Tried to install MS Office 2021, failed.
Tried to install MS Office 2016, failed; first said file not found (MSOcache\All users\*\proplus.ww). On second try, said cannot access windows installer.
These installers were got from a pendrive, downloaded from torrent before.
Checked my admin user account has access to root and local machine permission in registry. Also, WinDir and System32 dir. They all have access, but nothing can be changed.
Shutdown the PC and turned it on. Gave password and sign-in, immediately a dialog box showed,
Sihost.exe – System error – The system detected an overrun of a stack based buffer in this application. This overrun could potentially allow a malicious user to gain control of the application.
and the cursor was gone. used Alt+Tab then Esc. Same box popped up several time. Then desktop was displayed with no taskbar. Another dialog box showed,
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.
and opening folder on desktop did not work. Explorer, Settings app, WindowsApps, or other apps did not start. Task manager showed explorer not responding. Same after restarting explorer.exe.
Clean boot using msconfig.msc did not work.
After that boot into safe mode with command prompt. Same Sihost.exe dialog boxes appeared. After when desktop icon showed, and a popup showed,
explorer.exe - System Warning Unknown Hard Error.
Notepad.exe does not start. Many executables showed access denied. Tried tweaking.com permission preset, got stuck and did not work. "Program Files\WindowsApps" had some access error. It always had some problems.
Run
DISM.exe /Online /Cleanup-image /Scanhealth DISM.exe /Online /Cleanup-image /Restorehealth
reported Access denied. Error 5. And,
sfc /scannow
reported
Windows Resource Protection could not start the repair service.
Then downloaded MalewareBytes offline installer, got installed but did not start said that Service unable to connect. MalewareBytes AntiRootkit found nothing with quick scan, same with MSERT. GMER had no entry with red highlight. Also, SUPERAntiSpyware and Hitman quick scan found nothing. Adwcleaner started but scan never completes.
System drive C: had 3.8 GiB before infection, but now has only 800 MiB even after cleaning temporary files.
procexp64.exe could not show result for few MS services saying file not found. Those processes could not be terminated, or their location path was not accessible.
Autoruns64.exe showed some potential malwares with yellow highlight. Autoruns64Log.zip 539.32KB 2 downloads
Farbar Recovery Scan Tool shows wrong windows. I am running Windows 11 Pro for Workstation updated two days ago before infection. Upgraded from Windows 10 Pro.
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2023 Ran by Mahdi Khan (administrator) on DESKTOPPC (0) (18-09-2023 02:53:32) Running from K:\Repair\FRST\FRST64.exe Loaded Profiles: Mahdi Khan & Administrator Platform: Windows 10 Pro for Workstations Version 22H2 22621.2283 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe (services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe (Taskmgr.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11192552 2023-08-04] (RealDefense, LLC -> SUPERAntiSpyware) HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [MicrosoftEdgeAutoLaunch_C3CB80581CF46CFA31E673610E1E3B92] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108224 2023-09-12] (Microsoft Corporation -> Microsoft Corporation) IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [2020-11-17] ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) [File not signed] Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win.lnk [2021-10-31] ShortcutTarget: IPMSG for Win.lnk -> C:\Users\Rakibul Hasan\AppData\Local\IPMsg\IPMsg.exe (FastCopy Lab, LLC. -> FastCopy Lab, LLC.) Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QTTabBar Desktop Extension StartUp.QTTabGroup [2022-10-15] () [File not signed] Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Clock Redux x64.lnk [2021-10-31] ShortcutTarget: T-Clock Redux x64.lnk -> C:\Users\Rakibul Hasan\Downloads\T-Clock\Clock64.exe (White-Tiger -> -) [File not signed] GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {37112A68-8F86-49FD-BBF4-D443B83779BE} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe [1036152 2022-05-11] (Microleaves LTD -> AdvancedWindowsManager) <==== ATTENTION Task: {21506AE2-6F98-4D76-B123-8C09329235C1} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {4899B188-C848-4F10-886D-75403E474AB8} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {67C053CF-C50B-4625-B5BE-04F5F5DB4F5A} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {3B36306C-1976-4633-A619-DFBB06E53D9B} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {01712052-391F-49C1-B043-570B91390EA7} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {CFBE79D3-24D1-4852-8891-A1E8827E396B} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {E644BC8C-D3C6-4AEE-A88A-A7BE1993656B} - System32\Tasks\AdvancedWindowsManager #7 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {0B8594B3-295B-45AB-ACD7-F39B7265A841} - System32\Tasks\AdvancedWindowsManager #8 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {C8C043DE-7766-4790-B277-B048666A4357} - System32\Tasks\AdvancedWindowsManager #9 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {49D1B49A-E3D4-438C-891B-166BEB6D4A71} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\windows\explorer.exe [5199488 2023-09-16] (Microsoft Windows -> Microsoft Corporation) Task: {9B9881BB-FEB4-4B09-BD41-36562FE9D01F} - System32\Tasks\DigitalPulseUpdateTask => C:\Users\Mahdi -> Khan\AppData\Roaming\DigitalPulse\DigitalPulseUpdate.exe Task: {DF4D676E-A548-457B-A867-2F3AC78F03BD} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\windows\system32\UCPDMgr.exe [58880 2023-09-05] (Microsoft Windows -> Microsoft Corporation) Task: {29D00DC6-FC96-452C-B653-59C12CF61EE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {27854F29-2AF5-4361-81BD-7F793C440CA3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1C47271A-A6E0-41F4-94BA-A88665B805EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {14BBDFD8-7FF8-4569-BEB7-D3C83186A7C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {66C10FFA-DA24-4ED4-B14F-61DACA405C12} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Rakibul Hasan\Downloads\Privazer.Pro.v4.0.67.Portable\App\PrivaZer\PrivaZer.exe [21678120 2023-03-03] (Goversoft LLC -> Goversoft LLC) Task: {B1E151CA-1B28-404B-A571-38FF0846856E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:980c26c5-bc16-4d1a-bdc2-708009f8cbaf Task: {3586B759-DF5C-4B7C-A0AC-FD8866CDA8BB} - System32\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:a20e0182-e01f-409c-8c90-c0cc05ec536a (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\MacType_SC.job => C:\Program Files\MacType\MacTray.exe Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\windows\Tasks\update-S-1-5-21-234447606-1724280197-2013969293-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [NameServer] 1.1.1.1,1.0.0.1 Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-18] Edge Extension: (uBlock Origin development build) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cgbcahbpdhpcegmbfconppldiemgcoii [2023-09-16] Edge Extension: (Google Docs Offline) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-30] Edge Extension: (Edge relevant text changes) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-16] Edge Extension: (Video Speed Controller) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2023-09-01] StartMenuInternet: Microsoft Edge - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) R2 Everything; C:\Program Files\Everything\Everything.exe [2261600 2021-05-12] (voidtools -> voidtools) S2 MBAMInstallerService; C:\Users\Mahdi Khan\AppData\Local\Temp\MBAMInstallerService.exe [151182120 2023-09-18] (Malwarebytes Inc. -> Malwarebytes) <==== ATTENTION S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402352 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WslService; "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_1.2.5.0_x64__8wekyb3d8bbwe\wslservice.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed] R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [42000 2023-09-18] (Microsoft Windows Hardware Compatibility Publisher -> ) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S4 UCPD; C:\windows\System32\drivers\UCPD.sys [29184 2023-09-05] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation) R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2023 Ran by Mahdi Khan (18-09-2023 01:52:28) Running from K:\Repair\FRST Windows 10 Pro for Workstations Version 22H2 22621.2283 (X64) (2023-08-03 09:23:02) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1864656965-869502255-2032475508-500 - Administrator - Enabled) => C:\Users\Administrator.DESKTOPPC DefaultAccount (S-1-5-21-1864656965-869502255-2032475508-503 - Limited - Disabled) Guest (S-1-5-21-1864656965-869502255-2032475508-501 - Limited - Disabled) Mahdi Khan (S-1-5-21-1864656965-869502255-2032475508-1007 - Administrator - Enabled) => C:\Users\Mahdi Khan WDAGUtilityAccount (S-1-5-21-1864656965-869502255-2032475508-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ClickOnce Bootstrapper Package for Microsoft .NET Framework 4.8 on Visual Studio 2017 (HKLM-x32\...\{7556B2FA-6364-47EE-901D-12B23F78F382}) (Version: 4.8.04162 - Microsoft Corporation) DigitalPulse version 0.16.16 (HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\{64F4736C-6169-4520-9368-BE1C9EAE552A}_is1) (Version: 0.16.16 - DigitalPulse, Ltd.) Microsoft .NET Framework 4.8 Developer Pack (HKLM-x32\...\{5d6d678e-102a-469e-9c8f-6161a7de2666}) (Version: 4.8.3928 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.8 SDK (HKLM-x32\...\{949C0535-171C-480F-9CF4-D25C9E60FE88}) (Version: 4.8.03928 - Microsoft Corporation) Microsoft .NET Framework 4.8 Targeting Pack (ENU) (HKLM-x32\...\{A4EA9EE5-7CFF-4C5F-B159-B9B4E5D2BDE2}) (Version: 4.8.03761 - Microsoft Corporation) Microsoft .NET Framework 4.8 Targeting Pack (HKLM-x32\...\{BAAF5851-0759-422D-A1E9-90061B597188}) (Version: 4.8.03761 - Microsoft Corporation) Microsoft .NET Host - 5.0.9 (x86) (HKLM-x32\...\{5C742CE3-6DA4-4B12-A7D0-77D38311297C}) (Version: 40.36.30309 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.0 Preview 7 (x86) (HKLM-x32\...\{A86EEA71-83BD-41E3-9EE8-942A53B69AB2}) (Version: 48.0.30323 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.9 (x86) (HKLM-x32\...\{4CF1A983-085C-4CB4-A844-FD633C0EE956}) (Version: 40.36.30309 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.0 Preview 7 (x86) (HKLM-x32\...\{6C81A114-4A85-49A5-B617-62037D7D39CA}) (Version: 48.0.30323 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.9 (x86) (HKLM-x32\...\{6C2A2599-3BC4-4C51-8F56-5BA64582E625}) (Version: 40.36.30309 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.0 Preview 7 (x86) (HKLM-x32\...\{573C3147-1910-40C7-9417-987A6268E0CD}) (Version: 48.0.30323 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.0 Preview 7 (x86) (HKLM-x32\...\{d30840d6-2521-47c1-b319-f7d52e1e36c6}) (Version: 6.0.0.30327 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.81 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.81 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\OneDriveSetup.exe) (Version: 23.174.0820.0003 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation) Microsoft Visual Basic/C++ Runtime (x86) (HKLM-x32\...\{C5E3A69D-D391-45A6-A8FB-00B01E2B010D}) (Version: 1.1.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.32919 (HKLM\...\{98B96874-2649-4CC3-B599-1F2EEC28A500}) (Version: 14.38.32919 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.32919 (HKLM\...\{D028B71C-9372-40C9-B535-5841F78448CC}) (Version: 14.38.32919 - Microsoft Corporation) Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.32919 (HKLM-x32\...\{5F0295FE-3DAA-4C04-94A6-2AFC6D739D34}) (Version: 14.38.32919 - Microsoft Corporation) Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.32919 (HKLM-x32\...\{2F7F071D-83D0-4994-8237-7B0579452FD4}) (Version: 14.38.32919 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{C931A1C6-A7BF-3737-874A-818881A37E1B}) (Version: 10.0.60915 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.9 (x86) (HKLM-x32\...\{363fd9f5-f4b0-4e50-b683-f36aa672d048}) (Version: 5.0.9.30315 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.9 (x86) (HKLM-x32\...\{B9FE9CD0-8E60-4C5C-B9B5-4D91818C2503}) (Version: 40.36.30315 - Microsoft Corporation) Hidden Oh My Posh version 18.8.0 (HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Oh My Posh_is1) (Version: 18.8.0 - Jan De Dobbeleer) OpenHashTab version v3.0.2 (HKLM-x32\...\{C0EEE3CD-665D-4E4E-B3BC-ADCD0FE73C0F}_is1) (Version: v3.0.2 - namazso) qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.5 - The qBittorrent project) SetupApp version 2.1 (HKLM-x32\...\SetupApp_is1) (Version: 2.1 - ) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1256 - SUPERAntiSpyware.com) Windows Installer (HKLM-x32\...\{798E61D4-8923-4E77-A74B-2DF264394A48}) (Version: 5.0.4 - AdvancedWindowsManager) Hidden WinRAR 6.23 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH) Packages: ========= Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-30] (Microsoft Corporation) Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corp.) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-08-30] (Microsoft Corporation) Microsoft.WindowsAppRuntime.CBS -> C:\windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-16] (Microsoft Corporation) Microsoft.WindowsTerminalPreview -> C:\Program Files\WindowsApps\Microsoft.WindowsTerminalPreview_1.18.1462.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corporation) [Startup Task] Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.831.400_x64__8wekyb3d8bbwe [2023-09-01] (Microsoft Corporation) Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.16.0_x64__cw5n1h2txyewy [2023-09-06] (Microsoft Windows) Windows Feature Experience Pack -> C:\windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-16] (Microsoft Corporation) Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.915.2255.984_neutral__8wekyb3d8bbwe [2023-09-16] (Microsoft Corporation) WinRAR -> C:\Program Files\WinRAR [2023-08-08] (win.rar GmbH) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1864656965-869502255-2032475508-1007_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2015-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) ShortcutWithArgument: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Pinned Sites\MSEdge._pin_mbfefonkpgdabgjoiopokelgkj\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.office.com/ --profile-directory=Default ShortcutWithArgument: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Pinned Sites\MSEdge._pin_mabbogacohbobbecclmpanobce\Wikipedia.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.wikipedia.org/ --profile-directory=Default ShortcutWithArgument: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Pinned Sites\MSEdge._pin_agjbdfdjmphpkcblilljboheco\Microsoft Live.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.live.com/ --profile-directory=Default ShortcutWithArgument: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Pinned Sites\MSEdge._pin_adnlfjpnmiaohpidplnoimahfh\YouTube.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.youtube.com/ --profile-directory=Default ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --load-extension="C:\Users\Rakibul Hasan\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extension\indmjpmaenjlkpeencmjraafrdqppolc\3.3.1._0" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Rakibul Hasan\AppData\Local\Google\Chrome\User Data\Default\Extension\fbbbpkrnekbnffeflefdjepljcerlobq\6.3.6._0" ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Rakibul Hasan\AppData\Local\Google\Chrome\User Data\Default\Extension\jamcfeqdjiqencealiknpliqarfmmkck\7.9.6._0" ==================== Loaded Modules (Whitelisted) ============= 2023-08-04 13:38 - 2022-06-09 07:56 - 000430592 _____ () [File not signed] C:\Program Files (x86)\OpenHashTab\AlgorithmsDll-x64-avx.DLL 2023-09-18 01:46 - 2023-09-18 01:46 - 000011264 _____ () [File not signed] C:\Users\Mahdi Khan\AppData\Local\Temp\nsjA203.tmp\System.dll 2023-09-18 01:48 - 2023-09-18 01:48 - 001195008 _____ (ESET) [File not signed] C:\Users\Mahdi Khan\AppData\Local\ESET\ESETOnlineScanner\esets_apiW_a.DLL 2023-08-04 13:38 - 2022-06-09 07:58 - 000760320 _____ (namazso) [File not signed] C:\Program Files (x86)\OpenHashTab\OpenHashTab.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2022-05-07 11:24 - 2022-05-07 11:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts 2023-08-30 01:16 - 2023-09-01 00:04 - 000000507 _____ C:\windows\system32\drivers\etc\hosts.ics 192.168.137.1 DesktopPC.mshome.net # 2028 8 2 29 18 4 27 571 192.168.137.147 narzo-50.mshome.net # 2023 9 4 7 18 4 27 571 20 120 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1864656965-869502255-2032475508-1007\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img19.jpg HKU\S-1-5-21-1864656965-869502255-2032475508-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 1.1.1.1 - 1.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C3CB80581CF46CFA31E673610E1E3B92" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FEA97B68-0C4A-4709-9913-25457CCADF76}] => (Allow) D:\Program Files\MSO\Office16\outlook.exe => No File FirewallRules: [{B17B8B51-DCB2-4BA0-A599-00ACD1C86327}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F5FDF6F6-9B8A-4D3A-A219-BEDE15C85F9D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7BDC1053-E6F4-4592-9674-E88BC689139A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{76E2CFEE-9048-4F7D-9664-723CBD978BBD}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [{E194005B-D135-4D96-9D0C-A185CAD4841E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [{2387238E-F627-41D9-AD41-4F6B1E93BC60}] => (Allow) D:\programs_x64\MSOffice\Office16\outlook.exe => No File ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:97.12 GB) (Free:1.11 GB) (1%) Could not list restore points Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (09/18/2023 01:58:25 AM) (Source: Application Error) (EventID: 1005) (User: NT AUTHORITY) Description: Advanced Windows Manager0x00x0 Error: (09/18/2023 01:58:25 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY) Description: Faulting application name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a Faulting module name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a Exception code: 0xc000001d Fault offset: 0x00000000000041d5 Faulting process id: 0x0x1774 Faulting application start time: 0x0x1d9e9a14d526f10 Faulting application path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe Faulting module path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe Report Id: b861ba42-2e71-4d12-9372-94e0c01b33c9 Faulting package full name: Faulting package-relative application ID: Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1005) (User: NT AUTHORITY) Description: Advanced Windows Manager0x00x0 Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY) Description: Faulting application name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a Faulting module name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a Exception code: 0xc000001d Fault offset: 0x00000000000041d5 Faulting process id: 0x0x974 Faulting application start time: 0x0x1d9e9a1437b2ebe Faulting application path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe Faulting module path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe Report Id: eb092bc3-79cc-4d35-8044-51470c50e74d Faulting package full name: Faulting package-relative application ID: Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1005) (User: NT AUTHORITY) Description: Advanced Windows Manager0x00x0 Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY) Description: Faulting application name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a Faulting module name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a Exception code: 0xc000001d Fault offset: 0x00000000000041d5 Faulting process id: 0x0x11f8 Faulting application start time: 0x0x1d9e9a1437a97ed Faulting application path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe Faulting module path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe Report Id: 16016926-e99e-40db-8b46-9e19f347ba02 Faulting package full name: Faulting package-relative application ID: Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1005) (User: NT AUTHORITY) Description: Advanced Windows Manager0x00x0 Error: (09/18/2023 01:58:02 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY) Description: Faulting application name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a Faulting module name: AdvancedWindowsManager.exe, version: 1.1.0.0, time stamp: 0x627ab02a Exception code: 0xc000001d Fault offset: 0x00000000000041d5 Faulting process id: 0x0x958 Faulting application start time: 0x0x1d9e9a1437a4d90 Faulting application path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe Faulting module path: C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe Report Id: bf60243e-dd6a-498d-ad38-30f97471bb61 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (09/18/2023 01:49:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SASDIFSV service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Error: (09/18/2023 01:49:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SASKUTIL service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Error: (09/18/2023 01:49:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SASKUTIL service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Error: (09/18/2023 01:49:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SASKUTIL service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Error: (09/18/2023 01:48:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (09/18/2023 01:48:39 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\MAHDIK~1\AppData\Local\Temp\ehdrv.sys Error: (09/18/2023 01:48:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (09/18/2023 01:48:39 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\MAHDIK~1\AppData\Local\Temp\ehdrv.sys Windows Defender: ================ Date: 2023-09-17 16:16:23 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdUpdater&threatid=15590&enterprise=0 Name: Adware:Win32/AdUpdater Severity: Not Yet Classified Category: Unknown Path: file:_C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe; file:_C:\Windows\temp\ce2d31339cfff41b4b6db9e32e93218c\Windows Updater.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.397.1061.0, AS: 1.397.1061.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.23080.2005, NIS: 0.0.0.0� Date: 2023-09-17 14:14:25 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdUpdater&threatid=15590&enterprise=0 Name: Adware:Win32/AdUpdater Severity: Not Yet Classified Category: Unknown Path: file:_C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe; file:_C:\Windows\temp\ce2d31339cfff41b4b6db9e32e93218c\Windows Updater.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.397.1061.0, AS: 1.397.1061.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.23080.2005, NIS: 0.0.0.0� Date: 2023-09-17 14:04:41 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdUpdater&threatid=15590&enterprise=0 Name: Adware:Win32/AdUpdater Severity: Not Yet Classified Category: Unknown Path: file:_C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe; file:_C:\Windows\temp\ce2d31339cfff41b4b6db9e32e93218c\Windows Updater.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.397.1061.0, AS: 1.397.1061.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.23080.2005, NIS: 0.0.0.0� Date: 2023-09-17 00:00:14 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdUpdater&threatid=15590&enterprise=0 Name: Adware:Win32/AdUpdater Severity: Not Yet Classified Category: Unknown Path: file:_C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe; file:_C:\Windows\temp\ce2d31339cfff41b4b6db9e32e93218c\Windows Updater.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.397.1061.0, AS: 1.397.1061.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.23080.2005, NIS: 0.0.0.0� Date: 2023-09-17 00:00:04 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdUpdater&threatid=15590&enterprise=0 Name: Adware:Win32/AdUpdater Severity: Not Yet Classified Category: Unknown Path: file:_C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.397.1061.0, AS: 1.397.1061.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.23080.2005, NIS: 0.0.0.0� Event[0] Date: 2023-09-17 14:14:10 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.� CodeIntegrity: =============== Date: 2023-09-18 01:51:41 Description: Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\43604469.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}).� Date: 2023-09-18 01:51:41 Description: The driver \Device\HarddiskVolume3\Windows\System32\drivers\43604469.sys is blocked from loading as the driver has been revoked by Microsoft.� Date: 2023-09-18 01:49:45 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SUPERAntiSpyware\sasdifsv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.� Date: 2023-09-18 01:49:42 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SUPERAntiSpyware\saskutil64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.� Date: 2023-09-18 01:46:55 Description: Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\xhoqahfuxlqmgaeub.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}).� Date: 2023-09-18 01:46:55 Description: The driver \Device\HarddiskVolume3\Windows\System32\drivers\xhoqahfuxlqmgaeub.sys is blocked from loading as the driver has been revoked by Microsoft.� Date: 2023-09-18 01:46:55 Description: Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\duuukkrllvfncyv.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}).� Date: 2023-09-18 01:46:55 Description: The driver \Device\HarddiskVolume3\Windows\System32\drivers\duuukkrllvfncyv.sys is blocked from loading as the driver has been revoked by Microsoft.� ==================== Memory info =========================== BIOS: American Megatrends Inc. 4.6.5 12/22/2017 Motherboard: INTEL Corporation H61 Processor: Intel(R) Core(TM) i5-3470S CPU @ 2.90GHz Percentage of memory in use: 71% Total physical RAM: 3993.76 MB Available physical RAM: 1136.58 MB Total Virtual: 5785.76 MB Available Virtual: 2806.16 MB ==================== Drives ================================ Drive c: (OSW11) (Fixed) (Total:97.12 GB) (Free:1.11 GB) NTFS Drive d: (OldPP) (Fixed) (Total:93.05 GB) (Free:29.39 GB) NTFS Drive e: (Etcetra) (Fixed) (Total:179.69 GB) (Free:0.65 GB) NTFS Drive f: (Dumped) (Fixed) (Total:188.42 GB) (Free:6.1 GB) NTFS Drive g: (Software) (Fixed) (Total:93.15 GB) (Free:6.28 GB) NTFS Drive h: (Audio) (Fixed) (Total:93.15 GB) (Free:1.63 GB) NTFS Drive i: (AV) (Fixed) (Total:93.15 GB) (Free:8.07 GB) NTFS Drive j: (PZ) (Fixed) (Total:93.16 GB) (Free:6.24 GB) NTFS Drive k: (PenDrive 64GB) (Removable) (Total:58.23 GB) (Free:24.81 GB) NTFS \\?\Volume{468d5d53-8a3e-4e49-8fcf-89f9911b8ba1}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C9074A32) Partition: GPT. ========================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: 434F871E) Partition: GPT. ========================================================== Disk: 2 (Size: 58.2 GB) (Disk ID: 6B878C2E) Partition 1: (Not Active) - (Size=58.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ======================= ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11192552 2023-08-04] (RealDefense, LLC -> SUPERAntiSpyware) HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [MicrosoftEdgeAutoLaunch_C3CB80581CF46CFA31E673610E1E3B92] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108224 2023-09-12] (Microsoft Corporation -> Microsoft Corporation) IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [2020-11-17] ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) [File not signed] Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win.lnk [2021-10-31] ShortcutTarget: IPMSG for Win.lnk -> C:\Users\Rakibul Hasan\AppData\Local\IPMsg\IPMsg.exe (FastCopy Lab, LLC. -> FastCopy Lab, LLC.) Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QTTabBar Desktop Extension StartUp.QTTabGroup [2022-10-15] () [File not signed] Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Clock Redux x64.lnk [2021-10-31] ShortcutTarget: T-Clock Redux x64.lnk -> C:\Users\Rakibul Hasan\Downloads\T-Clock\Clock64.exe (White-Tiger -> -) [File not signed] GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {37112A68-8F86-49FD-BBF4-D443B83779BE} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe [1036152 2022-05-11] (Microleaves LTD -> AdvancedWindowsManager) <==== ATTENTION Task: {21506AE2-6F98-4D76-B123-8C09329235C1} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {4899B188-C848-4F10-886D-75403E474AB8} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {67C053CF-C50B-4625-B5BE-04F5F5DB4F5A} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {3B36306C-1976-4633-A619-DFBB06E53D9B} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {01712052-391F-49C1-B043-570B91390EA7} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {CFBE79D3-24D1-4852-8891-A1E8827E396B} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {E644BC8C-D3C6-4AEE-A88A-A7BE1993656B} - System32\Tasks\AdvancedWindowsManager #7 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {0B8594B3-295B-45AB-ACD7-F39B7265A841} - System32\Tasks\AdvancedWindowsManager #8 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {C8C043DE-7766-4790-B277-B048666A4357} - System32\Tasks\AdvancedWindowsManager #9 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {49D1B49A-E3D4-438C-891B-166BEB6D4A71} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\windows\explorer.exe [5199488 2023-09-16] (Microsoft Windows -> Microsoft Corporation) Task: {9B9881BB-FEB4-4B09-BD41-36562FE9D01F} - System32\Tasks\DigitalPulseUpdateTask => C:\Users\Mahdi -> Khan\AppData\Roaming\DigitalPulse\DigitalPulseUpdate.exe Task: {DF4D676E-A548-457B-A867-2F3AC78F03BD} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\windows\system32\UCPDMgr.exe [58880 2023-09-05] (Microsoft Windows -> Microsoft Corporation) Task: {29D00DC6-FC96-452C-B653-59C12CF61EE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {27854F29-2AF5-4361-81BD-7F793C440CA3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1C47271A-A6E0-41F4-94BA-A88665B805EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {14BBDFD8-7FF8-4569-BEB7-D3C83186A7C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {66C10FFA-DA24-4ED4-B14F-61DACA405C12} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Rakibul Hasan\Downloads\Privazer.Pro.v4.0.67.Portable\App\PrivaZer\PrivaZer.exe [21678120 2023-03-03] (Goversoft LLC -> Goversoft LLC) Task: {B1E151CA-1B28-404B-A571-38FF0846856E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:980c26c5-bc16-4d1a-bdc2-708009f8cbaf Task: {3586B759-DF5C-4B7C-A0AC-FD8866CDA8BB} - System32\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:a20e0182-e01f-409c-8c90-c0cc05ec536a (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\MacType_SC.job => C:\Program Files\MacType\MacTray.exe Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\windows\Tasks\update-S-1-5-21-234447606-1724280197-2013969293-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [NameServer] 1.1.1.1,1.0.0.1 Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-18] Edge Extension: (uBlock Origin development build) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cgbcahbpdhpcegmbfconppldiemgcoii [2023-09-16] Edge Extension: (Google Docs Offline) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-30] Edge Extension: (Edge relevant text changes) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-16] Edge Extension: (Video Speed Controller) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2023-09-01] StartMenuInternet: Microsoft Edge - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) R2 Everything; C:\Program Files\Everything\Everything.exe [2261600 2021-05-12] (voidtools -> voidtools) S2 MBAMInstallerService; C:\Users\Mahdi Khan\AppData\Local\Temp\MBAMInstallerService.exe [151182120 2023-09-18] (Malwarebytes Inc. -> Malwarebytes) <==== ATTENTION S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402352 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WslService; "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_1.2.5.0_x64__8wekyb3d8bbwe\wslservice.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed] R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [42000 2023-09-18] (Microsoft Windows Hardware Compatibility Publisher -> ) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S4 UCPD; C:\windows\System32\drivers\UCPD.sys [29184 2023-09-05] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation) R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11192552 2023-08-04] (RealDefense, LLC -> SUPERAntiSpyware) HKU\S-1-5-21-1864656965-869502255-2032475508-1007\...\Run: [MicrosoftEdgeAutoLaunch_C3CB80581CF46CFA31E673610E1E3B92] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108224 2023-09-12] (Microsoft Corporation -> Microsoft Corporation) IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [2020-11-17] ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) [File not signed] Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win.lnk [2021-10-31] ShortcutTarget: IPMSG for Win.lnk -> C:\Users\Rakibul Hasan\AppData\Local\IPMsg\IPMsg.exe (FastCopy Lab, LLC. -> FastCopy Lab, LLC.) Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QTTabBar Desktop Extension StartUp.QTTabGroup [2022-10-15] () [File not signed] Startup: C:\Users\Rakibul Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Clock Redux x64.lnk [2021-10-31] ShortcutTarget: T-Clock Redux x64.lnk -> C:\Users\Rakibul Hasan\Downloads\T-Clock\Clock64.exe (White-Tiger -> -) [File not signed] GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {37112A68-8F86-49FD-BBF4-D443B83779BE} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe [1036152 2022-05-11] (Microleaves LTD -> AdvancedWindowsManager) <==== ATTENTION Task: {21506AE2-6F98-4D76-B123-8C09329235C1} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {4899B188-C848-4F10-886D-75403E474AB8} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {67C053CF-C50B-4625-B5BE-04F5F5DB4F5A} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {3B36306C-1976-4633-A619-DFBB06E53D9B} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {01712052-391F-49C1-B043-570B91390EA7} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {CFBE79D3-24D1-4852-8891-A1E8827E396B} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {E644BC8C-D3C6-4AEE-A88A-A7BE1993656B} - System32\Tasks\AdvancedWindowsManager #7 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {0B8594B3-295B-45AB-ACD7-F39B7265A841} - System32\Tasks\AdvancedWindowsManager #8 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {C8C043DE-7766-4790-B277-B048666A4357} - System32\Tasks\AdvancedWindowsManager #9 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION Task: {49D1B49A-E3D4-438C-891B-166BEB6D4A71} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\windows\explorer.exe [5199488 2023-09-16] (Microsoft Windows -> Microsoft Corporation) Task: {9B9881BB-FEB4-4B09-BD41-36562FE9D01F} - System32\Tasks\DigitalPulseUpdateTask => C:\Users\Mahdi -> Khan\AppData\Roaming\DigitalPulse\DigitalPulseUpdate.exe Task: {DF4D676E-A548-457B-A867-2F3AC78F03BD} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\windows\system32\UCPDMgr.exe [58880 2023-09-05] (Microsoft Windows -> Microsoft Corporation) Task: {29D00DC6-FC96-452C-B653-59C12CF61EE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {27854F29-2AF5-4361-81BD-7F793C440CA3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1C47271A-A6E0-41F4-94BA-A88665B805EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {14BBDFD8-7FF8-4569-BEB7-D3C83186A7C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {66C10FFA-DA24-4ED4-B14F-61DACA405C12} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Rakibul Hasan\Downloads\Privazer.Pro.v4.0.67.Portable\App\PrivaZer\PrivaZer.exe [21678120 2023-03-03] (Goversoft LLC -> Goversoft LLC) Task: {B1E151CA-1B28-404B-A571-38FF0846856E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:980c26c5-bc16-4d1a-bdc2-708009f8cbaf Task: {3586B759-DF5C-4B7C-A0AC-FD8866CDA8BB} - System32\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:a20e0182-e01f-409c-8c90-c0cc05ec536a (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\MacType_SC.job => C:\Program Files\MacType\MacTray.exe Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 980c26c5-bc16-4d1a-bdc2-708009f8cbaf.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task a20e0182-e01f-409c-8c90-c0cc05ec536a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\windows\Tasks\update-S-1-5-21-234447606-1724280197-2013969293-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [NameServer] 1.1.1.1,1.0.0.1 Tcpip\..\Interfaces\{6af8a7aa-94c2-451a-999d-5d8ed97a610e}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-18] Edge Extension: (uBlock Origin development build) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cgbcahbpdhpcegmbfconppldiemgcoii [2023-09-16] Edge Extension: (Google Docs Offline) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-30] Edge Extension: (Edge relevant text changes) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-16] Edge Extension: (Video Speed Controller) - C:\Users\Mahdi Khan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2023-09-01] StartMenuInternet: Microsoft Edge - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) R2 Everything; C:\Program Files\Everything\Everything.exe [2261600 2021-05-12] (voidtools -> voidtools) S2 MBAMInstallerService; C:\Users\Mahdi Khan\AppData\Local\Temp\MBAMInstallerService.exe [151182120 2023-09-18] (Malwarebytes Inc. -> Malwarebytes) <==== ATTENTION S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402352 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WslService; "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_1.2.5.0_x64__8wekyb3d8bbwe\wslservice.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed] R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [42000 2023-09-18] (Microsoft Windows Hardware Compatibility Publisher -> ) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-26] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S4 UCPD; C:\windows\System32\drivers\UCPD.sys [29184 2023-09-05] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation) R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Autoruns64Log.zip 539.32KB 2 downloads
Edited by NabilKhan, 18 September 2023 - 10:20 AM.