Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very Sophisticated Spyware On Windows PC

Started by MHJJ , Yesterday, 12:43 PM

  • Please log in to reply

#1
MHJJ
Posted Yesterday, 12:43 PM

MHJJ

    New Member

  • Member
  • Pip
  • 2 posts

Hi All,

 

 

I have recently fallen out with an extended family member who is a very skilled programmer. This individual decided to come to my house when I wasnt at home and infect my PC with an unorthadox spyware that takes full control over my Windows PC. I really want to try and solve this as this individual is stopping me from using my PC. I have spent a  lot of money on my PC and I really dont want to have to buy another with money I dont have. So, here I am trying to solve it.

 

How I know my PC is infected;

 

1) Direct blackmail by Individual.

2) My mouse moves around when I do not touch it, literal intervention and especially when I try to turn the wifi off with mouse someone is moving the mouse stopping me turning the wifi off.

3) Stops me from buying tings I need on websites.

4) I ran malwarebytes anti-rootkits and found 6 malware detections, and after I had cleared those and restarted PC, I scan again on malwarebytes anti-rootkit and it says the following;

 

 

 

 Infected File C: /Windows/System32/atl.dll could not be remediated because backup file is not available.

 

Infected File C: //Windows/sysWOW64/msinfo32.exe could not be remediated because backup file is not available.

 

Infected File C: /Program Files (86x)/Common Files/ Microsoft Shared/ MSInfo/ /msinfo32.exe could not be remediated because backup file is not available.

 

 

 

 

What I have tried;

 

1) The first thing I did was Completely wipe all data in BIOS and re-install windows on a memory stick. (didnt work, still complete back end access)

 

2) Wipe all data in BIOS again and install Qubes OS. (didnt work, still complete back end access)

 

3) Wipe all data in BIOS again, re-install windows and run malwarebytes anti-rootkit, TDSSKILLER and a few other anti-rootkits, and thats when I found the above detections on malwarebytes anti-rootkit as it was the first one I ran.

 

 

 

 

I understand that some rootkits are not possible to recover from, but It would not only be interesting but I would greatly appreciate it if I could get some help with this before I throw a perfectly working, expensive PC away.

 

 

 

 

 

 

 

 

 

 

 

 

Farbar Service Scanner Version: 30-04-2023
Ran by jama2 (administrator) on 30-04-2024 at 19:16:39
Running from "C:\Users\jama2\Downloads"
Microsoft Windows 11 Home (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Windows\System32\dosvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
 
 
 
 
 
 
 
 
 
 
 

 

 

Kind regards, MHJ


  • 0

Advertisements

#2
DR M
Posted Today, 04:57 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,146 posts

Hi, MHJJ.
 
Welcome to GTG Forums.
 
I have the impression that the stand-alone Malwarebytes anti-rootkit has been discontinued.
 
The log you posted is from FSS tool. We don't need that. Instead...

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#3
MHJJ
Posted 34 minutes ago

MHJJ

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by jama2 (01-05-2024 13:10:34)
Running from C:\Users\jama2\Downloads
Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) (2023-09-25 13:35:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1026589745-2252998717-1832492364-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1026589745-2252998717-1832492364-503 - Limited - Disabled)
Guest (S-1-5-21-1026589745-2252998717-1832492364-501 - Limited - Disabled)
jama2 (S-1-5-21-1026589745-2252998717-1832492364-1001 - Administrator - Enabled) => C:\Users\jama2
WDAGUtilityAccount (S-1-5-21-1026589745-2252998717-1832492364-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Sophos Home (Enabled - Up to date) {008D2539-910E-337A-85E5-586D97ABA594}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1697.6 - AVAST Software) Hidden
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1693.6 - AVG Technologies) Hidden
Discord (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\Discord) (Version: 1.0.9039 - Discord Inc.)
DroidKit (HKLM-x32\...\DroidKit) (Version: 1.0.1.1 - iMobie Inc.)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.4.3 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.63 - Google LLC)
Gpg4win (4.2.0) (HKLM-x32\...\Gpg4win) (Version: 4.2.0 - The Gpg4win Project)
Harver System Checker 2.0.8 (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\57ba83c7-44cc-50c5-93e2-68092ebb1ce7) (Version: 2.0.8 - Harver)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.34.330 - SurfRight B.V.)
MetaTrader (HKLM\...\MetaTrader) (Version: 5.00 - MetaQuotes Ltd.)
Microsoft .NET Host - 7.0.18 (x64) (HKLM\...\{8B68385D-2790-41EE-8D7C-3B82B4DF2E78}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.18 (x86) (HKLM-x32\...\{389F17A6-E821-4C30-AD19-6C6F9A295808}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.18 (x64) (HKLM\...\{97B1AA87-A6DA-474C-B607-7627F2D7B98A}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.18 (x86) (HKLM-x32\...\{3E6B2806-21EF-4D42-85B6-96E043850F51}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.18 (x64) (HKLM\...\{2BC88C2F-92B5-4BB0-B40E-EC88F0EEA057}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.18 (x86) (HKLM-x32\...\{5CE21DDB-895C-43B1-BAC6-61E65884FFB2}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.18 - Shared Framework (x64) (HKLM-x32\...\{18b6ac9e-c37f-4b56-825e-e8ccb5430cbb}) (Version: 7.0.18.24169 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.18 - Shared Framework (x86) (HKLM-x32\...\{7f65fae2-11ca-4610-8e43-a7897d8c6bf6}) (Version: 7.0.18.24169 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.18 Shared Framework (x64) (HKLM\...\{D9DA4FA8-A5C9-39A5-A6BE-7FD7CBEB4FB6}) (Version: 7.0.18.24169 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.18 Shared Framework (x86) (HKLM-x32\...\{80344068-0B48-3E92-B17B-4FB97857397D}) (Version: 7.0.18.24169 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\OneDriveSetup.exe) (Version: 24.070.0407.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{ACF2602E-BD31-4BE5-AC03-9C8FDB638ADA}) (Version: 4.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 (HKLM-x32\...\{1de5e707-82da-4db6-b810-5d140cc4cbb3}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33130 (HKLM\...\{C31777DB-51C1-4B19-9F80-38EF5C1D7C89}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33130 (HKLM\...\{1CA7421F-A225-4A9C-B320-A36981A2B789}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.18 (x64) (HKLM\...\{F91C5C9A-FDEF-44D0-88D8-40113345FAA7}) (Version: 56.72.12035 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.18 (x64) (HKLM-x32\...\{9926fb6d-a007-472d-b0dc-38d7e8c475e0}) (Version: 7.0.18.33520 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.18 (x86) (HKLM-x32\...\{76BE2305-940F-4B0D-9B46-6F4EEEF8B17D}) (Version: 56.72.12035 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.18 (x86) (HKLM-x32\...\{909f452d-77d0-4433-91a8-e6d5c5e40ede}) (Version: 7.0.18.33520 - Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 124.0.1 (x64 en-GB)) (Version: 124.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 120.0.1 - Mozilla)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
Oracle VM VirtualBox 7.0.12 (HKLM\...\{63D7619C-79C2-42B6-A463-060F52EAF7C0}) (Version: 7.0.12 - Oracle and/or its affiliates)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 11.15.0717.2023 - Realtek)
Sophos AMSI Protection (HKLM\...\{0EA5323F-DE1B-480C-911E-7827E5EA20E9}) (Version: 1.9.2935 - Sophos Limited) Hidden
Sophos AutoUpdate (HKLM\...\{0877470A-EA34-42E2-920A-495E92386A0C}) (Version: 6.16.878 - Sophos Limited) Hidden
Sophos Diagnostic Utility (HKLM\...\{8078549C-CFF0-48C5-9B77-6BA48A14673D}) (Version: 6.16.846 - Sophos Limited) Hidden
Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 3.2.0.1560 - Sophos Limited) Hidden
Sophos Exploit Prevention (HKLM\...\{866151B2-E14E-40E0-B6D9-64B1D428F5CB}) (Version: 3.9.0.1391 - Sophos Limited) Hidden
Sophos File Scanner (HKLM\...\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}) (Version: 1.11.3.1567 - Sophos Limited) Hidden
Sophos Health (HKLM-x32\...\{5E8436D5-3688-4007-94C7-55D017275F89}) (Version: 2.13.568 - Sophos Limited) Hidden
Sophos Home (HKLM\...\Sophos Endpoint Agent) (Version: 2023.2.2.2 - Sophos Limited)
Sophos Home (HKLM-x32\...\{8CE5BFB6-E8E8-46BA-AAA4-FF75114B7778}) (Version: 5.4.118.0 - Sophos Limited) Hidden
Sophos Home Clean (HKLM\...\Sophos Home Clean) (Version: 3.9.109.0 - Sophos Limited) Hidden
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.20.46 - Sophos Limited) Hidden
Sophos ML Engine (HKLM\...\Sophos ML Engine) (Version: 1.8.25.436 - Sophos Limited) Hidden
Sophos Network Threat Protection (HKLM\...\{2D2A1891-4657-4E6F-9373-BFCE4C9AC5BA}) (Version: 2023.2.886 - Sophos Limited) Hidden
Sophos Standalone Engine (HKLM\...\Sophos Standalone Engine) (Version: 3.89.0.57 - Sophos Limited) Hidden
 
Chrome apps:
============
Docs (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\cfe71410a73e4741a5c74e8377b19021) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\b1e4745b2953f7d4351fb4be3dcb8fdd) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\1a3529433473e75c899d37ca65c99f7f) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\c83dd905636f0ef7e9682e7147fed614) (Version: 1.0 - Google\Chrome)
 
Packages:
=========
 
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-03-27] (HP Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-04-15] (Instagram)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa [2024-03-27] (Apple Inc.) [Startup Task]
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-04-23] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.51.324.0_x64__dt26b99r8h8gj [2024-04-12] (Realtek Semiconductor Corp)
Reddit -> C:\Program Files\WindowsApps\redditTV.Reddit_1.0.1.0_neutral__99kbdge22ed1a [2024-04-19] (Reddit Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-12] (Spotify AB) [Startup Task]
Windows File Recovery -> C:\Program Files\WindowsApps\Microsoft.WindowsFileRecovery_0.1.20151.0_x64__8wekyb3d8bbwe [2024-04-29] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1026589745-2252998717-1832492364-1001_Classes\CLSID\{56512e36-c98f-d8d5-43c6-669ea60c4c0b}\localserver32 -> "C:\Program Files\CleverFiles\Disk Drill\DD.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1026589745-2252998717-1832492364-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\jama2\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2023-07-14] (g10 Code GmbH -> g10 Code GmbH)
ContextMenuHandlers1: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2024-04-30] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers2: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2024-04-30] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2023-07-14] (g10 Code GmbH -> g10 Code GmbH)
ContextMenuHandlers4: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2024-04-30] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2024-04-30] (Sophos Ltd -> Sophos Limited)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
 
==================== Loaded Modules (Whitelisted) =============
 
2024-04-15 02:42 - 2023-09-12 10:52 - 008382976 _____ (wondershare) [File not signed] C:\ProgramData\Wondershare\wsServices\WsidClient.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\jama2\Downloads\HitmanPro_x64.exe:MBAM.Zone.Identifier [138]
AlternateDataStreams: C:\Users\jama2\Downloads\KVRT.exe:MBAM.Zone.Identifier [183]
AlternateDataStreams: C:\Users\jama2\Downloads\mbar-1.10.3.1001.exe:MBAM.Zone.Identifier [244]
AlternateDataStreams: C:\Users\jama2\Downloads\tdsskiller.exe:MBAM.Zone.Identifier [212]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13464238.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\30725930.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49333647.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54173153.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13464238.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\30725930.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49333647.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54173153.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Local Area Connection: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet 5: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{11A63FBF-FB0F-4180-B045-B3F999C600DC}C:\users\jama2\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\jama2\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [UDP Query User{A29CC168-CFAE-4408-B9BD-DD594C0736FD}C:\users\jama2\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\jama2\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{7938CD3F-DDF6-4043-A089-7D8073022274}] => (Allow) C:\Program Files\MetaTrader\metatester64.exe (MetaQuotes Ltd -> MetaQuotes Ltd.)
FirewallRules: [{0EF8F4A9-2090-4D3A-A7D8-0D1DDDB1127D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F20EA449-2794-492C-AB60-04255A336863}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CF9FE734-341C-4F8A-89DB-ADB92B1A0C5D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{8EEFF0C6-F095-4A47-A69B-904F7FD4E5F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A7FF96B3-BCD0-45C9-9E1F-E2F2A159BB59}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{5B5EA842-2294-4490-88A7-EC9D7EE591A4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{4304FD4B-16F4-4482-9957-7B519A5882B0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A0E00716-3BEC-4307-BAD2-58A678E43C7C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{558D0298-7EC2-40C7-A244-7E666B0BF7D8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{54C1424B-8F2C-46D9-A8F4-E1B556E7E345}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FDBFFF22-FFC5-46CF-925A-CD6E5947DB1F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{73CAAC93-A3CF-4398-AA76-1C9DFF20777F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D8EFA9E6-EF3E-4D28-8F9E-338C56F80568}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{16C89364-C069-4F20-927C-416375255E3D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2C64202C-F362-458A-B2B4-45426413D3C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5E6F684D-7AC9-4B5E-B1FA-C0BDCC3CA2E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8F578157-9016-463B-8ADC-3E31365E508E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CC6FA6BE-EB5D-4FE4-8829-2357B97C020C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0BAF795F-C98C-4E96-B1D4-6AA3B10E1523}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9B7E9C36-DE3C-43C0-8DE4-A4C9997C7F41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7D5069F9-CC45-4175-9126-576F448D74F4}] => (Allow) C:\program files (x86)\wondershare\dr.fone data recovery\drfonetoolkit.exe => No File
FirewallRules: [{498499E5-D811-47E9-ACB2-AE5BD49F96EC}] => (Allow) C:\Users\jama2\Downloads\ultdata-android.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.)
FirewallRules: [{58EBC472-1A69-42BA-89F6-0008D27701FA}] => (Allow) C:\Users\jama2\Downloads\ultdata-android.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.)
FirewallRules: [{564C8192-C709-4EF5-827F-A9414171BD05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F4C11414-E158-4920-91D2-62A6CF052188}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17E12536-E6BF-43DC-84C7-72CDD472CA1B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{57ED6FC9-58B0-4B6E-9CCA-62005F2B6339}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1CC4B2CE-BEC6-46B0-B8BE-F8729B9880D4}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24088.3902.2792.6069_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A635C6DC-BCBD-4ACE-8430-9C3DA066E656}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24088.3902.2792.6069_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FEC1ADC7-63B6-467E-ADCB-9CA993A6FEBB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{77D3655D-DB04-49D0-BF95-8951CF570D3C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
25-04-2024 10:02:55 Microsoft ASP.NET Core 7.0.17 - Shared Framework (x86)
25-04-2024 10:05:09 Installed Surfshark
29-04-2024 14:05:58 Disk Drill 5.4.844.0
29-04-2024 22:36:15 Malwarebytes Anti-Rootkit Restore Point
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/30/2024 10:27:05 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/30/2024 10:27:05 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/30/2024 10:27:05 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/30/2024 10:27:05 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/28/2024 08:18:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dllhost.exe version 10.0.22000.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 20a8
 
Start Time: 01da99a080f11e84
 
Termination Time: 4294967295
 
Application Path: C:\Windows\System32\dllhost.exe
 
Report Id: b243ef35-91aa-4dae-add8-aba564ab7ba4
 
Faulting package full name: Microsoft.OneDriveSync_24070.407.3.0_neutral__8wekyb3d8bbwe
 
Faulting package-relative application ID: OneDrive
 
Hang type: Quiesce
 
Error: (04/26/2024 08:06:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchHost.exe, version: 421.22500.9030.0, time stamp: 0x64414958
Faulting module name: edgehtml.dll, version: 11.0.22000.2538, time stamp: 0x437ca4ab
Exception code: 0xc0000602
Fault offset: 0x0000000000f28835
Faulting process id: 0x146c
Faulting application start time: 0x01da980ccf4e6b29
Faulting application path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
Faulting module path: C:\Windows\SYSTEM32\edgehtml.dll
Report Id: d137b67d-d4ba-432e-81ae-060e331cb0e2
Faulting package full name: MicrosoftWindows.Client.CBS_1000.22001.1000.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (04/25/2024 11:22:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurboVPN.exe, version: 2.23.0.0, time stamp: 0x652dfd43
Faulting module name: ntdll.dll, version: 10.0.22000.2538, time stamp: 0x6698a55b
Exception code: 0xc0000374
Fault offset: 0x000ea379
Faulting process id: 0x37d0
Faulting application start time: 0x01da96f4ac0ff979
Faulting application path: C:\Program Files (x86)\TurboVPN\TurboVPN.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 2808f8c1-7515-4e67-8b0c-c510ef18a0b5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/17/2024 07:59:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Teams.exe version 1.7.0.7956 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3080
 
Start Time: 01da90f8e1b36ec1
 
Termination Time: 4294967295
 
Application Path: C:\Users\jama2\AppData\Local\Microsoft\Teams\current\Teams.exe
 
Report Id: 1bbe70e7-18b6-4de1-a44a-75336a32e71d
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Top level window is idle
 
 
System errors:
=============
Error: (05/01/2024 01:05:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wondershare InstallAssist service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (05/01/2024 01:05:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WirelessBackupService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (05/01/2024 01:05:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ElevationService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (05/01/2024 01:05:14 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
 
Error: (05/01/2024 01:05:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 04:08:28 on ‎01/‎05/‎2024 was unexpected.
 
Error: (04/30/2024 11:28:05 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{2C43F08E-AB0F-416B-A921-9443ADF4B029} because another computer on the network has the same name.  The server could not start.
 
Error: (04/30/2024 11:25:13 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{2C43F08E-AB0F-416B-A921-9443ADF4B029} because another computer on the network has the same name.  The server could not start.
 
Error: (04/30/2024 10:17:58 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.
 The SSPI client process is AVGSvc (PID: 2064).
 
 
Windows Defender:
================
Date: 2024-04-29 23:26:46
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Gmer
Severity: High
Category: Tool
Path: file:_C:\Users\jama2\AppData\Local\Temp\83f5f4a3-4203-4cc7-a9b5-2c2c669b5492_gmer.zip.492\gmer.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\jama2\Downloads\bin64\a2emergencykit.exe
Security intelligence Version: AV: 1.409.590.0, AS: 1.409.590.0, NIS: 1.409.590.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
 
Date: 2024-04-29 23:19:32
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Gmer
Severity: High
Category: Tool
Path: file:_C:\Users\jama2\AppData\Local\Temp\62a1d439-d16c-46b6-a1ab-478e1c583012_gmer.zip.012\gmer.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe
Security intelligence Version: AV: 1.409.590.0, AS: 1.409.590.0, NIS: 1.409.590.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
 
Date: 2024-04-29 23:19:29
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Gmer
Severity: High
Category: Tool
Path: file:_C:\Users\jama2\AppData\Local\Temp\62a1d439-d16c-46b6-a1ab-478e1c583012_gmer.zip.012\gmer.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe
Security intelligence Version: AV: 1.409.590.0, AS: 1.409.590.0, NIS: 1.409.590.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
 
Date: 2024-04-29 23:19:23
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Gmer
Severity: High
Category: Tool
Path: file:_C:\Users\jama2\AppData\Local\Temp\62a1d439-d16c-46b6-a1ab-478e1c583012_gmer.zip.012\gmer.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.409.590.0, AS: 1.409.590.0, NIS: 1.409.590.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
 
Date: 2024-04-29 23:19:21
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Gmer
Severity: High
Category: Tool
Path: file:_C:\Users\jama2\AppData\Local\Temp\a06a5533-d730-4924-ad0e-761afbe24929_gmer.zip.929\gmer.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe
Security intelligence Version: AV: 1.409.590.0, AS: 1.409.590.0, NIS: 1.409.590.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
Event[0]
 
Date: 2024-04-29 22:54:06
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.409.590.0;1.409.590.0
Engine Version: 1.1.24030.4
 
Date: 2024-04-29 22:36:37
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.409.590.0;1.409.590.0
Engine Version: 1.1.24030.4
 
Date: 2024-04-07 16:30:00
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.409.80.0;1.409.80.0
Engine Version: 1.1.24030.4
 
Date: 2024-03-27 18:16:45
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.405.369.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24010.10
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2024-03-27 18:16:45
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.405.369.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24010.10
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===============
Date: 2024-05-01 13:08:25
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Sophos\Sophos AMSI Protection\SophosAmsiProvider.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 2.00 06/04/2020
Motherboard: Micro-Star International Co., Ltd. B550M PRO-VDH WIFI (MS-7C95)
Processor: AMD Ryzen 7 3700X 8-Core Processor 
Percentage of memory in use: 42%
Total physical RAM: 16333.31 MB
Available physical RAM: 9453.54 MB
Total Virtual: 18765.31 MB
Available Virtual: 8522.09 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.06 GB) (Free:386.08 GB) (Model: WDC  WDS500G2B0B-00YS70) NTFS
 
\\?\Volume{67f0d2b8-21d8-4141-b118-80c44dd1f316}\ () (Fixed) (Total:0.59 GB) (Free:0.08 GB) NTFS
\\?\Volume{892c5427-a038-4a61-8d1c-9abda5c24e77}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 
 
 
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by jama2 (administrator) on MOHAMED (Micro-Star International Co., Ltd. MS-7C95) (01-05-2024 13:09:47)
Running from C:\Users\jama2\Downloads\FRST64.exe
Loaded Profiles: jama2
Platform: Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe <8>
(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe <2>
(C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNetFilter.exe
(C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.424.300_x64__8wekyb3d8bbwe\olk.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe <13>
(Discord Inc. -> Discord Inc.) C:\Users\jama2\AppData\Local\Discord\app-1.0.9143\Discord.exe <6>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1803724721d1a34c\RtkAudUService64.exe <2>
(services.exe ->) (Sophos BV -> Sophos B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(services.exe ->) (Sophos Limited -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SEDService.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Health\SophosHealth.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe
(services.exe ->) (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe
(services.exe ->) (Sophos Ltd -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> wondershare) C:\ProgramData\Wondershare\wsServices\WsidService.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.424.300_x64__8wekyb3d8bbwe\olk.exe
(sihost.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6>
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21888.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21888.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1803724721d1a34c\RtkAudUService64.exe [1945544 2024-02-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Sophos Home UI] => C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe [6851392 2024-04-30] (Sophos Ltd -> Sophos Limited)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\Run: [MicrosoftEdgeAutoLaunch_00B7C720392020D54AEEC5E271F90525] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4082112 2024-04-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\Run: [Discord] => C:\Users\jama2\AppData\Local\Discord\Update.exe [1525024 2024-04-09] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1026589745-2252998717-1832492364-1001\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe  (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\124.0.6367.63\Installer\chrmstp.exe [2024-04-26] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {035DA146-B94B-45A1-A892-29E998EE1367} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6441.0{D80113BB-830D-44E6-B8A4-06F8F2D489C8} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
Task: {CF4D5968-C381-4EA5-ABB1-5C36173C99F5} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-15] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {D1E007AB-7BC9-4189-81FD-234939FA1394} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1026589745-2252998717-1832492364-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-15] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {7D4ED313-64B2-4E6C-BAB9-07BA15BA1D4E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-04-15] (Mozilla Corporation -> Mozilla Foundation)
Task: {E3789A51-4EFF-4275-B646-F3AF8FBB5FB9} - System32\Tasks\OpenUrlEaseUSMobiSaverForAndroid => "C:\Program Files (x86)\EaseUS\EaseUS MobiSaver for Android\bin\openUrl.exe"  /skipuac (No File)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1026589745-2252998717-1832492364-1001] => 127.0.0.1:8892
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2c43f08e-ab0f-416b-a921-9443adf4b029}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2c43f08e-ab0f-416b-a921-9443adf4b029}: [DhcpDomain] broadband
Tcpip\..\Interfaces\{2c43f08e-ab0f-416b-a921-9443adf4b029}\14E64627F696461405: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{63d09afe-d664-4045-a8fe-3bb0e1e71b97}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{63d09afe-d664-4045-a8fe-3bb0e1e71b97}: [DhcpDomain] broadband
Tcpip\..\Interfaces\{90b39e03-26cc-41d2-9efe-b31e1784890a}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Edge: 
=======
Edge Profile: C:\Users\jama2\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-01]
Edge Extension: (Google Docs Offline) - C:\Users\jama2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
Edge Extension: (Edge relevant text changes) - C:\Users\jama2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-21]
 
FireFox:
========
FF DefaultProfile: 5juomq5b.default
FF ProfilePath: C:\Users\jama2\AppData\Roaming\Mozilla\Firefox\Profiles\5juomq5b.default [2023-12-13]
FF ProfilePath: C:\Users\jama2\AppData\Roaming\Mozilla\Firefox\Profiles\3yx6yv8x.default-release [2024-05-01]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jama2\AppData\Local\Google\Chrome\User Data\Default [2024-05-01]
CHR Extension: (Google Docs Offline) - C:\Users\jama2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
CHR Extension: (EPUBReader) - C:\Users\jama2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhclmfgfllimlhabjkgkeebkbiadflb [2024-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jama2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-25]
 
Opera: 
=======
OPR DefaultProfile: Default
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DFWSIDService; C:\ProgramData\Wondershare\wsServices\WsidService.exe [3963120 2024-03-18] (Wondershare Technology Group Co.,Ltd -> wondershare)
S2 GoogleUpdaterInternalService126.0.6441.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
S2 GoogleUpdaterService126.0.6441.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [154928 2024-04-29] (Sophos BV -> Sophos B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5270952 2024-04-30] (Sophos Ltd -> SurfRight B.V.)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe [13339672 2024-04-30] (Sophos Ltd -> Sophos Limited)
R2 Sophos Endpoint Defense Service; C:\Program Files\Sophos\Endpoint Defense\SEDService.exe [3832952 2024-04-30] (Sophos Limited -> Sophos Limited)
R2 Sophos File Scanner Service; C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe [1312464 2024-04-30] (Sophos Ltd -> Sophos Limited)
R2 Sophos Health Service; C:\Program Files (x86)\Sophos\Health\SophosHealth.exe [2665640 2024-04-30] (Sophos Ltd -> Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [2725536 2024-04-30] (Sophos Ltd -> Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [2702824 2024-04-30] (Sophos Ltd -> Sophos Limited)
R2 Sophos System Protection Service; C:\Program Files\Sophos\Endpoint Defense\SSPService.exe [13425488 2024-04-30] (Sophos Ltd -> Sophos Limited)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [802752 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ElevationService; C:\ProgramData\Wondershare\wsServices\ElevationService.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S2 WirelessBackupService; C:\Program Files (x86)\Wondershare\Dr.Fone Data Recovery\Addins\Recovery\WirelessBackupService.exe [X]
S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 2442D4E7; C:\Windows\system32\drivers\2442D4E7.sys [255928 2024-04-30] (Malwarebytes Corporation -> Malwarebytes)
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [507904 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [180224 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
R1 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [732688 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> SurfRight B.V.)
S3 ovpn-dco; C:\Windows\System32\drivers\ovpn-dco.sys [91560 2023-08-14] (WDKTestCert lev,132435948852968539 -> OpenVPN, Inc)
R3 rt68cx21; C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_81b332badcdcaabe\rt68cx21x64.sys [752600 2023-09-18] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.sys [409000 2021-06-01] (Realtek Semiconductor Corp. -> Realtek)
R1 sntp; C:\Windows\system32\DRIVERS\sntp.sys [775328 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Sophos Limited)
S0 Sophos ELAM; C:\Windows\System32\DRIVERS\SophosEL.sys [30712 2024-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Sophos Limited)
R0 Sophos Endpoint Defense; C:\Windows\System32\DRIVERS\SophosED.sys [2559024 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Sophos Limited)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2023-07-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 UsbNcm; C:\Windows\System32\drivers\UsbNcm.sys [139264 2021-06-05] (Microsoft Windows -> )
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [251776 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [262648 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1060600 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [20936 2024-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [601376 2024-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-09] (Microsoft Windows -> Microsoft Corporation)
S1 epp; \??\C:\Users\jama2\Downloads\bin64\epp.sys [X]
S3 SurfsharkBypasser; \SystemRoot\System32\drivers\SurfsharkBypasser.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-05-01 13:09 - 2024-05-01 13:10 - 000017784 _____ C:\Users\jama2\Downloads\FRST.txt
2024-05-01 13:09 - 2024-05-01 13:09 - 000000000 ____D C:\FRST
2024-05-01 13:07 - 2024-05-01 13:07 - 002394112 _____ (Farbar) C:\Users\jama2\Downloads\FRST64.exe
2024-04-30 23:17 - 2024-04-30 23:17 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\717662E5.sys
2024-04-30 23:12 - 2024-04-30 23:12 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\62634545.sys
2024-04-30 22:25 - 2024-04-30 22:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\761701B4.sys
2024-04-30 22:20 - 2024-04-30 22:20 - 016995528 _____ (NortonLifeLock Inc.) C:\Users\jama2\Downloads\NPE.exe
2024-04-30 22:20 - 2024-04-30 22:20 - 000000000 ____D C:\Users\jama2\AppData\Local\NPE
2024-04-30 22:20 - 2024-04-30 22:20 - 000000000 ____D C:\ProgramData\Norton
2024-04-30 22:17 - 2024-04-30 22:27 - 000000000 ____D C:\Users\jama2\AppData\Local\AVG
2024-04-30 22:16 - 2024-05-01 13:05 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2024-04-30 22:16 - 2024-04-30 22:17 - 000000000 ____D C:\Windows\CryptoGuard
2024-04-30 22:16 - 2024-04-30 22:16 - 000000000 ____D C:\Windows\SysWOW64\SophosED
2024-04-30 22:16 - 2024-04-30 22:16 - 000000000 ____D C:\Windows\system32\SophosED
2024-04-30 22:16 - 2024-04-30 22:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2024-04-30 22:16 - 2024-04-30 22:16 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2024-04-30 22:16 - 2024-04-30 22:15 - 001040872 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
2024-04-30 22:16 - 2024-04-30 22:15 - 000990216 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll
2024-04-30 22:16 - 2024-04-30 22:15 - 000314816 _____ (Gen Digital Inc.) C:\Windows\system32\avgBoot.exe
2024-04-30 22:16 - 2024-04-30 22:15 - 000060192 _____ (Sophos Limited) C:\Windows\system32\SophosNA.exe
2024-04-30 22:15 - 2024-05-01 13:05 - 000000000 ____D C:\Program Files\AVG
2024-04-30 22:15 - 2024-04-30 22:27 - 000000000 ____D C:\ProgramData\AVG
2024-04-30 22:15 - 2024-04-30 22:20 - 000000000 ____D C:\ProgramData\Sophos
2024-04-30 22:15 - 2024-04-30 22:16 - 000000000 ____D C:\Program Files\Sophos
2024-04-30 22:15 - 2024-04-30 22:15 - 000234888 _____ (AVG Technologies CZ, s.r.o.) C:\Users\jama2\Downloads\avg_antivirus_free_setup.exe
2024-04-30 22:15 - 2024-04-30 22:15 - 000000000 ____D C:\Program Files\Common Files\Sophos
2024-04-30 22:14 - 2024-04-30 22:17 - 000000000 ____D C:\Program Files (x86)\Sophos
2024-04-30 22:14 - 2024-04-30 22:14 - 003770440 _____ (Sophos Limited) C:\Users\jama2\Downloads\SophosInstall.exe
2024-04-30 22:13 - 2024-04-30 22:13 - 000303364 _____ C:\TDSSKiller.3.1.0.28_30.04.2024_22.13.16_log.txt
2024-04-30 21:07 - 2024-04-30 21:07 - 005964808 _____ (Opera Software) C:\Users\jama2\Downloads\OperaGXSetup (4).exe
2024-04-30 19:11 - 2024-04-30 19:11 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3264512A.sys
2024-04-30 18:51 - 2024-04-30 18:51 - 000000000 ___HD C:\OneDriveTemp
2024-04-30 14:07 - 2024-04-30 14:07 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7342815D.sys
2024-04-30 13:42 - 2024-04-30 13:42 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\38314686.sys
2024-04-30 13:41 - 2024-04-30 13:42 - 000303214 _____ C:\TDSSKiller.3.1.0.28_30.04.2024_13.41.21_log.txt
2024-04-30 13:40 - 2024-04-30 13:40 - 000002446 _____ C:\TDSSKiller.3.1.0.28_30.04.2024_13.40.35_log.txt
2024-04-30 13:38 - 2024-04-30 13:39 - 000302832 _____ C:\TDSSKiller.3.1.0.28_30.04.2024_13.38.29_log.txt
2024-04-30 13:37 - 2024-04-30 13:37 - 000002446 _____ C:\TDSSKiller.3.1.0.28_30.04.2024_13.37.37_log.txt
2024-04-30 13:36 - 2024-04-30 13:36 - 000061901 _____ C:\Users\jama2\Downloads\UCD35_Mahamed_Jama (1).pdf
2024-04-30 11:10 - 2024-04-30 11:10 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6231B3BA.sys
2024-04-30 00:02 - 2024-04-30 23:17 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2024-04-30 00:02 - 2024-04-30 00:02 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2442D4E7.sys
2024-04-29 23:55 - 2024-04-29 23:55 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Xiaomi
2024-04-29 23:52 - 2024-04-29 23:52 - 098374170 _____ C:\Users\jama2\Downloads\MiFlash20220507.zip
2024-04-29 23:28 - 2024-04-29 23:28 - 000000064 _____ C:\Users\jama2\Downloads\a2whitelist.ini
2024-04-29 23:27 - 2024-04-29 23:27 - 000000000 ____D C:\Users\jama2\Downloads\Reports
2024-04-29 23:26 - 2024-04-29 23:28 - 000006900 _____ C:\Users\jama2\Downloads\a2settings.ini
2024-04-29 23:26 - 2024-04-29 23:26 - 000000000 ____D C:\Users\jama2\Downloads\Quarantine
2024-04-29 23:26 - 2024-04-29 23:26 - 000000000 ____D C:\ProgramData\Emsisoft
2024-04-29 23:25 - 2024-04-29 23:28 - 000000000 ____D C:\Users\jama2\Downloads\bin64
2024-04-29 23:25 - 2023-06-06 15:01 - 001633424 _____ (Emsisoft Ltd) C:\Users\jama2\Downloads\Start Scanner.exe
2024-04-29 23:25 - 2022-08-02 16:41 - 000003618 _____ C:\Users\jama2\Downloads\readme.txt
2024-04-29 23:25 - 2022-07-26 05:01 - 000000000 ____D C:\Users\jama2\Downloads\bin32
2024-04-29 23:22 - 2024-04-29 23:25 - 372693232 _____ C:\Users\jama2\Downloads\EmsisoftEmergencyKit.exe
2024-04-29 23:15 - 2024-04-29 23:15 - 000371282 _____ C:\Users\jama2\Downloads\gmer.zip
2024-04-29 23:09 - 2024-04-29 23:09 - 000000000 ____D C:\KVRT2020_Data
2024-04-29 23:07 - 2024-04-30 19:17 - 000002526 _____ C:\Users\jama2\Downloads\FSS.txt
2024-04-29 23:00 - 2024-04-29 23:00 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\13637557.sys
2024-04-29 22:57 - 2024-04-29 22:59 - 000304710 _____ C:\TDSSKiller.3.1.0.28_29.04.2024_22.57.17_log.txt
2024-04-29 22:55 - 2024-04-29 22:55 - 000000000 ____D C:\TDSSKiller_Quarantine
2024-04-29 22:54 - 2024-04-29 22:56 - 000306936 _____ C:\TDSSKiller.3.1.0.28_29.04.2024_22.54.47_log.txt
2024-04-29 22:53 - 2024-04-29 22:53 - 000002446 _____ C:\TDSSKiller.3.1.0.28_29.04.2024_22.53.49_log.txt
2024-04-29 22:51 - 2024-04-30 22:24 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2024-04-29 22:51 - 2024-04-29 22:53 - 005054744 _____ (AO Kaspersky Lab) C:\Users\jama2\Downloads\tdsskiller.exe
2024-04-29 22:51 - 2024-04-29 22:53 - 000000000 ____D C:\ProgramData\HitmanPro
2024-04-29 22:51 - 2024-04-29 22:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2024-04-29 22:51 - 2024-04-29 22:51 - 000000000 ____D C:\Program Files\HitmanPro
2024-04-29 22:50 - 2024-04-29 22:51 - 014287912 _____ (Sophos B.V.) C:\Users\jama2\Downloads\HitmanPro_x64.exe
2024-04-29 22:48 - 2024-04-29 23:09 - 111638384 _____ (AO Kaspersky Lab) C:\Users\jama2\Downloads\KVRT.exe
2024-04-29 22:40 - 2024-04-29 22:40 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\116484D8.sys
2024-04-29 22:27 - 2024-04-29 22:27 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2456612F.sys
2024-04-29 22:26 - 2024-04-30 23:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2024-04-29 22:26 - 2024-04-30 23:16 - 000000000 ____D C:\Users\jama2\Desktop\mbar
2024-04-29 22:25 - 2024-04-29 22:26 - 014178840 _____ (Malwarebytes Corp.) C:\Users\jama2\Downloads\mbar-1.10.3.1001.exe
2024-04-29 22:20 - 2024-04-29 23:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-04-29 22:20 - 2024-04-29 22:20 - 002589624 _____ (Malwarebytes) C:\Users\jama2\Downloads\MBSetup.exe
2024-04-29 14:25 - 2024-04-29 14:25 - 000000000 ____D C:\Users\jama2\AppData\Local\ToastNotificationManagerCompat
2024-04-29 14:06 - 2024-04-29 14:59 - 000000000 ____D C:\Users\jama2\AppData\Local\DiskDrill
2024-04-29 14:06 - 2024-04-29 14:06 - 000000018 _____ C:\Users\jama2\AppData\Roaming\.cache9050425797200915815.dat
2024-04-29 14:06 - 2024-04-29 14:06 - 000000000 ___HD C:\.cleverfiles
2024-04-29 14:06 - 2024-04-29 14:06 - 000000000 ____D C:\Users\jama2\AppData\Local\CrashRpt
2024-04-29 14:06 - 2024-04-29 14:06 - 000000000 ____D C:\ProgramData\CleverFiles
2024-04-29 14:05 - 2024-04-29 14:05 - 023185752 _____ (CleverFiles) C:\Users\jama2\Downloads\disk-drill-win.exe
2024-04-28 20:22 - 2024-04-28 20:22 - 005964808 _____ (Opera Software) C:\Users\jama2\Downloads\OperaGXSetup (3).exe
2024-04-28 20:22 - 2024-04-28 20:22 - 005964808 _____ (Opera Software) C:\Users\jama2\Downloads\OperaGXSetup (2).exe
2024-04-27 23:28 - 2024-04-27 23:28 - 000001674 _____ C:\Users\jama2\Downloads\mo.pem
2024-04-27 20:51 - 2024-04-27 20:51 - 005964880 _____ (Opera Software) C:\Users\jama2\Downloads\OperaGXSetup (1).exe
2024-04-27 20:06 - 2024-04-27 20:06 - 005387944 _____ (Opera Software) C:\Users\jama2\Downloads\OperaSetup (1).exe
2024-04-25 13:25 - 2024-04-25 13:25 - 000000000 ____D C:\Users\jama2\AppData\Local\PackageManagement
2024-04-25 13:25 - 2024-04-25 13:25 - 000000000 ____D C:\Program Files\PackageManagement
2024-04-25 12:10 - 2024-04-25 12:10 - 008329944 _____ C:\Users\jama2\Downloads\psiphon3.exe
2024-04-25 12:10 - 2024-04-25 12:10 - 000000000 ____D C:\Users\jama2\AppData\Local\Psiphon3
2024-04-25 12:03 - 2024-04-25 12:03 - 000000000 ____D C:\Users\jama2\AppData\Local\Opera Software
2024-04-25 12:02 - 2024-04-25 12:02 - 005388600 _____ (Opera Software) C:\Users\jama2\Downloads\OperaSetup.exe
2024-04-25 12:02 - 2024-04-25 12:02 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Opera Software
2024-04-25 10:03 - 2024-04-25 10:05 - 000000000 ____D C:\Program Files\dotnet
2024-04-25 10:03 - 2024-04-25 10:04 - 000000000 ____D C:\Program Files (x86)\dotnet
2024-04-25 10:03 - 2024-04-25 10:03 - 000000000 ____D C:\Users\jama2\AppData\Local\IsolatedStorage
2024-04-25 10:03 - 2024-04-25 10:03 - 000000000 ____D C:\Users\jama2\AppData\Local\AdvinstAnalytics
2024-04-25 10:03 - 2024-04-25 10:03 - 000000000 ____D C:\ProgramData\Caphyon
2024-04-22 17:38 - 2024-04-22 17:38 - 004120008 _____ C:\Users\jama2\Downloads\Secondary adrenal insufficiency.pdf
2024-04-22 17:38 - 2024-04-22 17:38 - 000000000 ____D C:\Users\jama2\AppData\LocalLow\Temp
2024-04-17 21:17 - 2024-04-17 21:17 - 003582472 _____ (Opera Software) C:\Users\jama2\Downloads\OperaGXSetup.exe
2024-04-17 07:19 - 2024-05-01 13:07 - 000000000 ____D C:\Users\jama2\AppData\Roaming\discord
2024-04-17 07:19 - 2024-05-01 13:05 - 000000000 ____D C:\Users\jama2\AppData\Local\Discord
2024-04-17 07:19 - 2024-04-26 20:06 - 000002247 _____ C:\Users\jama2\Desktop\Discord.lnk
2024-04-17 07:19 - 2024-04-17 07:19 - 000000000 ____D C:\Users\jama2\AppData\Roaming\NVIDIA
2024-04-17 07:19 - 2024-04-17 07:19 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-04-17 07:18 - 2024-04-17 07:19 - 112800488 _____ (Discord Inc.) C:\Users\jama2\Downloads\DiscordSetup.exe
2024-04-15 09:46 - 2024-04-15 09:46 - 000000000 ____D C:\Users\jama2\AppData\Local\Aiseesoft Studio
2024-04-15 09:45 - 2024-04-15 09:45 - 041954296 _____ (Aiseesoft Studio ) C:\Users\jama2\Downloads\android-data-recovery.exe
2024-04-15 09:41 - 2024-04-15 09:41 - 000000000 ____D C:\Users\jama2\Downloads\dmde-4-0-6-806-win64-gui
2024-04-15 09:40 - 2024-04-15 09:40 - 001936420 _____ C:\Users\jama2\Downloads\dmde-4-0-6-806-win64-gui.zip
2024-04-15 09:29 - 2024-04-15 09:30 - 020447360 _____ (iMobie Inc.) C:\Users\jama2\Downloads\droidkit-en-setup (1).exe
2024-04-15 09:28 - 2024-04-15 09:28 - 000000000 ____D C:\Tenorshare
2024-04-15 09:27 - 2024-04-15 09:27 - 000000000 ___HD C:\UltData_Android
2024-04-15 09:18 - 2024-04-26 20:06 - 000000000 ____D C:\Users\jama2\AppData\Local\CrashDumps
2024-04-15 09:18 - 2024-04-15 09:18 - 000000000 ____D C:\Users\jama2\AppData\Roaming\TSMonitor
2024-04-15 09:18 - 2024-04-15 09:18 - 000000000 ____D C:\Program Files\DIFX
2024-04-15 09:17 - 2024-04-15 09:17 - 002293520 _____ (Tenorshare Co., Ltd.) C:\Users\jama2\Downloads\ultdata-android.exe
2024-04-15 09:17 - 2024-04-15 09:17 - 000000000 ____D C:\Program Files (x86)\Tenorshare
2024-04-15 09:10 - 2024-04-15 09:54 - 000000000 ____D C:\Program Files (x86)\iCare Data Recovery Free
2024-04-15 09:10 - 2024-04-15 09:10 - 004400366 _____ C:\Users\jama2\Downloads\icarefree.zip
2024-04-15 09:01 - 2024-04-15 09:25 - 000000000 ____D C:\Program Files (x86)\EaseUS
2024-04-15 09:01 - 2024-04-15 09:01 - 181483424 _____ (EaseUS ) C:\Users\jama2\Downloads\saverforandroid_free_easeus.exe
2024-04-15 09:01 - 2024-04-15 09:01 - 000003470 _____ C:\Windows\system32\Tasks\OpenUrlEaseUSMobiSaverForAndroid
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\Users\jama2\AppData\Roaming\SystemAcCrux
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\Users\jama2\AppData\Roaming\EaseUS
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\Users\jama2\AppData\Local\NVIDIA
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\Users\jama2\AppData\Local\MobiSaverForAndroid
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\Users\jama2\AppData\Local\EaseUS
2024-04-15 09:01 - 2024-04-15 09:01 - 000000000 ____D C:\ProgramData\MobiSaver for Android
2024-04-15 09:00 - 2024-04-15 09:00 - 001692544 _____ C:\Users\jama2\Downloads\saverforandroid_free_Installer_20240415.682.exe
2024-04-15 09:00 - 2024-04-15 09:00 - 001692544 _____ C:\Users\jama2\Downloads\saverforandroid_free_Installer_20240415.17131680357627b682.exe
2024-04-15 07:27 - 2024-04-15 07:27 - 000000000 ____D C:\Users\jama2\Tracing
2024-04-15 05:08 - 2024-05-01 13:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-04-15 02:58 - 2024-04-15 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2024-04-15 02:58 - 2024-04-15 02:58 - 000000000 ____D C:\Users\jama2\AppData\Roaming\iMobie
2024-04-15 02:58 - 2024-04-15 02:58 - 000000000 ____D C:\Users\jama2\AppData\Local\iMobie_Inc
2024-04-15 02:57 - 2024-04-15 09:53 - 000000000 ____D C:\Program Files (x86)\iMobie
2024-04-15 02:57 - 2024-04-15 09:30 - 000000352 _____ C:\Users\jama2\Downloads\dk_log.txt
2024-04-15 02:57 - 2024-04-15 02:57 - 020447360 _____ (iMobie Inc.) C:\Users\jama2\Downloads\droidkit-en-setup.exe
2024-04-15 02:43 - 2024-04-15 03:13 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Wondershare
2024-04-15 02:43 - 2024-04-15 02:44 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Apple Computer
2024-04-15 02:43 - 2024-04-15 02:43 - 000000000 ____D C:\Users\jama2\AppData\Local\WonderShare
2024-04-15 02:43 - 2024-04-15 02:43 - 000000000 ____D C:\Users\jama2\AppData\Local\Apple Computer
2024-04-15 02:43 - 2024-04-15 02:43 - 000000000 ____D C:\Users\jama2\.android
2024-04-15 02:43 - 2024-04-15 02:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2024-04-15 02:42 - 2024-04-15 03:13 - 000000000 ____D C:\ProgramData\Wondershare
2024-04-15 02:41 - 2024-04-15 02:41 - 002506232 _____ C:\Users\jama2\Downloads\drfone_recover_setup_full3848.exe
2024-04-14 01:32 - 2024-04-17 19:55 - 000000000 ____D C:\Users\jama2\AppData\Local\Avast Software
2024-04-14 01:31 - 2024-04-14 01:31 - 000000000 ____D C:\Windows\system32\o2
2024-04-14 01:31 - 2024-04-14 01:31 - 000000000 ____D C:\Users\jama2\AppData\Local\CEF
2024-04-14 01:30 - 2024-04-30 22:15 - 000888600 _____ (Google LLC) C:\Users\Public\Documents\gcapi.dll
2024-04-14 01:30 - 2024-04-17 19:55 - 000000000 ____D C:\ProgramData\Avast Software
2024-04-14 01:30 - 2024-04-17 19:55 - 000000000 ____D C:\Program Files\Avast Software
2024-04-14 01:30 - 2024-04-14 01:30 - 000272224 _____ (AVAST Software) C:\Users\jama2\Downloads\avast_one_free_antivirus.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-05-01 13:07 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SystemTemp
2024-05-01 13:05 - 2023-09-25 14:52 - 000000000 ___RD C:\Users\jama2\OneDrive
2024-05-01 13:05 - 2023-09-25 14:49 - 000000000 ____D C:\Users\jama2
2024-05-01 13:05 - 2023-09-25 14:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-05-01 13:05 - 2023-09-25 14:34 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-05-01 13:05 - 2023-09-25 14:33 - 000012288 ___SH C:\DumpStack.log.tmp
2024-05-01 13:05 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\AppReadiness
2024-05-01 13:05 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-30 22:28 - 2024-01-10 22:15 - 000000000 ____D C:\ProgramData\Package Cache
2024-04-30 22:19 - 2023-09-25 14:50 - 000000000 ____D C:\Users\jama2\AppData\Local\D3DSCache
2024-04-30 22:16 - 2021-06-05 13:10 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-04-30 14:54 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-30 13:48 - 2023-09-25 14:39 - 000004460 _____ C:\Windows\system32\PerfStringBackup.INI
2024-04-30 13:40 - 2021-06-05 13:01 - 000524288 _____ C:\Windows\system32\config\BBI
2024-04-30 10:02 - 2023-09-25 14:50 - 000000000 ____D C:\Users\jama2\AppData\Local\Packages
2024-04-30 10:02 - 2023-09-25 14:50 - 000000000 ____D C:\ProgramData\Packages
2024-04-29 23:18 - 2021-06-05 13:09 - 000000000 ____D C:\Windows\INF
2024-04-29 15:22 - 2023-12-13 23:14 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-04-29 14:01 - 2023-09-25 14:52 - 000000000 ____D C:\Users\jama2\AppData\Local\PlaceholderTileLogoFolder
2024-04-28 20:19 - 2023-09-25 14:34 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-28 20:19 - 2023-09-25 14:34 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-04-27 23:28 - 2023-10-04 16:10 - 000000000 ____D C:\Users\jama2\AppData\Local\gnupg
2024-04-27 10:45 - 2023-09-25 14:54 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1026589745-2252998717-1832492364-1001
2024-04-27 10:45 - 2023-09-25 14:52 - 000003364 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1026589745-2252998717-1832492364-1001
2024-04-27 10:45 - 2023-09-25 14:52 - 000002383 _____ C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-26 20:07 - 2023-09-25 15:00 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-04-26 20:07 - 2023-09-25 15:00 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-04-25 13:25 - 2023-10-30 12:54 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Microsoft\Teams
2024-04-25 10:16 - 2024-01-10 22:17 - 000000000 ____D C:\Users\jama2\.VirtualBox
2024-04-25 10:09 - 2024-01-10 22:17 - 000000000 ____D C:\ProgramData\VirtualBox
2024-04-17 07:19 - 2023-10-30 12:54 - 000000000 ____D C:\Users\jama2\AppData\Local\SquirrelTemp
2024-04-16 07:29 - 2023-12-13 23:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-16 07:28 - 2021-06-05 13:10 - 000000000 ___RD C:\Windows\PrintDialog
2024-04-16 07:28 - 2021-06-05 13:10 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-04-15 09:25 - 2023-09-25 16:45 - 000000000 ____D C:\Users\jama2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2024-04-15 09:01 - 2023-10-04 16:10 - 000000000 ____D C:\Users\jama2\AppData\Local\cache
2024-04-15 08:14 - 2023-12-13 23:14 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-04-15 07:27 - 2023-09-25 14:49 - 000000000 ___SD C:\Users\jama2\AppData\Roaming\Microsoft\Credentials
2024-04-15 05:08 - 2023-12-13 23:14 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-04-15 02:43 - 2023-11-24 20:03 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2024-04-15 02:43 - 2023-11-24 00:34 - 000000000 ____D C:\ProgramData\Apple
2024-04-09 21:48 - 2023-09-25 19:18 - 000000000 ____D C:\Windows\system32\MRT
2024-04-09 21:47 - 2023-09-25 19:18 - 192651728 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-04-09 21:40 - 2023-09-25 14:34 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-04-07 01:24 - 2021-06-05 13:01 - 000000000 ____D C:\Windows\CbsTemp
2024-04-04 17:19 - 2023-09-25 14:34 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-04 17:19 - 2023-09-25 14:34 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
 
==================== Files in the root of some directories ========
 
2024-04-29 14:06 - 2024-04-29 14:06 - 000000018 _____ () C:\Users\jama2\AppData\Roaming\.cache9050425797200915815.dat
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

Edited by MHJJ, 20 minutes ago.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

25 user(s) are reading this topic

3 members, 22 guests, 0 anonymous users


    zep516, DR M, xrobwx71
  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP