Running win 10 64bit. I thought that Malwarebytes had taken care of the malware. Ran eset and it found nothing and Rougekiller also found nothing. Got on the web and looked around, then did a scan with MB and it found more(eight items total now).
======Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by WESSLEE (02-10-2023 19:55:19)
Running from C:\Users\WESSLEE\Downloads
Microsoft Windows 11 Home Version 22H2 22621.2283 (X64) (2022-10-11 12:04:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3491938310-4242456956-3216696182-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3491938310-4242456956-3216696182-503 - Limited - Disabled)
Guest (S-1-5-21-3491938310-4242456956-3216696182-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3491938310-4242456956-3216696182-504 - Limited - Disabled)
WESSLEE (S-1-5-21-3491938310-4242456956-3216696182-1001 - Administrator - Enabled) => C:\Users\WESSLEE
============== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)
Acer Jumpstart (HKLM-x32\...\{0C5ED25A-B8D1-4E71-BFCB-6B370A4EA19C}) (Version: 3.5.22220.20 - Acer)
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Epic Privacy Browser (HKU\S-1-5-21-3491938310-4242456956-3216696182-1001\...\Epic Privacy Browser) (Version: 117.0.5938.92 - Epic)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.7 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{067039C9-A41C-42F5-9571-B06E0700AAA4}) (Version: 3.11.77 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 4.02.01.01 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson Photo+ (HKLM-x32\...\PhotoPlus) (Version: 3.7.3.0 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{DE32F90E-1A29-4D74-BCF1-E7DDB25D713A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson ScanSmart (HKLM-x32\...\{1A1B60BB-F156-4F6D-AD79-8A096B67E9AB}) (Version: 3.7.10 - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{2A369D40-CE23-421A-8173-3C303A0A8355}) (Version: 4.6.6 - Seiko Epson Corporation)
EPSON WF-2930 Series Printer Uninstall (HKLM\...\EPSON WF-2930 Series) (Version: - Seiko Epson Corporation)
Epson WF-2930 User’s Guide (HKLM-x32\...\UsersGuideEpson WF-2930 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.)
ExpressVPN (HKLM-x32\...\{878F6EB4-73BF-4A1E-9A92-6DDF9EDC8A8B}) (Version: 2.3.21102.1 - Acer)
Malwarebytes version 4.6.2.281 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.2.281 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 (HKLM-x32\...\{0FA68574-690B-4B00-89AA-B28946231449}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 (HKLM-x32\...\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 101.0 (x64 en-US)) (Version: 101.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3038 - Acer Incorporated)
RogueKiller version 15.12.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.12.1.0 - Adlice Software)
Packages:
=========
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4 [2023-05-31] (Acer Incorporated)
AMD Radeon Software -> C:\Program Files\WindowsApps\advancedmicrodevicesinc-2.amdradeonsoftware_10.20.40028.0_x64__0a9344xs7nr4m [2022-04-02] (Advanced Micro Devices Inc.) [Startup Task]
Aura Privacy -> C:\Program Files\WindowsApps\Aura-YourDigitalHalo.FigLeaf_6.2.4.0_x64__ecvh8cc66bmhj [2022-04-08] (Aura - Your Digital Halo)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2022-03-12] (Acer Incorporated)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-15] (Microsoft Corporation)
PhotoDirector for acer -> C:\Program Files\WindowsApps\cyberlinkcorp.ac.photodirectorforacerdesktop_8.0.6428.0_x64__ypz87dpxkv292 [2022-02-27] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\cyberlinkcorp.ac.powerdirectorforacerdesktop_14.0.4304.0_x64__ypz87dpxkv292 [2022-02-27] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3038.0_x64__48frkmn4z8aw4 [2022-03-12] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2023-05-15] (Realtek Semiconductor Corp)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-15] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-05-26 19:54 - 2022-05-26 19:54 - 004748456 ____T (Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\WESSLEE\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\goopdate.dll
2023-08-08 19:59 - 2023-08-08 19:59 - 000242688 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2023-08-08 19:59 - 2023-08-08 19:59 - 000057856 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\EPNWPSHDevFinder.DLL
2023-08-08 19:59 - 2023-08-08 19:59 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000098304 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000286208 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUADRFIL.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000358400 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCFG.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000607232 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCSR.DLL
2023-09-22 13:59 - 2023-07-20 04:02 - 000515072 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXLDB.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000696320 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXTIF.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 001285632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUIMGCDC.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000347136 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000090624 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSTMMSG.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000484864 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000080896 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000322560 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUVERDLG.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000084992 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000146432 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 001077248 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 001178112 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000474624 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000113152 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000315392 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000131584 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000025600 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000337408 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2023-09-20 14:12 - 2018-06-15 04:14 - 000187392 _____ (Seiko Epson Corporation) [File not signed] C:\WINDOWS\System32\E_YLMBWDE.DLL
2023-09-22 13:59 - 2023-07-20 04:02 - 001570816 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\ENCM.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 001050112 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\ENNW.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 001038848 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\ENUTIL.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-06-05 07:08 - 2021-06-05 07:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3491938310-4242456956-3216696182-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Acer01.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{B9355AD3-A449-4ED2-9166-F25A2A2BA0D4}C:\users\wesslee\appdata\local\epic privacy browser\application\epic.exe] => (Allow) C:\users\wesslee\appdata\local\epic privacy browser\application\epic.exe (Hidden Reflex Authors) [File not signed]
FirewallRules: [TCP Query User{50D42B13-29B8-4246-AF1D-7798ADD90F7D}C:\users\wesslee\appdata\local\epic privacy browser\application\epic.exe] => (Allow) C:\users\wesslee\appdata\local\epic privacy browser\application\epic.exe (Hidden Reflex Authors) [File not signed]
FirewallRules: [{E67D57C8-3131-4EFD-88DA-3A3E85690E69}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{307F29F9-39C9-4049-BCED-D17A65FDCE7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EE003545-EF57-44EC-8168-83982DE531D0}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3067A080-A592-4D1B-A10B-DE91C6CD748F}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{269BDA9C-A1C1-4B49-895C-FF4D77682E7F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{756B231E-3B00-4673-9987-2A3AC1315854}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{5D2BF2CE-F0C6-4DC0-973E-7D8EB9772BF6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{95D45013-3901-4E7F-9A7A-BFFC0CEE7946}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{AE9C7CB8-B7ED-4D7D-B7F0-0DEAF7AE7FCA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{8B7FF95C-EA25-4434-B767-AD1967DE5825}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
19-09-2023 16:09:58 Windows Update
20-09-2023 16:52:19 Removed EpsonNet Print
22-09-2023 13:59:44 Installed FAX Utility
26-09-2023 06:51:57 Windows Update
02-10-2023 19:27:38 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (10/02/2023 07:25:17 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DREADNOT$ via https://AMD-KeyId-52...plates/Aik/scepfailed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 00:25:17 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: e1821daa-04d2-4ded-9a8e-fdfe9d3c7b25
Method: GET(1016ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (10/02/2023 07:25:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52...plates/Aik/scepfailed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 00:25:15 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 38dd7c69-07fe-4576-b3b7-71dd5a50813f
Method: GET(2704ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (10/02/2023 08:22:12 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DREADNOT$ via https://AMD-KeyId-52...plates/Aik/scepfailed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 02 Oct 2023 13:22:12 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 285c930d-be37-4452-8e54-e69c41e3e5fc
Method: GET(281ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (10/02/2023 08:22:12 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52...plates/Aik/scepfailed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 02 Oct 2023 13:22:11 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 406e21ff-a67e-44e7-8f01-baab27de1d1c
Method: GET(500ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (10/01/2023 12:21:29 PM) (Source: Application Error) (EventID: 1000) (User: dreadnot)
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.22621.608, time stamp: 0x56e0463f
Exception code: 0xc0000005
Fault offset: 0x002cca44
Faulting process id: 0x0x2bc4
Faulting application start time: 0x0x1d9f48bb4106637
Faulting application path: C:\Users\WESSLEE\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: 9ec735c9-2981-4b5b-8ac6-c5fa04c9459c
Faulting package full name:
Faulting package-relative application ID:
Error: (10/01/2023 11:38:24 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DREADNOT$ via https://AMD-KeyId-52...plates/Aik/scepfailed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 01 Oct 2023 16:38:25 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: bf3db1b9-6e1e-435d-9e02-556eb560c940
Method: GET(422ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (10/01/2023 11:38:24 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52...plates/Aik/scepfailed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 01 Oct 2023 16:38:24 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 6390935b-e992-4bf1-b66c-a76853afbe72
Method: GET(1406ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/30/2023 06:20:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DREADNOT$ via https://AMD-KeyId-52...plates/Aik/scepfailed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 30 Sep 2023 23:20:23 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 2894131b-fb4a-4295-a8e4-731f8084fa68
Method: GET(235ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
System errors:
=============
Error: (10/02/2023 07:26:58 PM) (Source: DCOM) (EventID: 10010) (User: dreadnot)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Error: (10/02/2023 07:25:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:22:08 AM on 10/2/2023 was unexpected.
Error: (10/02/2023 07:24:58 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.
Error: (10/02/2023 07:23:26 AM) (Source: DCOM) (EventID: 10010) (User: dreadnot)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Error: (10/01/2023 01:42:05 PM) (Source: DCOM) (EventID: 10010) (User: dreadnot)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Error: (10/01/2023 11:38:16 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:20:18 PM on 9/30/2023 was unexpected.
Error: (10/01/2023 11:38:05 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.
Error: (09/30/2023 06:23:37 PM) (Source: DCOM) (EventID: 10010) (User: dreadnot)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2023-10-01 12:01:46
Description:
Controlled Folder Access blocked C:\Users\WESSLEE\AppData\Local\Temp\is-ETSH1.tmp\setup-15.12.1.0.tmp from making changes to memory.
Detection time: 2023-10-01T17:01:46.867Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Users\WESSLEE\AppData\Local\Temp\is-ETSH1.tmp\setup-15.12.1.0.tmp
Security intelligence Version: 1.397.1886.0
Engine Version: 1.1.23080.2005
Product Version: 4.18.23080.2006
Date: 2023-10-01 12:01:46
Description:
Controlled Folder Access blocked C:\Program Files\RogueKiller\RogueKillerSvc.exe from making changes to memory.
Detection time: 2023-10-01T17:01:46.867Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\RogueKiller\RogueKillerSvc.exe
Security intelligence Version: 1.397.1886.0
Engine Version: 1.1.23080.2005
Product Version: 4.18.23080.2006
Date: 2023-09-25 21:13:42
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-09-22 14:41:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-09-20 14:09:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
Date: 2023-09-29 08:19:40
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.
Date: 2023-09-29 08:19:00
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.
Date: 2023-09-16 14:21:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.397.1061.0;1.397.1061.0
Engine Version: 1.1.23080.2005
Date: 2023-08-10 20:10:44
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.395.92.0;1.395.92.0
Engine Version: 1.1.23070.1005
Date: 2023-07-14 12:42:40
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.393.321.0;1.393.321.0
Engine Version: 1.1.23060.1005
CodeIntegrity:
===============
Date: 2023-09-29 19:54:57
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Users\WESSLEE\AppData\Local\Temp\ehdrv.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x1. Status 0xC00000BB.
Date: 2023-09-29 19:53:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: INSYDE Corp. V1.08 09/06/2021
Motherboard: LN Calla_LC
Processor: AMD Ryzen 5 5500U with Radeon Graphics
Percentage of memory in use: 52%
Total physical RAM: 7530.32 MB
Available physical RAM: 3601.88 MB
Total Virtual: 8730.32 MB
Available Virtual: 4585.45 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:475.83 GB) (Free:420.67 GB) (Model: WDC PC SN530 SDBPNPZ-512G-1114) NTFS
\\?\Volume{6211ee83-84da-4b07-a75c-6e044083440e}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.41 GB) NTFS
\\?\Volume{8de08f46-ef09-4a28-8f5f-35508953bab2}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================
Edited by M2mouse, 02 October 2023 - 07:00 PM.