Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account

Very Sophisticated Spyware On Windows PC [Solved]

  • This topic is locked This topic is locked




  • Topic Starter
  • Member
  • PipPip
  • 12 posts





I think that proxy set was my free VPN (Psiphon).









Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by jama2 (03-05-2024 15:10:41) Run:3
Running from C:\Users\jama2\Desktop
Loaded Profiles: jama2
Boot Mode: Normal
fixlist content:
HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe  (No File)
S2 WirelessBackupService; C:\Program Files (x86)\Wondershare\Dr.Fone Data Recovery\Addins\Recovery\WirelessBackupService.exe [X]
S3 2442D4E7; C:\Windows\system32\drivers\2442D4E7.sys [255928 2024-04-30] (Malwarebytes Corporation -> Malwarebytes)
2024-05-02 20:33 - 2024-05-02 20:33 - 000001226 _____ C:\Users\jama2\Downloads\Malwarebytes Scan Report 2024-05-02 203208.txt
2024-05-02 12:28 - 2024-05-02 12:28 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\65256111.sys
2024-05-01 20:54 - 2024-05-01 20:54 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3514826A.sys
2024-05-01 17:17 - 2024-05-01 17:17 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\1F226483.sys
2024-05-01 16:02 - 2024-05-01 16:02 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2513B41E.sys
2024-04-30 23:17 - 2024-04-30 23:17 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\717662E5.sys
2024-04-30 23:12 - 2024-04-30 23:12 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\62634545.sys
2024-04-30 22:25 - 2024-04-30 22:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\761701B4.sys
2024-04-30 19:11 - 2024-04-30 19:11 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3264512A.sys
2024-04-30 14:07 - 2024-04-30 14:07 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7342815D.sys
2024-04-30 13:42 - 2024-04-30 13:42 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\38314686.sys
2024-04-30 11:10 - 2024-04-30 11:10 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6231B3BA.sys
2024-04-30 00:02 - 2024-04-30 00:02 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2442D4E7.sys
2024-04-29 23:00 - 2024-04-29 23:00 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\13637557.sys
2024-04-29 22:40 - 2024-04-29 22:40 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\116484D8.sys
2024-04-29 22:27 - 2024-04-29 22:27 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2456612F.sys
2024-04-29 22:26 - 2024-05-02 12:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2024-04-29 22:25 - 2024-04-29 22:26 - 014178840 _____ (Malwarebytes Corp.) C:\Users\jama2\Downloads\mbar-
2024-04-29 22:20 - 2024-05-02 20:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-04-29 22:20 - 2024-04-29 22:20 - 002589624 _____ (Malwarebytes) C:\Users\jama2\Desktop\MBSetup.exe
2024-05-01 16:02 - 2024-05-02 12:36 - 000000000 ____D C:\Users\jama2\Desktop\mbar
2024-04-30 22:16 - 2024-05-02 20:40 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2024-04-30 22:16 - 2024-05-01 18:51 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
AlternateDataStreams: C:\Users\jama2\Downloads\AdwCleaner.exe:MBAM.Zone.Identifier [229]
AlternateDataStreams: C:\Users\jama2\Downloads\HitmanPro_x64.exe:MBAM.Zone.Identifier [138]
AlternateDataStreams: C:\Users\jama2\Downloads\mbar- [244]
AlternateDataStreams: C:\Users\jama2\Downloads\tdsskiller.exe:MBAM.Zone.Identifier [212]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13464238.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\30725930.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49333647.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54173153.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13464238.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\30725930.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49333647.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54173153.sys => ""="Driver"
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Surfshark" => removed successfully
HKLM\System\CurrentControlSet\Services\WirelessBackupService => removed successfully
WirelessBackupService => service removed successfully
HKLM\System\CurrentControlSet\Services\2442D4E7 => removed successfully
2442D4E7 => service removed successfully
C:\Users\jama2\Downloads\Malwarebytes Scan Report 2024-05-02 203208.txt => moved successfully
C:\Windows\system32\Drivers\65256111.sys => moved successfully
C:\Windows\system32\Drivers\3514826A.sys => moved successfully
C:\Windows\system32\Drivers\1F226483.sys => moved successfully
C:\Windows\system32\Drivers\2513B41E.sys => moved successfully
C:\Windows\system32\Drivers\717662E5.sys => moved successfully
C:\Windows\system32\Drivers\62634545.sys => moved successfully
C:\Windows\system32\Drivers\761701B4.sys => moved successfully
C:\Windows\system32\Drivers\3264512A.sys => moved successfully
C:\Windows\system32\Drivers\7342815D.sys => moved successfully
C:\Windows\system32\Drivers\38314686.sys => moved successfully
C:\Windows\system32\Drivers\6231B3BA.sys => moved successfully
C:\Windows\system32\Drivers\2442D4E7.sys => moved successfully
C:\Windows\system32\Drivers\13637557.sys => moved successfully
C:\Windows\system32\Drivers\116484D8.sys => moved successfully
C:\Windows\system32\Drivers\2456612F.sys => moved successfully
"C:\ProgramData\Malwarebytes' Anti-Malware (portable)" Folder move:
C:\ProgramData\Malwarebytes' Anti-Malware (portable) => moved successfully
C:\Users\jama2\Downloads\mbar- => moved successfully
"C:\ProgramData\Malwarebytes" Folder move:
C:\ProgramData\Malwarebytes => moved successfully
C:\Users\jama2\Desktop\MBSetup.exe => moved successfully
"C:\Users\jama2\Desktop\mbar" Folder move:
C:\Users\jama2\Desktop\mbar => moved successfully
"C:\ProgramData\HitmanPro.Alert" Folder move:
Could not move "C:\ProgramData\HitmanPro.Alert" => Scheduled to move on reboot.
"C:\Program Files (x86)\HitmanPro.Alert" Folder move:
Could not move "C:\Program Files (x86)\HitmanPro.Alert" => Scheduled to move on reboot.
C:\Users\jama2\Downloads\AdwCleaner.exe => ":MBAM.Zone.Identifier" ADS removed successfully
C:\Users\jama2\Downloads\HitmanPro_x64.exe => ":MBAM.Zone.Identifier" ADS removed successfully
"C:\Users\jama2\Downloads\mbar-" => ":MBAM.Zone.Identifier" ADS not found.
C:\Users\jama2\Downloads\tdsskiller.exe => ":MBAM.Zone.Identifier" ADS removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\13464238.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\30725930.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\49333647.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\54173153.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\13464238.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\30725930.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\49333647.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\54173153.sys => removed successfully
"C:\Windows\system32\drivers\2442D4E7.sys" => not found
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+                               ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
Access is denied.
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+                               ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
Access is denied.
========= End of Powershell: =========
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8559870 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 35193585 B
Windows/system/drivers => 2072343 B
Edge => 0 B
Chrome => 315583821 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 27698 B
NetworkService => 27698 B
jama2 => 166328274 B
RecycleBin => 0 B
EmptyTemp: => 503.3 MB temporary data Removed.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-05-2024 15:13:03)
C:\ProgramData\HitmanPro.Alert => Could not move
C:\Program Files (x86)\HitmanPro.Alert => Could not move
==== End of Fixlog 15:13:03 ====
Malwarebytes with requested settings found no detections (This time rootkit scan enabled) below is the report;
-Log Details-
Scan Date: 5/3/2024
Scan Time: 3:19 PM
Log File: 289cb24a-0958-11ef-9fef-2cf05d714632.json
-Software Information-
Components Version: 1.0.1219
Update Package Version: 1.0.84203
License: Trial
-System Information-
OS: Windows 11 (Build 22000.2538)
CPU: x64
File System: NTFS
User: Mohamed\jama2
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 219563
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 48 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
But I must say, something interesting happened when I tried to open up my fixlog.txt in my documents. A message popped up saying something a long the lines of `Unable to open as user does not have required authorization`. But it opened without any message on the second attempt.


  • 0




    The Grecian Geek

  • Malware Removal
  • 4,258 posts

OK, you can set your VPN as you like, after we finish from here. I'm not a fan of free VPNs, but if you think that it fits to your need, it's fine.


There is one last concerning thing related to your system. You are still running Windows 11 version 21H2, which reached its end of life last October. Your system is vulnerable without getting security updates, and the importance of upgrading it as soon as you can is critical.


This is from your logs:


Platform: Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) Language: English (United States)
I recommend an in-place upgrade using the ISO file. This will reinstall and update the operating system and fix any corruptions, without removing any file or program.
Let me know if you have any questions during the procedure. 

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Ok, so thats all done and updated successfully.

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 12 posts

So, something very interesting has happened since I re-installed and updated windows.


I decided to run a few scans whilst waiting. I first ran TDSSKILLER, then I ran Malwarebytes again. Both was unable to detect anything.


I then decided to re-install malwarebytes anti-root kit (2017 version), I got the same 6 malware detections I initially got on my first malwarebytes anti-rootkit scan before my post.


I have attached screen shots of the detections below. It seems as though my re-install/update of windows caused some sort of malware to re-install on my PC.


I did not do anything about the detections, I did not clear them. I just closed the app. 

Attached Thumbnails

  • MBARK1.jpg
  • MBARK2.jpg
  • MBARK3.jpg

  • 0



    The Grecian Geek

  • Malware Removal
  • 4,258 posts





2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.



And again: the stand-alone Malwarebytes anti-rootkit has been discontinued. The anti-rootkit function is now embedded in the Malwarebytes tool you already ran. It detected nothing. Any detections from the old Beta version of the tool you used are obviously false-positives.


Plus: I prepared for you a whole fix for removing the remnants of the Malwarebytes anti-rootkit, and you went to install and run it again...


Since reviewing FRST logs takes a considerable amount of time, please let me know if you still want my assistance. I understand your concern about your system, but I can't ask for logs and review them all the time because you don't follow the instructions or because you don't trust what I ask you to do. 


In case you want to continue with me, please run FRST again and attach for me fresh logs to review. DO NOT use any other program while I am assisting you. 

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I am very sorry, wont happen again.










Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by jama2 (administrator) on MOHAMED (Micro-Star International Co., Ltd. MS-7C95) (03-05-2024 21:06:16)
Running from C:\Users\jama2\Desktop\FRST64.exe
Loaded Profiles: jama2
Platform: Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe <8>
(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe <2>
(C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNetFilter.exe
(Discord Inc. -> Discord Inc.) C:\Users\jama2\AppData\Local\Discord\app-1.0.9144\Discord.exe <6>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1803724721d1a34c\RtkAudUService64.exe <2>
(services.exe ->) (Sophos BV -> Sophos B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(services.exe ->) (Sophos Limited -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SEDService.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Health\SophosHealth.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe
(services.exe ->) (Sophos Ltd -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(sihost.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6>
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1803724721d1a34c\RtkAudUService64.exe [1945544 2024-02-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Sophos Home UI] => C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe [6851392 2024-04-30] (Sophos Ltd -> Sophos Limited)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\Run: [MicrosoftEdgeAutoLaunch_00B7C720392020D54AEEC5E271F90525] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4082112 2024-04-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\Run: [Discord] => C:\Users\jama2\AppData\Local\Discord\Update.exe [1525024 2024-04-09] (Discord Inc. -> GitHub)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\124.0.6367.119\Installer\chrmstp.exe [2024-05-03] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {035DA146-B94B-45A1-A892-29E998EE1367} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6441.0{D80113BB-830D-44E6-B8A4-06F8F2D489C8} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {CF4D5968-C381-4EA5-ABB1-5C36173C99F5} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-05-01] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {D1E007AB-7BC9-4189-81FD-234939FA1394} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1026589745-2252998717-1832492364-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-05-01] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {7D4ED313-64B2-4E6C-BAB9-07BA15BA1D4E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-05-01] (Mozilla Corporation -> Mozilla Foundation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{2c43f08e-ab0f-416b-a921-9443adf4b029}: [DhcpNameServer]
Tcpip\..\Interfaces\{2c43f08e-ab0f-416b-a921-9443adf4b029}: [DhcpDomain] broadband
Tcpip\..\Interfaces\{63d09afe-d664-4045-a8fe-3bb0e1e71b97}: [DhcpNameServer]
Tcpip\..\Interfaces\{90b39e03-26cc-41d2-9efe-b31e1784890a}: [DhcpNameServer]
Edge Profile: C:\Users\jama2\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-03]
Edge Extension: (Google Docs Offline) - C:\Users\jama2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
Edge Extension: (Edge relevant text changes) - C:\Users\jama2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-21]
FF DefaultProfile: 5juomq5b.default
FF ProfilePath: C:\Users\jama2\AppData\Roaming\Mozilla\Firefox\Profiles\5juomq5b.default [2024-05-01]
FF ProfilePath: C:\Users\jama2\AppData\Roaming\Mozilla\Firefox\Profiles\3yx6yv8x.default-release [2024-05-03]
CHR DefaultProfile: Default
CHR Profile: C:\Users\jama2\AppData\Local\Google\Chrome\User Data\Default [2024-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\jama2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
CHR Extension: (EPUBReader) - C:\Users\jama2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhclmfgfllimlhabjkgkeebkbiadflb [2024-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jama2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-25]
OPR DefaultProfile: Default
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 GoogleUpdaterInternalService126.0.6441.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
S2 GoogleUpdaterService126.0.6441.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [154928 2024-05-02] (Sophos BV -> Sophos B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5270952 2024-04-30] (Sophos Ltd -> SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887264 2024-05-03] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-03] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe [13339672 2024-04-30] (Sophos Ltd -> Sophos Limited)
R2 Sophos Endpoint Defense Service; C:\Program Files\Sophos\Endpoint Defense\SEDService.exe [3832952 2024-04-30] (Sophos Limited -> Sophos Limited)
R2 Sophos File Scanner Service; C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe [1312464 2024-04-30] (Sophos Ltd -> Sophos Limited)
R2 Sophos Health Service; C:\Program Files (x86)\Sophos\Health\SophosHealth.exe [2665640 2024-04-30] (Sophos Ltd -> Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [2725536 2024-04-30] (Sophos Ltd -> Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [2702824 2024-04-30] (Sophos Ltd -> Sophos Limited)
R2 Sophos System Protection Service; C:\Program Files\Sophos\Endpoint Defense\SSPService.exe [13425488 2024-04-30] (Sophos Ltd -> Sophos Limited)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [802752 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 13387732; C:\WINDOWS\System32\drivers\13394897.sys [281376 2024-05-03] (Kaspersky Lab -> Kaspersky Lab, Yury Parshin)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [732688 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> SurfRight B.V.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-05-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [234312 2024-05-03] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-05-03] (Malwarebytes Inc. -> Malwarebytes)
S3 ovpn-dco; C:\WINDOWS\System32\drivers\ovpn-dco.sys [91560 2023-08-14] (WDKTestCert lev,132435948852968539 -> OpenVPN, Inc)
R3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_81b332badcdcaabe\rt68cx21x64.sys [752600 2023-09-18] (Realtek Semiconductor Corp. -> Realtek)
R1 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [775328 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Sophos Limited)
S0 Sophos ELAM; C:\WINDOWS\System32\DRIVERS\SophosEL.sys [30712 2024-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Sophos Limited)
R0 Sophos Endpoint Defense; C:\WINDOWS\System32\DRIVERS\SophosED.sys [2559024 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Sophos Limited)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2023-07-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [251776 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [262648 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1060600 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20936 2024-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [601376 2024-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-09] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-05-03 21:04 - 2024-05-03 21:04 - 000000000 ___HD C:\OneDriveTemp
2024-05-03 19:53 - 2024-05-03 19:54 - 000312046 _____ C:\TDSSKiller.
2024-05-03 19:52 - 2024-05-03 19:52 - 000281376 _____ (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\13394897.sys
2024-05-03 19:52 - 2024-05-03 19:52 - 000234312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2024-05-03 19:52 - 2024-05-03 19:52 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-05-03 19:51 - 2024-05-03 19:52 - 000002446 _____ C:\TDSSKiller.
2024-05-03 19:00 - 2024-05-03 19:01 - 000313378 _____ C:\TDSSKiller.
2024-05-03 18:57 - 2024-05-03 19:05 - 000000000 ____D C:\Users\jama2\Desktop\mbar
2024-05-03 18:57 - 2024-05-03 19:05 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2024-05-03 18:57 - 2024-05-03 18:57 - 014178840 _____ (Malwarebytes Corp.) C:\Users\jama2\Downloads\mbar-
2024-05-03 18:57 - 2024-05-03 18:57 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\517B1745.sys
2024-05-03 17:43 - 2024-05-03 17:43 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-05-03 17:41 - 2024-05-03 19:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-05-03 17:41 - 2024-05-03 17:41 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-03 17:41 - 2024-05-03 17:41 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-03 17:41 - 2024-05-03 17:41 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1026589745-2252998717-1832492364-1001
2024-05-03 17:41 - 2024-05-03 17:41 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1026589745-2252998717-1832492364-1001
2024-05-03 17:41 - 2024-05-03 17:41 - 000000020 ___SH C:\Users\jama2\ntuser.ini
2024-05-03 17:41 - 2024-05-03 17:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-05-03 17:41 - 2024-05-03 17:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-05-03 17:40 - 2024-05-03 17:41 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2024-05-03 17:40 - 2024-05-03 17:41 - 000011433 _____ C:\WINDOWS\diagerr.xml
2024-05-03 17:40 - 2024-05-03 17:40 - 000804924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-05-03 17:37 - 2024-05-03 17:37 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2024-05-03 17:37 - 2024-05-03 17:37 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2024-05-03 17:36 - 2024-05-03 19:52 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2024-05-03 17:36 - 2024-05-03 17:41 - 000000000 ____D C:\Windows.old
2024-05-03 17:36 - 2024-05-03 17:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-05-03 17:36 - 2024-05-03 17:36 - 000295488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-05-03 17:30 - 2024-05-03 17:36 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Microsoft\Crypto
2024-05-03 17:30 - 2024-05-03 17:30 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Microsoft\SystemCertificates
2024-05-03 17:30 - 2024-05-03 17:30 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Microsoft\Network
2024-05-03 17:28 - 2024-05-03 17:42 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Microsoft\Windows
2024-05-03 17:28 - 2024-05-03 17:41 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Microsoft\Spelling
2024-05-03 17:28 - 2024-05-03 17:41 - 000000000 ____D C:\Users\jama2
2024-05-03 17:28 - 2024-05-03 17:36 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2024-05-03 17:27 - 2024-05-03 17:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2024-05-03 17:25 - 2024-05-03 17:26 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs
2024-05-03 17:20 - 2024-05-03 17:20 - 000024320 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-05-03 17:19 - 2024-05-03 17:19 - 000024320 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-05-03 17:15 - 2024-05-03 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2024-05-03 17:15 - 2024-05-03 17:15 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2024-05-03 17:15 - 2024-05-03 17:15 - 000000000 ____D C:\WINDOWS\addins
2024-05-03 17:06 - 2024-05-03 17:06 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2024-05-03 16:45 - 2024-05-03 17:41 - 000000000 ___DC C:\WINDOWS\Panther
2024-05-03 16:25 - 2024-05-03 16:34 - 2517739520 _____ C:\Users\jama2\Downloads\Win11_23H2_English_x64v2.iso
2024-05-03 15:21 - 2024-05-03 15:21 - 000001226 _____ C:\Users\jama2\Downloads\Malwarebytes Scan Report 2024-05-03 151931.txt
2024-05-03 15:18 - 2024-05-03 19:41 - 000000000 ____D C:\Users\jama2\AppData\Local\Malwarebytes
2024-05-03 15:18 - 2024-05-03 18:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-05-03 15:18 - 2024-05-03 15:18 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-05-03 15:18 - 2024-05-03 15:18 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-05-03 15:16 - 2024-05-03 15:18 - 000000000 ____D C:\Program Files\Malwarebytes
2024-05-03 15:15 - 2024-05-03 15:15 - 002589624 _____ (Malwarebytes) C:\Users\jama2\Downloads\MBSetup.exe
2024-05-03 15:13 - 2024-05-03 15:13 - 000010475 _____ C:\Users\jama2\Downloads\Fixlog2.txt
2024-05-02 22:01 - 2024-05-03 19:12 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2024-05-02 22:01 - 2024-05-03 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2024-05-02 22:01 - 2024-05-02 22:01 - 000000000 ____D C:\Program Files\HitmanPro
2024-05-02 21:01 - 2024-05-02 21:01 - 000035844 _____ C:\Users\jama2\Desktop\FRST2.txt
2024-05-02 21:01 - 2024-05-02 21:01 - 000034734 _____ C:\Users\jama2\Desktop\Addition2.txt
2024-05-02 20:57 - 2024-05-03 21:06 - 000016871 _____ C:\Users\jama2\Desktop\FRST.txt
2024-05-02 20:57 - 2024-05-02 21:00 - 000034718 _____ C:\Users\jama2\Desktop\Addition.txt
2024-05-02 20:29 - 2024-05-02 20:29 - 008791352 _____ (Malwarebytes) C:\Users\jama2\Downloads\AdwCleaner.exe
2024-05-02 20:29 - 2024-05-02 20:29 - 008790880 _____ (Malwarebytes) C:\Users\jama2\Downloads\adwcleaner(1).exe
2024-05-02 20:29 - 2024-05-02 20:29 - 000000000 ____D C:\AdwCleaner
2024-05-01 17:14 - 2024-05-01 17:15 - 000308740 _____ C:\TDSSKiller.
2024-05-01 15:49 - 2024-05-01 15:50 - 014287912 _____ (Sophos B.V.) C:\Users\jama2\Downloads\HitmanPro_x64 (1).exe
2024-05-01 15:32 - 2024-05-01 15:32 - 000471950 _____ C:\Users\jama2\Downloads\msinfo.dll
2024-05-01 15:31 - 2024-05-01 15:31 - 000495803 _____ C:\Users\jama2\Downloads\ATL.DLL
2024-05-01 14:52 - 2024-05-03 15:13 - 000010475 _____ C:\Users\jama2\Desktop\Fixlog.txt
2024-05-01 14:50 - 2024-05-01 14:50 - 002394112 _____ (Farbar) C:\Users\jama2\Desktop\FRST64.exe
2024-05-01 13:57 - 2024-05-01 13:58 - 000309118 _____ C:\TDSSKiller.
2024-05-01 13:10 - 2024-05-01 13:11 - 000036302 _____ C:\Users\jama2\Downloads\Addition.txt
2024-05-01 13:09 - 2024-05-03 21:06 - 000000000 ____D C:\FRST
2024-05-01 13:09 - 2024-05-01 13:11 - 000038530 _____ C:\Users\jama2\Downloads\FRST.txt
2024-05-01 13:08 - 2024-05-03 15:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-04-30 22:16 - 2024-05-03 19:53 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2024-04-30 22:16 - 2024-05-03 17:43 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2024-04-30 22:16 - 2024-05-03 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\SophosED
2024-04-30 22:16 - 2024-05-03 17:36 - 000000000 ____D C:\WINDOWS\system32\SophosED
2024-04-30 22:16 - 2024-05-03 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2024-04-30 22:16 - 2024-04-30 22:17 - 000000000 ____D C:\WINDOWS\CryptoGuard
2024-04-30 22:16 - 2024-04-30 22:15 - 001040872 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2024-04-30 22:16 - 2024-04-30 22:15 - 000990216 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2024-04-30 22:16 - 2024-04-30 22:15 - 000060192 _____ (Sophos Limited) C:\WINDOWS\system32\SophosNA.exe
2024-04-30 22:15 - 2024-04-30 22:20 - 000000000 ____D C:\ProgramData\Sophos
2024-04-30 22:15 - 2024-04-30 22:16 - 000000000 ____D C:\Program Files\Sophos
2024-04-30 22:15 - 2024-04-30 22:15 - 000000000 ____D C:\Program Files\Common Files\Sophos
2024-04-30 22:14 - 2024-04-30 22:17 - 000000000 ____D C:\Program Files (x86)\Sophos
2024-04-30 22:14 - 2024-04-30 22:14 - 003770440 _____ (Sophos Limited) C:\Users\jama2\Downloads\SophosInstall.exe
2024-04-30 22:13 - 2024-04-30 22:13 - 000303364 _____ C:\TDSSKiller.
2024-04-30 21:07 - 2024-04-30 21:07 - 005964808 _____ (Opera Software) C:\Users\jama2\Downloads\OperaGXSetup (4).exe
2024-04-30 13:41 - 2024-04-30 13:42 - 000303214 _____ C:\TDSSKiller.
2024-04-30 13:40 - 2024-04-30 13:40 - 000002446 _____ C:\TDSSKiller.
2024-04-30 13:38 - 2024-04-30 13:39 - 000302832 _____ C:\TDSSKiller.
2024-04-30 13:37 - 2024-04-30 13:37 - 000002446 _____ C:\TDSSKiller.
2024-04-30 13:36 - 2024-04-30 13:36 - 000061901 _____ C:\Users\jama2\Downloads\UCD35_Mahamed_Jama (1).pdf
2024-04-29 23:55 - 2024-04-29 23:55 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Xiaomi
2024-04-29 23:52 - 2024-04-29 23:52 - 098374170 _____ C:\Users\jama2\Downloads\MiFlash20220507.zip
2024-04-29 23:28 - 2024-04-29 23:28 - 000000064 _____ C:\Users\jama2\Downloads\a2whitelist.ini
2024-04-29 23:27 - 2024-04-29 23:27 - 000000000 ____D C:\Users\jama2\Downloads\Reports
2024-04-29 23:26 - 2024-04-29 23:28 - 000006900 _____ C:\Users\jama2\Downloads\a2settings.ini
2024-04-29 23:26 - 2024-04-29 23:26 - 000000000 ____D C:\Users\jama2\Downloads\Quarantine
2024-04-29 23:07 - 2024-04-30 19:17 - 000002526 _____ C:\Users\jama2\Downloads\FSS.txt
2024-04-29 22:57 - 2024-04-29 22:59 - 000304710 _____ C:\TDSSKiller.
2024-04-29 22:55 - 2024-04-29 22:55 - 000000000 ____D C:\TDSSKiller_Quarantine
2024-04-29 22:54 - 2024-04-29 22:56 - 000306936 _____ C:\TDSSKiller.
2024-04-29 22:53 - 2024-04-29 22:53 - 000002446 _____ C:\TDSSKiller.
2024-04-29 22:51 - 2024-04-29 22:53 - 005054744 _____ (AO Kaspersky Lab) C:\Users\jama2\Downloads\tdsskiller.exe
2024-04-29 22:51 - 2024-04-29 22:53 - 000000000 ____D C:\ProgramData\HitmanPro
2024-04-29 22:50 - 2024-04-29 22:51 - 014287912 _____ (Sophos B.V.) C:\Users\jama2\Downloads\HitmanPro_x64.exe
2024-04-29 14:25 - 2024-04-29 14:25 - 000000000 ____D C:\Users\jama2\AppData\Local\ToastNotificationManagerCompat
2024-04-29 14:06 - 2024-04-29 14:59 - 000000000 ____D C:\Users\jama2\AppData\Local\DiskDrill
2024-04-29 14:06 - 2024-04-29 14:06 - 000000018 _____ C:\Users\jama2\AppData\Roaming\.cache9050425797200915815.dat
2024-04-29 14:06 - 2024-04-29 14:06 - 000000000 ___HD C:\.cleverfiles
2024-04-29 14:06 - 2024-04-29 14:06 - 000000000 ____D C:\Users\jama2\AppData\Local\CrashRpt
2024-04-29 14:06 - 2024-04-29 14:06 - 000000000 ____D C:\ProgramData\CleverFiles
2024-04-29 14:05 - 2024-04-29 14:05 - 023185752 _____ (CleverFiles) C:\Users\jama2\Downloads\disk-drill-win.exe
2024-04-28 20:22 - 2024-04-28 20:22 - 005964808 _____ (Opera Software) C:\Users\jama2\Downloads\OperaGXSetup (3).exe
2024-04-28 20:22 - 2024-04-28 20:22 - 005964808 _____ (Opera Software) C:\Users\jama2\Downloads\OperaGXSetup (2).exe
2024-04-27 23:28 - 2024-04-27 23:28 - 000001674 _____ C:\Users\jama2\Downloads\mo.pem
2024-04-27 20:51 - 2024-04-27 20:51 - 005964880 _____ (Opera Software) C:\Users\jama2\Downloads\OperaGXSetup (1).exe
2024-04-27 20:06 - 2024-04-27 20:06 - 005387944 _____ (Opera Software) C:\Users\jama2\Downloads\OperaSetup (1).exe
2024-04-25 13:25 - 2024-04-25 13:25 - 000000000 ____D C:\Users\jama2\AppData\Local\PackageManagement
2024-04-25 13:25 - 2024-04-25 13:25 - 000000000 ____D C:\Program Files\PackageManagement
2024-04-25 12:10 - 2024-05-01 22:45 - 008329944 _____ C:\Users\jama2\Downloads\psiphon3.exe
2024-04-25 12:10 - 2024-04-25 12:10 - 008329944 _____ C:\Users\jama2\Downloads\psiphon3.exe.orig
2024-04-25 12:10 - 2024-04-25 12:10 - 000000000 ____D C:\Users\jama2\AppData\Local\Psiphon3
2024-04-25 12:03 - 2024-04-25 12:03 - 000000000 ____D C:\Users\jama2\AppData\Local\Opera Software
2024-04-25 12:02 - 2024-04-25 12:02 - 005388600 _____ (Opera Software) C:\Users\jama2\Downloads\OperaSetup.exe
2024-04-25 12:02 - 2024-04-25 12:02 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Opera Software
2024-04-25 10:03 - 2024-04-25 10:05 - 000000000 ____D C:\Program Files\dotnet
2024-04-25 10:03 - 2024-04-25 10:04 - 000000000 ____D C:\Program Files (x86)\dotnet
2024-04-25 10:03 - 2024-04-25 10:03 - 000000000 ____D C:\Users\jama2\AppData\Local\IsolatedStorage
2024-04-25 10:03 - 2024-04-25 10:03 - 000000000 ____D C:\Users\jama2\AppData\Local\AdvinstAnalytics
2024-04-25 10:03 - 2024-04-25 10:03 - 000000000 ____D C:\ProgramData\Caphyon
2024-04-22 17:38 - 2024-05-01 14:53 - 000000000 ____D C:\Users\jama2\AppData\LocalLow\Temp
2024-04-22 17:38 - 2024-04-22 17:38 - 004120008 _____ C:\Users\jama2\Downloads\Secondary adrenal insufficiency.pdf
2024-04-17 21:17 - 2024-04-17 21:17 - 003582472 _____ (Opera Software) C:\Users\jama2\Downloads\OperaGXSetup.exe
2024-04-17 07:19 - 2024-05-03 21:05 - 000000000 ____D C:\Users\jama2\AppData\Roaming\discord
2024-04-17 07:19 - 2024-05-03 21:04 - 000000000 ____D C:\Users\jama2\AppData\Local\Discord
2024-04-17 07:19 - 2024-05-03 17:36 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-04-17 07:19 - 2024-05-02 19:52 - 000002247 _____ C:\Users\jama2\Desktop\Discord.lnk
2024-04-17 07:19 - 2024-04-17 07:19 - 000000000 ____D C:\Users\jama2\AppData\Roaming\NVIDIA
2024-04-17 07:18 - 2024-04-17 07:19 - 112800488 _____ (Discord Inc.) C:\Users\jama2\Downloads\DiscordSetup.exe
2024-04-15 09:46 - 2024-04-15 09:46 - 000000000 ____D C:\Users\jama2\AppData\Local\Aiseesoft Studio
2024-04-15 09:45 - 2024-04-15 09:45 - 041954296 _____ (Aiseesoft Studio ) C:\Users\jama2\Downloads\android-data-recovery.exe
2024-04-15 09:41 - 2024-04-15 09:41 - 000000000 ____D C:\Users\jama2\Downloads\dmde-4-0-6-806-win64-gui
2024-04-15 09:40 - 2024-04-15 09:40 - 001936420 _____ C:\Users\jama2\Downloads\dmde-4-0-6-806-win64-gui.zip
2024-04-15 09:29 - 2024-04-15 09:30 - 020447360 _____ (iMobie Inc.) C:\Users\jama2\Downloads\droidkit-en-setup (1).exe
2024-04-15 09:28 - 2024-04-15 09:28 - 000000000 ____D C:\Tenorshare
2024-04-15 09:27 - 2024-04-15 09:27 - 000000000 ___HD C:\UltData_Android
2024-04-15 09:18 - 2024-04-26 20:06 - 000000000 ____D C:\Users\jama2\AppData\Local\CrashDumps
2024-04-15 09:18 - 2024-04-15 09:18 - 000000000 ____D C:\Users\jama2\AppData\Roaming\TSMonitor
2024-04-15 09:18 - 2024-04-15 09:18 - 000000000 ____D C:\Program Files\DIFX
2024-04-15 09:17 - 2024-04-15 09:17 - 002293520 _____ (Tenorshare Co., Ltd.) C:\Users\jama2\Downloads\ultdata-android.exe
2024-04-15 09:17 - 2024-04-15 09:17 - 000000000 ____D C:\Program Files (x86)\Tenorshare
2024-04-15 09:10 - 2024-04-15 09:54 - 000000000 ____D C:\Program Files (x86)\iCare Data Recovery Free
2024-04-15 09:10 - 2024-04-15 09:10 - 004400366 _____ C:\Users\jama2\Downloads\icarefree.zip
2024-04-15 09:01 - 2024-04-15 09:25 - 000000000 ____D C:\Program Files (x86)\EaseUS
2024-04-15 09:01 - 2024-04-15 09:01 - 181483424 _____ (EaseUS ) C:\Users\jama2\Downloads\saverforandroid_free_easeus.exe
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\Users\jama2\AppData\Roaming\SystemAcCrux
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\Users\jama2\AppData\Roaming\EaseUS
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\Users\jama2\AppData\Local\NVIDIA
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\Users\jama2\AppData\Local\MobiSaverForAndroid
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\Users\jama2\AppData\Local\EaseUS
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\ProgramData\MobiSaver for Android
2024-04-15 09:00 - 2024-04-15 09:00 - 001692544 _____ C:\Users\jama2\Downloads\saverforandroid_free_Installer_20240415.682.exe
2024-04-15 09:00 - 2024-04-15 09:00 - 001692544 _____ C:\Users\jama2\Downloads\saverforandroid_free_Installer_20240415.17131680357627b682.exe
2024-04-15 07:27 - 2024-04-15 07:27 - 000000000 ____D C:\Users\jama2\Tracing
2024-04-15 02:58 - 2024-04-15 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2024-04-15 02:58 - 2024-04-15 02:58 - 000000000 ____D C:\Users\jama2\AppData\Roaming\iMobie
2024-04-15 02:58 - 2024-04-15 02:58 - 000000000 ____D C:\Users\jama2\AppData\Local\iMobie_Inc
2024-04-15 02:57 - 2024-04-15 09:53 - 000000000 ____D C:\Program Files (x86)\iMobie
2024-04-15 02:57 - 2024-04-15 09:30 - 000000352 _____ C:\Users\jama2\Downloads\dk_log.txt
2024-04-15 02:57 - 2024-04-15 02:57 - 020447360 _____ (iMobie Inc.) C:\Users\jama2\Downloads\droidkit-en-setup.exe
2024-04-15 02:43 - 2024-04-15 02:44 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Apple Computer
2024-04-15 02:43 - 2024-04-15 02:43 - 000000000 ____D C:\Users\jama2\AppData\Local\Apple Computer
2024-04-15 02:43 - 2024-04-15 02:43 - 000000000 ____D C:\Users\jama2\.android
2024-04-15 02:41 - 2024-04-15 02:41 - 002506232 _____ C:\Users\jama2\Downloads\drfone_recover_setup_full3848.exe
2024-04-14 01:31 - 2024-04-14 01:31 - 000000000 ____D C:\WINDOWS\system32\o2
2024-04-14 01:31 - 2024-04-14 01:31 - 000000000 ____D C:\Users\jama2\AppData\Local\CEF
2024-04-14 01:30 - 2024-04-30 22:15 - 000888600 _____ (Google LLC) C:\Users\Public\Documents\gcapi.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-05-03 21:05 - 2023-09-25 14:50 - 000000000 ____D C:\Users\jama2\AppData\Local\Packages
2024-05-03 21:05 - 2023-09-25 14:50 - 000000000 ____D C:\ProgramData\Packages
2024-05-03 21:05 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-03 21:04 - 2023-09-25 14:52 - 000000000 ___RD C:\Users\jama2\OneDrive
2024-05-03 21:04 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-05-03 21:04 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-05-03 21:04 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-03 19:53 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2024-05-03 19:52 - 2023-09-25 14:33 - 000012288 ___SH C:\DumpStack.log.tmp
2024-05-03 19:52 - 2022-05-07 06:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-05-03 19:43 - 2023-09-25 14:52 - 000000000 ____D C:\Users\jama2\AppData\Local\PlaceholderTileLogoFolder
2024-05-03 19:42 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-03 17:58 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-05-03 17:57 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-05-03 17:44 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat
2024-05-03 17:43 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-05-03 17:41 - 2023-09-25 14:50 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-05-03 17:41 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-03 17:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-03 17:41 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-05-03 17:37 - 2023-09-25 15:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2024-05-03 17:37 - 2023-09-25 15:00 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-03 17:37 - 2023-09-25 15:00 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-05-03 17:37 - 2023-09-25 14:34 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-03 17:37 - 2023-09-25 14:34 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-05-03 17:37 - 2022-05-07 06:24 - 000000000 __RHD C:\Users\Public\Libraries
2024-05-03 17:36 - 2024-01-10 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2024-05-03 17:36 - 2023-11-27 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader
2024-05-03 17:36 - 2023-09-25 16:45 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2024-05-03 17:36 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2024-05-03 17:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-05-03 17:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool
2024-05-03 17:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2024-05-03 17:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-05-03 17:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-05-03 17:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-05-03 17:36 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-05-03 17:36 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-05-03 17:35 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup
2024-05-03 17:28 - 2022-05-07 06:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2024-05-03 17:26 - 2023-12-04 07:30 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-05-03 17:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-05-03 17:25 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-03 17:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-05-03 17:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-05-03 17:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-03 17:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-05-03 17:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-05-03 17:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-05-03 17:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-03 17:25 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
2024-05-03 17:16 - 2023-12-04 07:25 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2024-05-03 17:16 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\OCR
2024-05-03 17:14 - 2022-05-07 07:10 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-05-03 17:14 - 2022-05-07 07:10 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-05-03 17:14 - 2022-05-07 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2024-05-03 17:14 - 2022-05-07 07:01 - 000000000 ____D C:\WINDOWS\system32\WCN
2024-05-03 17:14 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-05-03 17:14 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-05-03 17:14 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-05-03 17:14 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-05-03 17:14 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-05-03 17:14 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-03 17:14 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-05-03 17:14 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\IME
2024-05-03 17:14 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System
2024-05-03 17:14 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-05-03 16:39 - 2023-09-25 14:50 - 000000000 ____D C:\Users\jama2\AppData\Local\D3DSCache
2024-05-01 19:17 - 2023-09-25 14:52 - 000002383 _____ C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-01 14:33 - 2023-12-13 23:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-05-01 13:11 - 2023-12-13 23:14 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-04-30 22:28 - 2024-01-10 22:15 - 000000000 ____D C:\ProgramData\Package Cache
2024-04-29 15:22 - 2023-12-13 23:14 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-04-27 23:28 - 2023-10-04 16:10 - 000000000 ____D C:\Users\jama2\AppData\Local\gnupg
2024-04-25 13:25 - 2023-10-30 12:54 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Microsoft\Teams
2024-04-25 10:16 - 2024-01-10 22:17 - 000000000 ____D C:\Users\jama2\.VirtualBox
2024-04-25 10:09 - 2024-01-10 22:17 - 000000000 ____D C:\ProgramData\VirtualBox
2024-04-17 07:19 - 2023-10-30 12:54 - 000000000 ____D C:\Users\jama2\AppData\Local\SquirrelTemp
2024-04-15 09:01 - 2023-10-04 16:10 - 000000000 ____D C:\Users\jama2\AppData\Local\cache
2024-04-15 07:27 - 2023-09-25 14:49 - 000000000 ___SD C:\Users\jama2\AppData\Roaming\Microsoft\Credentials
2024-04-15 02:43 - 2023-11-24 00:34 - 000000000 ____D C:\ProgramData\Apple
2024-04-09 21:48 - 2023-09-25 19:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-09 21:47 - 2023-09-25 19:18 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-09 21:40 - 2023-09-25 14:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Files in the root of some directories ========
2024-04-29 14:06 - 2024-04-29 14:06 - 000000018 _____ () C:\Users\jama2\AppData\Roaming\.cache9050425797200915815.dat
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by jama2 (03-05-2024 21:07:44)
Running from C:\Users\jama2\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) (2024-05-03 16:41:19)
Boot Mode: Normal
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1026589745-2252998717-1832492364-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1026589745-2252998717-1832492364-503 - Limited - Disabled)
Guest (S-1-5-21-1026589745-2252998717-1832492364-501 - Limited - Disabled)
jama2 (S-1-5-21-1026589745-2252998717-1832492364-1001 - Administrator - Enabled) => C:\Users\jama2
WDAGUtilityAccount (S-1-5-21-1026589745-2252998717-1832492364-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Sophos Home (Enabled - Up to date) {008D2539-910E-337A-85E5-586D97ABA594}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Discord (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\Discord) (Version: 1.0.9039 - Discord Inc.)
DroidKit (HKLM-x32\...\DroidKit) (Version: - iMobie Inc.)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.4.3 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.119 - Google LLC)
Gpg4win (4.2.0) (HKLM-x32\...\Gpg4win) (Version: 4.2.0 - The Gpg4win Project)
Harver System Checker 2.0.8 (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\57ba83c7-44cc-50c5-93e2-68092ebb1ce7) (Version: 2.0.8 - Harver)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: - SurfRight B.V.)
Malwarebytes version (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: - Malwarebytes)
MetaTrader (HKLM\...\MetaTrader) (Version: 5.00 - MetaQuotes Ltd.)
Microsoft .NET Host - 7.0.18 (x64) (HKLM\...\{8B68385D-2790-41EE-8D7C-3B82B4DF2E78}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.18 (x86) (HKLM-x32\...\{389F17A6-E821-4C30-AD19-6C6F9A295808}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.18 (x64) (HKLM\...\{97B1AA87-A6DA-474C-B607-7627F2D7B98A}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.18 (x86) (HKLM-x32\...\{3E6B2806-21EF-4D42-85B6-96E043850F51}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.18 (x64) (HKLM\...\{2BC88C2F-92B5-4BB0-B40E-EC88F0EEA057}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.18 (x86) (HKLM-x32\...\{5CE21DDB-895C-43B1-BAC6-61E65884FFB2}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.18 - Shared Framework (x64) (HKLM-x32\...\{18b6ac9e-c37f-4b56-825e-e8ccb5430cbb}) (Version: - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.18 - Shared Framework (x86) (HKLM-x32\...\{7f65fae2-11ca-4610-8e43-a7897d8c6bf6}) (Version: - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.18 Shared Framework (x64) (HKLM\...\{D9DA4FA8-A5C9-39A5-A6BE-7FD7CBEB4FB6}) (Version: - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.18 Shared Framework (x86) (HKLM-x32\...\{80344068-0B48-3E92-B17B-4FB97857397D}) (Version: - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\OneDriveSetup.exe) (Version: 24.076.0414.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{ACF2602E-BD31-4BE5-AC03-9C8FDB638ADA}) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 (HKLM-x32\...\{1de5e707-82da-4db6-b810-5d140cc4cbb3}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33130 (HKLM\...\{C31777DB-51C1-4B19-9F80-38EF5C1D7C89}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33130 (HKLM\...\{1CA7421F-A225-4A9C-B320-A36981A2B789}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.18 (x64) (HKLM\...\{F91C5C9A-FDEF-44D0-88D8-40113345FAA7}) (Version: 56.72.12035 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.18 (x64) (HKLM-x32\...\{9926fb6d-a007-472d-b0dc-38d7e8c475e0}) (Version: - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.18 (x86) (HKLM-x32\...\{76BE2305-940F-4B0D-9B46-6F4EEEF8B17D}) (Version: 56.72.12035 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.18 (x86) (HKLM-x32\...\{909f452d-77d0-4433-91a8-e6d5c5e40ede}) (Version: - Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 124.0.2 (x64 en-GB)) (Version: 124.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 120.0.1 - Mozilla)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
Oracle VM VirtualBox 7.0.12 (HKLM\...\{63D7619C-79C2-42B6-A463-060F52EAF7C0}) (Version: 7.0.12 - Oracle and/or its affiliates)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 11.15.0717.2023 - Realtek)
Sophos AMSI Protection (HKLM\...\{0EA5323F-DE1B-480C-911E-7827E5EA20E9}) (Version: 1.9.2935 - Sophos Limited) Hidden
Sophos AutoUpdate (HKLM\...\{0877470A-EA34-42E2-920A-495E92386A0C}) (Version: 6.16.878 - Sophos Limited) Hidden
Sophos Diagnostic Utility (HKLM\...\{8078549C-CFF0-48C5-9B77-6BA48A14673D}) (Version: 6.16.846 - Sophos Limited) Hidden
Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: - Sophos Limited) Hidden
Sophos Exploit Prevention (HKLM\...\{866151B2-E14E-40E0-B6D9-64B1D428F5CB}) (Version: - Sophos Limited) Hidden
Sophos File Scanner (HKLM\...\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}) (Version: - Sophos Limited) Hidden
Sophos Health (HKLM-x32\...\{5E8436D5-3688-4007-94C7-55D017275F89}) (Version: 2.13.568 - Sophos Limited) Hidden
Sophos Home (HKLM\...\Sophos Endpoint Agent) (Version: 2023.2.2.2 - Sophos Limited)
Sophos Home (HKLM-x32\...\{8CE5BFB6-E8E8-46BA-AAA4-FF75114B7778}) (Version: - Sophos Limited) Hidden
Sophos Home Clean (HKLM\...\Sophos Home Clean) (Version: - Sophos Limited) Hidden
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.20.46 - Sophos Limited) Hidden
Sophos ML Engine (HKLM\...\Sophos ML Engine) (Version: - Sophos Limited) Hidden
Sophos Network Threat Protection (HKLM\...\{2D2A1891-4657-4E6F-9373-BFCE4C9AC5BA}) (Version: 2023.2.886 - Sophos Limited) Hidden
Sophos Standalone Engine (HKLM\...\Sophos Standalone Engine) (Version: - Sophos Limited) Hidden
Chrome apps:
Docs (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\cfe71410a73e4741a5c74e8377b19021) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\b1e4745b2953f7d4351fb4be3dcb8fdd) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\1a3529433473e75c899d37ca65c99f7f) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\c83dd905636f0ef7e9682e7147fed614) (Version: 1.0 - Google\Chrome)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1300.477.0_x64__8wekyb3d8bbwe [2024-05-03] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-05-03] (HP Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-05-03] (Instagram)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa [2024-03-27] (Apple Inc.) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2024-05-03] (Microsoft Corp.)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-05-03] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-05-03] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_0.24041.34.0_x64__cw5n1h2txyewy [2024-05-03] (Microsoft Windows)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-05-03] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.51.324.0_x64__dt26b99r8h8gj [2024-04-12] (Realtek Semiconductor Corp)
Reddit -> C:\Program Files\WindowsApps\redditTV.Reddit_1.0.1.0_neutral__99kbdge22ed1a [2024-05-03] (Reddit Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-05-03] (Spotify AB) [Startup Task]
Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-05-03] (Microsoft Windows)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-05-03] (Microsoft Corporation)
Windows File Recovery -> C:\Program Files\WindowsApps\Microsoft.WindowsFileRecovery_0.1.20151.0_x64__8wekyb3d8bbwe [2024-04-29] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2023-07-14] (g10 Code GmbH -> g10 Code GmbH)
ContextMenuHandlers1: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2024-04-30] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers2: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2024-04-30] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2023-07-14] (g10 Code GmbH -> g10 Code GmbH)
ContextMenuHandlers4: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2024-04-30] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2024-04-30] (Sophos Ltd -> Sophos Limited)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\jama2\Downloads\mbar- [244]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13387732.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13387732.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
Local Area Connection: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9600D680-56B6-43BC-8A7D-08C7CE93B9F1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{77D3655D-DB04-49D0-BF95-8951CF570D3C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A635C6DC-BCBD-4ACE-8430-9C3DA066E656}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24088.3902.2792.6069_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1CC4B2CE-BEC6-46B0-B8BE-F8729B9880D4}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24088.3902.2792.6069_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57ED6FC9-58B0-4B6E-9CCA-62005F2B6339}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17E12536-E6BF-43DC-84C7-72CDD472CA1B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F4C11414-E158-4920-91D2-62A6CF052188}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{564C8192-C709-4EF5-827F-A9414171BD05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{58EBC472-1A69-42BA-89F6-0008D27701FA}] => (Allow) C:\Users\jama2\Downloads\ultdata-android.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.)
FirewallRules: [{498499E5-D811-47E9-ACB2-AE5BD49F96EC}] => (Allow) C:\Users\jama2\Downloads\ultdata-android.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.)
FirewallRules: [{9B7E9C36-DE3C-43C0-8DE4-A4C9997C7F41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0BAF795F-C98C-4E96-B1D4-6AA3B10E1523}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CC6FA6BE-EB5D-4FE4-8829-2357B97C020C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8F578157-9016-463B-8ADC-3E31365E508E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5E6F684D-7AC9-4B5E-B1FA-C0BDCC3CA2E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2C64202C-F362-458A-B2B4-45426413D3C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{16C89364-C069-4F20-927C-416375255E3D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D8EFA9E6-EF3E-4D28-8F9E-338C56F80568}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{73CAAC93-A3CF-4398-AA76-1C9DFF20777F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FDBFFF22-FFC5-46CF-925A-CD6E5947DB1F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{54C1424B-8F2C-46D9-A8F4-E1B556E7E345}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{558D0298-7EC2-40C7-A244-7E666B0BF7D8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A0E00716-3BEC-4307-BAD2-58A678E43C7C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{4304FD4B-16F4-4482-9957-7B519A5882B0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{5B5EA842-2294-4490-88A7-EC9D7EE591A4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A7FF96B3-BCD0-45C9-9E1F-E2F2A159BB59}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{8EEFF0C6-F095-4A47-A69B-904F7FD4E5F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{CF9FE734-341C-4F8A-89DB-ADB92B1A0C5D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{F20EA449-2794-492C-AB60-04255A336863}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0EF8F4A9-2090-4D3A-A7D8-0D1DDDB1127D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7938CD3F-DDF6-4043-A089-7D8073022274}] => (Allow) C:\Program Files\MetaTrader\metatester64.exe (MetaQuotes Ltd -> MetaQuotes Ltd.)
FirewallRules: [{3D31501C-F4E0-409C-9A1C-8350705D3BC7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7F221A16-6234-40BD-815C-F7FD049AB6DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{12E4BD06-AA5F-4B70-8E2A-8A3DAAAE24F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{ECFC0205-BAC0-44FE-BF50-A7E72310A2F8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0B642DBB-1B7E-476E-833E-CE0FAAE34218}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{94110F9D-F34C-4577-9442-125C53ED27EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{27004058-16D2-4EF1-A703-FF889A7B6354}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B484EDC8-0350-4623-8B3F-DEEF1613F99C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E8BAC51A-C9E4-407C-81F2-793CB8D0054A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{555C72C8-B0B7-4C75-9CBE-C68F72AB5A5E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
==================== Restore Points =========================
03-05-2024 17:56:54 Windows Update
03-05-2024 17:56:59 Windows Update
03-05-2024 17:57:00 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
Error: (05/03/2024 07:53:03 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\MOHAMED$ via https://AMD-KeyId-90...plates/Aik/scepfailed:
Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (05/03/2024 07:53:03 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-90...plates/Aik/scepfailed:
Method: GET(312ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (05/03/2024 05:41:12 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\MOHAMED$ via https://AMD-KeyId-90...plates/Aik/scepfailed:
Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (05/03/2024 05:41:12 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-90...plates/Aik/scepfailed:
Method: GET(47ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
System errors:
Error: (05/03/2024 07:52:54 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft...?linkid=2169931
Error: (05/03/2024 07:52:44 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
Error: (05/03/2024 07:52:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
Error: (05/03/2024 07:52:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
Error: (05/03/2024 05:41:19 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft...?linkid=2169931
Error: (05/03/2024 05:37:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
Date: 2024-05-03 21:06:02
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Sophos\Sophos AMSI Protection\SophosAmsiProvider.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. 
Date: 2024-05-03 21:04:57
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. 
==================== Memory info =========================== 
BIOS: American Megatrends Inc. 2.00 06/04/2020
Motherboard: Micro-Star International Co., Ltd. B550M PRO-VDH WIFI (MS-7C95)
Processor: AMD Ryzen 7 3700X 8-Core Processor 
Percentage of memory in use: 44%
Total physical RAM: 16333.03 MB
Available physical RAM: 9078.11 MB
Total Virtual: 17357.03 MB
Available Virtual: 7393.23 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:464.84 GB) (Free:372.66 GB) (Model: WDC  WDS500G2B0B-00YS70) NTFS
\\?\Volume{d20a9cc1-0c91-4b3a-9b0d-8f630b8455ac}\ () (Fixed) (Total:0.8 GB) (Free:0.08 GB) NTFS
\\?\Volume{892c5427-a038-4a61-8d1c-9abda5c24e77}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================


  • 0



    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Your system is clean and upgraded to the latest Windows version.
It's up to you to remove HitmanPro, Malwarebytes Anti-rootkit and Malwarebytes Portable again. I already gave you my opinion.
If no more questions/issues/concerns...

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.

  • 0



    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Since the computer is now clean, I'm closing this topic, marking it as Solved.


Glad we could help.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP