Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Edge browser highjacked w/ redirects to horoscope.com and kosearch.com


  • Please log in to reply

#1
Ghoulartist

Ghoulartist

    Member

  • Member
  • PipPip
  • 16 posts

hello all, 

 

my Microsoft edge browser is highjacked. has the "managed by your organization" in the menu and redirects address bar searches. 

 

it flashes to horoscope.com and kosearch.com before landing on a Yahoo search result. 

 

it passed all the typical recommended Malwarebytes and antivirus scans what not. (i usually just use defender)

 

before i found this form from a similar post DR.M is helping i followed this guide: in summation I did the following: 

 

Deleted the reg entries for edge policies and then restored them via cmd as per guide. 

 

reset

 

deleted edge temp folder files and also the %temp% general one

 

reset edge

 

reset computer where approriate. 

 

no dice. still redirects in edge same behavior as before 

 

thank you all. i appreciate the help volunteered. 

 

 

 

Im on a Microsoft Surface Pro 8 running win11 64bit

 

i have your program downloaded and will paste the results 

 

 

would a full drive format and reset fix this? its probally due for one


Edited by Ghoulartist, 12 April 2024 - 03:08 AM.

  • 0

Advertisements


#2
Ghoulartist

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024
Ran by joshg (administrator) on JOSH-SURF (Microsoft Corporation Surface Pro 8) (12-04-2024 04:33:55)
Running from C:\Users\joshg\Downloads\FRST64.exe
Loaded Profiles: joshg
Platform: Microsoft Windows 11 Home Version 23H2 22631.3296 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.CropAndLock.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerOCR.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\msedgewebview2.exe <6>
(DriverStore\FileRepository\cui_dch.inf_amd64_4820557cfc86f7b0\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_4820557cfc86f7b0\igfxEMN.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(dwm.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ISM.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <24>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoNotificationUx.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_4820557cfc86f7b0\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_cee22ef3b94e73b2\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_d7062aaa5ea58bcd\AS\IAS\IntelAudioService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.98.139.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe
(services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.24020.115.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe
(services.exe ->) (Quectel Wireless Solutions Co.,Ltd. -> ) C:\Windows\System32\DriverStore\FileRepository\quectelfwupdatedriver.inf_amd64_5ba0d4b712a7e51b\WUService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\ehdxsstmd3a2.inf_amd64_1f76b82028b28234\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2403.1001.3.0_x64__8wekyb3d8bbwe\XboxGameBarWidgets.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2403.1001.3.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.3191.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.3191.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\ehdxsstmd3a2.inf_amd64_1f76b82028b28234\RtkAudUService64.exe [834888 2023-02-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\Run: [MicrosoftEdgeAutoLaunch_15AA0DED89B1446ADEE990A76E101A4E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4384104 2024-03-06] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [981640 2024-03-30] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\Run: [Spotify] => C:\Users\joshg\AppData\Roaming\Spotify\Spotify.exe [33728328 2024-04-06] (Spotify AB -> Spotify Ltd)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {095A98EA-3D8D-4B53-97F0-4F1203C6C9CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {C88C7E0E-5890-4E16-88D8-1D233A11C1F4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FE382AA-C42A-4A00-9C40-E78A5CACA78D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2CFCB84-3815-4BC4-B30C-17777F7636BB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8CB9A76-2ABE-466C-A436-328E58087437} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168488 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {7628033E-95CF-4E5F-A47D-ECB95943A080} - System32\Tasks\NvOptimizerTaskUpdater_V2 => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [450560 2024-02-14] (Microsoft Windows -> Microsoft Corporation) -> -File C:/Windows/System32/NvWinSearchOptimizer.ps1 <==== ATTENTION
Task: {F79A37F3-4051-463F-A3A4-9826DA249C0B} - System32\Tasks\PowerToys\Autorun for joshg => C:\Program Files\PowerToys\PowerToys.exe [1234464 2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{89c9a714-e8a8-4551-addb-ebb9b94ca77a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{89c9a714-e8a8-4551-addb-ebb9b94ca77a}\1445451414342386E644: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{89c9a714-e8a8-4551-addb-ebb9b94ca77a}\1445451414342386E644: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{89c9a714-e8a8-4551-addb-ebb9b94ca77a}\2434F5055726C69636: [DhcpNameServer] 10.128.128.128
Tcpip\..\Interfaces\{89c9a714-e8a8-4551-addb-ebb9b94ca77a}\34F6E646F6535354D25374: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{89c9a714-e8a8-4551-addb-ebb9b94ca77a}\35075636472757D63556475707D26493: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{89c9a714-e8a8-4551-addb-ebb9b94ca77a}\35075636472757D63556475707D26493: [DhcpDomain] lan
Tcpip\..\Interfaces\{89c9a714-e8a8-4551-addb-ebb9b94ca77a}\8516E60277966696: [DhcpNameServer] 97.107.96.139 97.107.96.149
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\joshg\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-12]
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxp://www.google.com/"
Edge NewTab: Default ->  Active:"chrome-extension://fodkmcnpjapcffbmhelopfjhlmdmnbll/index.html"
Edge Extension: (Simple New Tab) - C:\Users\joshg\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fodkmcnpjapcffbmhelopfjhlmdmnbll [2024-04-12]
Edge Extension: (Google Docs Offline) - C:\Users\joshg\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-12]
Edge Extension: (Edge relevant text changes) - C:\Users\joshg\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-04-12]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [2567304 2024-03-30] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221312 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe [2363432 2023-05-19] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-12-04] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 IntelAudioService; C:\windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_d7062aaa5ea58bcd\AS\IAS\IntelAudioService.exe [532024 2023-02-10] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8884840 2024-04-12] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-04-12] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 PrintNotify; C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll [4075520 2023-11-19] (Microsoft Corporation) [File not signed]
R2 SurfaceExperienceService-5.98; C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.98.139.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8741256 2023-11-09] (Microsoft Corporation -> Microsoft)
R2 SurfaceExperienceService-61.24020.115; C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.24020.115.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8739256 2024-03-01] (Microsoft Corporation -> Microsoft)
R2 TbtP2pShortcutService; C:\windows\TbtP2pShortcutService.exe [253576 2021-07-01] (Intel Corporation -> Intel Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WUService; C:\windows\System32\DriverStore\FileRepository\quectelfwupdatedriver.inf_amd64_5ba0d4b712a7e51b\WUService.exe [37648 2023-02-10] (Quectel Wireless Solutions Co.,Ltd. -> )
S3 Rockstar Service; "C:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AcxHdAudio; C:\windows\System32\drivers\AcxHdAudio.sys [561152 2023-11-12] (Microsoft Windows -> Microsoft Corporation)
S3 AX88179; C:\windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_a8bb8a6e92764769\ax88179_178a.sys [79872 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.)
S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [532480 2023-02-10] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [184320 2023-02-10] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2023-02-10] (Microsoft Corporation) [File not signed]
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [158640 2024-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\windows\System32\drivers\fse.sys [218592 2023-11-12] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-26] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-26] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-26] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-26] (Intel Corporation -> Intel Corporation)
S3 IntcSdwBus; C:\windows\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_50f5280d1261162a\IntcSdwBus.sys [522800 2023-02-10] (Intel Corporation -> Intel® Corporation)
R3 IntcUSB; C:\windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_aa617d40bf7b81ea\IntcUSB.sys [907320 2023-02-10] (Intel Corporation -> Intel® Corporation)
R3 IntelTHCBase; C:\windows\System32\DriverStore\FileRepository\intelthcbase.inf_amd64_08ca983eb98a47f0\IntelTHCBase.sys [191576 2021-06-30] (Intel Corporation -> Intel Corporation)
R2 mbamchameleon; C:\windows\System32\Drivers\MbamChameleon.sys [223296 2024-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [21480 2024-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt11.sys [234312 2024-04-12] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [78400 2024-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239576 2024-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [188784 2024-04-12] (Malwarebytes Inc. -> Malwarebytes)
R3 ov13858; C:\windows\System32\drivers\ov13858.sys [209608 2023-07-04] (Intel Corporation -> Intel Corporation)
R0 SurfaceAcpiPlatformExtensionDriver; C:\windows\System32\DriverStore\FileRepository\surfaceacpiplatformextensiondriver.inf_amd64_4f2a05446cad6dcd\SurfaceAcpiPlatformExtensionDriver.sys [303960 2021-06-14] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceBattery; C:\windows\System32\DriverStore\FileRepository\surfacebattery.inf_amd64_a712aac0e2f441e0\SurfaceBattery.sys [377208 2021-06-02] (Microsoft Corporation -> Microsoft Corporation)
S3 SurfaceEeprom; C:\windows\System32\DriverStore\FileRepository\surfaceeeprom.inf_amd64_fc126fb6ac9344c6\SurfaceEeprom.sys [262288 2021-05-25] (Windows OEM Test Cert 2017 (TEST ONLY) -> )
R3 SurfaceHotPlug; C:\windows\System32\DriverStore\FileRepository\surfacehotplug.inf_amd64_6663c41ad8659601\SurfaceHotPlug.sys [526352 2023-10-30] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceIhvCpuSmfClient; C:\windows\System32\DriverStore\FileRepository\surfaceihvcpusmfclient.inf_amd64_17181cbfbca14430\SurfaceIhvCpuSmfClient.sys [463592 2023-10-30] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfacePenBleLcAddrAdaptationDriver; C:\windows\System32\DriverStore\FileRepository\surfacepenblelcaddradaptationdriver.inf_amd64_6c7bb49d446f1efa\SurfacePenBleLcAddrAdaptationDriver.sys [271728 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfacePowerTrackerCore; C:\windows\System32\DriverStore\FileRepository\surfacepowertrackercore.inf_amd64_0c56c2f655a7e9d9\SurfacePowerTrackerCore.sys [472704 2023-10-30] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSerialHubDriver; C:\windows\System32\DriverStore\FileRepository\surfaceserialhubdriver.inf_amd64_0fbecbb6d745fcec\SurfaceSerialHubDriver.sys [395640 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSmfClient; C:\windows\System32\DriverStore\FileRepository\surfacesmfclient.inf_amd64_b4471f50dc05b45d\SurfaceSmfClient.sys [350072 2021-06-19] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSmfDisplayClient; C:\windows\System32\DriverStore\FileRepository\surfacesmfdisplayclient.inf_amd64_7dc7ae4fa1361842\SurfaceSmfDisplayClient.sys [287096 2021-06-14] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSystemManagementFrameworkDriver; C:\windows\System32\DriverStore\FileRepository\surfacesystemmanagementframeworkdriver.inf_amd64_59cb80b812223af8\SurfaceSystemManagementFrameworkDriver.sys [578904 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSystemTelemetry; C:\windows\System32\DriverStore\FileRepository\surfacesystemtelemetrydriver.inf_amd64_1433685fdf72127f\SurfaceSystemTelemetryDriver.sys [591592 2023-10-30] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceThermalPolicy; C:\windows\System32\DriverStore\FileRepository\surfacethermalpolicy.inf_amd64_82df565bd9c5ea0a\SurfaceThermalPolicy.sys [312680 2021-06-14] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceTimeAlarmAcpiFilter; C:\windows\System32\DriverStore\FileRepository\surfacetimealarmacpifilter.inf_amd64_8f6420b9aab4db23\SurfaceTimeAlarmAcpiFilter.sys [245088 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)
S3 SurfaceTypeCoverV7FprUdeDriver; C:\windows\System32\DriverStore\FileRepository\surfacetypecoverv7fprudedriver.inf_amd64_02053a7547141f09\SurfaceTypeCoverV7FprUdeDriver.sys [335280 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
S3 SurfaceVirtualFunctionEnum; C:\windows\System32\DriverStore\FileRepository\surfacevirtualfunctionenum.inf_amd64_2fa2ee1a8b7bba84\SurfaceVirtualFunctionEnum.sys [199536 2021-06-22] (Microsoft Corporation -> Microsoft Corporation)
R3 VClone; C:\windows\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R3 vd55g0; C:\windows\System32\drivers\vd55g0.sys [342728 2023-07-04] (Intel Corporation -> Intel Corporation)
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2023-11-12] (Microsoft Windows -> )
R3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [20936 2024-04-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [601376 2024-04-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-02] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-12 04:30 - 2024-04-12 04:34 - 000000000 ____D C:\FRST
2024-04-12 04:30 - 2024-04-12 04:30 - 000000000 ____D C:\Users\joshg\Downloads\FRST-OlderVersion
2024-04-12 04:06 - 2024-04-12 04:34 - 000000000 ____D C:\Users\joshg\AppData\Local\Malwarebytes
2024-04-12 04:06 - 2024-04-12 04:06 - 000234312 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt11.sys
2024-04-12 04:06 - 2024-04-12 04:06 - 000188784 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2024-04-12 04:06 - 2024-04-12 04:06 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-04-12 04:06 - 2024-04-12 04:06 - 000002091 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-04-12 04:05 - 2024-04-12 04:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-04-12 04:05 - 2024-04-12 04:05 - 000000000 ____D C:\Program Files\Malwarebytes
2024-04-12 03:45 - 2024-04-12 04:30 - 002394112 _____ (Farbar) C:\Users\joshg\Downloads\FRST64.exe
2024-04-12 03:35 - 2024-04-12 03:35 - 000001259 _____ C:\Users\joshg\Downloads\policies.json
2024-04-12 02:51 - 2024-04-12 04:34 - 000024092 _____ C:\Users\joshg\Downloads\FRST.txt
2024-04-12 02:51 - 2024-04-12 02:51 - 000035305 _____ C:\Users\joshg\Downloads\Addition.txt
2024-04-12 02:42 - 2024-04-12 02:47 - 000002442 _____ C:\Users\joshg\Desktop\Microsoft Edge.lnk
2024-04-11 23:52 - 2024-04-11 23:52 - 002589624 _____ (Malwarebytes) C:\Users\joshg\Downloads\MBSetup (1).exe
2024-04-11 23:51 - 2024-04-11 23:51 - 002589624 _____ (Malwarebytes) C:\Users\joshg\Downloads\MBSetup-5.5.exe
2024-04-11 23:19 - 2024-04-12 00:03 - 000001392 _____ C:\Users\joshg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-04-11 23:19 - 2024-04-11 23:19 - 008389496 _____ (ESET) C:\Users\joshg\Downloads\esetonlinescanner.exe
2024-04-11 23:18 - 2024-04-11 23:18 - 002589624 _____ (Malwarebytes) C:\Users\joshg\Downloads\MBSetup.exe
2024-04-11 03:59 - 2024-04-11 03:59 - 004194304 _____ C:\Users\joshg\Downloads\Super Mario World-return to dinosaur land.gba
2024-04-11 03:56 - 2024-04-11 03:57 - 000018845 _____ C:\Users\joshg\Downloads\[7872]sma2hackbyoquendo1.1.7z
2024-04-11 03:53 - 2024-04-11 03:53 - 000028975 _____ C:\Users\joshg\Downloads\[6868]SMA4+-+e-Reader+Rampage.zip
2024-04-11 03:43 - 2024-04-11 03:43 - 014111436 _____ C:\Users\joshg\Downloads\Doom-pc.gba
2024-04-11 03:12 - 2024-04-11 03:16 - 000000000 ___HD C:\$WinREAgent
2024-04-11 02:42 - 2024-04-11 02:44 - 042166582 _____ C:\Users\joshg\Downloads\Meteos (US).zip
2024-04-11 02:42 - 2024-04-11 02:42 - 000000184 _____ C:\Users\joshg\AppData\Local\kritadisplayrc
2024-04-11 00:47 - 2024-04-11 00:47 - 006294320 _____ C:\Users\joshg\Downloads\[4899]GBADoom-PC-1.7.zip
2024-04-11 00:38 - 2024-04-11 00:45 - 207435182 _____ C:\Users\joshg\Downloads\Suikoden - Tierkreis (US)(M3).zip
