malwarebytes identity protection exposed data

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • maxim123
    PCHF Member
    • Aug 2017
    • 466
    #1

    malwarebytes identity protection exposed data

    Hi, I tried malwarebytes identity protection to see if my data was exposed (just to see if it worked). and in Data breaches, it showed metastealer stealer (date is september 1st 2024) ) and few other things. It shows passwords of my gmail ids in the list of passwords that were exposed, and also addresses I used. Does this mean I am infected? there was no infected result from malwarebytes.
    Tags: None
    • Malnutrition
      PCHF Moderator
      • Jul 2016
      • 7045
      #2
      Post frst logs . ???

        Comment

        • maxim123
          PCHF Member
          • Aug 2017
          • 466
          #3
          Frst:

          Code:
          Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-09-2024
Ran by Ripple (administrator) on DESKTOP-HVT1NAR (Standard Standard) (15-09-2024 12:12:54)
Running from C:\Users\Ripple\Desktop\FRST64.exe
Loaded Profiles: Ripple
Platform: Microsoft Windows 11 Pro Version 23H2 22631.4037 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe ->) (Uniwill Technology Inc. → ) C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\GCUService.exe
(C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\GCUService.exe ->) (Uniwill Technology Inc. → ) C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\OSDTpDetect.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.24900.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe <6>
(Discord Inc. → Discord Inc.) C:\Users\Ripple\AppData\Local\Discord\app-1.0.9163\Discord.exe <6>
(DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_helper.exe
(Eclipse.org Foundation, Inc. → Temurin) C:\Program Files\OmegaT\jre\bin\javaw.exe
(explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(explorer.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (OBS Project, LLC → OBS) C:\Program Files\obs-studio\bin\64bit\obs64.exe
(explorer.exe ->) (Spotify AB → Spotify Ltd) [File not signed] C:\Users\Ripple\AppData\Roaming\Spotify\Spotify.exe <6>
(explorer.exe ->) (Tonec Inc. → Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Mozilla Corporation → Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <24>
(NVIDIA Corporation → Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_faf3bcecf744f99a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_06515397070a8096\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2d0366e4f3ea0eab\RtkAudUService64.exe <2>
(services.exe ->) (Uniwill Technology Inc. → ) C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe
(sihost.exe ->) (Uniwill Technology Inc. → ) C:\Program Files\WindowsApps\ControlCenter3_4.1.47.11_x64__h329z55cwnj8g\Win32\SystrayComponent.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\backup\B6FA8680-1C61-42A8-8D8D-1CC4B877BA87\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.4.0.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe <2>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2d0366e4f3ea0eab\RtkAudUService64.exe [1629080 2023-07-02] (Realtek Semiconductor Corp. → Realtek Semiconductor)
HKLM\Software\Policies...\system: [EnableActivityFeed] 0
HKLM\Software\Policies...\system: [PublishUserActivities] 0
HKLM\Software\Policies...\system: [UploadUserActivities] 0
HKLM\Software\Policies...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-321866159-774951516-752708211-1001...\Run: [Discord] => C:\Users\Ripple\AppData\Local\Discord\Update.exe [1525016 2023-02-14] (Discord Inc. → GitHub)
HKU\S-1-5-21-321866159-774951516-752708211-1001...\Run: [Spotify] => C:\Users\Ripple\AppData\Roaming\Spotify\Spotify.exe [20984184 2024-07-29] (Spotify AB → Spotify Ltd) [File not signed]
HKU\S-1-5-21-321866159-774951516-752708211-1001...\Run: [MicrosoftEdgeAutoLaunch_2D11F281AFD682F6488A744B0F127922] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start [3741224 2024-09-12] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-321866159-774951516-752708211-1001...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [6024456 2024-07-25] (Tonec Inc. → Tonec Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files\Google\Chrome\Application\128.0.6613.138\Installer\chrmstp.exe [2024-09-13] (Google LLC → Google LLC)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02CD447E-33D0-4D52-B8B6-472FE9C35E27} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem130.0.6679.0{DE0E3A96-740A-410D-9760-C6ADBCEC90A7} => C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe [4884584 2024-08-26] (Google LLC → Google LLC)
Task: {87B60A05-8B30-41C5-9351-D0A281EAB204} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation → Microsoft Corporation)
Task: {12E2A5FE-0E8D-46B3-BA49-493D367C82A1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation → Microsoft Corporation)
Task: {D6F795BC-3B3E-431D-AE9D-62BAA2D8CD30} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312472 2024-09-15] (Microsoft Corporation → Microsoft Corporation)
Task: {30652882-97AB-42A6-A59C-1F8E5821ABCD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312472 2024-09-15] (Microsoft Corporation → Microsoft Corporation)
Task: {B56DDDFB-996B-4199-AC62-953E595CA4E0} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [187024 2024-08-30] (Microsoft Corporation → Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {033AEC7C-A56E-49D8-AC70-1C4A3EF790AD} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-321866159-774951516-752708211-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [672328 2024-09-04] (Mozilla Corporation → Mozilla Corporation) → C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {5F43A382-17A0-44BE-A3E8-515AB75C7C59} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-09-04] (Mozilla Corporation → Mozilla Foundation)
Task: {84405494-BF17-45A0-94FF-B48475E2CE98} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation) → C:\Program Files\NVIDIA Corporation\NvContainer-d “C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {C3975744-B5E7-491A-A49B-57C0BE0CA4F8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C0B5A401-AC7B-4A51-A7FA-A16726CD29AB} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation) → C:\Program Files (x86)\NVIDIA Corporation\NvNode--launcher=TaskScheduler
Task: {F70539CE-E003-4FF2-B6C7-75BC5314A513} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {5746D109-B6F8-44CC-8C59-F355D090E756} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {144536B9-2DFF-4539-8F49-E33A852EBB2A} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {4B19F960-1CCF-493B-95D1-F383261849E2} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {F6B6EDEF-B18D-493E-AE90-E97612A30271} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {0DC6F50E-6951-435A-AFD6-67037E0F4DCB} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 110.44.112.245 110.44.113.245 8.8.8.8
Tcpip..\Interfaces{6820a07e-0e78-40f7-8367-60c90fac3828}: [DhcpNameServer] 110.44.112.245 110.44.113.245 8.8.8.8
Tcpip..\Interfaces{6820a07e-0e78-40f7-8367-60c90fac3828}\865696E637167713: [DhcpNameServer] 110.44.112.245 110.44.113.245 8.8.8.8
Tcpip..\Interfaces{8dd77400-ac5d-482f-8100-0f856a530945}: [DhcpNameServer] 110.44.112.245 110.44.113.245 8.8.8.8
[HEADING=1]Edge:[/HEADING]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-15]
Edge Extension: (Google Docs Offline) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-30]
Edge Extension: (Edge relevant text changes) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-07-30]
Edge Extension: (IDM Integration Module) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2024-08-06]
Edge HKU\S-1-5-21-321866159-774951516-752708211-1001\SOFTWARE\Microsoft\Edge\Extensions...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2024-08-01]
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: w5gz5f1l.default
FF ProfilePath: C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\w5gz5f1l.default [2024-07-29]
FF ProfilePath: C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\mileyd8w.default-release [2024-09-15]
FF Session Restore: Mozilla\Firefox\Profiles\mileyd8w.default-release → is enabled.
FF Extension: (FoxyProxy) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\mileyd8w.default-release\Extensions\foxyproxy@eric.h.jung.xpi [2024-08-23]
FF Extension: (IDM Integration Module) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\mileyd8w.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2024-08-09]
FF Extension: (uBlock Origin) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\mileyd8w.default-release\Extensions\uBlock0@raymondhill.net.xpi [2024-08-02]
FF Extension: (Zhongwen: The Popular Chinese Learning Tool) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\mileyd8w.default-release\Extensions{dedb3663-6f13-4c6c-bf0f-5bd111cb2c79}.xpi [2024-07-29]
FF HKU\S-1-5-21-321866159-774951516-752708211-1001...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ripple\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ripple\AppData\Roaming\IDM\idmmzcc5 [2024-08-04] [Legacy] [not signed]
FF HKU\S-1-5-21-321866159-774951516-752708211-1001...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-08-04] (Microsoft Corporation → Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.21 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-09] (VideoLAN → VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-08-04] (Microsoft Corporation → Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default [2024-09-13]
CHR Extension: (uBlock Origin) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-09-10]
CHR Extension: (Google Docs Offline) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-29]
CHR Extension: (IDM Integration Module) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2024-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-07-29]
CHR HKLM...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-08-01]
CHR HKU\S-1-5-21-321866159-774951516-752708211-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-08-01]
CHR HKLM-x32...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-08-01]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

“mbamchameleon” => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\mbamchameleon => \SystemRoot\System32\Drivers\MbamChameleon.sys <==== ATTENTION (Rootkit!/Locked Service)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14042808 2024-09-08] (Microsoft Corporation → Microsoft Corporation)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2024-09-01] (EasyAntiCheat Oy → Epic Games, Inc.)
R2 GCUBridge; C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe [76008 2021-09-28] (Uniwill Technology Inc. → )
S2 Intel(R) Platform License Manager Service; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation → Intel(R) Corporation)
R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe [2751664 2022-03-27] (Intel Corporation → Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8965728 2024-09-15] (Malwarebytes Inc. → Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-09-15] (Malwarebytes Inc. → Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe [1427024 2024-08-08] (Microsoft Windows Publisher → Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_06515397070a8096\Display.NvContainer\NVDisplay.Container.exe [1275016 2024-08-15] (NVIDIA Corporation → NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522096 2024-08-15] (Microsoft Windows Publisher → Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe [3199648 2024-08-08] (Microsoft Windows Publisher → Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe [133704 2024-08-08] (Microsoft Windows Publisher → Microsoft Corporation)
S4 uhssvc; “C:\Program Files\Microsoft Update Health Tools\uhssvc.exe”

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [188416 2023-10-01] (Microsoft Corporation) [File not signed]
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_0e92b4646ab70162\iaLPSS2_GPIO2_ADL.sys [150624 2022-06-02] (Intel Corporation → Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_35ed2fd5a51c2bc2\iaLPSS2_I2C_ADL.sys [220256 2022-06-02] (Intel Corporation → Intel Corporation)
R2 IDMWFP; C:\Windows\System32\drivers\idmwfp.sys [173736 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher → Tonec Inc.)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88760 2023-07-02] (Intel Corporation → Intel Corporation)
R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_cpu.sys [80560 2022-03-27] (Intel Corporation → Intel Corporation)
R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_lf.sys [432800 2022-03-27] (Intel Corporation → Intel Corporation)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-09-15] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2024-09-15] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MpKsl62003c4f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{5B2B358B-6ED5-4DA1-9357-D99CFBC86710}\MpKslDrv.sys [271640 2024-09-15] (Microsoft Windows → Microsoft Corporation)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-04-03] (NVIDIA Corporation → NVIDIA Corporation)
R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [236696 2024-08-14] (NVIDIA Corporation → NVIDIA Corporation)
R3 rt25cx21; C:\Windows\System32\DriverStore\FileRepository\rt25cx21x64.inf_amd64_bda91607087ccd13\rt25cx21x64.sys [656288 2023-07-02] (Realtek Semiconductor Corp. → Realtek)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [48800 2022-02-24] (SteelSeries ApS → SteelSeries ApS)
R3 UWACPIDriver; C:\Windows\System32\drivers\UWACPIDriver.sys [43776 2022-09-14] (Uniwill Technology Inc. → )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22080 2024-08-08] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602504 2024-08-08] (Microsoft Windows → Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2024-08-08] (Microsoft Windows → Microsoft Corporation)
S3 ALSysIO; ??\C:\Users\Ripple\AppData\Local\Temp\ALSysIO64.sys <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-09-15 12:12 - 2024-09-15 12:13 - 000023964 _____ C:\Users\Ripple\Desktop\FRST.txt
2024-09-15 12:12 - 2024-09-15 12:13 - 000000000 ____D C:\FRST
2024-09-15 12:08 - 2024-09-15 12:08 - 002397696 _____ (Farbar) C:\Users\Ripple\Desktop\FRST64.exe
2024-09-15 11:28 - 2024-09-15 11:29 - 000000000 ____D C:\KVRT2020_Data
2024-09-15 11:27 - 2024-09-15 11:28 - 111934320 _____ (AO Kaspersky Lab) C:\Users\Ripple\Desktop\KVRT.exe
2024-09-15 11:03 - 2024-09-15 12:12 - 000000000 ____D C:\Users\Ripple\AppData\Local\Malwarebytes
2024-09-15 11:02 - 2024-09-15 11:02 - 000002053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-09-15 11:02 - 2024-09-15 11:02 - 000002041 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-09-15 11:02 - 2024-09-15 11:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-09-15 11:02 - 2024-09-15 11:02 - 000000000 ____D C:\Program Files\Malwarebytes
2024-09-15 10:52 - 2024-09-15 10:52 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-09-14 21:28 - 2024-09-14 21:28 - 000011971 _____ C:\Users\Ripple\Downloads\Devil (2010) [1080p] [BluRay] [YTS.MX].torrent
2024-09-14 18:51 - 2024-09-14 18:51 - 000001981 _____ C:\Users\Ripple\Desktop\Soulstone Survivors - Shortcut.lnk
2024-09-14 12:55 - 2024-09-14 12:55 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\GSE Saves
2024-09-14 12:55 - 2024-09-14 12:55 - 000000000 ____D C:\Users\Ripple\AppData\LocalLow\Unity
2024-09-14 12:55 - 2024-09-14 12:55 - 000000000 ____D C:\Users\Ripple\AppData\LocalLow\Game Smithing
2024-09-14 12:53 - 2024-09-14 12:53 - 000021388 _____ C:\Users\Ripple\Downloads[DL] [В разработке] Soulstone Survivors [P] [RUS + ENG + 8 ENG] (2022, RPG) (0.11.039d) [Portable] [rutracker-6282593].torrent
2024-09-14 12:43 - 2024-09-14 12:43 - 000043937 _____ C:\Users\Ripple\Downloads\Soulstone-Survivors-v.Update-12d.rar.torrent
2024-09-14 10:18 - 2024-09-14 10:18 - 000098222 _____ C:\Users\Ripple\Downloads\Mother (2009) [1080p] [BluRay] [5.1] [YTS.MX].torrent
2024-09-12 11:32 - 2024-09-12 11:32 - 000017800 _____ C:\Users\Ripple\Downloads\Jarhead (2005) [1080p] [BluRay] [YTS.MX].torrent
2024-09-08 23:46 - 2024-09-08 23:46 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Foxit Software
2024-09-08 23:46 - 2024-09-08 23:46 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Foxit AgentInformation
2024-09-08 23:46 - 2024-09-08 23:46 - 000000000 ____D C:\Users\Public\Foxit Software
2024-09-08 23:46 - 2024-09-08 23:46 - 000000000 ____D C:\ProgramData\Foxit Software
2024-09-08 23:46 - 2024-09-08 23:46 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2024-09-08 23:45 - 2024-09-08 23:45 - 000000056 _____ C:\Users\Public\Documents\pre_fileassoc.tmp
2024-09-06 09:00 - 2024-09-06 09:00 - 000389066 _____ C:\Windows\system32\prfh0804.dat
2024-09-06 09:00 - 2024-09-06 09:00 - 000123092 _____ C:\Windows\system32\prfc0804.dat
2024-09-04 14:35 - 2024-09-04 14:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-09-01 14:51 - 2024-09-03 22:30 - 000000000 ____D C:\Users\Ripple\BrawlhallaReplays
2024-09-01 14:40 - 2024-09-01 14:40 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\BrawlhallaAir
2024-09-01 14:39 - 2024-09-01 14:40 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\EasyAntiCheat
2024-09-01 14:39 - 2024-09-01 14:40 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2024-09-01 12:48 - 2024-09-01 12:48 - 000000222 _____ C:\Users\Ripple\Desktop\Brawlhalla.url
2024-08-27 08:41 - 2024-08-27 08:41 - 000001443 _____ C:\Users\Ripple\Desktop\Deadly accurate - Shortcut.lnk
2024-08-27 06:52 - 2024-08-27 06:56 - 000008828 _____ C:\Users\Ripple\Downloads\TDI Red Green.mq4
2024-08-27 06:52 - 2024-08-27 06:52 - 000004384 _____ C:\Users\Ripple\Downloads\Stochastic Slope.ex4
2024-08-27 06:52 - 2024-08-27 06:52 - 000003756 _____ C:\Users\Ripple\Downloads\Synergy_APB.ex4
2024-08-27 06:52 - 2024-08-27 06:52 - 000002382 _____ C:\Users\Ripple\Downloads#1 best 5 ma tdi.tpl
2024-08-25 08:22 - 2024-08-25 08:22 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\UProof
2024-08-25 08:20 - 2024-09-12 12:32 - 000140540 _____ C:\Users\Ripple\Desktop\Maestro.pptx
2024-08-25 08:20 - 2024-08-25 12:06 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\PowerPoint
2024-08-24 11:02 - 2024-08-24 11:02 - 000000000 _D C:\Windows\LastGood
2024-08-24 11:02 - 2024-08-24 11:02 - 000000000 D C:\Users\Ripple\AppData\LocalLow\NVIDIA
2024-08-24 10:58 - 2024-08-14 15:45 - 000236696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpcf.sys
2024-08-24 10:58 - 2024-08-14 15:45 - 000121872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2024-08-24 04:11 - 2024-08-15 07:16 - 025312928 _____ C:\Windows\system32\nvidia-pcc.exe
2024-08-24 04:11 - 2024-08-15 07:16 - 002040584 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-08-24 04:11 - 2024-08-15 07:16 - 002040584 _____ C:\Windows\system32\vulkaninfo.exe
2024-08-24 04:11 - 2024-08-15 07:16 - 001583888 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-08-24 04:11 - 2024-08-15 07:16 - 001583888 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-08-24 04:11 - 2024-08-15 07:16 - 001446800 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-08-24 04:11 - 2024-08-15 07:16 - 001446800 _____ C:\Windows\system32\vulkan-1.dll
2024-08-24 04:11 - 2024-08-15 07:16 - 001296656 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-08-24 04:11 - 2024-08-15 07:16 - 001296656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-08-24 04:11 - 2024-08-15 07:16 - 000477824 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-08-24 04:11 - 2024-08-15 07:16 - 000374936 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-08-24 04:11 - 2024-08-15 07:13 - 001078944 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2024-08-24 04:11 - 2024-08-15 07:13 - 000669824 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2024-08-24 04:11 - 2024-08-15 07:13 - 000505904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2024-08-24 04:11 - 2024-08-15 07:12 - 002178712 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2024-08-24 04:11 - 2024-08-15 07:12 - 001629312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2024-08-24 04:11 - 2024-08-15 07:12 - 001547440 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2024-08-24 04:11 - 2024-08-15 07:12 - 001202712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2024-08-24 04:11 - 2024-08-15 07:12 - 001034400 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2024-08-24 04:11 - 2024-08-15 07:12 - 000856600 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2024-08-24 04:11 - 2024-08-15 07:12 - 000796808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2024-08-24 04:11 - 2024-08-15 07:11 - 014270088 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2024-08-24 04:11 - 2024-08-15 07:11 - 000461976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2024-08-24 04:11 - 2024-08-15 07:10 - 016200344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2024-08-24 04:11 - 2024-08-15 07:10 - 006914184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2024-08-24 04:11 - 2024-08-15 07:10 - 005910152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2024-08-24 04:11 - 2024-08-15 07:10 - 005349000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2024-08-24 04:11 - 2024-08-15 07:10 - 003788416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2024-08-24 04:11 - 2024-08-15 07:10 - 000853128 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2024-08-24 04:11 - 2024-08-15 07:09 - 007133024 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2024-08-24 04:11 - 2024-08-15 07:09 - 006212736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2024-08-24 04:11 - 2024-08-14 15:45 - 000127247 _____ C:\Windows\system32\nvinfo.pb
2024-08-23 22:12 - 2024-08-23 22:12 - 000730111 _____ C:\Users\Ripple\Downloads\The Nebula’s Civilization 04[epub].epub
2024-08-23 22:11 - 2024-08-23 22:11 - 000752053 _____ C:\Users\Ripple\Downloads\The Nebula’s Civilization 01[epub].epub
2024-08-23 22:11 - 2024-08-23 22:11 - 000746511 _____ C:\Users\Ripple\Downloads\The Nebula’s Civilization 02[epub].epub
2024-08-23 22:11 - 2024-08-23 22:11 - 000741153 _____ C:\Users\Ripple\Downloads\The Nebula’s Civilization 05[epub].epub
2024-08-23 22:11 - 2024-08-23 22:11 - 000734847 _____ C:\Users\Ripple\Downloads\The Nebula’s Civilization 03[epub].epub
2024-08-23 22:11 - 2024-08-23 22:11 - 000682818 _____ C:\Users\Ripple\Downloads\The Nebula’s Civilization 06[epub].epub
2024-08-23 22:11 - 2024-08-23 22:11 - 000512650 _____ C:\Users\Ripple\Downloads\The Nebula’s Civilization 07[epub].epub
2024-08-23 12:00 - 2024-08-23 12:00 - 000023353 _____ C:\Users\Ripple\Downloads\Oddity (2024) [2160p] [WEBRip] [x265] [10bit] [5.1] [YTS.MX].torrent
2024-08-23 12:00 - 2024-08-23 12:00 - 000021575 _____ C:\Users\Ripple\Downloads\Longlegs (2024) [1080p] [WEBRip] [5.1] [YTS.MX].torrent
2024-08-21 21:57 - 2024-08-21 21:57 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\InputMethod
2024-08-21 20:15 - 2024-08-21 20:15 - 000000000 ____D C:\Windows\SysWOW64\zh-HANS
2024-08-21 20:15 - 2024-08-21 20:15 - 000000000 ____D C:\Windows\system32\zh-HANS
2024-08-19 14:05 - 2024-08-19 14:05 - 000001947 _____ C:\Users\Public\Desktop\FTMO MetaTrader 5.lnk
2024-08-19 14:05 - 2024-08-19 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTMO MetaTrader 5
2024-08-19 14:05 - 2024-08-19 14:05 - 000000000 ____D C:\Program Files\FTMO MetaTrader 5
2024-08-18 15:53 - 2024-09-15 11:37 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\vlc
2024-08-18 15:53 - 2024-08-18 15:53 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2024-08-18 15:53 - 2024-08-18 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2024-08-18 15:43 - 2024-08-18 15:52 - 000000000 ____D C:\Program Files\VideoLAN
2024-08-18 13:34 - 2024-08-18 13:35 - 2465839475 _____ C:\Users\Ripple\Downloads\CHAPTER 5 - Enter Intraday Wonderland.zip
2024-08-18 13:30 - 2024-08-18 13:30 - 2249824227 _____ C:\Users\Ripple\Downloads\CHAPTER 4 - Understand Intraday Mastery.zip
2024-08-17 14:01 - 2024-08-17 14:02 - 1430224287 _____ C:\Users\Ripple\Downloads\CHAPTER 7 - The Final Chapter (Meetings).zip
2024-08-17 13:11 - 2024-08-17 13:11 - 1864329300 _____ C:\Users\Ripple\Downloads\CHAPTER 6 - Construct Intraday Mastery.zip
2024-08-17 11:27 - 2024-08-17 11:27 - 1685826742 _____ C:\Users\Ripple\Downloads\CHAPTER 3 - Explore Intraday Mastery.zip
2024-08-17 11:23 - 2024-08-17 11:23 - 1689213981 _____ C:\Users\Ripple\Downloads\CHAPTER 2 - Discover Intraday Mastery.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-09-15 12:12 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\SystemTemp
2024-09-15 12:12 - 2022-05-07 11:07 - 000000000 ____D C:\Windows\INF
2024-09-15 11:57 - 2024-07-29 04:05 - 000000000 ____D C:\Users\Ripple\AppData\Local\D3DSCache
2024-09-15 11:57 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\AppReadiness
2024-09-15 11:57 - 2022-05-07 11:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-15 11:53 - 2024-07-29 07:36 - 000000000 ____D C:\Users\Ripple\AppData\Local\Discord
2024-09-15 11:32 - 2024-08-04 17:55 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\DMCache
2024-09-15 11:08 - 2024-07-29 10:07 - 000000016 _____ C:\Users\Ripple\AppData\Roaming\obs-virtualcam.txt
2024-09-15 11:08 - 2024-07-29 10:05 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\obs-studio
2024-09-15 11:02 - 2022-05-07 11:09 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-09-15 10:56 - 2024-07-29 11:17 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Spotify
2024-09-15 10:54 - 2024-07-29 07:36 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\discord
2024-09-15 10:51 - 2024-07-29 08:12 - 000000000 ____D C:\Program Files\Microsoft Office
2024-09-15 10:47 - 2024-07-29 08:54 - 000000000 ____D C:\Users\Ripple\OutsideOfTime
2024-09-15 10:45 - 2024-07-29 11:18 - 000000000 ____D C:\Users\Ripple\AppData\Local\Spotify
2024-09-15 10:44 - 2024-07-29 03:59 - 000000000 ____D C:\ProgramData\NVIDIA
2024-09-15 00:39 - 2024-07-29 07:58 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\qBittorrent
2024-09-14 16:21 - 2024-07-29 12:24 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Telegram Desktop
2024-09-14 12:54 - 2024-08-04 17:55 - 000000000 ____D C:\Users\Ripple\Downloads\Compressed
2024-09-14 10:05 - 2024-07-29 03:58 - 000002398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-14 10:05 - 2024-07-29 03:58 - 000002236 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-09-13 16:07 - 2024-07-30 14:13 - 000000000 ____D C:\Users\Ripple\Downloads\Telegram Desktop
2024-09-13 11:52 - 2024-07-29 08:17 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Excel
2024-09-13 09:41 - 2024-07-29 09:04 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-09-13 09:41 - 2024-07-29 09:04 - 000002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-09-12 23:54 - 2024-07-29 07:36 - 000002244 _____ C:\Users\Ripple\Desktop\Discord.lnk
2024-09-12 23:23 - 2024-07-29 04:02 - 000000000 ____D C:\Users\Ripple\AppData\Local\Packages
2024-09-12 23:23 - 2024-07-29 04:01 - 000000000 ____D C:\ProgramData\Packages
2024-09-12 23:23 - 2022-05-07 11:09 - 000000000 ___HD C:\Program Files\WindowsApps
2024-09-12 23:22 - 2024-07-29 04:08 - 000000000 ____D C:\Users\Ripple\AppData\Local\PlaceholderTileLogoFolder
2024-09-11 10:13 - 2024-07-29 03:58 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-09-09 23:26 - 2024-07-30 01:10 - 000000124 _____ C:\ProgramData\autoclickconfig.ini
2024-09-09 09:09 - 2024-07-29 03:58 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-09 09:09 - 2024-07-29 03:58 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-08 10:53 - 2024-07-29 07:58 - 000000000 ____D C:\Users\Ripple\AppData\Local\CrashDumps
2024-09-06 09:00 - 2024-07-29 04:04 - 001304164 _____ C:\Windows\system32\PerfStringBackup.INI
2024-09-05 08:30 - 2024-07-29 07:28 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-09-03 23:35 - 2024-08-04 16:54 - 000000000 ____D C:\Program Files (x86)\Steam
2024-09-01 14:51 - 2024-07-29 04:02 - 000000000 ____D C:\Users\Ripple
2024-09-01 14:40 - 2024-07-29 04:07 - 000000000 ____D C:\ProgramData\Package Cache
2024-08-27 08:34 - 2024-07-29 04:02 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Spelling
2024-08-25 08:20 - 2024-07-29 08:17 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Office
2024-08-25 07:01 - 2024-07-29 04:03 - 000000000 ____D C:\Users\Ripple\AppData\Local\NVIDIA
2024-08-24 11:02 - 2024-07-29 03:59 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2024-08-24 10:58 - 2024-07-29 03:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-08-23 09:28 - 2024-07-29 07:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-08-21 20:15 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-08-21 20:15 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-08-21 20:15 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-08-21 20:15 - 2022-05-07 13:15 - 000000000 ____D C:\Windows\SysWOW64\winrm
2024-08-21 20:15 - 2022-05-07 13:15 - 000000000 ____D C:\Windows\SysWOW64\WCN
2024-08-21 20:15 - 2022-05-07 13:15 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2024-08-21 20:15 - 2022-05-07 13:15 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2024-08-21 20:15 - 2022-05-07 13:15 - 000000000 ____D C:\Windows\system32\winrm
2024-08-21 20:15 - 2022-05-07 13:15 - 000000000 ____D C:\Windows\system32\WCN
2024-08-21 20:15 - 2022-05-07 13:15 - 000000000 ____D C:\Windows\system32\slmgr
2024-08-21 20:15 - 2022-05-07 13:15 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ___SD C:\Windows\system32\F12
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ___SD C:\Windows\system32\dsc
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\SysWOW64\oobe
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\SysWOW64\Com
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\Sysprep
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\Sgrm
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\oobe
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\migwiz
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\Dism
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\Com
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\IME
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files\Windows Defender
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files\Common Files\System
2024-08-21 20:15 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-08-21 20:15 - 2022-05-07 11:02 - 000000000 ____D C:\Windows\servicing
2024-08-21 20:15 - 2022-05-07 11:02 - 000000000 ____D C:\Windows\CbsTemp
2024-08-21 20:13 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\OCR
2024-08-18 15:54 - 2022-05-07 11:09 - 000000000 ____D C:\ProgramData\USOPrivate
2024-08-18 15:39 - 2024-07-29 04:01 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-08-18 15:39 - 2024-07-29 03:58 - 000012288 ___SH C:\DumpStack.log.tmp
2024-08-18 15:39 - 2024-07-29 03:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-08-18 15:39 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\ServiceState
2024-08-18 15:39 - 2022-05-07 11:02 - 000524288 _____ C:\Windows\system32\config\BBI
2024-08-18 15:38 - 2024-07-30 12:27 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2024-08-18 15:38 - 2024-07-29 03:58 - 000332096 _____ C:\Windows\system32\FNTCACHE.DAT
2024-08-18 15:38 - 2023-10-01 12:40 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-08-18 15:38 - 2022-05-07 13:24 - 000000000 ___SD C:\Windows\system32\AppV
2024-08-18 15:38 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\SystemResources
2024-08-18 15:38 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-08-18 15:38 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\bcastdvr
2024-08-18 15:37 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\LiveKernelReports

==================== Files in the root of some directories ========

2024-07-29 10:07 - 2024-09-15 11:08 - 000000016 _____ () C:\Users\Ripple\AppData\Roaming\obs-virtualcam.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
          Addition
          [HEADING=1]
          Code:
          Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2024
Ran by Ripple (15-09-2024 12:14:15)
Running from C:\Users\Ripple\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.4037 (X64) (2024-07-28 22:16:30)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-321866159-774951516-752708211-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-321866159-774951516-752708211-503 - Limited - Disabled)
Guest (S-1-5-21-321866159-774951516-752708211-501 - Limited - Disabled)
Ripple (S-1-5-21-321866159-774951516-752708211-1001 - Administrator - Enabled) => C:\Users\Ripple
WDAGUtilityAccount (S-1-5-21-321866159-774951516-752708211-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 24.07 (x64) (HKLM...\7-Zip) (Version: 24.07 - Igor Pavlov)
Control Center Service (HKLM...{6ea3ce12-b991-4b65-9f8d-b148eaaecd87}_is1) (Version: 4.1.47.11 - OEM)
Core Temp 1.18.1 (HKLM...{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.18.1 - ALCPU)
Discord (HKU\S-1-5-21-321866159-774951516-752708211-1001...\Discord) (Version: 1.0.9011 - Discord Inc.)
FTMO MetaTrader 5 (HKLM...\FTMO MetaTrader 5) (Version: 5.00 - MetaQuotes Ltd.)
Geeks3D FurMark 2.3.0.0 x64 (HKLM...{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 2.3.0.0 - Geeks3D)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 128.0.6613.138 - Google LLC)
Intel(R) Chipset Device Software (HKLM...{BB1E910B-7D2D-4FC8-A87C-5A53CAC2D5A8}) (Version: 10.1.19159.8331 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32...{a8ed3a4b-8ec2-4b7d-b0f6-0f4db00ea2ce}) (Version: 10.1.19159.8331 - Intel(R) Corporation)
Internet Download Manager (HKLM-x32...\Internet Download Manager) (Version: 6.42.18 - Tonec Inc.)
Malwarebytes version 5.1.10.127 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.10.127 - Malwarebytes)
MetaTrader 4 EXNESS (HKLM-x32...\MetaTrader 4 EXNESS) (Version: 4.00 - MetaQuotes Ltd.)
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 128.0.2739.79 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 128.0.2739.79 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM...\ProPlus2019Retail - en-us) (Version: 16.0.17928.20156 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32...{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32...{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32...{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32...{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM...{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM...{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM...\Mozilla Firefox 130.0 (x64 en-US)) (Version: 130.0 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 128.0.3 - Mozilla)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.28.0.417 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.28.0.417 - NVIDIA Corporation)
NVIDIA Graphics Driver 560.94 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.94 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.4.0.1 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.0.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
NVIDIA USBC Driver 1.52.831.832 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.52.831.832 - NVIDIA Corporation)
OBS Studio (HKLM-x32...\OBS Studio) (Version: 30.2.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17928.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17928.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM...{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
OmegaT version 5.7.1_Beta (HKLM...\org.omegat_is1) (Version: 5.7.1_Beta - OmegaT)
qBittorrent (HKLM-x32...\qBittorrent) (Version: 4.6.5 - The qBittorrent project)
Spotify (HKU\S-1-5-21-321866159-774951516-752708211-1001...\Spotify) (Version: 1.2.13.661.ga588f749 - Spotify AB)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop (HKU\S-1-5-21-321866159-774951516-752708211-1001...{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.5.5 - Telegram FZ-LLC)
VLC media player (HKLM...\VLC media player) (Version: 3.0.21 - VideoLAN)
[HEADING=1]Packages:[/HEADING]
AppUp.IntelGraphicsExperience → C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5587.0_x64__8j3eq9eme6ctt [2024-08-21] (INTEL CORP) [Startup Task]
GamingCenter3_Cross → C:\Program Files\WindowsApps\ControlCenter3_4.1.47.11_x64__h329z55cwnj8g [2024-07-29] (STD) [Startup Task]
MicrosoftWindows.LKG.DesktopSpotlight → C:\Windows\SystemApps\LKG\MicrosoftWindows.LKG.DesktopSpotlight_cw5n1h2txyewy [2024-08-18] (Microsoft Windows)
NVIDIA Control Panel → C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-08-24] (NVIDIA Corp.)
Photos → C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.31001.0_x64__8wekyb3d8bbwe [2024-08-07] (Microsoft Corporation) [Startup Task]
Realtek Audio Control → C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.40.287.0_x64__dt26b99r8h8gj [2024-07-29] (Realtek Semiconductor Corp)
Widgets Platform Runtime → C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.4.0.0_x64__8wekyb3d8bbwe [2024-09-12] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ IDM Shell Extension] → {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. → Tonec FZE)
ContextMenuHandlers1: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-09-15] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers4: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_06515397070a8096\nvshext.dll [2024-08-15] (NVIDIA Corporation → NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-09-15] (Malwarebytes Inc. → Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2024-09-15 10:47 - 2024-09-15 10:47 - 000457216 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] \?\C:\Users\Ripple\AppData\Local\Temp\JNA361~1.DLL
2024-07-29 07:46 - 2024-06-19 12:45 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2024-09-15 10:47 - 2024-09-15 10:47 - 000198144 ____N (Java™ Native Access (JNA)) [File not signed] C:\Users\Ripple\AppData\Local\Temp\jna–1846959536\jna6908979106209212219.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=“Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: IDM integration (IDMIEHlprObj Class) → {0055C089-8582-441B-A0BF-17B458C2A3A8} → C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. → Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) → {0055C089-8582-441B-A0BF-17B458C2A3A8} → C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. → Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-08-30] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation → Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 11:09 - 2022-05-07 11:07 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-321866159-774951516-752708211-1001\Control Panel\Desktop\Wallpaper → C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 110.44.112.245 - 110.44.113.245
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
[HEADING=1]Network Binding:[/HEADING]
Ethernet: Realtek Gaming 2.5GbE Family Controller → rt25cx21x64.sys
Wi-Fi: Intel(R) Wi-Fi 6 AX201 160MHz → Netwtw14.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) → bthpan.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{02431F45-E9AC-43E8-A3A8-37D096806592}] => (Allow) C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe (Uniwill Technology Inc. → )
FirewallRules: [{694497C3-87AA-421F-B299-6BBE35B700A4}] => (Allow) C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe (Uniwill Technology Inc. → )
FirewallRules: [{EF694CD0-163C-4988-ACE1-48722886C00D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{B031D41E-9847-42A2-BFB7-912655A44A09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{4213CCC7-B110-417D-867E-3AB97DE6D547}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{20311AB3-F824-4165-9454-67E3AFBF8B8D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{AEE6511B-5730-4C56-AF45-37EF5B2D6961}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{C30935AC-052B-4490-8C0B-324053BE5D7F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{5AB4FD8C-F165-4485-A3DB-B0516121795E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [UDP Query User{FB24A1C2-65C4-40D8-8FD5-B429B851797B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [TCP Query User{17C2401D-3DAA-49EB-AB2D-7608C5020E9C}C:\users\ripple\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ripple\appdata\roaming\spotify\spotify.exe (Spotify AB → Spotify Ltd) [File not signed]
FirewallRules: [UDP Query User{28A08DED-D679-432F-92BA-0BAC5B822B91}C:\users\ripple\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ripple\appdata\roaming\spotify\spotify.exe (Spotify AB → Spotify Ltd) [File not signed]
FirewallRules: [{9C163EDD-58ED-46AD-98DB-FF457C64BDC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{10D85514-C343-400A-B1CA-47A24B764B79}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{80B032A4-81CC-4032-97B8-E35E7455E883}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{4667A03D-ED91-46C5-8B5B-184E13AEE9FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{930D53A9-59A7-4237-BBB7-7175DA9337FB}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{469B242C-701A-44AE-830B-9ACBD43FDC6B}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{74E2B35A-573A-4D75-8BFF-C4D6279218CC}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{2DC30722-E022-4A41-B25C-A984DAF7099D}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [{2002B01F-A0E4-4EC4-9EAA-A147AD2C1ADE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{F3EC1F4F-F233-45A1-A502-C8C6EFCC27E8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{0FDEB5CA-1916-450E-B1FC-D1BDE93F9673}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{B0ED0ED8-3AA3-447A-AE01-08E0543F5029}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{86B976B6-29B9-4FDF-9BB2-120C197A2948}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PokerLegends\PokerLegends.exe () [File not signed]
FirewallRules: [{5EA9C06F-A505-4868-93F5-5557D2E0E3AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PokerLegends\PokerLegends.exe () [File not signed]
FirewallRules: [TCP Query User{83805201-4313-4F94-A4DB-F199F2AC40AA}C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe => No File
FirewallRules: [UDP Query User{CE6D0CD7-D07E-45C4-86F7-4E61A2416491}C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe => No File
FirewallRules: [{BC530A5C-B941-46E6-B13A-91B141BA4AD8}] => (Allow) C:\Program Files\FTMO MetaTrader 5\metatester64.exe (MetaQuotes Ltd → MetaQuotes Ltd.)
FirewallRules: [TCP Query User{E4A2FAA8-D117-4F90-BF43-216FEC732FBA}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe => No File
FirewallRules: [UDP Query User{4219C3AD-CB60-4B4C-BB41-A83AD2AD51AE}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe => No File
FirewallRules: [TCP Query User{1A17A0D5-15CB-4506-B26B-4FADCB533E0E}C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe => No File
FirewallRules: [UDP Query User{753DFF81-ECEB-4F1D-943E-B1849141290A}C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe => No File
FirewallRules: [{A03F0984-CA23-421E-99D7-3C658D0F1A98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe (UBISOFT ENTERTAINMENT INC. → Blue Mammoth Games)
FirewallRules: [{F4058A20-94A1-481C-B788-4C2876AE8D81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe (UBISOFT ENTERTAINMENT INC. → Blue Mammoth Games)
FirewallRules: [{F76E9603-C274-4992-BD26-492077E27F71}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [TCP Query User{266F160B-8A77-4611-B772-5E102C8AA168}D:\games\soulstone.survivors.v2024.08.07.hotfix.4\soulstone.survivors.v2024.08.07.hotfix.4\soulstone survivors.exe] => (Allow) D:\games\soulstone.survivors.v2024.08.07.hotfix.4\soulstone.survivors.v2024.08.07.hotfix.4\soulstone survivors.exe () [File not signed]
FirewallRules: [UDP Query User{90508C2E-3BEF-4BC2-A2E2-6FACF0F179A1}D:\games\soulstone.survivors.v2024.08.07.hotfix.4\soulstone.survivors.v2024.08.07.hotfix.4\soulstone survivors.exe] => (Allow) D:\games\soulstone.survivors.v2024.08.07.hotfix.4\soulstone.survivors.v2024.08.07.hotfix.4\soulstone survivors.exe () [File not signed]
FirewallRules: [{E29341C1-B664-4F15-B0ED-113BFAF609D8}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:930.66 GB) (Free:816.58 GB) (88%)

==================== Faulty Device Manager Devices ============

Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (09/08/2024 10:53:29 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HVT1NAR)
Description: Faulting application name: IDMan.exe, version: 6.42.17.3, time stamp: 0x66a18766
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000040
Faulting process id: 0x0x2d48
Faulting application start time: 0x0x1db018f708cbae7
Faulting application path: C:\Program Files (x86)\Internet Download Manager\IDMan.exe
Faulting module path: unknown
Report Id: 62143fed-cc8c-4329-907d-57b005e128a4
Faulting package full name:
Faulting package-relative application ID:

Error: (09/05/2024 11:59:29 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HVT1NAR)
Description: Faulting application name: smartscreen.exe, version: 10.0.22621.3672, time stamp: 0xae0f1a45
Faulting module name: SmartScreen.DLL, version: 1.0.0.79, time stamp: 0x6606ec67
Exception code: 0xc0000409
Fault offset: 0x00000000001d8255
Faulting process id: 0x0x5f5c
Faulting application start time: 0x0x1daffbf5a7bbd98
Faulting application path: C:\Windows\System32\smartscreen.exe
Faulting module path: C:\Windows\System32\SmartScreen.DLL
Report Id: b6f33e8b-28c3-4771-a6e1-983d141eab54
Faulting package full name:
Faulting package-relative application ID:

Error: (09/05/2024 11:48:22 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HVT1NAR)
Description: Faulting application name: IDMan.exe, version: 6.42.17.3, time stamp: 0x66a18766
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfff2ebe8
Faulting process id: 0x0x33e4
Faulting application start time: 0x0x1daff4fc691863c
Faulting application path: C:\Program Files (x86)\Internet Download Manager\IDMan.exe
Faulting module path: unknown
Report Id: b8118f98-28ca-448b-8371-0ca83eed43a7
Faulting package full name:
Faulting package-relative application ID:

Error: (09/05/2024 08:30:12 AM) (Source: Firefox Default Browser Agent) (EventID: 5) (User: )
Description: Event-ID 5

Error: (08/30/2024 06:51:03 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: GCUService.exe, version: 1.0.2.70, time stamp: 0x640579b1
Faulting module name: KERNELBASE.dll, version: 10.0.22621.3958, time stamp: 0xfbc3a4f6
Exception code: 0xe0434352
Fault offset: 0x000000000005fabc
Faulting process id: 0x0x5188
Faulting application start time: 0x0x1dafa3fe09d31eb
Faulting application path: C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\GCUService.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: db2970c3-3e30-4174-ada7-b46eea3da9ce
Faulting package full name:
Faulting package-relative application ID:

Error: (08/30/2024 06:51:01 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GCUService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Management.ManagementException
at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
at System.Management.ManagementObjectCollection+ManagementObjectEnumerator.MoveNext()
at MyControlCenter.HardwareInfoCollect.getGraphicInfo()
at MyControlCenter.GPUInfo..ctor()
at MyControlCenter.MySystemManager..ctor()
at MyControlCenter.MySystemCtrl..ctor()
at MyControlCenter.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at MyControlCenter.App.Main()

Error: (08/28/2024 11:21:49 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HVT1NAR)
Description: Faulting application name: ipf_helper.exe, version: 1.0.10900.26658, time stamp: 0x623def6c
Faulting module name: MMDevApi.dll, version: 10.0.22621.3672, time stamp: 0xaed02870
Exception code: 0xc0000005
Fault offset: 0x000000000001389d
Faulting process id: 0x0x28b0
Faulting application start time: 0x0x1daf8eb22a49948
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_helper.exe
Faulting module path: C:\Windows\System32\MMDevApi.dll
Report Id: 5e802481-f1d1-43a4-acef-6784ae898c73
Faulting package full name:
Faulting package-relative application ID:

Error: (08/25/2024 08:21:40 AM) (Source: Software Protection Platform Service) (EventID: 8228) (User: )
Description: The rules engine failed to evaluate the rules.
Reason:0x80070057
Stage:BUILD_FULL_MACHINE_STATE
Additional Data:
[HEADING=1]System errors:[/HEADING]
Error: (09/15/2024 10:56:20 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.101.2 with the system
having network hardware address 74-40-BB-7E-89-88. Network operations on this system may
be disrupted as a result.

Error: (09/15/2024 10:44:23 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {12f1ea6e-1cc3-4b42-945b-a76da2a8f13c}, had event 74

Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
[HEADING=1]Windows Defender:[/HEADING]
Date: 2024-09-15 12:00:02
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

https://www.microsoft.com/en-us/wdsi/threats/threat-search?query=HackTool:Win32%2FKmsactivator

Name: HackTool:Win32/Kmsactivator
Severity: High
Category: Tool
Path: file:_D:\Downloads\Microsoft Office 2019 Pro Plus v2010 Build 13328.20292 x64 [FileCR]\Microsoft Activation Scripts 1.4\Separate-Files-Version\Activators\Online_KMS_Activation\Activate.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Ripple\AppData\Local\Temp{7e46bbcd-bf24-4560-9f44-a1393678d63c}\b7129dc5.exe
Security intelligence Version: AV: 1.417.707.0, AS: 1.417.707.0, NIS: 1.417.707.0
Engine Version: AM: 1.1.24070.3, NIS: 1.1.24070.3

Date: 2024-09-15 10:44:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-09-14 10:04:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-09-12 09:32:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-09-11 10:12:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2024-09-15 12:09:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.

Date: 2024-09-15 12:08:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.

Date: 2024-09-15 12:08:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends International, LLC. N.1.14STD00 09/15/2022
Motherboard: Standard Standard
Processor: 12th Gen Intel(R) Core™ i7-12700H
Percentage of memory in use: 40%
Total physical RAM: 32508.54 MB
Available physical RAM: 19188.43 MB
Total Virtual: 34556.54 MB
Available Virtual: 18297.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.66 GB) (Free:816.58 GB) (Model: CT1000P3PSSD8) NTFS
Drive d: (PortableSSD) (Fixed) (Total:931.51 GB) (Free:157.26 GB) (Model: SanDisk Portable SSD SCSI Disk Device) NTFS
Drive e: (portable movies & games) (Fixed) (Total:953.85 GB) (Free:448.53 GB) (Model: JMicron Tech SCSI Disk Device) NTFS

\?\Volume{5491c0a9-bfef-4b8a-9018-be1ebcfc7203}\ () (Fixed) (Total:0.74 GB) (Free:0.06 GB) NTFS
\?\Volume{af972d02-d4b6-4ecb-aa91-ebcf7f919406}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
          [/HEADING]

            Comment

            • maxim123
              PCHF Member
              • Aug 2017
              • 466
              #4
              Originally posted by Malnutrition
              Post frst logs . ???
              Hi, additional note. I tried to check the email which I login in just my phone. I don’t use it in pc or anywhere else. and even it showed meta stealer stealer 9/1/2024. the password leaked isn’t of google id tho, it seems to be password of some site or something. and it only showed meta stealer stealer and one password as exposed.

              and the laptop has been reset with everything reinstalled recently as well (almost 2 months now). so not sure where the malware came form.

                Comment

                • Malnutrition
                  PCHF Moderator
                  • Jul 2016
                  • 7045
                  #5
                  [HEADING=1][COLOR=rgb(243, 121, 52)]FRST Fix:[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]

                  Copy the content of the code box below.
                  [COLOR=rgb(243, 121, 52)]Do not copy the word code!!!
                  Right Click FRST and run as Administrator.
                  Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
                  Attach it to your next message.
                  Code:
                  start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
S3 ALSysIO; \??\C:\Users\Ripple\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
2024-09-08 23:45 - 2024-09-08 23:45 - 000000056 _____ C:\Users\Public\Documents\pre_fileassoc.tmp
FirewallRules: [{930D53A9-59A7-4237-BBB7-7175DA9337FB}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{469B242C-701A-44AE-830B-9ACBD43FDC6B}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{74E2B35A-573A-4D75-8BFF-C4D6279218CC}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{2DC30722-E022-4A41-B25C-A984DAF7099D}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [TCP Query User{83805201-4313-4F94-A4DB-F199F2AC40AA}C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe => No File
FirewallRules: [UDP Query User{CE6D0CD7-D07E-45C4-86F7-4E61A2416491}C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe => No File
FirewallRules: [TCP Query User{E4A2FAA8-D117-4F90-BF43-216FEC732FBA}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe => No File
FirewallRules: [UDP Query User{4219C3AD-CB60-4B4C-BB41-A83AD2AD51AE}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe => No File
FirewallRules: [TCP Query User{1A17A0D5-15CB-4506-B26B-4FADCB533E0E}C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe => No File
FirewallRules: [UDP Query User{753DFF81-ECEB-4F1D-943E-B1849141290A}C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe => No File

Startbatch:
schtasks /Change /TN "\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem130.0.6679.0{DE0E3A96-740A-410D-9760-C6ADBCEC90A7}" /Disable
schtasks /Change /TN "\Mozilla\Firefox Background Update S-1-5-21-321866159-774951516-752708211-1001 308046B0AF4A39CB" /Disable
schtasks /Change /TN "\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" /Disable
schtasks /Change /TN "\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /Disable
schtasks /Change /TN "\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /Disable
schtasks /Change /TN "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /Disable
schtasks /Change /TN "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /Disable
schtasks /Change /TN "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /Disable
schtasks /Change /TN "\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /Disable
schtasks /Change /TN "\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /Disable
schtasks /Change /TN "\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /Disable
schtasks /Change /TN "\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /Disable
sfc /scannow
dism /online /cleanup-image /restorehealth
del /s /q "%userprofile%\AppData\Local\temp\*.*"
EndBatch:

C:\Windows\system32\drivers\etc\hosts
Hosts:
RemoveProxy:
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
EmptyTemp:
Reboot:
End::


                  [HEADING=2][COLOR=rgb(243, 121, 52)]Dr Web Scan[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]

                  [ul]
                  [li]Disable your antivirus[/li][li]Download Dr Web[/li][li]Save the file to your desktop.[/li][li]Right Click on the randomly named file.[/li][li]Run as administrator.[/li][li]Agree to terms and continue.[/li][li]Select objects for scanning, make sure all boxes are ticked.[/li][li]Then check mark the click to select files and folders.[/li][li]Make sure C: drive is checked.[/li][li]Click OK.[/li][li]Then click start scanning.[/li][li]Once the scan is completed.[/li][li]click on open report.[/li][li]Then select file.[/li][li]Save then save cureit.log to desktop.[/li][li]Upload the log to https://pomf2.lain.la/ or https://ufile.io/ and send me a link to the file.[/li][li]If you are sure about the files detected being malicious.[/li][li]Then make sure all items are ticked and under action move to delete.[/li][li]Then hit the Neutralize button.[/li][li]Reboot your computer after the scan.[/li][/ul]



                  [HEADING=2][COLOR=rgb(243, 121, 52)]Autologger Scan[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]

                  Download Autologger to your desktop.
                  Disable your Anitivirus/Defender prior to running.

                  [ul]
                  [li]Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----[/li][li]Right click Autologger and run as administrator. (Xp user double click)[/li][li]AVZ4 will open and scan your machine, allow this to complete.[/li][li]Upload Collectionlog.zip to your next reply.[/li][/ul][/color][/color][/COLOR][/color]

                    Comment

                    • maxim123
                      PCHF Member
                      • Aug 2017
                      • 466
                      #6
                      Originally posted by Malnutrition
                      Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
                      [HEADING=1]
                      Code:
                      Fix result of Farbar Recovery Scan Tool (x64) Version: 09-09-2024
Ran by Ripple (15-09-2024 21:02:12) Run:1
Running from C:\Users\Ripple\Desktop
Loaded Profiles: Ripple
Boot Mode: Normal[/HEADING]
fixlist content:
[HR][/HR]
start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S3 ALSysIO; ??\C:\Users\Ripple\AppData\Local\Temp\ALSysIO64.sys <==== ATTENTION
2024-09-08 23:45 - 2024-09-08 23:45 - 000000056 _____ C:\Users\Public\Documents\pre_fileassoc.tmp
FirewallRules: [{930D53A9-59A7-4237-BBB7-7175DA9337FB}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{469B242C-701A-44AE-830B-9ACBD43FDC6B}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{74E2B35A-573A-4D75-8BFF-C4D6279218CC}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{2DC30722-E022-4A41-B25C-A984DAF7099D}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [TCP Query User{83805201-4313-4F94-A4DB-F199F2AC40AA}C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe => No File
FirewallRules: [UDP Query User{CE6D0CD7-D07E-45C4-86F7-4E61A2416491}C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe => No File
FirewallRules: [TCP Query User{E4A2FAA8-D117-4F90-BF43-216FEC732FBA}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe => No File
FirewallRules: [UDP Query User{4219C3AD-CB60-4B4C-BB41-A83AD2AD51AE}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe => No File
FirewallRules: [TCP Query User{1A17A0D5-15CB-4506-B26B-4FADCB533E0E}C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe => No File
FirewallRules: [UDP Query User{753DFF81-ECEB-4F1D-943E-B1849141290A}C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe => No File

Startbatch:
schtasks /Change /TN “\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem130.0.6679.0{DE0E3A96-740A-410D-9760-C6ADBCEC90A7}” /Disable
schtasks /Change /TN “\Mozilla\Firefox Background Update S-1-5-21-321866159-774951516-752708211-1001 308046B0AF4A39CB” /Disable
schtasks /Change /TN “\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB” /Disable
schtasks /Change /TN “\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” /Disable
schtasks /Change /TN “\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” /Disable
schtasks /Change /TN “\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” /Disable
schtasks /Change /TN “\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” /Disable
schtasks /Change /TN “\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” /Disable
schtasks /Change /TN “\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” /Disable
schtasks /Change /TN “\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” /Disable
schtasks /Change /TN “\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” /Disable
schtasks /Change /TN “\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” /Disable
sfc /scannow
dism /online /cleanup-image /restorehealth
del /s /q “%userprofile%\AppData\Local\temp*.*”
EndBatch:

C:\Windows\system32\drivers\etc\hosts
Hosts:
RemoveProxy:
C:\Windows\Temp*.*
C:\WINDOWS\system32*.tmp
C:\WINDOWS\syswow64*.tmp
EmptyTemp:
Reboot:
End::
[HR][/HR]
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}” => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker” => removed successfully
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
ALSysIO => service removed successfully
C:\Users\Public\Documents\pre_fileassoc.tmp => moved successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{930D53A9-59A7-4237-BBB7-7175DA9337FB}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{469B242C-701A-44AE-830B-9ACBD43FDC6B}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{74E2B35A-573A-4D75-8BFF-C4D6279218CC}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{2DC30722-E022-4A41-B25C-A984DAF7099D}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\TCP Query User{83805201-4313-4F94-A4DB-F199F2AC40AA}C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\UDP Query User{CE6D0CD7-D07E-45C4-86F7-4E61A2416491}C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\TCP Query User{E4A2FAA8-D117-4F90-BF43-216FEC732FBA}C:\ccproxy\ccproxy.exe” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\UDP Query User{4219C3AD-CB60-4B4C-BB41-A83AD2AD51AE}C:\ccproxy\ccproxy.exe” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\TCP Query User{1A17A0D5-15CB-4506-B26B-4FADCB533E0E}C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\UDP Query User{753DFF81-ECEB-4F1D-943E-B1849141290A}C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe” => removed successfully

========= Batch: =========
SUCCESS: The parameters of scheduled task “\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem130.0.6679.0{DE0E3A96-740A-410D-9760-C6ADBCEC90A7}” have been changed.

SUCCESS: The parameters of scheduled task “\Mozilla\Firefox Background Update S-1-5-21-321866159-774951516-752708211-1001 308046B0AF4A39CB” have been changed.

SUCCESS: The parameters of scheduled task “\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB” have been changed.

SUCCESS: The parameters of scheduled task “\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” have been changed.

SUCCESS: The parameters of scheduled task “\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” have been changed.

SUCCESS: The parameters of scheduled task “\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” have been changed.

SUCCESS: The parameters of scheduled task “\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” have been changed.

SUCCESS: The parameters of scheduled task “\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” have been changed.

SUCCESS: The parameters of scheduled task “\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” have been changed.

SUCCESS: The parameters of scheduled task “\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” have been changed.

SUCCESS: The parameters of scheduled task “\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” have been changed.

SUCCESS: The parameters of scheduled task “\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}” have been changed.

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

Deployment Image Servicing and Management tool
Version: 10.0.22621.2792

Image Version: 10.0.22631.4037

[== 3.8% ]

[== 4.8% ]

[=== 5.7% ]

[=== 6.7% ]

[==== 7.7% ]

[===== 8.7% ]

[===== 9.7% ]

[====== 10.6% ]

[====== 11.6% ]

[======= 12.6% ]

[======= 13.6% ]

[======== 14.6% ]

[========= 15.5% ]

[========= 16.5% ]

[========== 17.4% ]

[========== 18.1% ]

[========== 18.4% ]

[=========== 19.4% ]

[=========== 20.4% ]

[============ 21.4% ]

[============ 22.3% ]

[============= 23.3% ]

[============== 24.3% ]

[============== 25.3% ]

[=============== 26.3% ]

[=============== 27.2% ]

[================ 28.2% ]

[================ 29.2% ]

[================= 30.2% ]

[================== 31.2% ]

[================== 32.2% ]

[=================== 32.9% ]

[=================== 33.6% ]

[==================== 34.6% ]

[==================== 35.5% ]

[==================== 36.1% ]

[===================== 36.4% ]

[===================== 37.4% ]

[====================== 38.3% ]

[====================== 39.2% ]

[======================= 40.2% ]

[======================= 41.1% ]

[======================== 42.1% ]

[======================== 43.1% ]

[========================= 44.1% ]

[========================== 45.1% ]

[========================== 46.0% ]

[===========================47.0% ]

[===========================48.0% ]

[===========================49.0% ]

[===========================50.0% ]

[===========================50.9% ]

[===========================51.4% ]

[===========================51.6% ]

[===========================51.8% ]

[===========================51.9% ]

[===========================52.0% ]

[===========================52.2% ]

[===========================52.4% ]

[===========================52.5% ]

[===========================52.7% ]

[===========================53.0% ]

[===========================53.1% ]

[===========================53.7% ]

[===========================53.9% ]

[===========================54.0% ]

[===========================54.2% ]

[===========================54.3% ]

[===========================54.4% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.7% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.8% ]

[===========================55.9% ]

[===========================56.1% ]

[===========================56.4% ]

[===========================56.5% ]

[===========================57.1%= ]

[===========================58.1%= ]

[===========================59.1%== ]

[===========================59.2%== ]

[===========================59.2%== ]

[===========================60.2%== ]

[===========================62.3%==== ]

[===========================77.4%============ ]

[===========================84.9%================= ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

Deleted file - C:\Users\Ripple\AppData\Local\temp%%%E7D2.tmp
C:\Users\Ripple\AppData\Local\temp\763cd9f9-a481-4e27-8296-ae84b51edf33.tmp
Deleted file - C:\Users\Ripple\AppData\Local\temp\cv_debug.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\DELAF76.tmp
Deleted file - C:\Users\Ripple\AppData\Local\temp\DESKTOP-HVT1NAR-20240909-0913.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\eb233bcb3cb529532ee8ed8391e7b361-{87A94AB0-E370-4cde-98D3-ACC110C5967D}
Deleted file - C:\Users\Ripple\AppData\Local\temp\FoxitUpdater.exe
Deleted file - C:\Users\Ripple\AppData\Local\temp\geek64.exe
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna2355457576831686606.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna2650685173163357296.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna2782299811601579520.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna3269769159687988850.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna3516193896059006248.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna3619659016750486168.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna3798264892948367896.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna4517108486963432144.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna4944378650794346426.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna4955990168550386399.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna5712217801988948830.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\mbsetup.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\NotifyIconGeneratedAumid_10791653829802541811.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\NotifyIconGeneratedAumid_503680292028636838.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\opentracing.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\Sensor.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\StructuredQuery.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\you5F02.tmp
Deleted file - C:\Users\Ripple\AppData\Local\temp\youC844.tmp
Deleted file - C:\Users\Ripple\AppData\Local\temp_iu14D2N.tmp
Deleted file - C:\Users\Ripple\AppData\Local\temp~DF0DEC9135298453C5.TMP
Deleted file - C:\Users\Ripple\AppData\Local\temp~DF3860B5C5C344B009.TMP
Deleted file - C:\Users\Ripple\AppData\Local\temp~DF553204EF41D3FD44.TMP
Deleted file - C:\Users\Ripple\AppData\Local\temp~DF5775D0AF17C7FC56.TMP
Deleted file - C:\Users\Ripple\AppData\Local\temp~DF60C5F3AE15E7F31E.TMP
Deleted file - C:\Users\Ripple\AppData\Local\temp~DF8DB4397DADFC09BD.TMP
Deleted file - C:\Users\Ripple\AppData\Local\temp~DFA269D813BE555ABE.TMP
Deleted file - C:\Users\Ripple\AppData\Local\temp~DFA7CACEF2BD4F5A55.TMP
Deleted file - C:\Users\Ripple\AppData\Local\temp~DFEC0BD0F8F287CD5D.TMP
Deleted file - C:\Users\Ripple\AppData\Local\temp\7zO440C11BE\622.csv
Deleted file - C:\Users\Ripple\AppData\Local\temp\7zO4F37D9BD\622.csv
Deleted file - C:\Users\Ripple\AppData\Local\temp\7zOC00D06B4\HOW TO RUN GAME!!.txt
Deleted file - C:\Users\Ripple\AppData\Local\temp\7zOC4955E6E\SumatraPDF-settings.txt
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Primary1726051784867512200_85567BC8-EF66-402F-B79F-691BFA0C9269.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Primary1726120084583931700_347A3CCD-7B4F-4C1C-AFCD-52706B35DFBA.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Primary1726207268095933200_FA6BFFE1-7B72-4C9C-A643-73BB43922110.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Primary1726207268096261100_FA6BFFE1-7B72-4C9C-A643-73BB43922110.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Additional\Additional1726051784868254200_85567BC8-EF66-402F-B79F-691BFA0C9269.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Additional\Additional1726120084586140700_347A3CCD-7B4F-4C1C-AFCD-52706B35DFBA.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Additional\Additional1726207268097913200_FA6BFFE1-7B72-4C9C-A643-73BB43922110.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Additional\Additional1726207268098313100_FA6BFFE1-7B72-4C9C-A643-73BB43922110.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\POWERPNT\Primary1726034614672117800_066F9F9A-EDB7-4EF8-A907-BFE25C1B7BA7.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\POWERPNT\Primary1726034773735593900_D9136495-911D-48AE-9D5A-D7B4DB6DFDEE.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\POWERPNT\Primary1726123523227564400_0CB25E24-1A97-4262-9FB6-D3198E97944A.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\POWERPNT\Primary1726123523227980000_0CB25E24-1A97-4262-9FB6-D3198E97944A.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\POWERPNT\Additional\Additional1726034614673181200_066F9F9A-EDB7-4EF8-A907-BFE25C1B7BA7.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\POWERPNT\Additional\Additional1726034773736724900_D9136495-911D-48AE-9D5A-D7B4DB6DFDEE.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\POWERPNT\Additional\Additional1726123523229761500_0CB25E24-1A97-4262-9FB6-D3198E97944A.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\POWERPNT\Additional\Additional1726123523230029700_0CB25E24-1A97-4262-9FB6-D3198E97944A.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Foxit PDF Reader\HasCountInstallation\20240908\2024.2.3.25184.xml
Deleted file - C:\Users\Ripple\AppData\Local\temp\Foxit PDF Reader\HasCountUninstall\20240909\2024.2.3.25184.xml
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna–1846959536\jna6908979106209212219.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna–1846959536\jna6908979106209212219.dll.x
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir10116_685658311\6aecde68378b34e043d6b7ba5ce56dee.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir11476_1856657378\47b52e66abc337107022cefde354633f.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir18296_1690656638\28fd3a29c691e85866aa0c8e377ab297.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir18296_1690656638\6c9718f1d954c09fb3dc8d410b704522.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir18296_1690656638\f31bce39f47e0a862addede806b0a21b.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir2900_1157538345\28fd3a29c691e85866aa0c8e377ab297.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir2900_1157538345\47b52e66abc337107022cefde354633f.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\SmartScreen\RemoteData\LastPing
Deleted file - C:\Users\Ripple\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings
Deleted file - C:\Users\Ripple\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings_1.0-7e3544113374bc2769af5f67e125ab81de1b4b64c07fe68e2a7bc03646c85dfc

========= End of Batch: =========

C:\Windows\system32\drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings” => removed successfully
“HKU\S-1-5-21-321866159-774951516-752708211-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-321866159-774951516-752708211-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings” => removed successfully

========= End of RemoveProxy: =========

=========== “C:\Windows\Temp*.*” ==========

C:\Windows\Temp\bb3a785178f443fda931098a5a9a306b.db.ses => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240830-1342.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240906-1347.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240906-1925.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240906-2047.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240906-2349.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240907-0803.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240907-0804.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240907-0804a.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240907-0834.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240907-1002.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240908-0720.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240908-0725.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240908-0726.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240908-0804.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240909-0908.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240909-0913.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240909-0914.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240909-0914a.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240909-1130.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240910-0847.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240910-0853.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240910-0914.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240910-1244.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240910-1555.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240911-0930.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240911-0930a.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240911-0935.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240911-0936.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240911-0948.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240911-1017.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240911-1035.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240912-0027.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240912-0936.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240912-0937.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240912-0950.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240912-1937.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240913-0028.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240913-0046.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240913-0941.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240913-0945.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240913-1129.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240913-1210.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240914-0051.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240914-1004.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240914-1009.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240914-1010.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-0039.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-1044.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-1049.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-1049a.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-1050.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-1051.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-1052.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-1052a.log => moved successfully
C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-1157.log => moved successfully
Could not move “C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-2102.log” => Scheduled to move on reboot.
C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-2112.log => moved successfully
C:\Windows\Temp\mbamiservice.log => moved successfully
C:\Windows\Temp\mb_errors999.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\perfboost.exe_c2rdll(202409151051455230).log => moved successfully
C:\Windows\Temp{0F0D3BD3-059A-44B7-B9DB-F41558763750} - OProcSessId.dat => moved successfully
C:\Windows\Temp{1D1D8F5E-366D-4B47-84AE-4D2B93F3445E} - OProcSessId.dat => moved successfully
C:\Windows\Temp{2194D38C-2D45-4E2F-A60E-F2532B259CC8} - OProcSessId.dat => moved successfully
C:\Windows\Temp{37890175-F87A-45D9-93A9-FC02AC349682} - OProcSessId.dat => moved successfully
C:\Windows\Temp{3E8C6E05-1E68-41D1-B490-FE73174B9B77} - OProcSessId.dat => moved successfully
C:\Windows\Temp{64F3D1B2-FA3E-43A5-A777-F2FE1027A40B} - OProcSessId.dat => moved successfully
C:\Windows\Temp{8AFC9FE7-B657-483A-9AF4-F6E18AA3A095} - OProcSessId.dat => moved successfully
C:\Windows\Temp{9A4DE0E4-839F-45EB-A26E-6C34A1748569} - OProcSessId.dat => moved successfully
C:\Windows\Temp{A555A169-E33C-4EB8-BFCA-A0F676E3413E} - OProcSessId.dat => moved successfully
C:\Windows\Temp{A93A8ECF-0187-4606-A9DD-7B467BA6B362} - OProcSessId.dat => moved successfully
C:\Windows\Temp{AD7C4907-4A46-4E80-B68E-EA7EACAEA073} - OProcSessId.dat => moved successfully
C:\Windows\Temp{BDB9741E-E0D8-4EBA-A078-44DA0002FFBB} - OProcSessId.dat => moved successfully
C:\Windows\Temp{C7702467-4E6C-4AC5-9390-8D00865F29D9} - OProcSessId.dat => moved successfully
C:\Windows\Temp{D0386CA4-D654-4C06-8103-2F61CAB985B0} - OProcSessId.dat => moved successfully
C:\Windows\Temp{D6710E2F-2389-4638-A310-A2D5CF296B5D} - OProcSessId.dat => moved successfully
C:\Windows\Temp{D6DA6C5B-5052-4F14-AE48-B3AE9109C735} - OProcSessId.dat => moved successfully
C:\Windows\Temp{DB290A39-DF35-4D32-B9AF-1FCB01002533} - OProcSessId.dat => moved successfully
C:\Windows\Temp{DB87A602-5056-4A6D-BA07-5DCD9B078579} - OProcSessId.dat => moved successfully
C:\Windows\Temp{EA931CB2-2FDC-4C02-A342-13D9C3F3EB97} - OProcSessId.dat => moved successfully

========= End → “C:\Windows\Temp*.*” ========

=========== “C:\WINDOWS\system32*.tmp” ==========

C:\WINDOWS\system32\SET9B68.tmp => moved successfully
C:\WINDOWS\system32\SET9BD6.tmp => moved successfully
C:\WINDOWS\system32\SET9C15.tmp => moved successfully
C:\WINDOWS\system32\SET9D11.tmp => moved successfully

========= End → “C:\WINDOWS\system32*.tmp” ========

=========== “C:\WINDOWS\syswow64*.tmp” ==========

not found

========= End → “C:\WINDOWS\syswow64*.tmp” ========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 120597784 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 883266960 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 430252805 B
Firefox => 1404194552 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 16878 B
NetworkService => 69982 B
Ripple => 266548 B

RecycleBin => 0 B
EmptyTemp: => 2.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-09-2024 21:19:11)

C:\Windows\Temp\DESKTOP-HVT1NAR-20240915-2102.log => Is moved successfully

==== End of Fixlog 21:19:11 ====
                      Note: It took quite a while to finish this. I think over 15 mins, is that normal?[/HEADING]

                        Comment

                        • Malnutrition
                          PCHF Moderator
                          • Jul 2016
                          • 7045
                          #7
                          Yes, [COLOR=rgb(243, 121, 52)]sfc /scannow & [COLOR=rgb(243, 121, 52)]dism /online /cleanup-image /restorehealth were included in the fix script, which can take some time to complete.

                          Continue with the other steps laid our for you please.
                          Windows Resource Protection found corrupt files and successfully repaired them (y)[/COLOR][/COLOR]

                            Comment

                            • maxim123
                              PCHF Member
                              • Aug 2017
                              • 466
                              #8
                              Originally posted by Malnutrition
                              Yes, [COLOR=rgb(243, 121, 52)]sfc /scannow & [COLOR=rgb(243, 121, 52)]dism /online /cleanup-image /restorehealth were included in the fix script, which can take some time to complete.

                              Continue with the other steps laid our for you please.
                              [/COLOR][/COLOR]
                              [COLOR=rgb(243, 121, 52)][COLOR=rgb(243, 121, 52)]
                              yes, dr. web cureit is still going on. it is 1 hr now. stuck at scanned objects: 593155 for a while now.
                              [ATTACH type=“full” alt=“1726418242357.webp”]14436[/ATTACH][/color][/color]

                                Comment

                                • maxim123
                                  PCHF Member
                                  • Aug 2017
                                  • 466
                                  #9
                                  Originally posted by maxim123
                                  yes, dr. web cureit is still going on. it is 1 hr now. stuck at scanned objects: 593155 for a while now.
                                  Upload files for free - cureit.log - ufile.io
                                  https://ufile.io/1eewna7m
                                  Download cureit.log for free from ufile.io instantly, no signup required and no popup ads

                                    Comment

                                    • maxim123
                                      PCHF Member
                                      • Aug 2017
                                      • 466
                                      #10
                                      Originally posted by Malnutrition
                                      Upload Collectionlog.zip to your next reply.

                                        Comment

                                        • Malnutrition
                                          PCHF Moderator
                                          • Jul 2016
                                          • 7045
                                          #11
                                          No threats found in DR Web. I am not seeing anything of concern this will just remove some redundant items, and disable some useless services. (y)



                                          [HEADING=1][COLOR=rgb(243, 121, 52)]Hijack This Fix:[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]

                                          Run HijackThis! as admin! (located in the folder …Autologger\HijackThis)
                                          Do a system scan, then check each item below, make sure and only check the items listed.
                                          Then click Fix checked.
                                          The computer will need to reboot, allow it to do so.
                                          Code:
                                          O23 - Driver R: (no name) - C:\Users\Ripple\AppData\Local\Temp\263AF0F4-BE4FD764-AC558780-649602FC\1438d0b50.sys (file missing)
O23 - Driver R: (no name) - C:\Users\Ripple\AppData\Local\Temp\dwt-3004-16424-384da9eb9.sys (sign: 'Microsoft' - no company)
O23 - Driver R: (no name) - C:\Users\Ripple\AppData\Local\Temp\dwt-3004-7064-1452f60eb.sys (sign: 'Microsoft' - no company)


                                          [HEADING=2][COLOR=rgb(243, 121, 52)]ClearLNK Fix[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]

                                          Look in the Autologger folder and drag out the CheckBrowsersLNK file.
                                          To your desktop.
                                          AutoLogger\CheckBrowserLnk

                                          Drag and drop onto the ClearLNK utility .
                                          After saving ClearLNK to desktop.
                                          [IMG alt=“move.gif”]https://dragokas.com/tools/move.gif




                                          [HEADING=2][COLOR=rgb(243, 121, 52)]FRST Fix:[/HEADING]

                                          Copy the content of the code box below.
                                          Do not copy the word code!!!
                                          Right Click FRST and run as Administrator.
                                          Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
                                          Attach it to your next message.
                                          Code:
                                          start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Unlock: HKLM\SYSTEM\ControlSet001\Services\mbamchameleon
ExportKey: HKLM\SYSTEM\ControlSet001\Services\mbamchameleon

StartBatch:
schtasks /Change /TN "Microsoft\Windows\NetTrace\GatherNetworkInfo" /Disable
schtasks /Change /TN "Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" /Disable
del /s /q "%userprofile%\AppData\Local\temp\*.*"
sc stop DiagTrack
sc stop RasAuto
sc stop RasMan
sc stop SessionEnv
sc stop sysmain
sc stop TermService
sc stop UmRdpService
sc stop RemoteAccess
sc stop dmwappushservice
sc stop WSearch
sc stop lfsvc
sc config RasAuto start= disabled
sc config RasMan start= disabled
sc config SessionEnv start= disabled
sc config TermService start= disabled
sc config UmRdpService start= disabled
sc config RemoteAccess start= disabled
sc config sysmain start= disabled
sc config DiagTrack start= disabled
sc config dmwappushservice start= disabled
sc config WSearch start= disabled
sc config lfsvc start= disabled
manage-bde -off C:
manage-bde -off D:
powercfg -h off
EndBatch:

EmptyTemp:
Reboot:
End::
                                          [/IMG][/color][/color]

                                            Comment

                                            • maxim123
                                              PCHF Member
                                              • Aug 2017
                                              • 466
                                              #12
                                              Originally posted by Malnutrition
                                              Look in the Autologger folder and drag out the CheckBrowsersLNK file.
                                              Hi, the checkbrowserslnk.exe file showed no shortcuts when i dropped it to clearlnk. there was checkbrowserslnkdebug.txt in the same folder which i dragged to clearlnk and it gave me this log:

                                              Code:
                                              ClearLNK by Alex Dragokas ver. 2.9.0.18

OS: x64 Windows 10 Pro, 10.0.22631.4037, Service Pack: 0
Time: 16.09.2024 - 00:24
Language: OS: EN (0x409). Display: EN (0x409). Non-Unicode: EN (0x409)
Elevated: Yes
User: Ripple (group: Administrator)

_____________________________ Begin of Log ______________________________
.
[ OK ] 1 “C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\LiveCaptions.lnk” → [ “C:\Windows\system32\LiveCaptions.exe” ] (icon has been recovered)
[ OK ] 2 “C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk” → [ “C:\Windows\system32\narrator.exe” ] (icon has been recovered)
[ OK ] 3 “C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk” → [ “C:\Windows\system32\osk.exe” ] (icon has been recovered)
[ OK ] 4 “C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\VoiceAccess.lnk” → [ “C:\Windows\system32\voiceaccess.exe” ] (icon has been recovered)
[ OK ] 5 “C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk” → [ “C:\Windows\system32\osk.exe” ] (icon has been recovered)
[ OK ] 6 “C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk” → [ “C:\Windows\system32\narrator.exe” ] (icon has been recovered)
[ OK ] 7 “C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\VoiceAccess.lnk” → [ “C:\Windows\system32\voiceaccess.exe” ] (icon has been recovered)
[ OK ] 8 “C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\LiveCaptions.lnk” → [ “C:\Windows\system32\LiveCaptions.exe” ] (icon has been recovered)
.
[WARN] 9 “C:\Users\Ripple\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk” → [ “C:\Windows\system32\mblctr.exe” ] (already cured)
.
____________________________ Icons location _____________________________
.
[ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\LiveCaptions.lnk” → [ “.”, index=1 ] (Method: 3)
[ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk” → [ “.”, index=1 ] (Method: 3)
[ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk” → [ “.”, index=1 ] (Method: 3)
[ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\VoiceAccess.lnk” → [ “.”, index=1 ] (Method: 3)
[ OK ] “C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk” → [ “.”, index=1 ] (Method: 3)
[ OK ] “C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk” → [ “.”, index=1 ] (Method: 3)
[ OK ] “C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\VoiceAccess.lnk” → [ “.”, index=1 ] (Method: 3)
[ OK ] “C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\LiveCaptions.lnk” → [ “.”, index=1 ] (Method: 3)
.
______________________________ Statistics _______________________________
Cure ran per today: 1 times.

Total processed: 9
[CODE]     Cured:     8
     Warnings:  1
                                              ______________________________ End of Log _______________________________[/CODE]

                                              did the hijack tool.

                                                Comment

                                                • maxim123
                                                  PCHF Member
                                                  • Aug 2017
                                                  • 466
                                                  #13
                                                  Originally posted by Malnutrition
                                                  Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
                                                  [HEADING=1]
                                                  Code:
                                                  Fix result of Farbar Recovery Scan Tool (x64) Version: 09-09-2024
Ran by Ripple (16-09-2024 00:30:36) Run:2
Running from C:\Users\Ripple\Desktop
Loaded Profiles: Ripple
Boot Mode: Normal[/HEADING]
fixlist content:
[HR][/HR]
start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Unlock: HKLM\SYSTEM\ControlSet001\Services\mbamchameleon
ExportKey: HKLM\SYSTEM\ControlSet001\Services\mbamchameleon

StartBatch:
schtasks /Change /TN “Microsoft\Windows\NetTrace\GatherNetworkInfo” /Disable
schtasks /Change /TN “Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask” /Disable
del /s /q “%userprofile%\AppData\Local\temp*.*”
sc stop DiagTrack
sc stop RasAuto
sc stop RasMan
sc stop SessionEnv
sc stop sysmain
sc stop TermService
sc stop UmRdpService
sc stop RemoteAccess
sc stop dmwappushservice
sc stop WSearch
sc stop lfsvc
sc config RasAuto start= disabled
sc config RasMan start= disabled
sc config SessionEnv start= disabled
sc config TermService start= disabled
sc config UmRdpService start= disabled
sc config RemoteAccess start= disabled
sc config sysmain start= disabled
sc config DiagTrack start= disabled
sc config dmwappushservice start= disabled
sc config WSearch start= disabled
sc config lfsvc start= disabled
manage-bde -off C:
manage-bde -off D:
powercfg -h off
EndBatch:

EmptyTemp:
Reboot:
End::
[HR][/HR]
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
“HKLM\SYSTEM\ControlSet001\Services\mbamchameleon” => not found
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon]
“HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon” => not found

=== End of ExportKey ===

========= Batch: =========
SUCCESS: The parameters of scheduled task “Microsoft\Windows\NetTrace\GatherNetworkInfo” have been changed.

SUCCESS: The parameters of scheduled task “Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask” have been changed.

Deleted file - C:\Users\Ripple\AppData\Local\temp\ClearLNK.ini
Deleted file - C:\Users\Ripple\AppData\Local\temp\cv_debug.log
Deleted file - C:\Users\Ripple\AppData\Local\temp{87D8D321-EAB6-4FB6-BCC1-A78BC61CAEF0} - OProcSessId.dat
Deleted file - C:\Users\Ripple\AppData\Local\temp~DFCA075246FE79EA05.TMP
Deleted file - C:\Users\Ripple\AppData\Local\temp\7zO806C9184\622.csv
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Primary1726414759308121500_87D8D321-EAB6-4FB6-BCC1-A78BC61CAEF0.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Primary1726414759308940400_87D8D321-EAB6-4FB6-BCC1-A78BC61CAEF0.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Additional\Additional1726414759309303000_87D8D321-EAB6-4FB6-BCC1-A78BC61CAEF0.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Additional\Additional1726414759310339400_87D8D321-EAB6-4FB6-BCC1-A78BC61CAEF0.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\SmartScreen\RemoteData\LastPing
Deleted file - C:\Users\Ripple\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings
Deleted file - C:\Users\Ripple\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings_1.0-7e3544113374bc2769af5f67e125ab81de1b4b64c07fe68e2a7bc03646c85dfc

[SC] ControlService FAILED 1062:

The service has not been started.

[SC] ControlService FAILED 1062:

The service has not been started.

SERVICE_NAME: RasMan
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 3 STOP_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

[SC] ControlService FAILED 1062:

The service has not been started.

SERVICE_NAME: sysmain
TYPE : 30 WIN32
STATE : 3 STOP_PENDING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x2710

[SC] ControlService FAILED 1062:

The service has not been started.

[SC] ControlService FAILED 1062:

The service has not been started.

[SC] ControlService FAILED 1062:

The service has not been started.

[SC] ControlService FAILED 1062:

The service has not been started.

[SC] ControlService FAILED 1062:

The service has not been started.

SERVICE_NAME: lfsvc
TYPE : 30 WIN32
STATE : 3 STOP_PENDING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x2
WAIT_HINT : 0x2710

[SC] ChangeServiceConfig SUCCESS

[SC] ChangeServiceConfig SUCCESS

[SC] ChangeServiceConfig SUCCESS

[SC] ChangeServiceConfig SUCCESS

[SC] ChangeServiceConfig SUCCESS

[SC] ChangeServiceConfig SUCCESS

[SC] ChangeServiceConfig SUCCESS

[SC] ChangeServiceConfig SUCCESS

[SC] ChangeServiceConfig SUCCESS

[SC] ChangeServiceConfig SUCCESS

[SC] ChangeServiceConfig SUCCESS

BitLocker Drive Encryption: Configuration Tool version 10.0.22621
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

ERROR: An error occurred (code 0x80310008):
BitLocker Drive Encryption is not enabled on this drive. Turn on BitLocker.

BitLocker Drive Encryption: Configuration Tool version 10.0.22621
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

ERROR: An error occurred (code 0x80310008):
BitLocker Drive Encryption is not enabled on this drive. Turn on BitLocker.

0

========= End of Batch: =========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9598922 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 43068966 B
Windows/system/drivers => 1834797 B
Edge => 0 B
Chrome => 0 B
Firefox => 936724090 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1170 B
Ripple => 23931 B

RecycleBin => 0 B
EmptyTemp: => 945.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 00:30:57 ====
                                                  thank you. I will have to hit the bed for now, will reply the first thing after I turn on my laptop tmrw. have a good day/goodnight.[/HEADING]

                                                    Comment

                                                    • Malnutrition
                                                      PCHF Moderator
                                                      • Jul 2016
                                                      • 7045
                                                      #14
                                                      Torrenting, poses significant risks to users’ data security. The decentralized nature of torrents means that files are shared directly between users, which can expose your IP address and other personal information to potentially malicious actors. Additionally, many torrent sites are rife with malware and viruses disguised as legitimate files. These malicious downloads can compromise your device’s security, leading to data breaches where sensitive information such as social media and email passwords can be stolen.

                                                      Given these risks, it is crucial to change all social media and email passwords immediately if you suspect a data breach has occurred due to torrenting activities. This proactive step helps protect your accounts from unauthorized access and further potential damage.

                                                      [COLOR=rgb(243, 121, 52)]Everything looks good, and there is no malware on your machine.

                                                      Download KpRM
                                                      Save to Desktop
                                                      Check Delete Tools’
                                                      Check Delete Restore points.
                                                      Create Restore point.
                                                      Click delete quarantines.
                                                      Then click run.


                                                      I suggest:
                                                      Ublock Origin
                                                      O&O Shutup Ten
                                                      O&O App Buster[/COLOR]

                                                        Comment

                                                        • maxim123
                                                          PCHF Member
                                                          • Aug 2017
                                                          • 466
                                                          #15
                                                          thank you. I have been using torrent just for movies from trusted users, but will limit that. I have changed my passwords.
                                                          Is it okay to delete Autologgers, dr. web files directly since KpRM only removed Frst.

                                                            Comment

                                                            Previous 1 2 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree