Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide: Best VPNs to unblock Stan outside Australia in 2023

Random Restarts, Computer Scrolling on its own, and passwords being changed.

Started by mek66861986 , Sep 21 2023 02:02 PM

Please log in to reply

4 replies to this topic

#1 mek66861986

Members
2 posts
OFFLINE

Local time:09:24 PM

Posted 21 September 2023 - 02:02 PM

I've been experiencing issues with my computer for the past couple of months, along with my phone which has accounts attached. Both have been wiped and reinstalled, OS Wise. My computer will randomly restart (checked power settings), passwords will be changed on websites, and sometimes my computer will start scrolling on its own. I've changed passwords, set up new emails. I'm stumped. Hopefully someone here can help me.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2023
Ran by Mike (administrator) on DESKTOP-BDUS3VM (Micro-Star International Co., Ltd. GT75VR 7RE) (21-09-2023 14:57:54)
Running from C:\Users\Michael King\Desktop\FRST64.exe
Loaded Profiles: Mike
Platform: Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\TotalAV\SecurityService.exe ->) (Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\SCM\SCM.exe
(explorer.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <21>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmiig.inf_amd64_6f22b06208986260\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe <2>
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-11-10] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-10-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [302888 2018-06-22] (Micro-Star International CO., LTD. -> ) [File not signed]
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2817817263-1149758534-2480755746-1001\...\Run: [MicrosoftEdgeAutoLaunch_A048B2792B3CF3BD5A5A3D139CEE0CDF] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2817817263-1149758534-2480755746-1001\...\Run: [] => [X]
HKU\S-1-5-21-2817817263-1149758534-2480755746-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [253816 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2023-09-18]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {C492A21A-3A93-471A-AC5F-4672391DC3C4} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon -> Center\DragonCenter_Updater.exe DragonCenter
Task: {9EEB8CB8-6F2A-43B6-92DE-39435BA5DF73} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [543536 2016-12-05] (Intel® Trust Services -> Intel® Corporation)
Task: {9711257F-C168-44DF-8F79-EA19AAF415DB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 ] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {FC706E09-0EE8-4A89-8400-70DDFCD6042F} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 ] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {08EB97B7-2AF7-4A1F-9000-B287EDA635D4} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 ] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {E789180D-A5E3-45C0-B381-EBD7B93BF7B0} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2150120 ] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {FC0DA79A-4221-4B57-859E-6F19ACE0E75B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start ThunderboltService
Task: {8DF4D118-1C4C-4FAF-A523-27CCC48225B6} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [675232 2023-09-11] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {9235F2AC-6149-4C60-A9A2-EEE763F5A672} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [722336 2023-09-11] (Mozilla Corporation -> Mozilla Foundation)
Task: {4100ECA3-C531-4B89-9B05-00BC5D0FD30A} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [5607208 2019-10-31] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed]
Task: {7BA39B02-D259-4B53-91AB-1BBA9A7637DB} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-08-18] () [File not signed]
Task: {4F6AE919-119F-4C31-86F9-9A233579F91F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2023-09-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {99B4579C-D050-4DEF-8FD8-CE7FCACDEA1B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-09-01] (Nvidia Corporation -> NVIDIA Corporation)
Task: {3F260621-C240-4F4C-B4AA-07FFA1E69692} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A6001F60-A394-4E40-934B-1D47FA6D1980} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C7B72404-45DA-4C37-8CCC-3A1F42D5F1D3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {87C5607F-6F47-4BFA-830B-5DBE4BFBDD93} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EC04AEE4-A6BC-48DC-B360-F439B28EB884} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1588954E-5AB9-4CE0-8D04-1120B2C68713} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6B302022-5285-45F7-A9BC-2CFF284B0507} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-09-01] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.20
Tcpip\..\Interfaces\{19593224-bba1-47f5-bbb9-421da3f10c1b}: [DhcpNameServer] 192.168.0.20
Tcpip\..\Interfaces\{fc01fcd5-2b9d-2fd8-78d8-cb78b313e2b2}: [NameServer] 103.86.96.100,103.86.99.100

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Michael King\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-21]
Edge Extension: (Google Docs Offline) - C:\Users\Michael King\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-19]
Edge Extension: (Bitwarden - Free Password Manager) - C:\Users\Michael King\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2023-09-20]
Edge Extension: (Edge relevant text changes) - C:\Users\Michael King\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-19]

FireFox:
========
FF DefaultProfile: q16yanib.default
FF ProfilePath: C:\Users\Michael King\AppData\Roaming\Mozilla\Firefox\Profiles\q16yanib.default [2023-09-17]
FF ProfilePath: C:\Users\Michael King\AppData\Roaming\Mozilla\Firefox\Profiles\6d58km4e.default-release-1695139149867 [2023-09-21]
FF DownloadDir: C:\Users\Michael King\Desktop
FF Homepage: Mozilla\Firefox\Profiles\6d58km4e.default-release-1695139149867 -> www.youtube.com
FF Session Restore: Mozilla\Firefox\Profiles\6d58km4e.default-release-1695139149867 -> is enabled.
FF Extension: (F.B Purity - Cleans up Facebook) - C:\Users\Michael King\AppData\Roaming\Mozilla\Firefox\Profiles\6d58km4e.default-release-1695139149867\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2023-09-19] [UpdateUrl:hxxps://www.fbpurity.com/FF-FBP-Ext-Updates.json]
FF Extension: (uBlock Origin) - C:\Users\Michael King\AppData\Roaming\Mozilla\Firefox\Profiles\6d58km4e.default-release-1695139149867\Extensions\uBlock0@raymondhill.net.xpi [2023-09-19]
FF Extension: (Bitwarden - Free Password Manager) - C:\Users\Michael King\AppData\Roaming\Mozilla\Firefox\Profiles\6d58km4e.default-release-1695139149867\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2023-09-19]
FF Extension: (Video Downloader for reddit - Redditsave) - C:\Users\Michael King\AppData\Roaming\Mozilla\Firefox\Profiles\6d58km4e.default-release-1695139149867\Extensions\{b0e3cc69-7193-42b1-a69b-f2d759f2599f}.xpi [2023-09-19]
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [168048 2018-06-22] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [310136 2021-06-11] (nordvpn s.a. -> TEFINCOM S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2023-08-09] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [274584 2023-08-09] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvmiig.inf_amd64_6f22b06208986260\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvmiig.inf_amd64_6f22b06208986260\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aqnic650; C:\Windows\System32\drivers\aqnic650.sys [265128 2022-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [209088 2023-03-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199312 2023-03-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2023-03-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [120416 2023-09-07] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 mshield; C:\Windows\System32\DRIVERS\mshield.sys [43112 2023-05-17] (nordvpn s.a. -> Nordvpn S.A.)
R2 NDivert; C:\Program Files\NordVPN\7.13.3.0\Drivers\NDivert.sys [131472 2023-05-24] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\Windows\system32\DRIVERS\nordlwf.sys [44928 2023-01-17] (nordvpn s.a. -> TEFINCOM S.A.)
S1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [77336 2022-08-19] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2023-09-01] (Nvidia Corporation -> NVIDIA Corporation)
S0 ProtectedELAM; C:\Windows\System32\drivers\protected_elam.sys [18912 2023-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> TODO: <Company name>)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [46408 2017-06-01] (SteelSeries ApS -> SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [45936 2017-08-15] (SteelSeries ApS -> SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [38688 2017-06-01] (SteelSeries ApS -> SteelSeries ApS)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [49744 2023-08-28] (nordvpn s.a. -> The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55872 2023-09-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [574872 2023-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-18] (Microsoft Windows -> Microsoft Corporation)
R1 webshieldfilter; C:\Windows\System32\drivers\webshieldfilter.sys [96264 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) <==== ATTENTION
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] (Micro-Star Int'l Co. Ltd. -> )
R3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2023-09-17] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-21 14:57 - 2023-09-21 14:58 - 000019705 _____ C:\Users\Michael King\Desktop\FRST.txt
2023-09-21 14:57 - 2023-09-21 14:58 - 000000000 ____D C:\FRST
2023-09-21 14:57 - 2023-09-21 14:57 - 002382848 _____ (Farbar) C:\Users\Michael King\Desktop\FRST64.exe
2023-09-21 14:56 - 2023-09-21 14:56 - 000000424 _____ C:\Users\Michael King\Desktop\New Text Document.txt
2023-09-21 04:14 - 2023-09-21 04:14 - 000000258 _____ C:\ProgramData\ntuser.pol
2023-09-20 20:52 - 2023-09-20 20:52 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Wireshark
2023-09-20 20:51 - 2023-09-20 20:51 - 000003460 _____ C:\Windows\system32\Tasks\npcapwatchdog
2023-09-20 20:51 - 2023-09-20 20:51 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2023-09-20 20:51 - 2023-09-20 20:51 - 000000000 ____D C:\Windows\system32\Npcap
2023-09-20 20:50 - 2023-09-20 20:51 - 000000000 ____D C:\Program Files\Npcap
2023-09-20 14:37 - 2023-09-20 14:37 - 000000000 ____D C:\Users\Michael King\.android
2023-09-20 14:36 - 2023-09-20 14:36 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\TSMonitor
2023-09-20 14:36 - 2023-09-20 14:36 - 000000000 ____D C:\tenorshare
2023-09-20 14:36 - 2023-09-20 14:36 - 000000000 ____D C:\ProgramData\4ukey for android
2023-09-20 14:36 - 2023-09-07 06:37 - 000120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2023-09-20 14:36 - 2022-09-30 05:24 - 000174112 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2023-09-20 14:34 - 2023-09-20 14:34 - 000000000 ____D C:\Program Files (x86)\Tenorshare
2023-09-19 23:54 - 2023-09-21 08:14 - 000000000 ____D C:\Users\Michael King\AppData\Local\NordVPN
2023-09-19 23:53 - 2023-09-20 03:56 - 000000000 ____D C:\Program Files\NordVPN
2023-09-19 23:53 - 2023-09-19 23:58 - 000000000 ____D C:\ProgramData\NordVPN
2023-09-19 23:53 - 2023-09-19 23:53 - 000000000 ____D C:\ProgramData\NordUpdater
2023-09-19 23:53 - 2023-09-19 23:53 - 000000000 ____D C:\Program Files\NordUpdater
2023-09-19 23:53 - 2023-09-19 23:53 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2023-09-19 23:53 - 2023-05-17 09:33 - 000043112 _____ (Nordvpn S.A.) C:\Windows\system32\Drivers\mshield.sys
2023-09-19 23:53 - 2023-01-17 09:47 - 000044928 _____ (TEFINCOM S.A.) C:\Windows\system32\Drivers\nordlwf.sys
2023-09-19 20:03 - 2023-09-19 20:03 - 000000000 ____D C:\Users\Michael King\AppData\Local\Micro-Star_International_
2023-09-19 18:36 - 2023-09-19 18:36 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Vortex
2023-09-19 14:47 - 2023-09-19 14:47 - 000000000 ____D C:\Users\Michael King\AppData\Local\FirmwareUpdateTool
2023-09-19 14:44 - 2023-09-19 14:47 - 000000000 ____D C:\ProgramData\LogiShrd
2023-09-19 11:59 - 2023-09-19 12:10 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-09-19 11:59 - 2023-09-19 11:59 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2023-09-19 11:59 - 2023-09-19 11:59 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-19 11:59 - 2023-09-19 11:59 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-09-19 11:59 - 2023-09-19 11:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-09-19 11:52 - 2023-09-19 11:57 - 000000878 _____ C:\Windows\system32\InstallUtil.InstallLog
2023-09-19 11:52 - 2023-09-19 11:57 - 000000000 ____D C:\ProgramData\TinyWall
2023-09-19 11:52 - 2023-09-19 11:57 - 000000000 ____D C:\Program Files (x86)\TinyWall
2023-09-19 11:52 - 2023-09-19 11:56 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\TinyWall
2023-09-19 11:52 - 2023-09-19 11:52 - 001839104 _____ C:\Users\Michael King\Downloads\TinyWall-v3-Installer (1).msi
2023-09-19 11:51 - 2023-09-20 04:23 - 001839104 _____ C:\Users\Michael King\Downloads\TinyWall-v3-Installer.msi
2023-09-19 11:44 - 2023-09-19 11:44 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Henry++
2023-09-19 11:33 - 2023-09-19 11:44 - 000000000 ____D C:\Program Files\simplewall
2023-09-19 10:34 - 2023-09-19 10:34 - 000000000 ____D C:\Users\Michael King\AppData\Local\IsolatedStorage
2023-09-19 10:08 - 2023-09-19 10:08 - 000000000 ____D C:\Users\Michael King\Documents\TotalAV
2023-09-19 10:08 - 2023-03-27 18:07 - 000209088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2023-09-19 10:08 - 2023-03-27 18:07 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2023-09-19 10:08 - 2023-03-27 18:07 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2023-09-19 10:06 - 2023-09-20 23:38 - 000001150 _____ C:\Users\Michael King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2023-09-19 10:06 - 2023-09-20 23:38 - 000000000 ____D C:\Program Files (x86)\TotalAV
2023-09-19 10:06 - 2023-09-19 10:06 - 000000000 ____D C:\Users\Michael King\AppData\Local\GUI
2023-09-19 10:06 - 2023-09-19 10:06 - 000000000 ____D C:\ProgramData\TotalAV
2023-09-19 10:06 - 2023-09-19 10:06 - 000000000 ____D C:\ProgramData\SecuritySuite
2023-09-19 09:18 - 2023-09-19 09:18 - 000000000 ____D C:\KVRT2020_Data
2023-09-19 09:14 - 2023-09-19 09:16 - 000000000 ____D C:\ProgramData\HitmanPro
2023-09-19 09:14 - 2023-09-19 09:14 - 000000000 ____D C:\Program Files\HitmanPro
2023-09-19 09:11 - 2023-09-19 09:31 - 000000000 ____D C:\ESD
2023-09-19 09:08 - 2023-09-19 09:08 - 000000000 ___HD C:\$Windows.~WS
2023-09-19 07:31 - 2023-09-20 14:37 - 000000000 ____D C:\Users\Michael King\AppData\Local\CrashDumps
2023-09-19 06:55 - 2023-09-19 06:55 - 000000000 ____D C:\Users\Michael King\AppData\Local\D3DSCache
2023-09-18 18:20 - 2023-09-18 18:20 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Portrait Displays
2023-09-18 18:20 - 2023-09-18 18:20 - 000000000 ____D C:\Users\Michael King\AppData\Local\MSI
2023-09-18 18:20 - 2023-09-18 18:20 - 000000000 ____D C:\ProgramData\MSI
2023-09-18 18:17 - 2023-09-18 18:17 - 000000000 ____D C:\Users\Michael King\AppData\Local\vortex-updater
2023-09-18 18:17 - 2023-09-18 18:17 - 000000000 ____D C:\Program Files\Black Tree Gaming Ltd
2023-09-18 18:17 - 2021-10-11 17:25 - 000043220 _____ C:\Windows\rtl8761b_mp_chip_bt40_fw_asic_rom_patch_new
2023-09-18 18:17 - 2021-10-11 17:25 - 000004216 _____ C:\Windows\PidVid_List
2023-09-18 18:16 - 2023-09-18 18:16 - 000000000 ____D C:\Program Files (x86)\ASUS
2023-09-18 18:15 - 2023-09-18 18:15 - 000000000 ____D C:\ProgramData\Portrait Displays
2023-09-18 18:15 - 2023-09-18 18:15 - 000000000 ____D C:\Program Files\Portrait Displays
2023-09-18 18:10 - 2023-09-18 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2023-09-18 18:10 - 2023-09-18 18:10 - 000003654 _____ C:\Windows\system32\Tasks\Dragon_Center_updater
2023-09-18 18:10 - 2023-09-18 18:10 - 000003016 _____ C:\Windows\system32\Tasks\MSI_Dragon Center
2023-09-18 18:10 - 2023-09-18 18:10 - 000000000 ____D C:\Users\Michael King\Documents\temp
2023-09-18 18:09 - 2023-09-18 18:13 - 000000000 ____D C:\Program Files (x86)\MSI
2023-09-18 18:09 - 2023-09-18 18:09 - 000001910 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCM.lnk
2023-09-18 18:09 - 2023-09-18 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2023-09-18 18:09 - 2023-09-18 18:09 - 000000000 ____D C:\Program Files (x86)\SCM
2023-09-18 18:08 - 2023-09-18 18:08 - 000000000 ____D C:\Windows\system32\Tasks\Intel
2023-09-18 18:08 - 2023-09-18 18:08 - 000000000 ____D C:\ProgramData\SteelSeries
2023-09-18 18:08 - 2023-09-18 18:08 - 000000000 ____D C:\Program Files\SteelSeries
2023-09-18 18:07 - 2023-09-18 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt™ Software
2023-09-18 18:06 - 2023-09-20 14:37 - 000000000 ____D C:\Program Files\DIFX
2023-09-18 18:06 - 2023-09-18 18:06 - 000003738 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification
2023-09-18 18:06 - 2023-09-18 18:06 - 000000000 ____D C:\ProgramData\Intel
2023-09-18 18:05 - 2023-09-18 18:05 - 000000000 ____D C:\Windows\SysWOW64\sda
2023-09-18 18:05 - 2017-04-12 13:28 - 000782304 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2023-09-18 18:05 - 2016-07-14 12:40 - 009891328 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2023-09-18 18:05 - 2016-07-14 12:27 - 000084480 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2023-09-18 18:05 - 2016-07-14 12:23 - 004332032 _____ (Realtek Semiconductor Corp.) C:\Windows\RtCRU64.exe
2023-09-18 18:03 - 2023-09-18 18:03 - 000000000 ____D C:\Users\Michael King\AppData\Local\Steam
2023-09-18 17:56 - 2023-09-21 13:03 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\vlc
2023-09-18 17:56 - 2023-09-18 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2023-09-18 17:56 - 2023-09-18 17:56 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2023-09-18 17:22 - 2023-09-18 18:16 - 000000000 ____D C:\ProgramData\Realtek
2023-09-18 11:21 - 2023-09-18 11:21 - 000000000 ____D C:\Users\Michael King\AppData\Local\qBittorrent
2023-09-18 02:56 - 2023-09-18 02:56 - 000000000 ____D C:\Program Files\Malwarebytes
2023-09-18 02:29 - 2023-09-18 02:29 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Microsoft\HTML Help
2023-09-18 02:26 - 2023-09-18 02:27 - 000000000 ____D C:\Users\Michael King\AppData\Local\Sysinternals
2023-09-18 01:59 - 2023-09-21 03:11 - 000000000 ____D C:\Games
2023-09-18 01:00 - 2023-09-18 01:00 - 000000000 ____D C:\Windows\SystemTemp
2023-09-18 00:55 - 2023-09-18 00:55 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Microsoft\InputMethod
2023-09-17 23:51 - 2023-09-17 23:51 - 000000000 ___HD C:\$WinREAgent
2023-09-17 23:50 - 2023-09-19 19:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-17 23:47 - 2023-09-17 23:48 - 000000000 ____D C:\Windows\system32\MRT
2023-09-17 23:47 - 2022-09-30 08:23 - 000167440 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus2.sys
2023-09-17 23:46 - 2023-09-17 23:46 - 000000000 ____D C:\Users\Michael King\AppData\Local\ElevatedDiagnostics
2023-09-17 23:32 - 2023-09-17 23:32 - 000000000 ____D C:\Users\Michael King\AppData\Local\ToastNotificationManagerCompat
2023-09-17 23:22 - 2023-09-19 22:36 - 000000000 ____D C:\Windows\Panther
2023-09-17 23:21 - 2023-03-23 17:52 - 000041024 _____ (TEFINCOM S.A.) C:\Windows\Nord.Setup.dll
2023-09-17 23:20 - 2023-09-19 12:16 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-09-17 23:20 - 2023-09-17 23:20 - 000398656 _____ (Mozilla) C:\Users\Michael King\Downloads\Firefox Installer.exe
2023-09-17 23:20 - 2023-09-17 23:20 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Mozilla
2023-09-17 23:20 - 2023-09-17 23:20 - 000000000 ____D C:\Users\Michael King\AppData\Local\Mozilla
2023-09-17 23:06 - 2023-09-18 01:05 - 000000000 ____D C:\Users\Michael King\AppData\Local\PlaceholderTileLogoFolder
2023-09-17 23:06 - 2020-08-10 21:55 - 019838728 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPRes.dll
2023-09-17 23:06 - 2020-08-10 21:55 - 004514568 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPEnh.exe
2023-09-17 23:06 - 2020-08-10 21:55 - 004086024 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCpl.dll
2023-09-17 23:06 - 2020-08-10 21:55 - 000825608 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2023-09-17 23:06 - 2020-08-10 21:55 - 000767240 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2023-09-17 23:06 - 2020-08-10 21:55 - 000395528 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPEnhService.exe
2023-09-17 23:06 - 2020-08-10 21:55 - 000283400 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2023-09-17 23:06 - 2020-08-10 21:55 - 000243464 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPHelper.exe
2023-09-17 23:06 - 2020-08-10 21:55 - 000049416 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2023-09-17 22:52 - 2023-09-19 14:29 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Microsoft\MMC
2023-09-17 22:51 - 2023-09-17 22:51 - 000000000 ____D C:\Program Files\AqnicDriver
2023-09-17 22:50 - 2023-09-17 22:50 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2023-09-17 22:50 - 2023-09-17 22:50 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2023-09-17 22:50 - 2023-09-17 22:50 - 000000000 ____D C:\Windows\system32\DAX3
2023-09-17 22:50 - 2023-09-17 22:50 - 000000000 ____D C:\Windows\system32\DAX2
2023-09-17 22:50 - 2023-09-17 22:50 - 000000000 ____D C:\Program Files\Realtek
2023-09-17 22:49 - 2023-09-18 18:16 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-09-17 22:49 - 2023-09-18 18:05 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-09-17 22:49 - 2023-09-17 22:50 - 000000000 ___HD C:\Program Files (x86)\Temp
2023-09-17 22:49 - 2017-10-19 06:05 - 003299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2023-09-17 22:49 - 2017-10-19 06:05 - 002190976 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2023-09-17 22:49 - 2017-10-19 06:05 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2023-09-17 22:49 - 2017-10-19 06:05 - 001337632 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2023-09-17 22:49 - 2017-10-19 06:05 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2023-09-17 22:49 - 2017-10-19 06:05 - 000604784 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2023-09-17 22:49 - 2017-10-19 06:05 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 003121112 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 001435128 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 000873456 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 000532368 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 000467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 000381400 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 000158688 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2023-09-17 22:49 - 2017-10-19 06:04 - 000075528 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2023-09-17 22:49 - 2017-10-19 06:03 - 003410320 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2023-09-17 22:49 - 2017-10-19 06:03 - 000986992 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2023-09-17 22:49 - 2017-10-19 06:03 - 000965016 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2023-09-17 22:49 - 2017-10-19 06:03 - 000866632 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2023-09-17 22:49 - 2017-10-19 06:03 - 000231904 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2023-09-17 22:49 - 2017-10-19 06:03 - 000090904 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2023-09-17 22:49 - 2017-10-19 06:03 - 000088312 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2023-09-17 22:49 - 2017-10-19 06:03 - 000083616 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 003509192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 001016920 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 000877424 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 000868168 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 000737960 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 000691672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 000526272 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 000387304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 000343696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 000214824 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2023-09-17 22:49 - 2017-10-19 06:02 - 000088336 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 006463152 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 005938904 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 005593608 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 003561920 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 003135776 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 001351224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000680536 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000447704 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000406440 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000366112 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000360336 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000321704 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000321704 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000203832 _____ (Harman) C:\Windows\system32\HMHVS.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000190920 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000190920 _____ (Harman) C:\Windows\system32\HMEQ.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000179584 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000151776 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000134184 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2023-09-17 22:49 - 2017-10-19 06:01 - 000084600 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 005346984 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 002444672 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 001965800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 001959592 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 001780608 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 001508920 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 001259720 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000727424 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000708304 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000504296 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000445384 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000441256 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000362040 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000327440 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000310408 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000253888 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000253856 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2023-09-17 22:49 - 2017-10-19 06:00 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2023-09-17 22:49 - 2017-10-19 05:59 - 001544240 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2023-09-17 22:49 - 2017-10-19 05:59 - 001372376 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2023-09-17 22:49 - 2017-10-19 05:59 - 000272704 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2023-09-17 22:49 - 2017-10-19 05:58 - 006007720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2023-09-17 22:49 - 2017-10-19 05:58 - 003677152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2023-09-17 22:49 - 2017-10-19 05:58 - 003205112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2023-09-17 22:49 - 2017-10-19 05:58 - 002922976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2023-09-17 22:49 - 2017-10-19 05:58 - 000258856 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2023-09-17 22:49 - 2017-10-19 05:58 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2023-09-17 22:49 - 2017-10-19 05:57 - 007172904 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2023-09-17 22:49 - 2017-10-19 05:57 - 007096176 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2023-09-17 22:49 - 2017-10-19 05:57 - 006264624 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2023-09-17 22:49 - 2017-10-19 05:57 - 001159168 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2023-09-17 22:49 - 2017-10-19 05:57 - 001003856 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2023-09-17 22:49 - 2017-10-19 05:57 - 000416496 _____ (Harman) C:\Windows\system32\HMUI.dll
2023-09-17 22:49 - 2017-10-19 05:57 - 000378368 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2023-09-17 22:49 - 2017-10-19 05:57 - 000154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2023-09-17 22:49 - 2017-10-19 05:57 - 000122312 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2023-09-17 22:49 - 2017-10-19 05:56 - 000118576 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2023-09-17 22:49 - 2017-10-19 05:56 - 000105304 _____ C:\Windows\system32\audioLibVc.dll
2023-09-17 22:49 - 2017-07-21 20:17 - 002839488 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2023-09-17 22:47 - 2023-09-17 22:47 - 000000000 ____D C:\Users\Michael King\AppData\Local\Comms
2023-09-17 22:45 - 2023-09-19 16:48 - 000000000 ____D C:\Users\Michael King\AppData\Local\NVIDIA Corporation
2023-09-17 22:45 - 2023-09-17 22:45 - 000000000 ____D C:\Users\Michael King\AppData\Local\NVIDIA
2023-09-17 22:45 - 2023-09-17 22:45 - 000000000 ____D C:\Users\Michael King\AppData\Local\DBG
2023-09-17 22:45 - 2023-09-17 22:45 - 000000000 ____D C:\Users\Michael King\AppData\Local\CEF
2023-09-17 22:45 - 2023-09-17 22:45 - 000000000 ____D C:\Users\Michael King\ansel
2023-09-17 22:44 - 2023-09-21 12:25 - 000000000 ____D C:\ProgramData\NVIDIA
2023-09-17 22:44 - 2023-09-18 03:04 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-09-17 22:44 - 2023-09-17 22:44 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-17 22:44 - 2023-09-17 22:44 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-17 22:44 - 2023-09-17 22:44 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-17 22:44 - 2023-09-17 22:44 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-17 22:44 - 2023-09-17 22:44 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-17 22:44 - 2023-09-17 22:44 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-17 22:44 - 2023-09-17 22:44 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-17 22:44 - 2023-09-17 22:44 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-17 22:44 - 2023-09-17 22:44 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-17 22:44 - 2023-09-17 22:44 - 000000000 ____D C:\Windows\system32\lxss
2023-09-17 22:44 - 2023-09-17 22:44 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2023-09-17 22:44 - 2023-09-17 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-09-17 22:44 - 2023-09-17 22:44 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-09-17 22:44 - 2023-09-01 16:26 - 002904632 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2023-09-17 22:44 - 2023-09-01 16:26 - 002234920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2023-09-17 22:44 - 2023-09-01 16:26 - 001297464 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2023-09-17 22:44 - 2023-09-01 16:26 - 000169512 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2023-09-17 22:44 - 2023-09-01 16:26 - 000148520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2023-09-17 22:44 - 2023-09-01 16:26 - 000086568 _____ C:\Windows\system32\FvSDK_x64.dll
2023-09-17 22:44 - 2023-09-01 16:26 - 000075304 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2023-09-17 22:41 - 2023-09-01 16:26 - 000121880 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2023-09-17 22:41 - 2023-09-01 16:26 - 000060112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2023-09-17 22:41 - 2023-09-01 16:26 - 000059928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2023-09-17 22:40 - 2023-09-17 22:44 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-09-17 22:40 - 2023-09-03 15:28 - 001488008 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2023-09-17 22:40 - 2023-09-03 15:28 - 001227400 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-09-17 22:40 - 2023-09-03 15:28 - 000849088 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-09-17 22:40 - 2023-09-03 15:28 - 000849088 _____ C:\Windows\system32\vulkaninfo.exe
2023-09-17 22:40 - 2023-09-03 15:28 - 000713912 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-09-17 22:40 - 2023-09-03 15:28 - 000713912 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-09-17 22:40 - 2023-09-03 15:28 - 000653504 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-09-17 22:40 - 2023-09-03 15:28 - 000653504 _____ C:\Windows\system32\vulkan-1.dll
2023-09-17 22:40 - 2023-09-03 15:28 - 000637112 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-09-17 22:40 - 2023-09-03 15:28 - 000637112 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-09-17 22:40 - 2023-09-03 15:24 - 001537656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-09-17 22:40 - 2023-09-03 15:24 - 001195120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-09-17 22:40 - 2023-09-03 15:24 - 000939040 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-09-17 22:40 - 2023-09-03 15:24 - 000669320 _____ C:\Windows\system32\nvofapi64.dll
2023-09-17 22:40 - 2023-09-03 15:24 - 000503920 _____ C:\Windows\SysWOW64\nvofapi.dll
2023-09-17 22:40 - 2023-09-03 15:23 - 014520328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-09-17 22:40 - 2023-09-03 15:23 - 012066424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-09-17 22:40 - 2023-09-03 15:23 - 002168352 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-09-17 22:40 - 2023-09-03 15:23 - 001621616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-09-17 22:40 - 2023-09-03 15:23 - 000992376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-09-17 22:40 - 2023-09-03 15:23 - 000777336 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-09-17 22:40 - 2023-09-03 15:23 - 000768112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-09-17 22:40 - 2023-09-03 15:23 - 000459272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-09-17 22:40 - 2023-09-03 15:22 - 006190616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-09-17 22:40 - 2023-09-03 15:22 - 005845640 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-09-17 22:40 - 2023-09-03 15:22 - 005550624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2023-09-17 22:40 - 2023-09-03 15:22 - 003483272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2023-09-17 22:40 - 2023-09-03 15:22 - 000853112 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-09-17 22:40 - 2023-09-03 15:21 - 007858128 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2023-09-17 22:40 - 2023-09-03 15:21 - 006738040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-09-17 22:40 - 2023-09-01 16:26 - 000108122 _____ C:\Windows\system32\nvinfo.pb
2023-09-17 22:38 - 2023-09-17 22:38 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2023-09-17 22:36 - 2023-09-18 18:07 - 000000000 ____D C:\Program Files (x86)\Intel
2023-09-17 22:36 - 2023-09-17 22:36 - 000795738 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2023-09-17 22:36 - 2023-09-17 22:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2023-09-17 22:36 - 2023-09-17 22:36 - 000000000 ____D C:\Users\Michael King\Intel
2023-09-17 22:36 - 2023-09-17 22:36 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Intel Corporation
2023-09-17 22:34 - 2023-09-17 22:58 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Microsoft\Spelling
2023-09-17 22:31 - 2023-09-20 20:50 - 000000000 ____D C:\ProgramData\Package Cache
2023-09-17 22:31 - 2023-09-18 18:06 - 000000000 ____D C:\Program Files\Intel
2023-09-17 22:30 - 2023-09-21 12:55 - 000797554 _____ C:\Windows\system32\PerfStringBackup.INI
2023-09-17 22:30 - 2023-09-17 22:30 - 000000000 ___RD C:\Users\Michael King\OneDrive
2023-09-17 22:30 - 2023-09-17 22:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2023-09-17 22:29 - 2023-09-17 22:29 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-09-17 22:28 - 2023-09-17 22:28 - 000000000 ____D C:\Users\Michael King\AppData\Local\Publishers
2023-09-17 22:27 - 2023-09-20 23:37 - 000000000 ____D C:\Users\Michael King
2023-09-17 22:27 - 2023-09-20 20:06 - 000000000 ____D C:\Users\Michael King\AppData\Local\Packages
2023-09-17 22:27 - 2023-09-20 20:06 - 000000000 ____D C:\ProgramData\Packages
2023-09-17 22:27 - 2023-09-20 00:23 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Microsoft\Windows
2023-09-17 22:27 - 2023-09-19 23:56 - 000000000 ___SD C:\Users\Michael King\AppData\Roaming\Microsoft\Credentials
2023-09-17 22:27 - 2023-09-19 19:19 - 000000000 ____D C:\Users\Michael King\AppData\Local\ConnectedDevicesPlatform
2023-09-17 22:27 - 2023-09-18 00:55 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-09-17 22:27 - 2023-09-18 00:55 - 000000000 ___SD C:\Users\Michael King\AppData\Roaming\Microsoft\Protect
2023-09-17 22:27 - 2023-09-17 22:27 - 000000020 ___SH C:\Users\Michael King\ntuser.ini
2023-09-17 22:27 - 2023-09-17 22:27 - 000000000 ___SD C:\Users\Michael King\AppData\Roaming\Microsoft\SystemCertificates
2023-09-17 22:27 - 2023-09-17 22:27 - 000000000 ___SD C:\Users\Michael King\AppData\Roaming\Microsoft\Crypto
2023-09-17 22:27 - 2023-09-17 22:27 - 000000000 ___RD C:\Users\Michael King\3D Objects
2023-09-17 22:27 - 2023-09-17 22:27 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Microsoft\Vault
2023-09-17 22:27 - 2023-09-17 22:27 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Microsoft\Network
2023-09-17 22:27 - 2023-09-17 22:27 - 000000000 ____D C:\Users\Michael King\AppData\Roaming\Adobe
2023-09-17 22:27 - 2023-09-17 22:27 - 000000000 ____D C:\Users\Michael King\AppData\Local\VirtualStore
2023-09-17 22:25 - 2023-09-17 22:25 - 000000000 _SHDL C:\Documents and Settings
2023-09-17 22:24 - 2023-09-20 23:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-17 22:24 - 2023-09-20 22:19 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-17 22:24 - 2023-09-18 09:13 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-09-17 22:24 - 2023-09-18 09:13 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-09-17 22:24 - 2023-09-18 01:12 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-09-17 22:23 - 2023-09-21 13:48 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-09-17 22:23 - 2023-09-20 23:38 - 000008192 ___SH C:\DumpStack.log.tmp
2023-09-17 22:23 - 2023-09-18 01:01 - 000259496 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-17 22:23 - 2023-09-17 22:23 - 000000000 ____D C:\Windows\ServiceProfiles
2023-08-28 12:21 - 2023-08-28 12:21 - 000049744 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapnordvpn.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-21 12:55 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2023-09-21 11:14 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-21 05:39 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-21 05:39 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2023-09-21 04:19 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2023-09-21 04:13 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2023-09-21 04:10 - 2021-04-09 09:49 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll
2023-09-21 04:10 - 2021-04-09 09:49 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2023-09-21 04:10 - 2021-04-09 09:49 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2023-09-21 04:10 - 2021-04-09 09:49 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\AuditPolicyGPInterop.dll
2023-09-21 04:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2023-09-21 04:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\security
2023-09-21 04:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-21 04:10 - 2019-12-07 05:10 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\AuditNativeSnapIn.dll
2023-09-21 04:10 - 2019-12-07 05:10 - 000147439 _____ C:\Windows\system32\gpedit.msc
2023-09-21 04:10 - 2019-12-07 05:10 - 000120458 _____ C:\Windows\system32\secpol.msc
2023-09-21 04:10 - 2019-12-07 05:10 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\auditpolmsg.dll
2023-09-21 04:10 - 2019-12-07 05:10 - 000043566 _____ C:\Windows\system32\rsop.msc
2023-09-21 04:10 - 2019-12-07 05:10 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\SrpUxNativeSnapIn.dll
2023-09-21 04:09 - 2021-04-09 09:49 - 000207360 _____ (Microsoft Corporation) C:\Windows\system32\appmgmts.dll
2023-09-21 04:09 - 2021-04-09 09:49 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2023-09-21 04:09 - 2021-04-09 09:49 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2023-09-20 23:37 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-09-20 14:37 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-09-20 14:36 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ModemLogs
2023-09-20 10:28 - 2019-12-07 05:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-09-19 10:06 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-09-19 07:45 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\appcompat
2023-09-18 01:12 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-09-18 01:04 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-18 01:00 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-09-18 01:00 - 2019-12-07 05:50 - 000000000 ____D C:\Windows\system32\OpenSSH
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\system32\UNP
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemApps
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lv-LV
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lt-LT
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\et-EE
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\es-MX
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\DDFs
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellComponents
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\DiagTrack
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2023-09-18 01:00 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-09-18 01:00 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\servicing
2023-09-18 00:14 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-09-18 00:14 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2023-09-18 00:14 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2023-09-17 23:22 - 2019-12-07 05:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2023-09-17 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-17 22:34 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState
2023-09-17 22:27 - 2019-12-07 05:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2023-09-17 22:27 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\spool
2023-09-17 22:26 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2023
Ran by Mike (21-09-2023 14:59:10)
Running from C:\Users\Michael King\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) (2023-09-18 02:25:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2817817263-1149758534-2480755746-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2817817263-1149758534-2480755746-503 - Limited - Disabled)
Guest (S-1-5-21-2817817263-1149758534-2480755746-501 - Limited - Disabled)
Mike (S-1-5-21-2817817263-1149758534-2480755746-1001 - Administrator - Enabled) => C:\Users\Michael King
WDAGUtilityAccount (S-1-5-21-2817817263-1149758534-2480755746-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Total AV (Enabled - Up to date) {0567E33F-93C9-11B5-891D-90A37AEB2766}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS USB-BT500 Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1038.1040.1040.210929 - )
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.2001.1001 - Micro-Star International Co., Ltd.)
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1910.3101 - Micro-Star International Co., Ltd.)
Intel® Chipset Device Software (HKLM\...\{94E05108-3E4E-4F2E-AC5F-33A1B22B779C}) (Version: 10.1.1.44 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{7BA7732C-EB19-418E-84BE-C08F4DF0B987}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{C9BDB597-E3D2-461F-8BB3-04ED39AA9ACD}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{E262E6F2-0F11-49C7-A144-18FE8FE0376E}) (Version: 15.9.0.1015 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{09170360-1540-4917-8D51-895EBA412DDC}) (Version: 1.44.401.1 - Intel Corporation) Hidden
KB9X Radio Switch Driver (HKLM\...\97FE6BFA6A40EE4967381F4313B334031A3B6E03) (Version: 1.1.4.0 - ENE TECHNOLOGY INC.)
Marvell AQtion Network Adapter Drivers (64 bit) (HKLM\...\{F996892D-89EB-4AAC-A9AD-60CD3539AB0A}) (Version: 3.1.7.0 - Marvell Semiconductor Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.31 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{E6C81238-43A3-4CE7-BB4C-1C76478D7FA8}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{D5BE2F4C-7D69-4D77-9E7D-2EFD39E0DBF2}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 (HKLM-x32\...\{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 (HKLM-x32\...\{1E6FC929-567E-4D22-9206-C5B83F0A21B9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 117.0.1 (x64 en-US)) (Version: 117.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 117.0.1 - Mozilla)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.132 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.13.3.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.71 - Nmap Project)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Graphics Driver 537.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 537.34 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8273 - Realtek Semiconductor Corp.)
SCM (HKLM\...\{1CC45AFD-DFFF-4165-86B4-FA112B167509}) (Version: 13.018.06221 - Application)
SteelSeries Engine 3.11.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.2 - SteelSeries ApS)
Thunderbolt™ Software (HKLM-x32\...\{87A31923-8F18-4943-8093-17DBEE0101B7}) (Version: 16.3.61.275 - Intel Corporation)
TotalAV (HKLM-x32\...\TotalAV) (Version: 5.23.174 - TotalAV) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00004) (HKLM\...\BE156A27AFEAEA39D6A7C9D25CFA8DAFAF91756B) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.)
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )

Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-19] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-09-17] (NVIDIA Corp.)
SynMsiDApp -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynMsiDApp_19005.31005.0.0_x64__807d65c4rvak2 [2023-09-18] (Synaptics Incorporated)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.921.916.809_neutral__8wekyb3d8bbwe [2023-09-21] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> TEFINCOM S.A.)
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{eae5d8cf-53f4-11e7-6878-e6e9de9c9328}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> TEFINCOM S.A.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmiig.inf_amd64_6f22b06208986260\nvshext.dll [2023-09-03] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2017-09-05 14:46 - 2017-09-05 14:46 - 002146304 _____ (Holtek Semiconductor Inc.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\HIDDLL.dll
2017-09-05 14:46 - 2017-09-05 14:46 - 002284032 _____ (Holtek) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\ISPDLL.dll
2015-06-11 22:35 - 2015-06-11 22:35 - 000047816 _____ (MICRO-STAR INTERNATIONAL CO., LTD -> www.internals.com) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\WinIo64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Michael King\Desktop\FRST64.exe:shield [232]
AlternateDataStreams: C:\Users\Michael King\Downloads\TinyWall-v3-Installer.msi:shield [149]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-2817817263-1149758534-2480755746-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 103.86.96.100 - 103.86.99.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
HKU\S-1-5-21-2817817263-1149758534-2480755746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2817817263-1149758534-2480755746-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_A048B2792B3CF3BD5A5A3D139CEE0CDF"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D2071AC5-7F09-46A1-B0CE-733EA3E7E392}] => (Block) C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F2FAA881-B24F-4DA3-914A-A17C2AA2CF49}] => (Block) C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A2AB500E-82B3-430B-96C3-140FD3DC2FBC}] => (Block) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D0348BB1-2B6C-43C1-9DCD-6208F481B225}] => (Block) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> TEFINCOM S.A.)
FirewallRules: [{EA6CBFBD-663A-45A6-B325-A551547187A2}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> TEFINCOM S.A.)
FirewallRules: [{30663FF1-D54B-4C0A-BB20-D693EFF91180}] => (Block) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
FirewallRules: [{D9EFE8C3-CBAA-4F64-ABBD-13DAA8166247}] => (Block) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
FirewallRules: [{92DC0A03-29C5-41F2-82A2-D98749877715}] => (Block) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD1EBCDE-8ADC-4D83-A2AE-32FB630E9AD8}] => (Block) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

20-09-2023 14:36:14 Windows Update
21-09-2023 05:08:22 Fine

==================== Faulty Device Manager Devices ============

Name: Killer Wireless-n/a/ac 1535 Wireless Network Adapter
Description: Killer Wireless-n/a/ac 1535 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: Qcamain10x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
==================
Error: (09/21/2023 11:58:06 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (09/21/2023 05:08:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {20ebd686-1441-4ffe-a539-b0b1b88a7936}

Error: (09/20/2023 08:50:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.3448 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 6fc

Start Time: 01d9ebceaea9cb28

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: b4ab49ef-2a77-4ca8-86f1-ac734eb389fe

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (09/20/2023 02:37:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WindowsPackageManagerServer.exe, version: 1.20.2308.8001, time stamp: 0x64d2bf36
Faulting module name: ntdll.dll, version: 10.0.19041.3393, time stamp: 0xfeef31d3
Exception code: 0xc0000374
Fault offset: 0x00000000000ff299
Faulting process id: 0x3548
Faulting application start time: 0x01d9ebf1758ad103
Faulting application path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.20.2201.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 15822c07-5692-4266-b135-a54d1de564a9
Faulting package full name: Microsoft.DesktopAppInstaller_1.20.2201.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: WinGetComServer

Error: (09/20/2023 02:37:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WindowsPackageManagerServer.exe, version: 1.20.2308.8001, time stamp: 0x64d2bf36
Faulting module name: ntdll.dll, version: 10.0.19041.3393, time stamp: 0xfeef31d3
Exception code: 0xc0000374
Fault offset: 0x00000000000ff299
Faulting process id: 0x1ea8
Faulting application start time: 0x01d9ebf174c1da15
Faulting application path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.20.2201.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 2c2ddcec-1f69-4890-a73f-5e11d9a545fd
Faulting package full name: Microsoft.DesktopAppInstaller_1.20.2201.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: WinGetComServer

Error: (09/20/2023 02:36:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {580b0dbf-96c9-4a0d-b27e-95f52b7fa8c1}

Error: (09/20/2023 11:58:06 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (09/20/2023 10:32:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhoneExperienceHost.exe, version: 1.23072.153.0, time stamp: 0x6492041a
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xe0434352
Fault offset: 0x000000000002cf19
Faulting process id: 0x217c
Faulting application start time: 0x01d9ebceb1686f8c
Faulting application path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23072.153.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: c07296b6-448a-4b7b-ae9d-be2f8c2ec45e
Faulting package full name: Microsoft.YourPhone_1.23072.153.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

System errors:
=============
Error: (09/20/2023 11:38:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PC Security Management Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/20/2023 11:38:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Intel® TPM Provisioning Service service to connect.

Error: (09/20/2023 11:37:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BDUS3VM)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (09/20/2023 11:37:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BDUS3VM)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (09/20/2023 09:27:42 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (09/20/2023 09:27:42 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (09/20/2023 10:28:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PC Security Management Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/20/2023 10:27:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Intel® TPM Provisioning Service service to connect.

Windows Defender:
================
Date: 2023-09-19 01:30:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-18 06:51:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Custom Scan

Date: 2023-09-18 06:49:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
Event[0]:

Date: 2023-09-18 03:20:01
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1146.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===============
Date: 2023-09-21 12:38:44
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\TotalAV\wscf.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. E17A2IMS.110 09/03/2018
Motherboard: Micro-Star International Co., Ltd. MS-17A2
Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 49%
Total physical RAM: 16340.14 MB
Available physical RAM: 8183.04 MB
Total Virtual: 18772.14 MB
Available Virtual: 6954.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.86 GB) (Free:183.58 GB) (Model: THNSN5256GPU7 TOSHIBA) NTFS
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:921.14 GB) (Model: HGST HTS721010A9E630) NTFS

\\?\Volume{52150db4-8d10-4f33-aa75-02bd108ce3a3}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{5c1ef463-4803-47df-b275-b17492f6bd3d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 38443C60)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 38443C49)

Partition: GPT.

==================== End of Addition.txt =======================

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 JSntgRvr

Malware Fighter

Malware Response Team
16,122 posts
OFFLINE

Gender:Male
Location:Puerto Rico
Local time:09:24 PM

Posted 22 September 2023 - 03:01 PM

Hi

Welcome

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
Please read ALL instructions carefully and perform the steps fully and in the order they are written.
If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
Continue to read and follow my instructions until I tell you that your machine is clean.
If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary.

Let's begin...

Please remove TotalAV (HKLM-x32\...\TotalAV) (Version: 5.23.174 - TotalAV) from your computer. It is a rouge program. Defender should be enough for Windows 10.

Highlight the entire content of the quote box below.

Start::

SystemRestore: On

CreateRestorePoint:

CloseProcesses:

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

GroupPolicy: Restriction ? <==== ATTENTION

GroupPolicy-Firefox: Restriction <==== ATTENTION

R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [274584 2023-08-09] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION

R1 webshieldfilter; C:\Windows\System32\drivers\webshieldfilter.sys [96264 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) <==== ATTENTION

CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe => No File

CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe => No File

U4 npcap_wifi; no ImagePath

Comment: Commands to reset settings and cleanup

StartRegedit:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]

"AutoReboot"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

"NoAutoUpdate"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=dword:00000005

"ConsentPromptBehaviorUser"=dword:00000003

"EnableLUA"=dword:00000001

EndRegedit:

StartBatch:

pushd\windows\system32

bcdedit.exe /export C:\exportBCDfile

bcdedit.exe /set {default} recoveryenabled yes

bcdedit /enum

sfc /scannow

DISM.exe /Online /Cleanup-image /Restorehealth

sfc /scannow

Endbatch:

StartBatch:

SETLOCAL ENABLEEXTENSIONS

echo userprofile=%USERPROFILE%

if not defined userprofile echo no userprofile&goto :eof

del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.dl*"

del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.ex*"

del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.zi*"

del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.sy*"

del /f /q "%userprofile%\AppData\Roaming\{*.*"

rd /s /q "%userprofile%\AppData\Roaming\discord\Cache"

rd /s /q "%userprofile%\AppData\Roaming\discord\code cache"

rd /s /q "%userprofile%\AppData\Roaming\discord\gpucache"

del /s /q "%userprofile%\AppData\Local\Temp\*.*"

del /f /q "%userprofile%\AppData\Local\*-gui"

del /f /q "%userprofile%\AppData\Roaming\*-gui"

:eof

EndBatch:

startpowershell:

Write-Output "PowerShell run 1"

Set-Service -Name "BITS" -StartupType Manual -Verbose

Set-Service -Name "Dhcp" -StartupType Automatic -Verbose

Set-Service -Name "EventLog" -StartupType Automatic -Verbose

Set-Service -Name "EventSystem" -StartupType Automatic -Verbose

Set-Service -Name "nsi" -StartupType Automatic -Verbose

Set-Service -Name "RasMan" -StartupType Manual -Verbose

Set-Service -Name "SDRSVC" -StartupType Manual -Verbose

Set-Service -Name "SstpSvc" -StartupType Manual -Verbose

Set-Service -Name "TrustedInstaller" -StartupType Manual -Verbose

Set-Service -Name "VSS" -StartupType Manual -Verbose

Set-Service -Name "Winmgmt" -StartupType Automatic -Verbose

Set-Service -Name "wuauserv" -StartupType Manual -Verbose

Set-Service -Name "windefend" -StartupType Automatic -Verbose

Set-Service -Name "securityhealthservice" -StartupType Manual -Verbose

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 1

Endpowershell:

StartBatch:

net start sdrsvc

net start vss

net start rpcss

net start eventsystem

net start winmgmt

net start msiserver

net start bfe

net start trustedinstaller

net start windefend

net start mpssvc

net start mpsdrv

Winmgmt /salvagerepository

Winmgmt /resetrepository

Winmgmt /resyncperf

Endbatch:

exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions

startpowershell:

Write-Output "PowerShell run 2"

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force

# Check computer status again after setting to make sure changes were applied

Get-MpComputerStatus

Get-MpPreference

Get-MpThreatDetection

# get statuses of services

Get-Service 'Terminal Server' | Select-Object -Property Name, StartType, Status

Get-Service BITS | Select-Object -Property Name, StartType, Status

Get-Service Dhcp | Select-Object -Property Name, StartType, Status

Get-Service EventLog | Select-Object -Property Name, StartType, Status

Get-Service EventSystem | Select-Object -Property Name, StartType, Status

Get-Service mbamservice | Select-Object -Property Name, StartType, Status

Get-Service mpsdrv | Select-Object -Property Name, StartType, Status

Get-Service MpsSvc | Select-Object -Property Name, StartType, Status

Get-Service msiserver | Select-Object -Property Name, StartType, Status

Get-Service nsi | Select-Object -Property Name, StartType, Status

Get-Service RasMan | Select-Object -Property Name, StartType, Status

Get-Service rpcss | Select-Object -Property Name, StartType, Status

Get-Service SDRSVC | Select-Object -Property Name, StartType, Status

Get-Service sense | Select-Object -Property Name, StartType, Status

Get-Service securityhealthservice | Select-Object -Property Name, StartType, Status

Get-Service SstpSvc | Select-Object -Property Name, StartType, Status

Get-Service TrustedInstaller | Select-Object -Property Name, StartType, Status

Get-Service UsoSvc | Select-Object -Property Name, StartType, Status

Get-Service VSS | Select-Object -Property Name, StartType, Status

Get-Service wdnissvc | Select-Object -Property Name, StartType, Status

Get-Service windefend | Select-Object -Property Name, StartType, Status

Get-Service Winmgmt | Select-Object -Property Name, StartType, Status

Get-Service wscsvc | Select-Object -Property Name, StartType, Status

Get-Service wuauserv | Select-Object -Property Name, StartType, Status

New-NetFirewallRule -DisplayName "Block Inb" -Direction Inbound –LocalPort 135-139, 445, 1234, 3389, 5555 -Protocol tcp -Action Block

New-NetFirewallRule -DisplayName "Block Inb" -Direction Inbound –LocalPort 135-139, 445, 1234, 3389, 5555 -Protocol udp -Action Block

wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}

EndPowerShell:

cmd: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v HiberbootEnabled

exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions

exportkey: hkcu\software\classes\ms-settings\shell\open\command

exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection

exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

exportkey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager

Comment: Use Farbar routine

C:\Windows\Temp\*.*

C:\WINDOWS\system32\*.tmp

C:\WINDOWS\system32\drivers\*.tmp

C:\WINDOWS\syswow64\*.tmp

startbatch:

del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"

del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\*.*"

del /s /q "%userprofile%\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\*.*"

del /s /q "%userprofile%\AppData\Local\Temp\*.exe"

del /s /q "%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\uwj5v52h.default\cache2\*.*"

del /s /q "%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\9drvj32f.default-release\cache2\*.*"

endbatch:

CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R

CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R

CMD: "C:\Windows\SysWOW64\lodctr.exe" /R

CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R

HOSTS:

Removeproxy:

CMD: fltmc instances

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset C:\resettcpip.txt

CMD: Bitsadmin /Reset /Allusers

Start Powershell:

Reset-AppxPackage -Package Microsoft.DesktopAppInstaller_1.20.2201.0_x64__8wekyb3d8bbwe

Reset-AppxPackage -Package Microsoft.YourPhone_1.23072.153.0_x64__8wekyb3d8bbwe

EndPowershell:

:

EMPTYTEMP:

End::

Right click on the highlighted text and select Copy.
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Download AdwCleaner and save it to your desktop.

Double click AdwCleaner.exe to run it.

When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status

Delete IFEO keys
Delete tracing keys
Delete Prefetch files
Reset Proxy
Reset IE Policies
Reset Chrome policies
Reset Winsock
Reset HOSTS file
Click Scan Now ...
When the scan has finished a Scan Results window will open.
Click Cancel (at this point do not attempt to Quarantine anything that is found)
Now click the Log Files tab ...
Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
A Notepad file will open containing the results of the scan.

Please post the contents of the file in your next reply.

Edited by JSntgRvr, 23 September 2023 - 08:37 AM.

No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed

#3 mek66861986

Topic Starter

Members
2 posts
OFFLINE

Local time:09:24 PM

Posted 22 September 2023 - 07:59 PM

The FRST fix never finishes. Waited an hour.

#4 JSntgRvr

Malware Fighter

Malware Response Team
16,122 posts
OFFLINE

Gender:Male
Location:Puerto Rico
Local time:09:24 PM

Posted 22 September 2023 - 10:04 PM

Run Adwcleaner and post its report.

No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed

#5 JSntgRvr

Malware Fighter

Malware Response Team
16,122 posts
OFFLINE

Gender:Male
Location:Puerto Rico
Local time:09:24 PM

Posted 23 September 2023 - 08:44 AM

RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.

So in summary, RKill just kills 32-bit and 64-bit malware processes and scans the registry for entries that would not allow you to run various legitimate programs. When scanning the Registry, Rkill will search for malicious Image File Execution Objects, DisallowRuns entries, executable hijacks, and policies that restrict your use of various Windows utilities. When changing Windows Registry entries it will create a backup of these entries and save them in the rkill folder on your desktop. Each registry backup will contain a time stamp so that the backups are not overwritten on subsequent runs of Rkill.

Since RKill only terminates processes and does not remove the offending files, when it is finished you should not reboot your computer. If you do, these malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.

RKill can be downloaded from the following location:

http://www.bleepingcomputer.com/download/rkill/

A report, rkill.log will be created in the root directory, usualy C:\. Post that report on your next reply

Download and run Rkill, but do not restart the computer. Then proceed as follows:

Please remove TotalAV (HKLM-x32\...\TotalAV) (Version: 5.23.174 - TotalAV) from your computer. It is a rouge program. Defender should be enough for Windows 10.

Highlight the entire content of the quote box below.

Start::

SystemRestore: On
CreateRestorePoint:
CloseProcesses:

CMD: nbtstat /R
CMD: nbtstat /RR

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [274584 2023-08-09] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
R1 webshieldfilter; C:\Windows\System32\drivers\webshieldfilter.sys [96264 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2817817263-1149758534-2480755746-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Michael King\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe => No File
U4 npcap_wifi; no ImagePath

Comment: Commands to reset settings and cleanup

StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
"AutoReboot"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001

EndRegedit:

StartBatch:
pushd\windows\system32
bcdedit.exe /export C:\exportBCDfile
bcdedit.exe /set {default} recoveryenabled yes
bcdedit /enum
sfc /scannow
DISM.exe /Online /Cleanup-image /Restorehealth
sfc /scannow
Endbatch:

StartBatch:
SETLOCAL ENABLEEXTENSIONS
echo userprofile=%USERPROFILE%
if not defined userprofile echo no userprofile&goto :eof
del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.dl*"
del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.ex*"
del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.zi*"
del /f /q "%userprofile%\AppData\Roaming\Microsoft\*.sy*"
del /f /q "%userprofile%\AppData\Roaming\{*.*"
rd /s /q "%userprofile%\AppData\Roaming\discord\Cache"
rd /s /q "%userprofile%\AppData\Roaming\discord\code cache"
rd /s /q "%userprofile%\AppData\Roaming\discord\gpucache"
del /s /q "%userprofile%\AppData\Local\Temp\*.*"
del /f /q "%userprofile%\AppData\Local\*-gui"
del /f /q "%userprofile%\AppData\Roaming\*-gui"
:eof
EndBatch:

startpowershell:
Write-Output "PowerShell run 1"

Set-Service -Name "BITS" -StartupType Manual -Verbose
Set-Service -Name "Dhcp" -StartupType Automatic -Verbose
Set-Service -Name "EventLog" -StartupType Automatic -Verbose
Set-Service -Name "EventSystem" -StartupType Automatic -Verbose
Set-Service -Name "nsi" -StartupType Automatic -Verbose
Set-Service -Name "RasMan" -StartupType Manual -Verbose
Set-Service -Name "SDRSVC" -StartupType Manual -Verbose
Set-Service -Name "SstpSvc" -StartupType Manual -Verbose
Set-Service -Name "TrustedInstaller" -StartupType Manual -Verbose
Set-Service -Name "VSS" -StartupType Manual -Verbose
Set-Service -Name "Winmgmt" -StartupType Automatic -Verbose
Set-Service -Name "wuauserv" -StartupType Manual -Verbose
Set-Service -Name "windefend" -StartupType Automatic -Verbose
Set-Service -Name "securityhealthservice" -StartupType Manual -Verbose
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 1
Endpowershell:

StartBatch:
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
net start windefend
net start mpssvc
net start mpsdrv
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:

exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions

startpowershell:
Write-Output "PowerShell run 2"

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force
# Check computer status again after setting to make sure changes were applied
Get-MpComputerStatus
Get-MpPreference
Get-MpThreatDetection
# get statuses of services
Get-Service 'Terminal Server' | Select-Object -Property Name, StartType, Status
Get-Service BITS | Select-Object -Property Name, StartType, Status
Get-Service Dhcp | Select-Object -Property Name, StartType, Status
Get-Service EventLog | Select-Object -Property Name, StartType, Status
Get-Service EventSystem | Select-Object -Property Name, StartType, Status
Get-Service mbamservice | Select-Object -Property Name, StartType, Status
Get-Service mpsdrv | Select-Object -Property Name, StartType, Status
Get-Service MpsSvc | Select-Object -Property Name, StartType, Status
Get-Service msiserver | Select-Object -Property Name, StartType, Status
Get-Service nsi | Select-Object -Property Name, StartType, Status
Get-Service RasMan | Select-Object -Property Name, StartType, Status
Get-Service rpcss | Select-Object -Property Name, StartType, Status
Get-Service SDRSVC | Select-Object -Property Name, StartType, Status
Get-Service sense | Select-Object -Property Name, StartType, Status
Get-Service securityhealthservice | Select-Object -Property Name, StartType, Status
Get-Service SstpSvc | Select-Object -Property Name, StartType, Status
Get-Service TrustedInstaller | Select-Object -Property Name, StartType, Status
Get-Service UsoSvc | Select-Object -Property Name, StartType, Status
Get-Service VSS | Select-Object -Property Name, StartType, Status
Get-Service wdnissvc | Select-Object -Property Name, StartType, Status
Get-Service windefend | Select-Object -Property Name, StartType, Status
Get-Service Winmgmt | Select-Object -Property Name, StartType, Status
Get-Service wscsvc | Select-Object -Property Name, StartType, Status
Get-Service wuauserv | Select-Object -Property Name, StartType, Status
New-NetFirewallRule -DisplayName "Block Inb" -Direction Inbound LocalPort 135-139, 445, 1234, 3389, 5555 -Protocol tcp -Action Block
New-NetFirewallRule -DisplayName "Block Inb" -Direction Inbound LocalPort 135-139, 445, 1234, 3389, 5555 -Protocol udp -Action Block
wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}
EndPowerShell:

cmd: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v HiberbootEnabled
exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions
exportkey: hkcu\software\classes\ms-settings\shell\open\command
exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
exportkey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager

Comment: Use Farbar routine

C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\system32\drivers\*.tmp
C:\WINDOWS\syswow64\*.tmp

startbatch:
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\*.*"
del /s /q "%userprofile%\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\*.*"
del /s /q "%userprofile%\AppData\Local\Temp\*.exe"
del /s /q "%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\uwj5v52h.default\cache2\*.*"
del /s /q "%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\9drvj32f.default-release\cache2\*.*"
endbatch:

CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
HOSTS:
Removeproxy:
CMD: fltmc instances
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: Bitsadmin /Reset /Allusers

Start Powershell:
Reset-AppxPackage -Package Microsoft.DesktopAppInstaller_1.20.2201.0_x64__8wekyb3d8bbwe
Reset-AppxPackage -Package Microsoft.YourPhone_1.23072.153.0_x64__8wekyb3d8bbwe
EndPowershell:
:

EMPTYTEMP:
End::

Right click on the highlighted text and select Copy.
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Edited by JSntgRvr, 23 September 2023 - 09:00 AM.

No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed

Back to Virus, Trojan, Spyware, and Malware Removal Help