2024-04-11 00:36 - 2024-04-11 00:38 - 049235498 _____ C:\Users\joshg\Downloads\Jump! Ultimate Stars (JP).zip
2024-04-11 00:36 - 2024-04-11 00:36 - 014165854 _____ C:\Users\joshg\Downloads\TMNT (US)(M5).zip
2024-04-10 23:56 - 2024-04-10 23:56 - 016777216 _____ C:\Users\joshg\Downloads\Dragon Ball - Aventura Avanzada.gba
2024-04-10 23:55 - 2024-04-10 23:55 - 000000000 ____D C:\Users\joshg\Downloads\[7680]DBAA+2.0
2024-04-10 23:54 - 1996-12-25 00:32 - 016777216 ____N C:\Users\joshg\Downloads\Dragon Ball - Advanced Adventure (Europe) (En,Fr,De,Es,It).gba
2024-04-10 23:53 - 2024-04-10 23:53 - 005650859 _____ C:\Users\joshg\Downloads\Dragon Ball - Advanced Adventure (Europe) (En,Fr,De,Es,It).zip
2024-04-10 22:52 - 2024-04-10 22:52 - 000464216 _____ C:\Users\joshg\Downloads\[7680]DBAA+2.0.zip
2024-04-08 03:58 - 2024-04-08 03:58 - 007416814 _____ C:\Users\joshg\Downloads\[6099]Castlevania+Rondo+of+Ruin+1.1.zip
2024-04-08 01:48 - 2024-04-08 01:48 - 000031041 _____ C:\Users\joshg\Downloads\IPS ROM Patcher.html
2024-04-08 01:45 - 2024-04-08 01:46 - 003762319 _____ C:\Users\joshg\Downloads\Castlevania - Circle of the Moon (USA).zip
2024-04-08 01:43 - 1996-12-25 00:32 - 008388608 ____N C:\Users\joshg\Downloads\0045 - Castlevania - Circle of the Moon (U)(Cezar).gba
2024-04-08 01:42 - 2024-04-08 01:42 - 003948299 _____ C:\Users\joshg\Downloads\0045 - Castlevania - Circle of the Moon (U)(Cezar).zip
2024-04-08 01:36 - 2024-04-08 01:36 - 003987138 _____ C:\Users\joshg\Downloads\Metroid Fusion (USA).7z
2024-04-08 01:29 - 2024-04-11 03:47 - 000000000 ____D C:\Users\joshg\Desktop\romhackin
2024-04-06 23:51 - 2024-04-06 23:51 - 009155968 _____ C:\Users\joshg\Downloads\doodle.kra
2024-04-05 04:06 - 2024-04-05 04:06 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-04-03 21:14 - 2024-04-03 21:14 - 000199972 _____ C:\Users\joshg\Downloads\some-transflective-screen-love-v0-s08btr8wpuhc1 (1).webp
2024-04-03 21:12 - 2024-04-03 21:12 - 000199972 _____ C:\Users\joshg\Downloads\some-transflective-screen-love-v0-s08btr8wpuhc1.webp
2024-04-03 05:33 - 2024-04-03 05:33 - 000003364 _____ C:\Users\joshg\AppData\Local\recently-used.xbel
2024-04-01 19:43 - 2024-04-01 19:43 - 000000000 ____D C:\windows\InternalKernelGrid4
2024-03-30 14:56 - 2024-04-05 06:31 - 000000000 ____D C:\Users\joshg\AppData\Roaming\moonring
2024-03-25 22:43 - 2024-03-25 22:43 - 000003568 _____ C:\windows\system32\Tasks\NvOptimizerTaskUpdater_V2
2024-03-25 22:43 - 2024-03-25 22:43 - 000001896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC.lnk
2024-03-25 22:43 - 2024-03-25 22:43 - 000000271 _____ C:\windows\system32\NvWinSearchOptimizer.ps1
2024-03-25 22:43 - 2024-03-25 22:43 - 000000000 ____D C:\windows\NvOptimizerLog
2024-03-25 22:43 - 2024-03-25 22:43 - 000000000 ____D C:\Users\joshg\AppData\Local\vlc-updater
2024-03-25 22:43 - 2024-03-25 22:43 - 000000000 ____D C:\Users\joshg\AppData\Local\TaskUpdater
2024-03-25 22:41 - 2024-03-26 00:02 - 000000000 ____D C:\Users\joshg\Downloads\3ds convert
2024-03-25 22:40 - 2017-09-24 14:31 - 000000000 ____D C:\Users\joshg\Downloads\3DS Simple CIA Converter v5.0
2024-03-23 02:47 - 2024-03-23 02:47 - 975209152 _____ (Image-Line) C:\Users\joshg\Downloads\flstudio_win64_21.2.3.4004.exe
2024-03-22 03:38 - 2024-03-22 03:38 - 000000000 ____D C:\Users\joshg\AppData\LocalLow\3909
2024-03-20 17:51 - 2024-04-09 05:48 - 000000000 ____D C:\Users\joshg\AppData\LocalLow\Unity
2024-03-20 17:51 - 2024-03-20 17:51 - 000000000 ____D C:\Users\joshg\AppData\Roaming\GSDK
2024-03-20 17:51 - 2024-03-20 17:51 - 000000000 ____D C:\Users\joshg\AppData\LocalLow\Second Dinner
2024-03-18 20:53 - 2024-03-18 20:53 - 000189535 _____ C:\Users\joshg\Downloads\43.jpeg
2024-03-16 01:34 - 2024-03-16 01:34 - 000000000 ____D C:\Users\joshg\AppData\LocalLow\BANDAI Co_, Ltd_
2024-03-16 01:30 - 2024-03-16 01:30 - 000000000 ____D C:\Users\joshg\AppData\Local\LauncherElectron
2024-03-16 01:16 - 2024-03-16 01:16 - 000461744 _____ C:\Users\joshg\Downloads\DBSCG_FW_launcher_cc60c638-6388-40f6-95a6-9eb5f2c4f3cf.exe
2024-03-15 05:36 - 2024-03-15 05:36 - 000000000 ____D C:\Users\joshg\AppData\Local\CAPCOM
2024-03-13 21:33 - 2024-03-13 21:33 - 000122255 _____ C:\Users\joshg\Downloads\ByPort_Jervis_CBD.pdf
2024-03-13 06:17 - 2024-03-13 06:17 - 001498998 _____ C:\Users\joshg\Downloads\merhjkre.kra
2024-03-13 06:10 - 2024-03-13 06:10 - 001539126 _____ C:\Users\joshg\Downloads\merre.kra
2024-03-13 06:00 - 2024-03-13 06:00 - 001417980 _____ C:\Users\joshg\Downloads\mee.kra
2024-03-13 05:40 - 2024-03-13 05:40 - 001170143 _____ C:\Users\joshg\Downloads\me.kra
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-12 04:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemTemp
2024-04-12 04:05 - 2022-05-07 01:24 - 000000000 ___HD C:\windows\ELAMBKUP
2024-04-12 04:05 - 2022-05-07 01:22 - 000000000 ____D C:\windows\INF
2024-04-12 03:41 - 2022-05-07 01:24 - 000000000 ____D C:\windows\AppReadiness
2024-04-12 03:41 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-12 02:47 - 2023-02-10 06:27 - 000002534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-12 01:46 - 2023-02-10 06:36 - 000804932 _____ C:\windows\system32\PerfStringBackup.INI
2024-04-12 01:40 - 2023-12-05 20:32 - 000000000 ____D C:\windows\system32\Tasks\PowerToys
2024-04-12 01:40 - 2023-11-09 18:29 - 000000000 __SHD C:\Users\joshg\IntelGraphicsProfiles
2024-04-12 01:40 - 2023-11-02 16:29 - 000012288 ___SH C:\DumpStack.log.tmp
2024-04-12 01:40 - 2023-11-02 16:29 - 000000000 ____D C:\Intel
2024-04-12 01:40 - 2023-02-10 06:27 - 000000006 ____H C:\windows\Tasks\SA.DAT
2024-04-12 01:40 - 2023-02-10 06:26 - 000001623 _____ C:\windows\system32\config\VSMIDK
2024-04-12 01:40 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ServiceState
2024-04-12 01:40 - 2022-05-07 01:17 - 000786432 _____ C:\windows\system32\config\BBI
2024-04-12 01:23 - 2023-11-09 18:29 - 000000000 ____D C:\Users\joshg\AppData\Local\Packages
2024-04-12 01:23 - 2023-11-02 16:32 - 000000000 ____D C:\ProgramData\Packages
2024-04-12 01:23 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-11 23:58 - 2023-11-22 03:47 - 000000000 ____D C:\Users\joshg\AppData\Roaming\uTorrent Web
2024-04-11 23:09 - 2023-11-10 03:01 - 000000000 ____D C:\Program Files (x86)\Steam
2024-04-11 23:00 - 2023-12-06 06:41 - 000000000 ____D C:\Users\joshg\AppData\Roaming\discord
2024-04-11 22:59 - 2023-12-06 06:40 - 000000000 ____D C:\Users\joshg\AppData\Local\Discord
2024-04-11 22:53 - 2023-02-10 06:26 - 000000000 ____D C:\windows\system32\SleepStudy
2024-04-11 19:46 - 2023-11-09 18:29 - 000000000 ____D C:\Users\joshg\AppData\Local\D3DSCache
2024-04-11 04:04 - 2023-11-09 20:46 - 000000000 ____D C:\windows\system32\MRT
2024-04-11 04:03 - 2023-11-09 20:46 - 192651728 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2024-04-11 03:32 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-11 03:21 - 2022-05-07 01:17 - 000000000 ____D C:\windows\CbsTemp
2024-04-11 02:42 - 2023-12-09 17:53 - 000036003 _____ C:\Users\joshg\AppData\Local\kritarc
2024-04-11 02:42 - 2023-12-09 17:53 - 000000000 ____D C:\Users\joshg\AppData\Roaming\krita
2024-04-11 02:42 - 2023-11-28 03:17 - 000000000 ____D C:\Users\joshg\AppData\Local\Spotify
2024-04-11 02:42 - 2023-11-28 03:16 - 000000000 ____D C:\Users\joshg\AppData\Roaming\Spotify
2024-04-09 05:16 - 2023-11-09 18:31 - 000003592 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2357395849-4155205421-3120114473-1001
2024-04-09 05:16 - 2023-11-09 18:31 - 000003368 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2357395849-4155205421-3120114473-1001
2024-04-09 05:16 - 2023-11-09 18:31 - 000002393 _____ C:\Users\joshg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-08 21:17 - 2023-11-10 03:02 - 000000000 ____D C:\Users\joshg\AppData\Local\Steam
2024-04-06 20:29 - 2023-12-09 18:17 - 000000033 _____ C:\Users\joshg\AppData\Local\kritashortcutsrc
2024-04-05 04:06 - 2023-02-10 06:37 - 000000000 ____D C:\Program Files\Microsoft Office
2024-04-05 04:06 - 2022-05-07 01:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-04-04 03:14 - 2024-02-13 00:39 - 000000000 ____D C:\Users\joshg\Desktop\temp comics
2024-04-03 19:56 - 2023-12-30 17:55 - 000000000 ____D C:\Users\joshg\AppData\Local\ElevatedDiagnostics
2024-04-03 03:52 - 2023-11-10 03:35 - 000000000 ____D C:\Games
2024-04-02 22:50 - 2023-02-10 06:27 - 000000000 ____D C:\windows\system32\Drivers\wd
2024-04-02 22:49 - 2023-02-10 06:27 - 000003536 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-02 22:49 - 2023-02-10 06:27 - 000003412 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-30 22:19 - 2023-11-12 03:32 - 000000000 ____D C:\Users\joshg\AppData\Local\Battle.net
2024-03-30 22:19 - 2023-11-12 03:31 - 000000000 ____D C:\Program Files (x86)\Battle.net
2024-03-30 21:15 - 2023-11-10 03:08 - 000000000 ____D C:\Users\joshg\AppData\Roaming\vlc
2024-03-30 00:48 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\SecurityHealth
2024-03-26 00:22 - 2023-11-10 05:00 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-25 23:28 - 2023-11-22 03:39 - 000000000 ____D C:\Users\joshg\AppData\Local\BitTorrentHelper
2024-03-23 02:46 - 2023-11-24 23:26 - 000000000 ____D C:\Users\joshg\Documents\Image-Line
2024-03-14 21:07 - 2024-02-16 23:44 - 000263680 _____ (Microsoft Corporation) C:\windows\system32\gamingservicesproxy_4.dll
2024-03-14 21:07 - 2024-01-27 23:35 - 002709096 _____ (Microsoft Corporation) C:\windows\system32\xgameruntime.dll
2024-03-14 21:07 - 2024-01-27 23:35 - 000706152 _____ (Microsoft Corporation) C:\windows\system32\gameplatformservices.dll
2024-03-14 21:07 - 2024-01-27 23:35 - 000218728 _____ (Microsoft Corporation) C:\windows\system32\gameconfighelper.dll
2024-03-14 21:07 - 2024-01-27 23:35 - 000206440 _____ (Microsoft Corporation) C:\windows\system32\gamelaunchhelper.dll
2024-03-14 21:07 - 2024-01-27 23:35 - 000145000 _____ (Microsoft Corporation) C:\windows\system32\gamingtcuihelpers.dll
2024-03-14 21:07 - 2024-01-27 23:35 - 000108136 _____ (Microsoft Corporation) C:\windows\system32\xgamehelper.exe
2024-03-14 21:07 - 2024-01-27 23:35 - 000075368 _____ (Microsoft Corporation) C:\windows\system32\xgamecontrol.exe
2024-03-14 04:17 - 2022-05-07 01:24 - 000000000 ____D C:\windows\LiveKernelReports
2024-03-13 20:01 - 2023-02-10 06:26 - 000566664 _____ C:\windows\system32\FNTCACHE.DAT
2024-03-13 06:21 - 2023-11-10 00:30 - 000000000 ____D C:\windows\system32\Microsoft-Edge-WebView
2024-03-13 06:21 - 2022-05-07 01:24 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2024-03-13 06:21 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\Dism
2024-03-13 06:21 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemResources
2024-03-13 06:21 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\oobe
2024-03-13 06:21 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\appraiser
2024-03-13 06:21 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ShellExperiences
2024-03-13 06:21 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ShellComponents
2024-03-13 06:21 - 2022-05-07 01:24 - 000000000 ____D C:\windows\bcastdvr
2024-03-13 06:21 - 2022-05-07 01:17 - 000000000 ____D C:\windows\servicing
2024-03-13 06:20 - 2024-01-20 17:23 - 000000000 ____D C:\Users\joshg\AppData\Roaming\inkscape
2024-03-13 04:17 - 2024-01-20 17:23 - 000000000 ____D C:\Users\joshg\.dbus-keyrings
 
==================== Files in the root of some directories ========
 
2023-11-22 04:18 - 2024-02-22 03:51 - 000001268 _____ () C:\Users\joshg\AppData\Roaming\plugin_scan_state_VST2_x32.scan
2023-11-22 04:18 - 2024-02-22 03:51 - 000004897 _____ () C:\Users\joshg\AppData\Roaming\plugin_scan_state_VST2_x64.scan
2023-11-22 04:18 - 2024-02-22 03:51 - 000000059 _____ () C:\Users\joshg\AppData\Roaming\plugin_scan_state_VST3_x32.scan
2023-11-22 04:18 - 2024-02-22 03:51 - 000000059 _____ () C:\Users\joshg\AppData\Roaming\plugin_scan_state_VST3_x64.scan
2024-01-29 23:09 - 2024-01-29 23:09 - 000000356 _____ () C:\Users\joshg\AppData\Local\karboncalligraphyrc
2023-12-09 17:53 - 2024-04-11 00:18 - 000007925 _____ () C:\Users\joshg\AppData\Local\krita-sysinfo.log
2023-12-09 17:53 - 2024-04-11 02:42 - 000144307 _____ () C:\Users\joshg\AppData\Local\krita.log
2024-02-20 23:32 - 2024-03-11 23:04 - 000038815 _____ () C:\Users\joshg\AppData\Local\kritacrash.log
2024-04-11 02:42 - 2024-04-11 02:42 - 000000184 _____ () C:\Users\joshg\AppData\Local\kritadisplayrc
2023-12-09 17:53 - 2024-04-11 02:42 - 000036003 _____ () C:\Users\joshg\AppData\Local\kritarc
2023-12-09 18:17 - 2024-04-06 20:29 - 000000033 _____ () C:\Users\joshg\AppData\Local\kritashortcutsrc
2024-04-03 05:33 - 2024-04-03 05:33 - 000003364 _____ () C:\Users\joshg\AppData\Local\recently-used.xbel
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by joshg (12-04-2024 04:34:38)
Running from C:\Users\joshg\Downloads
Microsoft Windows 11 Home Version 23H2 22631.3296 (X64) (2023-11-02 20:32:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2357395849-4155205421-3120114473-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2357395849-4155205421-3120114473-503 - Limited - Disabled)
Guest (S-1-5-21-2357395849-4155205421-3120114473-501 - Limited - Disabled)
joshg (S-1-5-21-2357395849-4155205421-3120114473-1001 - Administrator - Enabled) => C:\Users\joshg
WDAGUtilityAccount (S-1-5-21-2357395849-4155205421-3120114473-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blasphemous (HKLM-x32\...\2068474256_is1) (Version: 3.0.32a - GOG.com)
calibre 64bit (HKLM\...\{08B38F11-2B6D-434D-B5D5-8C2FE3D70A66}) (Version: 7.4.0 - Kovid Goyal)
ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)
Diablo II Resurrected (HKLM-x32\...\Diablo II Resurrected) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\Discord) (Version: 1.0.9025 - Discord Inc.)
FL Studio 21 (HKLM-x32\...\FL Studio 21) (Version: 21.1.1.3750 - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
GameMaker (HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\GameMakerStudio2) (Version: 2023.11.1.129 - GameMaker)
Inkscape (HKLM\...\{2AB0D298-5B41-4C70-BB32-46F153F7A1BF}) (Version: 1.3.2 - Inkscape)
Krita (x64) 5.2.1 (HKLM\...\Krita_x64) (Version: 5.2.1.100 - Krita Foundation)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Malwarebytes version 5.1.2.109 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.2.109 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.65 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.17425.20146 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NvOptimizer (HKLM\...\NvOptimizer) (Version: 1.2.1 - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
PowerToys (Preview) (HKLM\...\{BC0E66D3-AF93-4268-BC68-94329C67BF32}) (Version: 0.75.1 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{847641eb-5bb4-440c-9d27-0f4f64c6a978}) (Version: 0.75.1 - Microsoft Corporation)
RiffWorks Line 6 Edition (HKLM-x32\...\RiffWorks Line 6 Edition) (Version: 2.2.2 - Sonoma Wire Works)
Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
Spotify (HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\Spotify) (Version: 1.2.34.783.g923721d9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
uTorrent Web (HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\utweb) (Version: 1.4.0 - BitTorrent Limited)
VEGAS Pro 20.0 (HKLM\...\{B7A01017-2E89-43C2-8B05-C03E0CD4C64D}) (Version: 20.0.411.0 - VEGAS) Hidden
VEGAS Pro 20.0 (HKLM\...\MX.{B7A01017-2E89-43C2-8B05-C03E0CD4C64D}) (Version: 20.0.411.0 - VEGAS)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.2.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Waveform 12 (HKLM\...\{EC25224B-DF0D-4809-A683-49FF321F44BF}_is1) (Version: 12.5.11 - Tracktion Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\WinDirStat) (Version:  - )
WinRAR 7.00 beta 1 64-bit (HKLM\...\WinRAR archiver) (Version: 7.00.1 - win.rar GmbH)
 
Packages:
=========
 
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1200.442.0_x64__8wekyb3d8bbwe [2024-03-19] (Microsoft Corporation)
Dolby Access OEM -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccessOEM_3.21.16.0_x64__rz1tebttyb220 [2024-03-19] (Dolby Laboratories)
Dolby Vision Extensions -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionAccess_2.20301.388.0_x64__rz1tebttyb220 [2023-11-12] (Dolby Laboratories)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x64__8wekyb3d8bbwe [2024-01-22] (Microsoft Corporation)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x86__8wekyb3d8bbwe [2024-01-22] (Microsoft Corporation)
Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.237.110.0_x64__8wekyb3d8bbwe [2024-01-22] (Microsoft Corporation)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23306.1292.0_x64__8wekyb3d8bbwe [2024-03-30] (Microsoft Corporation)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-11-09] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corporation)
Microsoft.D3DMappingLayers -> C:\Program Files\WindowsApps\Microsoft.D3DMappingLayers_1.2404.1.0_x64__8wekyb3d8bbwe [2024-04-08] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-11-09] (Microsoft Corporation)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-30] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-13] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24031.69.0_x64__cw5n1h2txyewy [2024-04-01] (Microsoft Windows) [Startup Task]
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.7.2.0_x64__8wekyb3d8bbwe [2024-01-28] (Microsoft Studios)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2403.237.0_x64__8wekyb3d8bbwe [2024-03-14] (Microsoft Corporation) [Startup Task]
PowerToys ImageResizer Context Menu -> C:\Program Files\PowerToys [2023-12-05] (Microsoft)
PowerToys PowerRename Context Menu -> C:\Program Files\PowerToys\WinUI3Apps [2023-12-05] (Microsoft)
Surface -> C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.24020.115.0_x64__8wekyb3d8bbwe [2024-03-13] (Microsoft Corporation)
Surface Diagnostic Toolkit -> C:\Program Files\WindowsApps\Microsoft.SurfaceDiagnostics_2.223.139.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Corporation) [Startup Task]
Surface Management Extension -> C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.98.139.0_x64__8wekyb3d8bbwe [2023-12-25] (Microsoft Corporation)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.95.533.0_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft Corp.)
Windows Feature Experience Pack -> C:\windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-13] (Microsoft Corporation)
WinRAR -> C:\Program Files\WinRAR [2023-11-10] (win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2357395849-4155205421-3120114473-1001_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2357395849-4155205421-3120114473-1001_Classes\CLSID\{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 -> C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2357395849-4155205421-3120114473-1001_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2357395849-4155205421-3120114473-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2357395849-4155205421-3120114473-1001_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2357395849-4155205421-3120114473-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2357395849-4155205421-3120114473-1001_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2357395849-4155205421-3120114473-1001_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers2: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-12] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-04-06 00:14 - 2024-04-06 02:47 - 264267216 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.81\msedge.dll
2024-03-30 00:40 - 2024-04-06 23:26 - 264171560 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\msedge.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\Software\Classes\regfile:  <==== ATTENTION
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\Software\Classes\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\Software\Classes\.cmd:  =>  <==== ATTENTION
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-07 01:24 - 2022-05-07 01:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\joshg\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\85bc693e0c3b093626ff24e9cd2f91e9.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_15AA0DED89B1446ADEE990A76E101A4E"
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2357395849-4155205421-3120114473-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/12/2024 12:30:01 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: JOSH-SURF)
Description: Microsoft.SurfaceHub_8wekyb3d8bbwe-2147023878
 
Error: (04/11/2024 06:48:33 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (04/11/2024 06:48:33 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (04/11/2024 03:14:01 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: JOSH-SURF)
Description: Microsoft.SurfaceHub_8wekyb3d8bbwe-2147023878
 
Error: (04/11/2024 03:13:56 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_AppXSvc, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.3235, time stamp: 0xa2c4352c
Exception code: 0xc0000409
Fault offset: 0x00000000000a43b0
Faulting process id: 0x0x12a0
Faulting application start time: 0x0x1da8bde792600e9
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 07b7674a-926e-43c5-8640-4da4bc69fc00
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/09/2024 06:48:35 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (04/03/2024 06:48:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (04/03/2024 06:48:57 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
 
System errors:
=============
Error: (04/12/2024 12:00:22 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (04/11/2024 11:33:45 PM) (Source: DCOM) (EventID: 10010) (User: JOSH-SURF)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
 
Error: (04/11/2024 11:33:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/11/2024 11:33:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/11/2024 11:24:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/11/2024 11:24:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/11/2024 11:24:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Surface Integration Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/11/2024 11:24:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Audio Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
================
Date: 2024-04-10 23:39:25
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-04-02 23:00:23
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-03-22 04:08:33
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-03-16 23:45:22
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-03-05 05:42:14
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-04-12 00:29:16
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.409.210.0;1.409.210.0
Engine Version: 1.1.24030.4 
 
Date: 2024-03-04 18:46:04
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.405.1022.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24020.9
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.  
 
Date: 2023-12-30 16:56:40
Description: 
Microsoft Defender Antivirus has encountered an error trying to restore an item from quarantine.
For more information please see the following:
Name: HackTool:Win32/Crack!pz
Severity: High
Category: Tool
Error Code: 0x80508014
Error description: The quarantined item cannot be restored. 
Security intelligence Version: AV: 1.403.1377.0, AS: 1.403.1377.0
Engine Version: 1.1.23110.2 
 
CodeIntegrity:
===============
Date: 2024-04-12 01:43:34
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\ControlLib.dll that did not meet the Custom 3 / Antimalware signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: Microsoft Corporation 25.100.143 12/07/2023
Motherboard: Microsoft Corporation Surface Pro 8
Processor: 11th Gen Intel® Core™ i7-1185G7 @ 3.00GHz
Percentage of memory in use: 49%
Total physical RAM: 16218.02 MB
Available physical RAM: 8233.88 MB
Total Virtual: 18778.02 MB
Available Virtual: 9815.2 MB
 
==================== Drives ================================
 
Drive c: (Local Disk) (Fixed) (Total:237.29 GB) (Free:9.72 GB) (Model: KBG40ZNS256G BG4A KIOXIA) (Protected) NTFS
 
\\?\Volume{84a7ddd9-42fa-451b-9b21-1bd06078c4ad}\ (Windows RE tools) (Fixed) (Total:0.92 GB) (Free:0.24 GB) NTFS
\\?\Volume{90314fac-ebda-4f89-bdfa-011576728c11}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 349ADB5F)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   4.29KB   107 downloads
Start FRST64 as before (right click and Run As Admin) and press Fix
Besides removing the infection we are also checking your system files.
Should take about 35 minutes be patient.  System will reboot when done.
A fix log will be generated please post that 
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0

#4
Ghoulartist

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

OK. running it as directed.  will reply back as soon as its done

 

 

edit: oh, in case it matters. a windows update was installed when i powered my computer on today. 


Edited by Ghoulartist, 12 April 2024 - 01:48 PM.

  • 0

#5
Ghoulartist

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Ok. Here they are

 

Do you think we need to do the process over again? because of the Windows update that happened while we did this?

 

The process of events were:

 

1. Scanned and posted results here in New topic

2. Your reply with the fixlog

3. Windows update happened overnight

3 did your steps as directed and then posted the most recent 3 logs here. 

 

I figured it could have edited system files or something that would hinder this process.   So I just wanted to be clear about it. 

 

 

(Ty for helping me BTW)

Attached Files


Edited by Ghoulartist, 12 April 2024 - 04:11 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP

Looks like it should have worked OK.  Are you still getting redirected?


  • 0

#7
Ghoulartist

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

its still redirecting. unfortunately


  • 0

#8
Ghoulartist

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

I noticed that my edge executable has this extra parameter at the end that I didn't put there. It also has this extra account permission shown in the second pic 

Attached Thumbnails

  • Screenshot 2024-04-13 155614.png
  • Screenshot 2024-04-13 155727.png

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP

I think you have found it.

 

The Target should say:

For Edge:

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

For Chrome:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

For Firefox:

"C:\Program Files\Mozilla Firefox\firefox.exe"


  • 0

#10
Ghoulartist

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

still redirecting somehow.   hmmmmm

 

i changed parameters to the suggested one for edge. restarted, looked at shortcut params for msedge.exe. it retained the change we made. but when i tried to search in address bar it redirected to a few sites before it lands on a yahoo search. 

 

i checked the parameters were still set to defaults we did, yet it still redirects.

 

the sites i see that flash before it gets to yahoo are kosearch and myhoroscopepro 

 

I looked into that same security tab of msedge.exe again i posted before and to my horror the unknown accounts multiplied. pic below. ive never seen something do that before. 

 

i havnt used my machine the enitre day. its been off. so i dont think any additional action of mine lead to this. 

 

 

 

i see there are other people having the same issue as me. like this one here:  

myhoroscopepro.com hijacks search engine - Virus, Spyware, Malware Removal (geekstogo.com)

 

apparently they solved it, but for chrome. we share the same symptom, if nothing else. thought it could help maybe

 

 

i also figured id leave this cross-post link here in case anyone in the future googles this and that one helps them. or sheds more light on this kind of hijack. 

 

 

 

what next? please advise. thank you!

Attached Thumbnails

  • Screenshot 2024-04-13 233844.png

Edited by Ghoulartist, 13 April 2024 - 10:03 PM.

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP

Usually the Account Unknown things are leftover from a previous version of Windows or from a different PC but you should be able to click on Edit then click on each one and Deny them access.

 

It looks like you have already run Malwarebytes so let's run download AdwCleaner 

https://www.bleeping...oad/adwcleaner/

and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

Let's also try RogueKiller:

Click on Other Downloads
Click on Portable (64 bits) 
 
Download and Save.  (You may want to pause your Anti-Virus while downloading and Running)
 
(Show in Folder)
 
Right click on the downloaded file (RogueKiller_portable64.exe)  and Run As admin
 
Scan
Start (Under Full Scan)
 
Will take about 20 minutes to complete.
 
Open Report
Export TXT (save it to your desktop as rk) Save
 
Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.
 
Open rk.txt and copy and paste it to your next Reply. 

  • 0

#12
Ghoulartist

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

here you go, both logs. 

 

also just for interests sake i tried to remove permissions on those accounts and i ended up getting that screen shot below. 

 

also when rogue killer ran , right as it finished windows defender (did not know it was on, i turned off malware bytes) this came up..... ive not done anything further other than sending this message. 

 

edit: Vegas Pro is a video editing software my son uses. that appears to be an installation folder 

Attached Thumbnails

  • Screenshot 2024-04-14 000754.png
  • Screenshot 2024-04-14 003557.png

Attached Files


Edited by Ghoulartist, 13 April 2024 - 10:58 PM.

  • 0

#13
Ghoulartist

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

agh. im sorry i had to rescan RK. the window got closed somehow. here is the new log. after i goofed .

 

 

Won't touch anything till you  tell me. I even left the defender window open like in the screen shot 

 

I work 3rd shift est time. So I think Im likley a bit off schedule from your days apologies if it makes this more difficult. 

 

Thanks! 

Attached Files

  • Attached File  RK.txt   4.16KB   76 downloads

Edited by Ghoulartist, 14 April 2024 - 01:12 AM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP

Neither RogueKiller or AdwCleaner found anything so you can close both of them.

 

 

 

In FRST there is an optional scan called Shortcut.txt.  Check it and hit Scan.  Post all logs.

 

The Security issue just means check the Disable Inheritance box and Apply before trying to remove permissions.


  • 0

#15
Ghoulartist

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Ok. Here they are:

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP