league\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [UDP Query User{6F501AD0-D389-4B05-847E-CAADE534EBE0}C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{F2CDC8A3-8DBE-4B66-9997-D8FFCCC91A01}C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{185B7087-488F-492F-A0D7-3AC42CD07A4F}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [{50D4B651-B4B6-4429-B369-0BF9F1EC045B}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [{526BE98F-6400-4F21-AA0E-37CE25EA6EDA}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe => No File
FirewallRules: [{413B95B5-B137-4A0B-BD8D-E8EA368BF628}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe => No File
FirewallRules: [UDP Query User{89D89014-DBEA-40FC-8C76-3DEBB8E2F54B}D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [TCP Query User{A99AD4DE-9A53-4D18-BF7F-773F1AFA83D9}D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [{BA8DBD07-8FAC-4E87-96FC-A3DA29124E42}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{6A81B3C1-7D82-4D83-BC13-F445E1790BAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{80A1DAF3-DB58-48E2-A157-CCEF111C21F2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{1F361156-9A11-4C38-8C0E-569575CA307A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{AE997FE0-1E2A-4C43-B283-DBC830633C3E}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [{15548F6B-6494-4B76-9290-23ABFCAF29C1}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [UDP Query User{4B206071-7192-4062-B2FE-56A37C821EF5}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{DE02E927-1D7F-447E-81F9-30B0BE5FF33B}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
AlternateDataStreams: C:\Users\ozaga\AppData\Local\Temp:$DATA [16]
Unlock: C:\WINDOWS\system32\smartscreen.exe
Folder: C:\Users\ozaga\AppData\Local\SystemCache
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
Cmd: NETSH winsock reset catalog
Cmd: NETSH int ipv4 reset reset.log
Cmd: NETSH int ipv6 reset reset.log
Cmd: ipconfig /release
Cmd: ipconfig /renew
Cmd: ipconfig /flushdns
Cmd: ipconfig /registerdns
Cmd: bitsadmin /list /allusers
Cmd: bitsadmin /reset /allusers
Cmd: Winmgmt /salvagerepository
Cmd: Winmgmt /resetrepository
Cmd: Winmgmt /resyncperf
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::

Download Kaspersky Virus Removal Tool B[/B] and save it to your Desktop.
Very important to save this to your desktop!!

Select the Windows Key and R Key together, the Run box should open.
Copy and paste the following into the run box.
[COLOR=rgb(184, 49, 47)]C:\Users\ozaga\Desktop\KVRT.exe -dontencrypt

Select „Ok“ in the Run box.
If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“.
An EULA window from KVRT will open, tick all confirmation boxes then select “Accept”.
A window from KVRT will open, select “Change Parameters”.
In the new window ensure the following boxes are ticked:

[ul]
[li]System memory[/li][li]Startup objects[/li][li]Boot sectors[/li][li]System drive[/li][/ul]
Then select “OK” and „Start scan“.
When completed: If entries are found, there will be options to choose. If “Cure” is offered, leave as it is. For any other options change to “Delete”, then select “Continue”.
Usually, your system needs a reboot to finish the removal process.
Logfiles can be found on your systemdrive (usually C: ), similar like this:

C:\KVRT2020_Data\Reports\report__.klr

Right click direct onto those reports, select > open with > Notepad.
Save the files and attach them with your next reply.[/COLOR][/COLOR]

**MaXz** · 09-21-2023, 11:44 AM

Originally posted by Malnutrition

@MaXz Disable One drive while we work on this machine.

Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:

start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
Task: {4EB4D9ED-6F68-4BF2-8F93-973146C8EF6D} - System32\Tasks\Window Update => C:\Users\ozaga\AppData\Local\Updates\Run.vbs [1015 2022-05-09] () [File not signed] <==== ATTENTION
C:\Users\ozaga\AppData\Local\Updates
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\...\MountPoints2: {e0ba2707-b295-11ed-b788-8cc681edac3c} - "E:\setup.exe"
Task: {535E2E54-0B4F-4766-98A8-811B0E964055} - \GoogleUpdateTaskMachineQC -> No File <==== ATTENTION
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {23B1CC5B-5DC9-4A7B-90F5-C0FE358AE0B7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {CC8E02B8-2986-4965-A228-C36DA10E55D0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {30D75E1A-FB76-4C6D-B146-2B0723243D93} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {765F6CE4-D431-4B4A-964F-AB1B03A6489F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {2FE935F6-1ADA-4464-8C83-94B538595CF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {625F2FE4-375E-4EE9-96A3-6D9B186D60AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {32DFB72C-80A0-4A5C-B9E5-E15A9441B2F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {FA9F67F0-ED28-452D-ABB1-9F17DA5076EF} - System32\Tasks\Opera scheduled Autoupdate 1674164695 => C:\Users\ozaga\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {0533C11C-6E3E-4FAD-9CE3-88D07F8B70BB} - System32\Tasks\ViGEmBus_Updater => D:\GAMES\ps4\ViGEmBus_Updater.exe /silent (No File)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0035eb69-e1b9-4151-be7e-ccd8f93785bf}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{28c08eac-4b1e-434b-bd7c-baee3db5cfee}: [DhcpNameServer] 192.168.1.1
C:\WINDOWS\system32\Tasks\TaskbarX DESKTOP-LO8ADMAozaga
2023-08-22 11:40 - 2023-09-20 02:45 - 000000000 ___HD C:\ProgramData\Dllhost
2023-07-14 16:41 - 2023-07-16 13:54 - 000000032 _____ () C:\Users\ozaga\AppData\Roaming\.machineId
C:\WINDOWS\system32\drivers\etc\hosts
C:\WINDOWS\system32\drivers\etc\hosts.ics
Hosts:
FirewallRules: [{B17F329E-0432-4D45-AF68-203837DD8C50}] => (Allow) C:\Stores\steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe => No File
FirewallRules: [{0E82A596-3659-42F3-8D40-E56B8CDD8885}] => (Allow) C:\Stores\steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe => No File
FirewallRules: [UDP Query User{B45E4FA5-4E97-46D8-8176-A5E83711AC3D}C:\stores\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\stores\steam\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [TCP Query User{BAD91629-4CA8-472A-9ED6-1E226F09B364}C:\stores\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\stores\steam\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [UDP Query User{18C12B42-427A-4AA3-8E87-64C1CA39206D}D:\games\league\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\league\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [TCP Query User{DB1A566D-FBEB-42B4-84A6-4FE6419E943B}D:\games\league\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\league\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [UDP Query User{6F501AD0-D389-4B05-847E-CAADE534EBE0}C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{F2CDC8A3-8DBE-4B66-9997-D8FFCCC91A01}C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{185B7087-488F-492F-A0D7-3AC42CD07A4F}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [{50D4B651-B4B6-4429-B369-0BF9F1EC045B}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [{526BE98F-6400-4F21-AA0E-37CE25EA6EDA}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe => No File
FirewallRules: [{413B95B5-B137-4A0B-BD8D-E8EA368BF628}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe => No File
FirewallRules: [UDP Query User{89D89014-DBEA-40FC-8C76-3DEBB8E2F54B}D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [TCP Query User{A99AD4DE-9A53-4D18-BF7F-773F1AFA83D9}D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [{BA8DBD07-8FAC-4E87-96FC-A3DA29124E42}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{6A81B3C1-7D82-4D83-BC13-F445E1790BAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{80A1DAF3-DB58-48E2-A157-CCEF111C21F2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{1F361156-9A11-4C38-8C0E-569575CA307A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{AE997FE0-1E2A-4C43-B283-DBC830633C3E}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [{15548F6B-6494-4B76-9290-23ABFCAF29C1}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [UDP Query User{4B206071-7192-4062-B2FE-56A37C821EF5}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{DE02E927-1D7F-447E-81F9-30B0BE5FF33B}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
AlternateDataStreams: C:\Users\ozaga\AppData\Local\Temp:$DATA [16]
Unlock: C:\WINDOWS\system32\smartscreen.exe
Folder: C:\Users\ozaga\AppData\Local\SystemCache
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
Cmd: NETSH winsock reset catalog
Cmd: NETSH int ipv4 reset reset.log
Cmd: NETSH int ipv6 reset reset.log
Cmd: ipconfig /release
Cmd: ipconfig /renew
Cmd: ipconfig /flushdns
Cmd: ipconfig /registerdns
Cmd: bitsadmin /list /allusers
Cmd: bitsadmin /reset /allusers
Cmd: Winmgmt /salvagerepository
Cmd: Winmgmt /resetrepository
Cmd: Winmgmt /resyncperf
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::

Download Kaspersky Virus Removal Tool B[/B] and save it to your Desktop.
Very important to save this to your desktop!!

Select the Windows Key and R Key together, the Run box should open.
Copy and paste the following into the run box.

Select „Ok“ in the Run box.
If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“.
An EULA window from KVRT will open, tick all confirmation boxes then select “Accept”.
A window from KVRT will open, select “Change Parameters”.
In the new window ensure the following boxes are ticked:

[ul]
[li]System memory[/li][li]Startup objects[/li][li]Boot sectors[/li][li]System drive[/li][/ul]
Then select “OK” and „Start scan“.
When completed: If entries are found, there will be options to choose. If “Cure” is offered, leave as it is. For any other options change to “Delete”, then select “Continue”.
Usually, your system needs a reboot to finish the removal process.
Logfiles can be found on your systemdrive (usually C: ), similar like this:

C:\KVRT2020_Data\Reports\report__.klr

Right click direct onto those reports, select > open with > Notepad.
Save the files and attach them with your next reply.
[/COLOR]

[COLOR=rgb(184, 49, 47)]
When I paste
C:\Users\ozaga\Desktop\KVRT.exe -dontencrypt
into the run window it shows me this message in the screenshot.[/color]

**Malnutrition** · 09-21-2023, 12:19 PM

Use this location. If this does not work, then start kvrt by right click and run as admin, screen shot any detections for me.

C:\Users\ozaga\OneDrive\Desktop\KVRT.exe -dontencrypt

**MaXz** · 09-21-2023, 12:40 PM

Originally posted by Malnutrition

@MaXz Disable One drive while we work on this machine.

Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:

start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
Task: {4EB4D9ED-6F68-4BF2-8F93-973146C8EF6D} - System32\Tasks\Window Update => C:\Users\ozaga\AppData\Local\Updates\Run.vbs [1015 2022-05-09] () [File not signed] <==== ATTENTION
C:\Users\ozaga\AppData\Local\Updates
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\...\MountPoints2: {e0ba2707-b295-11ed-b788-8cc681edac3c} - "E:\setup.exe"
Task: {535E2E54-0B4F-4766-98A8-811B0E964055} - \GoogleUpdateTaskMachineQC -> No File <==== ATTENTION
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {23B1CC5B-5DC9-4A7B-90F5-C0FE358AE0B7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {CC8E02B8-2986-4965-A228-C36DA10E55D0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {30D75E1A-FB76-4C6D-B146-2B0723243D93} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {765F6CE4-D431-4B4A-964F-AB1B03A6489F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {2FE935F6-1ADA-4464-8C83-94B538595CF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {625F2FE4-375E-4EE9-96A3-6D9B186D60AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {32DFB72C-80A0-4A5C-B9E5-E15A9441B2F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {FA9F67F0-ED28-452D-ABB1-9F17DA5076EF} - System32\Tasks\Opera scheduled Autoupdate 1674164695 => C:\Users\ozaga\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {0533C11C-6E3E-4FAD-9CE3-88D07F8B70BB} - System32\Tasks\ViGEmBus_Updater => D:\GAMES\ps4\ViGEmBus_Updater.exe /silent (No File)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0035eb69-e1b9-4151-be7e-ccd8f93785bf}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{28c08eac-4b1e-434b-bd7c-baee3db5cfee}: [DhcpNameServer] 192.168.1.1
C:\WINDOWS\system32\Tasks\TaskbarX DESKTOP-LO8ADMAozaga
2023-08-22 11:40 - 2023-09-20 02:45 - 000000000 ___HD C:\ProgramData\Dllhost
2023-07-14 16:41 - 2023-07-16 13:54 - 000000032 _____ () C:\Users\ozaga\AppData\Roaming\.machineId
C:\WINDOWS\system32\drivers\etc\hosts
C:\WINDOWS\system32\drivers\etc\hosts.ics
Hosts:
FirewallRules: [{B17F329E-0432-4D45-AF68-203837DD8C50}] => (Allow) C:\Stores\steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe => No File
FirewallRules: [{0E82A596-3659-42F3-8D40-E56B8CDD8885}] => (Allow) C:\Stores\steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe => No File
FirewallRules: [UDP Query User{B45E4FA5-4E97-46D8-8176-A5E83711AC3D}C:\stores\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\stores\steam\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [TCP Query User{BAD91629-4CA8-472A-9ED6-1E226F09B364}C:\stores\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\stores\steam\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [UDP Query User{18C12B42-427A-4AA3-8E87-64C1CA39206D}D:\games\league\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\league\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [TCP Query User{DB1A566D-FBEB-42B4-84A6-4FE6419E943B}D:\games\league\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\league\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [UDP Query User{6F501AD0-D389-4B05-847E-CAADE534EBE0}C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{F2CDC8A3-8DBE-4B66-9997-D8FFCCC91A01}C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\ozaga\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{185B7087-488F-492F-A0D7-3AC42CD07A4F}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [{50D4B651-B4B6-4429-B369-0BF9F1EC045B}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [{526BE98F-6400-4F21-AA0E-37CE25EA6EDA}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe => No File
FirewallRules: [{413B95B5-B137-4A0B-BD8D-E8EA368BF628}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe => No File
FirewallRules: [UDP Query User{89D89014-DBEA-40FC-8C76-3DEBB8E2F54B}D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [TCP Query User{A99AD4DE-9A53-4D18-BF7F-773F1AFA83D9}D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) D:\steamlibrary\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [{BA8DBD07-8FAC-4E87-96FC-A3DA29124E42}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{6A81B3C1-7D82-4D83-BC13-F445E1790BAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{80A1DAF3-DB58-48E2-A157-CCEF111C21F2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{1F361156-9A11-4C38-8C0E-569575CA307A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{AE997FE0-1E2A-4C43-B283-DBC830633C3E}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [{15548F6B-6494-4B76-9290-23ABFCAF29C1}] => (Allow) D:\SteamLibrary\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [UDP Query User{4B206071-7192-4062-B2FE-56A37C821EF5}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{DE02E927-1D7F-447E-81F9-30B0BE5FF33B}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
AlternateDataStreams: C:\Users\ozaga\AppData\Local\Temp:$DATA [16]
Unlock: C:\WINDOWS\system32\smartscreen.exe
Folder: C:\Users\ozaga\AppData\Local\SystemCache
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
Cmd: NETSH winsock reset catalog
Cmd: NETSH int ipv4 reset reset.log
Cmd: NETSH int ipv6 reset reset.log
Cmd: ipconfig /release
Cmd: ipconfig /renew
Cmd: ipconfig /flushdns
Cmd: ipconfig /registerdns
Cmd: bitsadmin /list /allusers
Cmd: bitsadmin /reset /allusers
Cmd: Winmgmt /salvagerepository
Cmd: Winmgmt /resetrepository
Cmd: Winmgmt /resyncperf
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::

Download Kaspersky Virus Removal Tool B[/B] and save it to your Desktop.
Very important to save this to your desktop!!

Select the Windows Key and R Key together, the Run box should open.
Copy and paste the following into the run box.

Select „Ok“ in the Run box.
If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“.
An EULA window from KVRT will open, tick all confirmation boxes then select “Accept”.
A window from KVRT will open, select “Change Parameters”.
In the new window ensure the following boxes are ticked:

[ul]
[li]System memory[/li][li]Startup objects[/li][li]Boot sectors[/li][li]System drive[/li][/ul]
Then select “OK” and „Start scan“.
When completed: If entries are found, there will be options to choose. If “Cure” is offered, leave as it is. For any other options change to “Delete”, then select “Continue”.
Usually, your system needs a reboot to finish the removal process.
Logfiles can be found on your systemdrive (usually C: ), similar like this:

C:\KVRT2020_Data\Reports\report__.klr

Right click direct onto those reports, select > open with > Notepad.
Save the files and attach them with your next reply.
[/COLOR]

[COLOR=rgb(184, 49, 47)][/color]

**MaXz** · 09-21-2023, 12:43 PM

Originally posted by Malnutrition

Use this location. If this does not work, then start kvrt by right click and run as admin, screen shot any detections for me.

C:\Users\ozaga\OneDrive\Desktop\KVRT.exe -dontencrypt

I have done the scan and uploaded the file that came after the scan, but I did not know that I should run as administrator, should I re-scan?

**MaXz** · 09-21-2023, 12:46 PM

Originally posted by Malnutrition

Use this location. If this does not work, then start kvrt by right click and run as admin, screen shot any detections for me.

C:\Users\ozaga\OneDrive\Desktop\KVRT.exe -dontencrypt

Anyways these are the detections and I have done the steps of cure/delete as told, one of them was already cure, and the other 2 one of them was already delete and one I have already changed to delete cuz it did not have anything on it.

**Malnutrition** · 09-21-2023, 12:53 PM

Ok, please re run FRST and post fresh logs. Addition and Frst .txt

**MaXz** · 09-21-2023, 12:58 PM

Originally posted by Malnutrition

Ok, please re run FRST and post fresh logs. Addition and Frst .txt

**Malnutrition** · 09-21-2023, 01:09 PM

I’ll check over these when I get home from work. After 5 eastern time.

**Malnutrition** · 09-22-2023, 12:37 AM

@MaXz

Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:

start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Task: {4B138FA6-3FE9-4DEA-AF6D-36F45C4824A4} - \TaskbarX DESKTOP-LO8ADMAozaga -> No File <==== ATTENTION
CHR Extension: (AdBlock — best ad blocker) - C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-09-20]
C:\Program Files (x86)\OceanofGames.ccom
C:\WINDOWS\system32\WinRing0x64.sys
U4 MsSecFlt; no ImagePath
U4 Sense; no ImagePath
U4 SgrmAgent; no ImagePath
U4 SgrmBroker; no ImagePath
U4 WdBoot; no ImagePath
S4 WdFilter; system32\drivers\WdFilter.sys [X]
U4 WdNisDrv; no ImagePath
U4 WdNisSvc; no ImagePath
U4 WinDefend; no ImagePath
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
AlternateDataStreams: C:\Users\ozaga\AppData\Local\Temp:$DATA  [16]

Folder: C:\WINDOWS\system32\ar
VirusTotal: C:\Windows\system32\rtvcvfw64.dll;C:\Windows\SysWOW64\rtvcvfw32.dll


StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"DelayedAutoStart"=dword:00000001
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
  00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
  72,00,69,00,63,00,74,00,65,00,64,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="NT AUTHORITY\\LocalService"
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,1c,01,00,00,28,01,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ec,00,08,00,00,00,00,00,18,00,9d,00,02,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,21,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  12,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
  14,00,9d,00,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,fd,01,02,\
  00,01,06,00,00,00,00,00,05,50,00,00,00,e5,fe,79,5f,a0,ae,0d,3b,22,fa,0a,c9,\
  01,5a,41,3a,e5,a6,4a,b7,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,\
  00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,\
  28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,00,00,00,db,8c,74,0f,c2,72,73,\
  f3,2b,26,b9,44,77,1e,4f,02,76,63,b5,21,01,01,00,00,00,00,00,05,12,00,00,00,\
  01,01,00,00,00,00,00,05,12,00,00,00
EndRegedit:

StartBatch:
pushd\windows\system32
bcdedit.exe /export C:\exportBCDfile
bcdedit.exe /set {default} recoveryenabled yes
bcdedit /enum
DISM.exe /Online /Cleanup-image /Restorehealth
sfc /scannow
del /s /q "%userprofile%\AppData\Local\Temp\*.*"
del /s /q "%userprofile%\AppData\Roaming\discord\Cache\*.*"
del /f /q "%userprofile%\AppData\Local\*-gui"
del /f /q "%userprofile%\AppData\Roaming\*-gui"
del /s /q c:\windows\System32\Tasks\chrome*.*
cd \
cd %windir%\system32
net stop bits
net stop cryptSvc
net stop wuauserv
net stop msiserver
del /s /q C:\Windows\SoftwareDistribution\download\*.*
Del /s /q "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
del /s /q %systemroot%\system32\catroot2.bak
Ren %systemroot%\system32\catroot2 catroot2.bak
fsutil resource setautoreset true %SystemDrive%\
attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
del /s /q %SystemRoot%\System32\Config\TxR\*
attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
del /s /q %SystemRoot%\System32\SMI\Store\Machine\*.tm*
del /s /q %SystemRoot%\System32\SMI\Store\Machine\*.blf
del /s /q %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms
WMIC SERVICE WHERE Name="cryptSvc" set startmode="auto"
net start cryptSvc
net start bits
net start wuauserv
net start msiserver
Endbatch:


StartBatch:
WMIC SERVICE WHERE Name="dcomlaunch" set startmode="auto"
WMIC SERVICE WHERE Name="nsi" set startmode="auto"
WMIC SERVICE WHERE Name="dhcp" set startmode="auto"
WMIC SERVICE WHERE Name="rpcss" set startmode="auto"
WMIC SERVICE WHERE Name="rpceptmapper" set startmode="auto"
WMIC SERVICE WHERE Name="winmgmt" set startmode="auto"
WMIC SERVICE WHERE Name="sdrsvc" set startmode="manual"
WMIC SERVICE WHERE Name="vss" set startmode="manual"
WMIC SERVICE WHERE Name="eventlog" set startmode="auto"
WMIC SERVICE WHERE Name="bfe" set startmode="auto"
WMIC SERVICE WHERE Name="eventsystem" set startmode="auto"
WMIC SERVICE WHERE Name="msiserver" set startmode="manual"
WMIC SERVICE WHERE Name="sstpsvc" set startmode="manual"
WMIC SERVICE WHERE Name="rasman" set startmode="manual"
WMIC SERVICE WHERE Name="trustedinstaller" set startmode="auto"
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
NETSH winsock reset catalog
NETSH int ipv4 reset reset.log
NETSH int ipv6 reset reset.log
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
bitsadmin /list /allusers
bitsadmin /reset /allusers
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
# 4-14-2022 M. Naggar
# Funtion Remove-all-windefend-excludes to Remove all exclusions on MS Windefend
Function Remove-all-windefend-excludes {
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
}
# Remove all exclusions on MS Windefend
Write-Output "Removing all exclusions on MS Windefend antivirus"
Set-MpPreference -DisableAutoExclusions $true -Force
Remove-all-windefend-excludes
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
# 12-01-2022 M. Naggar
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiVirus" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "PUAProtection" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableRoutinelyTakingAction" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableBehaviorMonitoring" -force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableOnAccessProtection" -force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableScanOnRealtimeEnable" -force
Get-Service windefend | Select-Object -Property Name, StartType, Status
Set-Service -Name securityhealthservice -StartupType manual -force
Get-Service securityhealthservice | Select-Object -Property Name, StartType, Status
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableEmailScanning $False -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -MAPSReporting Advanced -Force
Set-MpPreference -PUAProtection enabled -Force
Set-MpPreference -SignatureScheduleDay Everyday -Force
Set-MpPreference -DisableRemovableDriveScanning $false -Force
Set-MpPreference -SubmitSamplesConsent SendSafeSamples
# Reset and check Secure Health status
Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
# Check if these services are running
Get-Service mbamservice, Windefend, SecurityHealthService, wscsvc, mpsdrv, mpssvc, bfe, WdNisSvc, WdNisDrv, sense, winmgmt, rpcss, RpcEptMapper, bits, cryptsvc, wuauserv, dcomlaunch | Select Name, DisplayName, Status, starttype
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
Remove-Item -Path "C:\Windows\Prefetch\*" -force -recurse -ErrorAction SilentlyContinue
Write-Output "updating"
Update-MpSignature
Write-Output "scanning quick scan"
Start-MpScan -ScanType QuickScan
Remove-MpThreat
EndPowerShell:

CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
emptytemp:
Reboot:
End::

Make sure and do this scan AFTER the FRST fix!!
Download and unzip farbar service scanner to your desktop, right click and run as admin…check all boxes and hit scan.
Post the log created.[/COLOR]

**MaXz** · 09-22-2023, 12:00 PM

Originally posted by Malnutrition

@MaXz

Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:

start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Task: {4B138FA6-3FE9-4DEA-AF6D-36F45C4824A4} - \TaskbarX DESKTOP-LO8ADMAozaga -> No File <==== ATTENTION
CHR Extension: (AdBlock — best ad blocker) - C:\Users\ozaga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-09-20]
C:\Program Files (x86)\OceanofGames.ccom
C:\WINDOWS\system32\WinRing0x64.sys
U4 MsSecFlt; no ImagePath
U4 Sense; no ImagePath
U4 SgrmAgent; no ImagePath
U4 SgrmBroker; no ImagePath
U4 WdBoot; no ImagePath
S4 WdFilter; system32\drivers\WdFilter.sys [X]
U4 WdNisDrv; no ImagePath
U4 WdNisSvc; no ImagePath
U4 WinDefend; no ImagePath
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
AlternateDataStreams: C:\Users\ozaga\AppData\Local\Temp:$DATA  [16]

Folder: C:\WINDOWS\system32\ar
VirusTotal: C:\Windows\system32\rtvcvfw64.dll;C:\Windows\SysWOW64\rtvcvfw32.dll


StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"DelayedAutoStart"=dword:00000001
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
  00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
  72,00,69,00,63,00,74,00,65,00,64,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="NT AUTHORITY\\LocalService"
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,1c,01,00,00,28,01,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ec,00,08,00,00,00,00,00,18,00,9d,00,02,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,21,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  12,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
  14,00,9d,00,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,fd,01,02,\
  00,01,06,00,00,00,00,00,05,50,00,00,00,e5,fe,79,5f,a0,ae,0d,3b,22,fa,0a,c9,\
  01,5a,41,3a,e5,a6,4a,b7,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,\
  00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,\
  28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,00,00,00,db,8c,74,0f,c2,72,73,\
  f3,2b,26,b9,44,77,1e,4f,02,76,63,b5,21,01,01,00,00,00,00,00,05,12,00,00,00,\
  01,01,00,00,00,00,00,05,12,00,00,00
EndRegedit:

StartBatch:
pushd\windows\system32
bcdedit.exe /export C:\exportBCDfile
bcdedit.exe /set {default} recoveryenabled yes
bcdedit /enum
DISM.exe /Online /Cleanup-image /Restorehealth
sfc /scannow
del /s /q "%userprofile%\AppData\Local\Temp\*.*"
del /s /q "%userprofile%\AppData\Roaming\discord\Cache\*.*"
del /f /q "%userprofile%\AppData\Local\*-gui"
del /f /q "%userprofile%\AppData\Roaming\*-gui"
del /s /q c:\windows\System32\Tasks\chrome*.*
cd \
cd %windir%\system32
net stop bits
net stop cryptSvc
net stop wuauserv
net stop msiserver
del /s /q C:\Windows\SoftwareDistribution\download\*.*
Del /s /q "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
del /s /q %systemroot%\system32\catroot2.bak
Ren %systemroot%\system32\catroot2 catroot2.bak
fsutil resource setautoreset true %SystemDrive%\
attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
del /s /q %SystemRoot%\System32\Config\TxR\*
attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
del /s /q %SystemRoot%\System32\SMI\Store\Machine\*.tm*
del /s /q %SystemRoot%\System32\SMI\Store\Machine\*.blf
del /s /q %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms
WMIC SERVICE WHERE Name="cryptSvc" set startmode="auto"
net start cryptSvc
net start bits
net start wuauserv
net start msiserver
Endbatch:


StartBatch:
WMIC SERVICE WHERE Name="dcomlaunch" set startmode="auto"
WMIC SERVICE WHERE Name="nsi" set startmode="auto"
WMIC SERVICE WHERE Name="dhcp" set startmode="auto"
WMIC SERVICE WHERE Name="rpcss" set startmode="auto"
WMIC SERVICE WHERE Name="rpceptmapper" set startmode="auto"
WMIC SERVICE WHERE Name="winmgmt" set startmode="auto"
WMIC SERVICE WHERE Name="sdrsvc" set startmode="manual"
WMIC SERVICE WHERE Name="vss" set startmode="manual"
WMIC SERVICE WHERE Name="eventlog" set startmode="auto"
WMIC SERVICE WHERE Name="bfe" set startmode="auto"
WMIC SERVICE WHERE Name="eventsystem" set startmode="auto"
WMIC SERVICE WHERE Name="msiserver" set startmode="manual"
WMIC SERVICE WHERE Name="sstpsvc" set startmode="manual"
WMIC SERVICE WHERE Name="rasman" set startmode="manual"
WMIC SERVICE WHERE Name="trustedinstaller" set startmode="auto"
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
NETSH winsock reset catalog
NETSH int ipv4 reset reset.log
NETSH int ipv6 reset reset.log
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
bitsadmin /list /allusers
bitsadmin /reset /allusers
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
# 4-14-2022 M. Naggar
# Funtion Remove-all-windefend-excludes to Remove all exclusions on MS Windefend
Function Remove-all-windefend-excludes {
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
}
# Remove all exclusions on MS Windefend
Write-Output "Removing all exclusions on MS Windefend antivirus"
Set-MpPreference -DisableAutoExclusions $true -Force
Remove-all-windefend-excludes
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
# 12-01-2022 M. Naggar
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiVirus" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "PUAProtection" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableRoutinelyTakingAction" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableBehaviorMonitoring" -force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableOnAccessProtection" -force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableScanOnRealtimeEnable" -force
Get-Service windefend | Select-Object -Property Name, StartType, Status
Set-Service -Name securityhealthservice -StartupType manual -force
Get-Service securityhealthservice | Select-Object -Property Name, StartType, Status
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableEmailScanning $False -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -MAPSReporting Advanced -Force
Set-MpPreference -PUAProtection enabled -Force
Set-MpPreference -SignatureScheduleDay Everyday -Force
Set-MpPreference -DisableRemovableDriveScanning $false -Force
Set-MpPreference -SubmitSamplesConsent SendSafeSamples
# Reset and check Secure Health status
Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
# Check if these services are running
Get-Service mbamservice, Windefend, SecurityHealthService, wscsvc, mpsdrv, mpssvc, bfe, WdNisSvc, WdNisDrv, sense, winmgmt, rpcss, RpcEptMapper, bits, cryptsvc, wuauserv, dcomlaunch | Select Name, DisplayName, Status, starttype
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
Remove-Item -Path "C:\Windows\Prefetch\*" -force -recurse -ErrorAction SilentlyContinue
Write-Output "updating"
Update-MpSignature
Write-Output "scanning quick scan"
Start-MpScan -ScanType QuickScan
Remove-MpThreat
EndPowerShell:

CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
emptytemp:
Reboot:
End::

Make sure and do this scan AFTER the FRST fix!!
Download and unzip farbar service scanner to your desktop, right click and run as admin…check all boxes and hit scan.
Post the log created.
[/COLOR]

[COLOR=rgb(184, 49, 47)][/color]

Windows security not working and shows me blank page, could you please help me?

Windows security not working and shows me blank page, could you please help me?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment