How Can I Prevent Powershell From Being Hijacked Again?

Hello.

Here’s the FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021

Ran by alika (administrator) on DENOFMUTANTSPC (Gigabyte Technology Co., Ltd. B460M DS3H AC-Y1) (23-12-2021 15:20:47)

Running from C:UsersalikaDesktop

Loaded Profiles: alika

Platform: Microsoft Windows 10 Home Version 21H1 19043.1415 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:Program FilesWindowsAppsAppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe

(Gaijin Network LTD -> Gaijin) C:UsersalikaAppDataLocalGaijinProgram Files (x86)NetAgentgjagent.exe

(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:Program Files (x86)GIGABYTERGBFusionRGBFusion.exe

(HP Inc. -> HP Inc.) C:Program FilesHPPrintScanDoctorHPPrintScanDoctorService.exe

(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorylms.inf_amd64_fddb643595e0b8d0LMS.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe <16>

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunAppVShNotify.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16ONENOTEM.EXE

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwegamingservices.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwegamingservicesnet.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.MicrosoftStickyNotes_4.2.2.0_x64__8wekyb3d8bbweMicrosoft.Notes.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbweCalculator.exe

(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbweHxOutlook.exe

(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbweHxTsr.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32CastSrv.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MsMpEng.exe

(NetSupport Ltd -> NetSupport Ltd) C:UsersalikaAppDataRoamingWinSupUpdateclient32.exe

(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvsphelper64.exe

(Nvidia Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynvmdi.inf_amd64_9413e5ce3f1b6ec6Display.NvContainerNVDisplay.Container.exe <2>

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_7b66b6662cf6d72bRtkAudUService64.exe <2>

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [RtkAudUService] => C:WINDOWSSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_7b66b6662cf6d72bRtkAudUService64.exe [1220312 2021-02-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM…Run: [Logitech Download Assistant] => C:WindowsSystem32LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)

HKLM-x32…RunOnce: [SelLed] => C:Program Files (x86)GIGABYTERGBFusionRunLed.exe [50096 2019-04-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )

HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION

HKUS-1-5-21-3361791484-2456666798-2596221411-1002…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [4110568 2021-07-20] (Valve -> Valve Corporation)

HKUS-1-5-21-3361791484-2456666798-2596221411-1002…Run: [GogGalaxy] => C:Program Files (x86)GOG GalaxyGalaxyClient.exe [13728096 2021-08-19] (GOG Sp. z o.o. -> GOG.com)

HKUS-1-5-21-3361791484-2456666798-2596221411-1002…Run: [Gaijin.Net Updater] => C:UsersalikaAppDataLocalGaijinProgram Files (x86)NetAgentgjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)

HKUS-1-5-18…Policiessystem: [DisableCMD] 1

Startup: C:UsersalikaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupautoruns.ini.lnk [2021-11-25]

ShortcutTarget: autoruns.ini.lnk -> C:UsersalikaAppDataRoamingWinSupUpdateclient32.exe (NetSupport Ltd -> NetSupport Ltd)

Startup: C:UsersalikaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSend to OneNote.lnk [2021-12-22]

ShortcutTarget: Send to OneNote.lnk -> C:Program FilesMicrosoft OfficerootOffice16ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0502AC98-CF92-4193-8232-B2EE005A99D0} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [8388528 2021-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {19F3B936-6A33-4FC9-82DC-2FF7D8A29DE5} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {287D392C-2836-407C-90D9-45F3B42417F3} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {2F60C254-D4BF-4DBF-B133-F4140E13CD35} – System32TasksMicrosoftWindowsWindowsUpdateRUXIMRUXIMSync => C:Program Filesruximruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation)

Task: {331E8A22-3D2D-40E8-80C3-292FB73D2335} – System32TasksIntel PTT EK Recertification => C:WINDOWSSystem32DriverStoreFileRepositoryiclsclient.inf_amd64_75ffca5eec865b4blibIntelPTTEKRecertification.exe [918288 2020-04-22] (Intel® Trust Services -> Intel® Corporation)

Task: {3366DA2D-F931-4809-B597-C8143107F061} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log

Task: {35849F24-609A-4447-8781-C766234F3888} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {587DD5B9-B39D-4F60-AAB0-88687F0660CF} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {6E0443BE-5D45-46AC-B033-3CA7E270D0E2} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log

Task: {7377D38F-A12C-4A01-AACE-905DA2EA9FE0} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [138584 2021-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {73B5B933-A7E2-4C81-9D52-BD38E3581156} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {74827B2F-9F27-4309-971A-16CF03A2AA55} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {8184D3D0-EE57-452D-8A8E-4778822EFB99} – System32TasksMicrosoftWindowsWindowsUpdateRUXIMRUXIMDisplay => C:Program Filesruximruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation)

Task: {8FDA6A83-5379-4667-B33C-203C046859CE} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {A51AECCF-9C26-4CC4-ABFD-40FA3C57866F} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {AB13A331-1CD8-4BE2-A264-636BCAEB5892} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {B384F13F-E308-4578-BE75-9BAA6E069487} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {B9A85EE2-9B95-42F9-8161-A876BBDEF4C5} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {C0144DDB-9C49-451B-B525-9CE619706956} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {C0A0AB66-FDC8-4544-8583-FDF6A27A0056} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [8388528 2021-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {C0E93082-4F96-4FEA-A35A-1551D0F59ACC} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {DE03FBEF-1713-4AB6-BD1E-2333A964E09C} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [138584 2021-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {FE61EF67-1C03-47B8-9B43-CAC2240A03F8} – System32TasksMicrosoftVisualStudioUpdatesBackgroundDownload => C:Program Files (x86)Microsoft Visual StudioInstallerresourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceBackgroundDownload.exe [66480 2021-12-05] (Microsoft Corporation -> Microsoft)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

TcpipParameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip..Interfaces{7b78fdd4-2155-42e6-b47a-3980f6c3a646}: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

Edge: 

=======

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

Edge DefaultProfile: Default

Edge Profile: C:UsersalikaAppDataLocalMicrosoftEdgeUser DataDefault [2021-12-23]

Edge Notifications: Default -> hxxps://business.facebook.com

Edge Extension: (Honey) – C:UsersalikaAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsamnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-08-26]

Edge Extension: (LastPass: Free Password Manager) – C:UsersalikaAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsbbcinlkgjjkejfdpemiealijmmooekmp [2021-12-13]

Edge Extension: (Dark Mode) – C:UsersalikaAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsboldmdfoencgjfblcelefkjfafmpiahm [2021-11-12]

Edge Extension: (Dark Reader) – C:UsersalikaAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsifoakfbpdcdoeenechcleahebpibofpc [2021-12-11]

Edge Extension: (Malwarebytes Browser Guard) – C:UsersalikaAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsihcjicgdanjaechkgeegckofjjedodee [2021-12-17]

Edge Extension: (DownThemAll!) – C:UsersalikaAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsjpoejhkgodelnaphoboelpncggcmbcjl [2021-12-20]

Edge HKLM-x32…EdgeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

 

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:Program Files (x86)ArcPluginsnpArcPluginFF.dll [No File]

FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:Program Files (x86)TabletPluginsnpwacom.dll [2011-04-20] (Wacom, Inc.) [File not signed]

FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 -> C:Program Files (x86)TabletPluginsnpWacomTabletPlugin.dll [2011-12-24] (Wacom) [File not signed]

FF Plugin HKUS-1-5-21-3361791484-2456666798-2596221411-1002: wacom.com/WacomTabletPlugin -> C:Program Files (x86)TabletPluginsnpWacomTabletPlugin.dll [2011-12-24] (Wacom) [File not signed]

 

Chrome: 

=======

CHR HKLM-x32…ChromeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ArcService; C:Program Files (x86)ArcArcService.exe [125656 2021-09-16] (Perfect World Entertainment -> Perfect World Entertainment Inc)

S2 AsusUpdateCheck; C:WINDOWSSystem32AsusUpdateCheck.exe [768408 2020-04-17] (ASUSTeK Computer Inc. -> )

R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [12129128 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)

S3 GalaxyClientService; C:Program Files (x86)GOG GalaxyGalaxyClientService.exe [1955680 2021-08-19] (GOG Sp. z o.o. -> GOG.com)

S3 GalaxyCommunication; C:ProgramDataGOG.comGalaxyredistsGalaxyCommunication.exe [6484832 2021-08-10] (GOG Sp. z o.o. -> GOG.com)

R2 HPPrintScanDoctorService; C:Program FilesHPPrintScanDoctorHPPrintScanDoctorService.exe [299680 2021-11-01] (HP Inc. -> HP Inc.)

R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7901368 2021-12-17] (Malwarebytes Inc -> Malwarebytes)

S2 TabletServiceWacom; C:Program FilesTabletWacomWacom_Tablet.exe [7515000 2012-01-23] (Wacom Technology Corp. -> Wacom Technology, Corp.)

S3 VSStandardCollectorService150; C:Program Files (x86)Microsoft Visual StudioSharedCommonDiagnosticsHub.Collection.ServiceStandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynvmdi.inf_amd64_9413e5ce3f1b6ec6Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynvmdi.inf_amd64_9413e5ce3f1b6ec6Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AmdTools64; C:WINDOWSSystem32driversAmdTools64.sys [63392 2020-06-15] (Microsoft Windows Hardware Compatibility Publisher -> )

R1 EneTechIo; C:Windowssystem32driversene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )

R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [160176 2021-12-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 gdrv2; C:Windowsgdrv2.sys [32600 2020-09-26] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)

R3 GVCIDrv; C:Program Files (x86)GIGABYTERGBFusionGVCIDrv64.sys [18432 2019-12-08] (Microsoft Windows Hardware Compatibility Publisher -> )

S3 iVCam; C:WINDOWSsystem32DRIVERSiVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)

R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [210352 2021-12-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [193448 2021-12-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [69040 2021-12-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-12-17] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [149424 2021-12-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S1 MSIO; C:WINDOWSsystem32driversMsIo64.sys [17424 2021-11-24] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)

R3 VBAudioVMVAIOMME; C:WINDOWSSystem32driversvbaudio_vmvaio64_win10.sys [71712 2020-12-04] (Vincent Burel -> Windows ® Win 7 DDK provider)

S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-12-23 15:20 – 2021-12-23 15:21 – 000021102 _____ C:UsersalikaDesktopFRST.txt

2021-12-20 17:18 – 2021-12-20 17:32 – 000051899 _____ C:UsersalikaDesktopAddition1.txt

2021-12-20 17:17 – 2021-12-20 17:19 – 000041410 _____ C:UsersalikaDesktopFRST1.txt

2021-12-20 17:15 – 2021-12-20 17:16 – 002311168 _____ (Farbar) C:UsersalikaDesktopFRST64.exe

2021-12-20 17:02 – 2021-12-23 15:21 – 000000000 ____D C:FRST

2021-12-20 15:30 – 2021-12-20 16:49 – 000000000 ____D C:UsersalikaDownloadsdownthemall

2021-12-20 13:17 – 2021-12-22 20:46 – 000000000 ____D C:UsersalikaDocumentsOneNote Notebooks

2021-12-20 01:40 – 2021-12-20 01:40 – 000000757 _____ C:UsersalikaAppDataLocalrecently-used.xbel

2021-12-20 00:00 – 2021-12-20 00:00 – 024391786 _____ C:UsersalikaDownloadsMTTM Sharknado 6.wav.reapeaks

2021-12-19 23:59 – 2021-12-20 00:58 – 000060378 _____ C:UsersalikaDesktopsharknado6.rpp

2021-12-19 23:59 – 2021-12-20 00:28 – 000060378 _____ C:UsersalikaDesktopsharknado6.rpp-bak

2021-12-19 16:41 – 2021-12-19 16:43 – 2513260238 _____ C:UsersalikaDownloadsMTTM Sharknado 6.wav

2021-12-18 00:27 – 2021-12-18 00:27 – 000000219 _____ C:UsersalikaAppDataLocalkritadisplayrc

2021-12-17 21:22 – 2021-12-17 21:24 – 000000000 ____D C:AdwCleaner

2021-12-17 21:22 – 2021-12-17 21:22 – 008540344 _____ (Malwarebytes) C:UsersalikaDownloadsadwcleaner_8.3.1.exe

2021-12-17 17:58 – 2021-12-17 17:58 – 000000000 ____D C:UsersalikaAppDataRoamingSuspiciousFiles

2021-12-17 16:56 – 2021-12-17 16:56 – 000018113 _____ C:UsersalikaDesktopIC3 Complaint Referral Form.html

2021-12-17 16:56 – 2021-12-17 16:56 – 000000000 ____D C:UsersalikaDesktopIC3 Complaint Referral Form_files

2021-12-17 14:57 – 2021-12-17 14:57 – 000569673 _____ C:UsersalikaDownloadsLaw Enforcement Cyber Incident Reporting.pdf

2021-12-17 14:12 – 2021-12-17 14:12 – 000199831 _____ C:UsersalikaDesktop11_24_21_powershellevents.txt

2021-12-17 12:53 – 2021-12-17 12:53 – 000002664 _____ C:UsersalikaDesktopMalwarebytes.txt

2021-12-17 12:49 – 2021-12-17 12:49 – 000193448 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys

2021-12-17 12:49 – 2021-12-17 12:49 – 000149424 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys

2021-12-17 12:49 – 2021-12-17 12:49 – 000069040 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys

2021-12-17 12:48 – 2021-12-17 12:48 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2021-12-17 12:48 – 2021-12-17 12:48 – 000210352 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys

2021-12-17 12:48 – 2021-12-17 12:48 – 000160176 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys

2021-12-17 12:48 – 2021-12-17 12:48 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys

2021-12-17 12:48 – 2021-12-17 12:48 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk

2021-12-17 12:48 – 2021-12-17 12:48 – 000002028 _____ C:UsersPublicDesktopMalwarebytes.lnk

2021-12-17 12:48 – 2021-12-17 12:48 – 000000000 ____D C:UsersalikaAppDataLocalmbam

2021-12-17 12:47 – 2021-12-17 12:47 – 002910904 _____ (Malwarebytes) C:UsersalikaDownloadsMBSetup.exe

2021-12-17 12:47 – 2021-12-17 12:47 – 000000000 ____D C:ProgramDataMalwarebytes

2021-12-17 12:47 – 2021-12-17 12:47 – 000000000 ____D C:Program FilesMalwarebytes

2021-12-17 11:50 – 2021-12-17 11:50 – 000000000 ____D C:WINDOWSSystemTemp

2021-12-17 11:09 – 2021-12-17 11:09 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe

2021-12-17 11:09 – 2021-12-17 11:09 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe

2021-12-17 11:09 – 2021-12-17 11:09 – 000162816 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe

2021-12-17 11:09 – 2021-12-17 11:09 – 000011979 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-12-17 10:59 – 2021-12-17 10:59 – 000000000 ___HD C:$WinREAgent

2021-12-16 18:39 – 2021-12-17 11:50 – 119013376 _____ C:WINDOWSsystem32configSOFTWARE

2021-12-16 18:39 – 2021-12-16 18:39 – 000000000 ____D C:WINDOWSMicrosoft Antimalware

2021-12-16 17:45 – 2021-12-16 17:45 – 000141400 _____ C:UsersalikaDesktopPowershell.txt

2021-12-16 17:31 – 2021-12-16 19:02 – 000011874 _____ C:UsersalikaDesktopFirewall.txt

2021-12-12 18:54 – 2021-12-12 18:54 – 000003592 _____ C:WINDOWSsystem32TasksOneDrive Reporting Task-S-1-5-21-3361791484-2456666798-2596221411-1002

2021-12-07 20:01 – 2021-12-07 20:01 – 000000000 ____D C:UsersalikaAppDataLocalCMakeTools

2021-12-07 00:17 – 2021-12-07 00:17 – 000001194 _____ C:UsersalikaAppDataRoamingMicrosoftWindowsStart MenuProgramscmake-gui.lnk

2021-12-06 21:32 – 2021-12-06 21:32 – 000000000 ____D C:UsersalikaAppDataLocalLowTemp

2021-12-06 02:03 – 2021-12-06 02:03 – 000000631 _____ C:UsersalikaDesktoptest.lua

2021-12-05 19:44 – 2021-12-05 19:44 – 000000000 ____D C:UsersalikaAppDataRoamingNuGet

2021-12-05 19:22 – 2021-12-05 19:22 – 000000000 ____D C:Usersalikasource

2021-12-05 19:21 – 2021-12-05 19:21 – 000000000 ____D C:UsersalikaAppDataLocalServiceHub

2021-12-05 19:21 – 2021-12-05 19:21 – 000000000 ____D C:UsersalikaAppDataLocalIdentityNexusIntegration

2021-12-05 19:19 – 2021-12-05 19:29 – 000000000 ____D C:UsersalikaDocumentsVisual Studio 2022

2021-12-05 19:18 – 2021-12-09 18:23 – 000000000 ____D C:UsersalikaAppDataLocal.IdentityService

2021-12-05 19:17 – 2021-12-06 21:30 – 000000000 ____D C:ProgramDataIncrediBuild

2021-12-05 19:17 – 2021-09-20 08:41 – 000254904 _____ (IncrediBuild Software Ltd.) C:WINDOWSSysWOW64xgInterop.dll

2021-12-05 19:17 – 2021-09-20 08:41 – 000056248 _____ (IncrediBuild Software Ltd.) C:WINDOWSSysWOW64xgWin.dll

2021-12-05 19:15 – 2021-12-05 19:18 – 000000000 ____D C:Program FilesApplication Verifier

2021-12-05 19:15 – 2021-12-05 19:18 – 000000000 ____D C:Program Files (x86)Application Verifier

2021-12-05 19:15 – 2021-12-05 19:15 – 000000000 ____D C:ProgramDataWindows App Certification Kit

2021-12-05 19:15 – 2021-12-05 19:15 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWindows Kits

2021-12-05 19:13 – 2019-12-06 16:35 – 000374784 _____ (Windows ® Win 7 DDK provider) C:WINDOWSsystem32DXCpl.exe

2021-12-05 19:13 – 2019-12-06 16:34 – 000417792 _____ C:WINDOWSsystem32d3dconfig.exe

2021-12-05 19:13 – 2019-12-06 16:27 – 000347136 _____ (Windows ® Win 7 DDK provider) C:WINDOWSSysWOW64DXCpl.exe

2021-12-05 19:13 – 2019-12-06 16:26 – 000365056 _____ C:WINDOWSSysWOW64d3dconfig.exe

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW643082

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW642052

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641055

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641049

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641046

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641045

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641042

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641041

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641040

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641036

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641033

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641031

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641029

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSSysWOW641028

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem323082

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem322052

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321055

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321049

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321046

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321045

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321042

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321041

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321040

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321036

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321033

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321031

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321029

2021-12-05 19:12 – 2021-12-05 19:12 – 000000000 ____D C:WINDOWSsystem321028

2021-12-05 19:11 – 2021-12-05 19:16 – 000000000 ____D C:Program Files (x86)Microsoft SDKs

2021-12-05 19:11 – 2021-12-05 19:11 – 000000000 ____D C:Program FilesMicrosoft SQL Server

2021-12-05 19:10 – 2021-12-05 19:10 – 000001764 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio 2022.lnk

2021-12-05 19:10 – 2021-12-05 19:10 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio 2022

2021-12-05 19:10 – 2021-12-05 19:10 – 000000000 ____D C:Program FilesMicrosoft Visual Studio

2021-12-05 19:02 – 2021-12-05 19:19 – 000000000 ____D C:ProgramDataMicrosoft Visual Studio

2021-12-05 19:02 – 2021-12-05 19:10 – 000000000 ____D C:Program Files (x86)Microsoft Visual Studio

2021-12-05 19:02 – 2021-12-05 19:02 – 000001440 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio Installer.lnk

2021-12-05 19:02 – 2021-12-05 19:02 – 000000000 ____D C:UsersalikaAppDataRoamingVisual Studio Setup

2021-12-05 18:58 – 2021-12-12 17:21 – 000033725 _____ C:UsersalikaDesktopsharknado4.rpp

2021-12-05 18:58 – 2021-12-12 15:17 – 000033725 _____ C:UsersalikaDesktopsharknado4.rpp-bak

2021-12-02 00:58 – 2021-12-02 00:58 – 000000898 _____ C:UsersalikaAppDataRoamingMicrosoftWindowsStart MenuProgramsiupview.lnk

2021-11-28 21:23 – 2021-11-28 21:23 – 000034456 _____ C:UsersalikaDesktopfinal.rpp

2021-11-24 23:06 – 2021-11-24 23:06 – 000017424 _____ (MICSYS Technology Co., LTd) C:WINDOWSsystem32DriversMsIo64.sys

2021-11-24 23:06 – 2021-11-24 23:06 – 000002213 _____ C:UsersPublicDesktopRGBFusion 2.0.lnk

2021-11-24 23:06 – 2021-11-24 23:06 – 000000000 ____D C:UsersalikaAppDataLocalDownloaded Installations

2021-11-24 23:06 – 2021-11-24 23:06 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAORUS

2021-11-24 23:05 – 2021-12-23 13:07 – 000000000 ____D C:UsersalikaAppDataLocalGBTTemp

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-12-23 15:14 – 2021-09-13 01:03 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-12-23 15:13 – 2019-12-07 04:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-12-23 14:28 – 2021-09-13 01:13 – 000840598 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-12-23 14:28 – 2019-12-07 04:13 – 000000000 ____D C:WINDOWSINF

2021-12-23 13:11 – 2021-10-10 17:49 – 000000000 ____D C:UsersalikaAppDataLocalWarThunder

2021-12-23 13:10 – 2021-11-05 12:55 – 000004168 _____ C:WINDOWSsystem32TasksUser_Feed_Synchronization-{7D554CC6-E3B5-4B5C-862F-82FDA151E34D}

2021-12-23 13:10 – 2020-09-26 09:01 – 000000000 ____D C:ProgramDataNVIDIA

2021-12-23 02:12 – 2021-11-02 20:52 – 000000000 ____D C:UsersalikaAppDataRoamingCode

2021-12-23 02:08 – 2020-12-01 21:57 – 000000000 ____D C:UsersalikaAppDataLocalCrashDumps

2021-12-22 11:30 – 2021-11-06 11:26 – 000000000 ____D C:UsersalikaDocumentsCustom Office Templates

2021-12-22 11:23 – 2019-12-07 04:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-12-22 11:23 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-12-20 01:40 – 2021-11-05 12:54 – 000000000 ____D C:UsersalikaAppDataRoaminginkscape

2021-12-20 01:21 – 2021-11-05 12:54 – 000000000 ____D C:Usersalika.dbus-keyrings

2021-12-19 16:42 – 2020-11-26 13:44 – 000002445 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-12-18 00:27 – 2021-02-25 16:01 – 000022226 _____ C:UsersalikaAppDataLocalkritarc

2021-12-17 22:37 – 2020-03-31 21:29 – 000000000 ____D C:Program FilesMicrosoft Office

2021-12-17 21:32 – 2021-11-02 20:52 – 000000000 ____D C:UsersalikaAppDataRoamingMicrosoftWindowsStart MenuProgramsVisual Studio Code

2021-12-17 21:09 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSregistration

2021-12-17 20:43 – 2021-11-17 23:57 – 000116200 _____ (Microsoft Corporation) C:WINDOWSsystem32gamelaunchhelper.dll

2021-12-17 20:43 – 2020-12-04 19:57 – 000131072 _____ (Microsoft Corporation) C:WINDOWSsystem32gamingtcuihelpers.dll

2021-12-17 20:43 – 2020-03-31 21:28 – 002225640 _____ (Microsoft Corporation) C:WINDOWSsystem32xgameruntime.dll

2021-12-17 20:43 – 2020-03-31 21:28 – 000333288 _____ (Microsoft Corporation) C:WINDOWSsystem32gameplatformservices.dll

2021-12-17 20:43 – 2020-03-31 21:28 – 000217536 _____ (Microsoft Corporation) C:WINDOWSsystem32gamingservicesproxy.dll

2021-12-17 20:43 – 2020-03-31 21:28 – 000197048 _____ (Microsoft Corporation) C:WINDOWSsystem32gameconfighelper.dll

2021-12-17 20:43 – 2020-03-31 21:28 – 000062952 _____ (Microsoft Corporation) C:WINDOWSsystem32gamemodcontrol.exe

2021-12-17 17:00 – 2019-12-07 04:03 – 000032768 _____ C:WINDOWSsystem32configELAM

2021-12-17 15:54 – 2021-10-10 17:49 – 000000000 ____D C:UsersalikaDocumentsMy Games

2021-12-17 12:55 – 2021-09-13 01:05 – 000000000 ____D C:Usersalika

2021-12-17 12:48 – 2019-12-07 04:14 – 000000000 ___HD C:WINDOWSELAMBKUP

2021-12-17 11:51 – 2021-09-13 01:09 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-12-17 11:51 – 2021-09-13 01:03 – 000452064 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-12-17 11:50 – 2021-09-13 01:03 – 000008192 ___SH C:DumpStack.log.tmp

2021-12-17 11:50 – 2019-12-07 04:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-12-17 11:50 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSSystemResources

2021-12-17 11:50 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32setup

2021-12-17 11:50 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-12-17 11:50 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32lv-LV

2021-12-17 11:50 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32lt-LT

2021-12-17 11:50 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32et-EE

2021-12-17 11:50 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32es-MX

2021-12-17 11:50 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSProvisioning

2021-12-17 11:50 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-12-17 11:50 – 2019-12-07 04:03 – 000786432 _____ C:WINDOWSsystem32configBBI

2021-12-17 11:13 – 2019-12-07 04:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-12-17 10:58 – 2020-11-25 18:59 – 000000000 ____D C:WINDOWSsystem32MRT

2021-12-17 10:57 – 2020-04-17 18:00 – 137938848 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-12-16 18:39 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSPolicyDefinitions

2021-12-16 18:39 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSDiagTrack

2021-12-16 16:06 – 2020-12-05 22:07 – 000000000 ____D C:UsersalikaAppDataLocalElevatedDiagnostics

2021-12-16 00:04 – 2020-03-31 21:25 – 000000000 ____D C:WINDOWSsystem32Driverswd

2021-12-12 18:54 – 2021-09-13 01:09 – 000003378 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-3361791484-2456666798-2596221411-1002

2021-12-12 18:54 – 2021-09-13 01:05 – 000002435 _____ C:UsersalikaAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-12-12 17:05 – 2020-12-01 22:18 – 000000000 ____D C:UsersalikaAppDataLocalD3DSCache

2021-12-10 23:53 – 2021-10-05 05:46 – 000003386 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore1d7a8657afc2a45

2021-12-10 23:53 – 2021-09-13 01:09 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-12-09 16:32 – 2020-11-25 13:39 – 000000000 ____D C:UsersalikaAppDataLocalPackages

2021-12-06 01:02 – 2021-11-04 16:46 – 000000000 ___RD C:msys64

2021-12-05 19:18 – 2020-11-26 13:57 – 000000000 ____D C:ProgramDataPackage Cache

2021-12-05 19:11 – 2021-09-13 04:50 – 000000000 ____D C:Program Files (x86)MSBuild

2021-12-05 19:11 – 2020-12-04 19:57 – 000000000 ____D C:Program Files (x86)Windows Kits

2021-12-05 19:11 – 2019-12-07 04:14 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared

2021-12-02 00:54 – 2021-02-25 16:13 – 000000090 _____ C:UsersalikaAppDataLocalkritashortcutsrc

2021-12-01 11:58 – 2021-11-01 14:46 – 000000000 ___RD C:MyLibs

2021-11-29 18:06 – 2020-11-24 21:38 – 000000000 ____D C:UsersalikaAppDataLocalComms

2021-11-29 00:23 – 2020-03-31 21:28 – 000000000 __RHD C:UsersPublicAccountPictures

2021-11-28 16:20 – 2021-11-21 22:44 – 000034497 _____ C:UsersalikaDesktopghidorah.rpp

2021-11-28 16:11 – 2021-11-21 22:44 – 000032694 _____ C:UsersalikaDesktopghidorah.rpp-bak

2021-11-28 04:49 – 2021-11-22 12:59 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsLua

2021-11-24 23:06 – 2020-09-26 09:03 – 000000000 ____D C:Program FilesENE

2021-11-24 23:04 – 2021-01-22 12:58 – 000000000 ____D C:UsersalikaAppDataRoamingdiscord

2021-11-24 22:07 – 2021-01-22 12:58 – 000000000 ____D C:UsersalikaAppDataLocalDiscord

 

==================== Files in the root of some directories ========

 

2020-12-04 20:51 – 2021-01-17 16:39 – 000004641 _____ () C:UsersalikaAppDataRoamingVoiceMeeterDefault.xml

2020-12-13 15:34 – 2020-12-13 15:43 – 000000447 _____ () C:UsersalikaAppDataLocalkdeglobals

2020-12-13 15:31 – 2020-12-13 15:31 – 000007032 _____ () C:UsersalikaAppDataLocalkdenlive-layoutsrc

2020-12-13 15:31 – 2021-11-12 14:51 – 000004473 _____ () C:UsersalikaAppDataLocalkdenliverc

2021-02-25 16:01 – 2021-12-18 00:26 – 000002500 _____ () C:UsersalikaAppDataLocalkrita-sysinfo.log

2021-02-25 16:01 – 2021-12-18 00:27 – 000102952 _____ () C:UsersalikaAppDataLocalkrita.log

2021-12-18 00:27 – 2021-12-18 00:27 – 000000219 _____ () C:UsersalikaAppDataLocalkritadisplayrc

2021-02-25 16:01 – 2021-12-18 00:27 – 000022226 _____ () C:UsersalikaAppDataLocalkritarc

2021-02-25 16:13 – 2021-12-02 00:54 – 000000090 _____ () C:UsersalikaAppDataLocalkritashortcutsrc

2021-12-20 01:40 – 2021-12-20 01:40 – 000000757 _____ () C:UsersalikaAppDataLocalrecently-used.xbel

2021-09-13 15:25 – 2021-09-13 15:25 – 000007605 _____ () C:UsersalikaAppDataLocalResmon.ResmonCfg

2020-12-13 15:32 – 2020-12-13 15:32 – 000004661 _____ () C:UsersalikaAppDataLocaluser-places.xbel

2020-12-13 15:32 – 2020-12-13 15:32 – 000002573 _____ () C:UsersalikaAppDataLocaluser-places.xbel.bak

2020-12-13 15:32 – 2020-12-13 15:32 – 000000000 _____ () C:UsersalikaAppDataLocaluser-places.xbel.tbcache

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

Here’s the Addition.txt. Thanks!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021

Ran by alika (23-12-2021 15:21:53)

Running from C:UsersalikaDesktop

Microsoft Windows 10 Home Version 21H1 19043.1415 (X64) (2021-09-13 06:09:31)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-3361791484-2456666798-2596221411-500 – Administrator – Disabled)

alika (S-1-5-21-3361791484-2456666798-2596221411-1002 – Administrator – Enabled) => C:Usersalika

DefaultAccount (S-1-5-21-3361791484-2456666798-2596221411-503 – Limited – Disabled)

Guest (S-1-5-21-3361791484-2456666798-2596221411-501 – Limited – Enabled)

WDAGUtilityAccount (S-1-5-21-3361791484-2456666798-2596221411-504 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Application Verifier x64 External Package (HKLM…{8A4CD158-E6B3-6D91-D7DE-10098BC980E2}) (Version: 10.1.19041.685 – Microsoft) Hidden

Application Verifier x64 External Package (HKLM…{AC5F4E9F-E468-6519-3980-C1EC3F801018}) (Version: 10.1.20348.1 – Microsoft) Hidden

Arc (HKLM-x32…{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 – Perfect World Entertainment)

Bonjour (HKLM…{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 – Apple Inc.)

Cyberpunk 2077 (HKLM-x32…1423049311_is1) (Version: 1.3 – GOG.com)

DiagnosticsHub_CollectionService (HKLM…{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 – Microsoft Corporation) Hidden

Discord (HKUS-1-5-21-3361791484-2456666798-2596221411-1002…Discord) (Version: 0.0.309 – Discord Inc.)

Dynamic Application Loader Host Interface Service (HKLM…{DF094182-7FEF-4EE4-AC15-F8CC43844A12}) (Version: 1.0.0.0 – Intel Corporation) Hidden

ENE RGB HAL (HKLM…{8DA1B230-D82E-4A24-9237-363E2E1E2695}) (Version: 1.0.21.0 – Ene Tech.) Hidden

ENE RGB HAL (HKLM-x32…{bb670f8d-3d66-4f36-8e60-02b71bb0a4e9}) (Version: 1.0.21.0 – Ene Tech.) Hidden

ENE_AIC_Marvell_HAL (HKLM…{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.7.0 – ENE TECHNOLOGY INC.) Hidden

ENE_AIC_Marvell_HAL (HKLM-x32…{887e18fb-6bc3-4cd4-b34e-32d9ff71bbae}) (Version: 1.0.7.0 – ENE TECHNOLOGY INC.) Hidden

ENE_DRAM_RGB_AIO (HKLM…{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.0.10 – Ene Tech.) Hidden

ENE_DRAM_RGB_AIO (HKLM-x32…{52d1d7de-19c3-4f83-97bb-f9435dc84c5b}) (Version: 1.0.0.10 – Ene Tech.) Hidden

ENE_DRAM_RGB_AURA42 (HKLM…{BC5E0A82-C638-44CB-8129-20C8ED70DE7A}) (Version: 1.00.02 – Ene Tech.) Hidden

ENE_DRAM_RGB_AURA42 (HKLM-x32…{f3d7fb09-b93f-4c01-a765-0b0adc5bc746}) (Version: 1.00.02 – Ene Tech.) Hidden

ENE_EHD_M2_HAL (HKLM…{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.8.4 – ENE TECHNOLOGY INC.) Hidden

ENE_EHD_M2_HAL (HKLM-x32…{0f607f07-7957-4887-9d5e-be8efe9595a9}) (Version: 1.0.8.4 – ENE TECHNOLOGY INC.) Hidden

ENE_EHD_M2_HAL (HKLM-x32…{26b207d1-1f37-4df9-8b3f-aeebbca6bb85}) (Version: 1.00.04 – ENE TECHNOLOGY INC.) Hidden

ENE_EHD_SSS_HAL (HKLM-x32…{9eeadf99-713b-4ab5-9ccd-bf9c1c4d9daf}) (Version: 1.0.2.0 – ENE TECHNOLOGY INC.) Hidden

ENE_MousePad_HAL (HKLM…{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.1.8 – ENE TECHNOLOGY INC.) Hidden

ENE_MousePad_HAL (HKLM-x32…{bf256b46-8ff7-48be-ab7f-5661e9a0651f}) (Version: 1.0.1.8 – ENE TECHNOLOGY INC.) Hidden

ENE_X_AIC_HAL (HKLM…{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.3.1 – ENE TECHNOLOGY INC.) Hidden

ENE_X_AIC_HAL (HKLM-x32…{33f042cf-0ae3-4241-b8c8-7f544533ea8e}) (Version: 1.0.3.1 – ENE TECHNOLOGY INC.) Hidden

ENE_X-JMI_HAL (HKLM…{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 – ENE Tech) Hidden

ENE_X-JMI_HAL (HKLM-x32…{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 – ENE Tech) Hidden

GameInput Redistributable (HKLM-x32…{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 – Microsoft Corporation)

GOG GALAXY (HKLM-x32…{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  – GOG.com)

GrampsAIO64 (HKLM…GrampsAIO64 5.1.4) (Version: 5.1.4 – The Gramps project)

i686-8.1.0-posix-dwarf-rt_v6-rev0 (HKLM-x32…i686-8.1.0-posix-dwarf-rt_v6-rev0) (Version:  – MinGW-W64)

icecap_collection_neutral (HKLM-x32…{38424975-F5F7-4D65-9C6A-26B128F68EDA}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

icecap_collection_x64 (HKLM…{72EC729A-49E8-4CCD-9637-6E19D7AB2992}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

icecap_collectionresources (HKLM-x32…{74C04F33-DC23-416C-A4E0-A551DC4B46D9}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

icecap_collectionresourcesx64 (HKLM-x32…{0979912A-EFCC-4B16-BC2C-AB95675C2470}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

Inkscape (HKLM-x32…Inkscape) (Version: 1.1.1- – Inkscape)

Intel® Chipset Device Software (HKLM-x32…{66879245-162d-47f5-bac4-840156a7c01e}) (Version: 10.1.18263.8193 – Intel® Corporation)

Intel® Management Engine Components (HKLM…{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1952.14.0.1465 – Intel Corporation)

kdenlive (HKLM-x32…kdenlive) (Version: 20.08.3 – KDE e.V.)

Kingdom Come: Deliverance – HD Texture Pack (HKLM-x32…1597510471_is1) (Version: 1.9.6-404-504u – GOG.com)

Kingdom Come: Deliverance (HKLM-x32…1719198803_is1) (Version: 1.9.6-404-504u – GOG.com)

Kits Configuration Installer (HKLM-x32…{4C2A9269-059E-4573-8EDD-5542822865B6}) (Version: 10.1.20348.1 – Microsoft) Hidden

Krita (x64) 4.4.2 (HKLM…Krita_x64) (Version: 4.4.2.0 – Krita Foundation)

Lua for Windows 5.1.5-52 (HKLM-x32…Lua_is1) (Version: 5.1.5.52 – The Lua for Windows Project and Lua and Tecgraf, PUC-Rio)

Malwarebytes version 4.5.0.152 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.0.152 – Malwarebytes)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 96.0.1054.62 – Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 96.0.1054.62 – Microsoft Corporation)

Microsoft Office Home and Student 2016 – en-us (HKLM…HomeStudentRetail – en-us) (Version: 16.0.14701.20262 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-3361791484-2456666798-2596221411-1002…OneDriveSetup.exe) (Version: 21.230.1107.0004 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2019 (HKLM…{5BC7E9EB-13E8-45DB-8A60-F2481FEB4595}) (Version: 15.0.2000.5 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 – Microsoft Corporation)

Microsoft Visio – en-us (HKLM…VisioProRetail – en-us) (Version: 16.0.14701.20262 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2022 Redistributable (x64) – 14.30.30704 (HKLM-x32…{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2022 Redistributable (x86) – 14.30.30704 (HKLM-x32…{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 – Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) – 14.13.26020 (HKLM-x32…{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 – Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x86) – 14.13.26020 (HKLM-x32…{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 – Microsoft Corporation)

Microsoft Visual Studio Code (User) (HKUS-1-5-21-3361791484-2456666798-2596221411-1002…{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.63.2 – Microsoft Corporation)

Microsoft Visual Studio Installer (HKLM…{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.0.4496.34889 – Microsoft Corporation)

Mids Reborn (HKLM…{F9106606-153F-4EE4-9D85-FE472FC66EA9}) (Version: 3.0.5.9 – RebornTeam)

MSI Development Tools (HKLM-x32…{7AAC93B0-F3D7-6B24-6B37-9E74980C1C81}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

MSI Development Tools (HKLM-x32…{9B9350F7-EC4D-979B-0F15-F5F4B309518D}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

MSYS2 64bit (HKUS-1-5-21-3361791484-2456666798-2596221411-1002…{cc85e79f-1bc8-4ffa-9d25-9750926dbb9a}) (Version: 20210604 – The MSYS2 Developers)

NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 – NVIDIA Corporation)

NVIDIA GeForce Experience 3.23.0.74 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 – NVIDIA Corporation)

NVIDIA Graphics Driver 471.96 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.96 – NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.38.60 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 – NVIDIA Corporation)

NVIDIA PhysX System Software 9.19.0218 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)

NVIDIA USBC Driver 1.46.831.832 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 – NVIDIA Corporation)

OBS Studio (HKLM-x32…OBS Studio) (Version: 26.0.2 – OBS Project)

Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM…{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13901.20336 – Microsoft Corporation) Hidden

Patriot Viper M2 SSD RGB (HKLM…{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.04 – Patriot Memory) Hidden

Patriot Viper M2 SSD RGB (HKLM-x32…{ebb7013c-0b03-497c-bed1-1e48e806a593}) (Version: 1.00.04 – Patriot Memory)

Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 – Realtek Semiconductor Corp.)

REAPER (x64) (HKLM…REAPER) (Version:  – )

RGB Fusion (HKLM-x32…{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.21.0310.1 – GIGABYTE)

SDK ARM Additions (HKLM-x32…{3A4DAE6E-3B5C-7AA4-FA5C-B0F4508422EA}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

SDK ARM Redistributables (HKLM-x32…{E2257A6C-4F4D-F99B-D861-409AB9922E2A}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)

Universal CRT Extension SDK (HKLM-x32…{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

Universal CRT Extension SDK (HKLM-x32…{A3790FC6-37CC-833C-16D8-F9833BC8A7CB}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

Universal CRT Headers Libraries and Sources (HKLM-x32…{121FBA67-8B82-21AA-ED67-4485D251D451}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

Universal CRT Headers Libraries and Sources (HKLM-x32…{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

Universal CRT Redistributable (HKLM-x32…{8CFB9E44-A517-6023-7675-013679CD16B9}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

Universal CRT Redistributable (HKLM-x32…{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

Universal CRT Tools x64 (HKLM…{72B9464F-E7A6-ACE2-AAFD-9CCF1702FCEB}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

Universal CRT Tools x86 (HKLM-x32…{2E45ED34-3AED-A75B-AAEC-04AF48015B70}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

Universal General MIDI DLS Extension SDK (HKLM-x32…{9359EF6D-A93B-F8F0-1361-2BB668F92702}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

Universal General MIDI DLS Extension SDK (HKLM-x32…{A7E95C47-B5F4-110C-D27A-DECB03412B96}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

Update for Windows 10 for x64-based Systems (KB5001716) (HKLM…{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 – Microsoft Corporation)

vcpp_crt.redist.clickonce (HKLM-x32…{9D7E60D4-2B87-4828-A707-F9A20BBDCA09}) (Version: 14.30.30704 – Microsoft Corporation) Hidden

Visual Studio Community 2022 (HKLM-x32…65fe04ae) (Version: 17.0.2 – Microsoft Corporation)

VLC media player (HKLM-x32…VLC media player) (Version: 3.0.16 – VideoLAN)

Voicemeeter, The Virtual Mixing Console (HKLM-x32…VB:Voicemeeter {17359A74-1236-5467}) (Version:  – VB-Audio Software)

VS Immersive Activate Helper (HKLM-x32…{C0ACF658-B4DC-4CBB-B8F2-9E667D69919A}) (Version: 17.0.114.0 – Microsoft Corporation) Hidden

VS JIT Debugger (HKLM…{43F73608-5C94-436F-A1E6-E09ACE680391}) (Version: 17.0.114.0 – Microsoft Corporation) Hidden

VS Script Debugging Common (HKLM…{9EC852BD-33D2-457C-99BB-ED3099B8176F}) (Version: 17.0.114.0 – Microsoft Corporation) Hidden

vs_communitymsires (HKLM-x32…{E687318C-07F2-453A-8FA4-2CFC7DFE83C0}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

vs_communitysharedmsi (HKLM-x32…{03DEF081-63DA-48D9-83CF-E0F3F39249C7}) (Version: 17.0.31815 – Microsoft Corporation) Hidden

vs_communityx64msi (HKLM…{25DF2B02-C761-49C6-81D9-B29B7838A9AC}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

vs_CoreEditorFonts (HKLM-x32…{0F5CD9E6-DEEB-4D55-8F07-9DAAE979D41C}) (Version: 17.0.31919 – Microsoft Corporation) Hidden

vs_devenvsharedmsi (HKLM-x32…{EE27C912-1811-45F8-A221-CFF90A37A69F}) (Version: 17.0.31804 – Microsoft Corporation) Hidden

vs_devenx64vmsi (HKLM…{DC2F8F18-31B5-42F1-A52A-04644329CE90}) (Version: 17.0.31804 – Microsoft Corporation) Hidden

vs_filehandler_amd64 (HKLM-x32…{CCFBC305-8495-4A7D-B20F-BB0439A12AFB}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

vs_filehandler_x86 (HKLM-x32…{60C647C8-7865-410D-A947-E98578028922}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

vs_FileTracker_Singleton (HKLM-x32…{38371BF8-3A6A-4C76-B2C5-403CF3FA711B}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

vs_Graphics_Singletonx64 (HKLM…{FA204D88-4A70-45B8-BBAC-0EC29BF41595}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

vs_Graphics_Singletonx86 (HKLM-x32…{54F489A2-2370-4849-89EB-4291A393920C}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

vs_minshellinteropsharedmsi (HKLM-x32…{2B4801DC-34F8-4706-A5D6-109EE99675FD}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

vs_minshellinteropx64msi (HKLM…{E8E7F587-35C1-4E2C-BE2A-605FC9F82D9F}) (Version: 17.0.31804 – Microsoft Corporation) Hidden

vs_minshellmsires (HKLM-x32…{73D059E2-9F87-4BC9-A0F0-439884E78801}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

vs_minshellsharedmsi (HKLM-x32…{7FEC4935-AB34-488D-BF33-38C816525040}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

vs_minshellx64msi (HKLM…{EFF69C65-9C29-46D2-B1F2-3B07C82C7958}) (Version: 17.0.31808 – Microsoft Corporation) Hidden

vs_tipsmsi (HKLM-x32…{AD4BFA50-ABD0-4C12-94E9-645FD304A8F3}) (Version: 17.0.31804 – Microsoft Corporation) Hidden

Wacom Tablet (HKLM…Wacom Tablet Driver) (Version: 6.2.0w5 – Wacom Technology Corp.)

War Thunder Launcher 1.0.3.288 (HKUS-1-5-21-3361791484-2456666798-2596221411-1002…{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  – Gaijin Network)

WebTablet FB Plugin (HKLM-x32…Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.4 – Wacom Technology Corp.)

WebTablet IE Plugin (HKLM-x32…Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 – Wacom Technology Corp.)

WebTablet Netscape Plugin (HKLM-x32…Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 – Wacom Technology Corp.)

WinAppDeploy (HKLM-x32…{2ADF1977-BF31-E127-B651-AC28A8658317}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

WinAppDeploy (HKLM-x32…{2FE507C2-60A1-4BE8-270D-1EBA48C4C1A6}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

Windows PC Health Check (HKLM…{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 – Microsoft Corporation)

Windows SDK AddOn (HKLM-x32…{E18618EC-D9DB-4BCE-B382-85ADA2CBB340}) (Version: 10.1.0.0 – Microsoft Corporation)

Windows Software Development Kit – Windows 10.0.19041.685 (HKLM-x32…{4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}) (Version: 10.1.19041.685 – Microsoft Corporation)

Windows Software Development Kit – Windows 10.0.20348.1 (HKLM-x32…{63ca8fb0-603f-4442-aa8b-48659a9338f5}) (Version: 10.1.20348.1 – Microsoft Corporation)

WinMerge 2.16.16.0 (HKLM-x32…WinMerge_is1) (Version: 2.16.16.0 – Thingamahoochie Software)

WinRT Intellisense Desktop – en-us (HKLM-x32…{BCF7CA0F-E53C-2A4F-B128-A751EC9A1016}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

WinRT Intellisense Desktop – en-us (HKLM-x32…{C6014D12-9572-B9F4-8ABB-EA044E101BB6}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

WinRT Intellisense Desktop – Other Languages (HKLM-x32…{A2CFB1CE-09E6-E078-2EEC-6D94C98BB064}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

WinRT Intellisense Desktop – Other Languages (HKLM-x32…{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

WinRT Intellisense IoT – en-us (HKLM-x32…{3335615C-ABEB-960E-2226-4274CD28E046}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

WinRT Intellisense IoT – en-us (HKLM-x32…{C3032A91-00D7-DCA3-F748-517EA6E62BF8}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

WinRT Intellisense IoT – Other Languages (HKLM-x32…{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

WinRT Intellisense IoT – Other Languages (HKLM-x32…{3A544905-4CA6-98FB-4012-E4E18B84411A}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

WinRT Intellisense Mobile – en-us (HKLM-x32…{443FF51E-16C3-F23B-18FC-0D1D66024B0B}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

WinRT Intellisense Mobile – en-us (HKLM-x32…{C5A6350B-B034-F359-E3AA-773F4F4A5B96}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

WinRT Intellisense PPI – en-us (HKLM-x32…{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

WinRT Intellisense PPI – en-us (HKLM-x32…{58A35EB1-1702-F9D4-B490-68AD5DD5662D}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

WinRT Intellisense PPI – Other Languages (HKLM-x32…{54A8C797-B1C6-4120-3083-102DF35312CA}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

WinRT Intellisense PPI – Other Languages (HKLM-x32…{FF2B49B7-0254-3D6A-4BE0-EF4C59DBCC2B}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

WinRT Intellisense UAP – en-us (HKLM-x32…{0AF3B821-474B-1885-473A-6E3FB4F1CF71}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

WinRT Intellisense UAP – en-us (HKLM-x32…{8911DE91-F86B-023D-7443-3EADF27A9DC8}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

WinRT Intellisense UAP – Other Languages (HKLM-x32…{25EE5034-1719-E781-2A16-74E73AFA1FB1}) (Version: 10.1.20348.1 – Microsoft Corporation) Hidden

WinRT Intellisense UAP – Other Languages (HKLM-x32…{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden

 

Packages:

=========

EVA Period Tracker -> C:Program FilesWindowsApps45191FitAppLab.EVAPeriodTracker_2.5.5.0_x86__vgz60mva3dwxj [2021-12-16] (FitAppLab)

HP Smart -> C:Program FilesWindowsAppsAD2F1837.HPPrinterControl_133.1.340.0_x64__v10z8vjag6ke6 [2021-12-16] (HP Inc.)

Hulu -> C:Program FilesWindowsAppsHULULLC.HULUPLUS_3.7.0.0_neutral__fphbd361v8tya [2021-12-16] (Hulu.)

iTunes -> C:Program FilesWindowsAppsAppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-12-16] (Apple Inc.) [Startup Task]

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.11.12160.0_x64__8wekyb3d8bbwe [2021-12-18] (Microsoft Studios) [MS Ad]

Microsoft To Do -> C:Program FilesWindowsAppsMicrosoft.Todos_2.60.43512.0_x64__8wekyb3d8bbwe [2021-12-22] (Microsoft Corporation) [Startup Task]

NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-12-16] (NVIDIA Corp.)

Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-12-16] (Microsoft Corporation)

Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.20.238.0_x64__dt26b99r8h8gj [2021-12-16] (Realtek Semiconductor Corp)

Xbox Accessories -> C:Program FilesWindowsAppsMicrosoft.XboxDevices_300.2112.14001.0_x64__8wekyb3d8bbwe [2021-12-18] (Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:Program Files (x86)WinMergeShellExtensionX64.dll [2021-10-01] (Takashi Sawanaka -> hxxps://winmerge.org)

ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:Program Files (x86)WinMergeShellExtensionX64.dll [2021-10-01] (Takashi Sawanaka -> hxxps://winmerge.org)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-12-17] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:Program Files (x86)WinMergeShellExtensionX64.dll [2021-10-01] (Takashi Sawanaka -> hxxps://winmerge.org)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WINDOWSSystem32DriverStoreFileRepositorynvmdi.inf_amd64_9413e5ce3f1b6ec6nvshext.dll [2021-08-28] (Nvidia Corporation -> NVIDIA Corporation)

ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:Program Files (x86)WinMergeShellExtensionX64.dll [2021-10-01] (Takashi Sawanaka -> hxxps://winmerge.org)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-12-17] (Malwarebytes Corporation -> Malwarebytes)

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

ShortcutWithArgument: C:UsersalikaAppDataRoamingMicrosoftWindowsStart MenuProgramsiBUYPOWER.lnk -> C:Windowsexplorer.exe (Microsoft Corporation) -> microsoft-edge:hxxps://www.ibuypower.com/review

 

==================== Loaded Modules (Whitelisted) =============

 

2019-11-06 16:09 – 2019-11-06 16:09 – 000190976 _____ () [File not signed] C:Program FilesENEAac_ENE_DRAM_RGB_AURA42x86AacHal_x86.dll

2020-01-15 17:40 – 2020-01-15 17:40 – 000185856 _____ () [File not signed] C:Program FilesENEAac_ENE_EHD_M2_HALAacHal_x86.dll

2019-04-15 16:24 – 2019-04-15 16:24 – 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:Program Files (x86)GIGABYTERGBFusionyccV2.DLL

2020-11-24 14:00 – 2020-11-24 14:00 – 000475648 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:Program Files (x86)GIGABYTERGBFusionGVDisplay.dll

2020-11-05 14:16 – 2020-11-05 14:16 – 000268800 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:Program Files (x86)GIGABYTERGBFusionGvIllumLib.dll

2021-02-24 01:43 – 2021-02-24 01:43 – 002057728 _____ (GIGABYTE) [File not signed] C:Program Files (x86)GIGABYTERGBFusionAACDDR_Lib.dll

2021-02-24 01:43 – 2021-02-24 01:43 – 002059776 _____ (GIGABYTE) [File not signed] C:Program Files (x86)GIGABYTERGBFusionAACPCIeSSD_Lib.dll

2021-02-24 01:43 – 2021-02-24 01:43 – 002057728 _____ (GIGABYTE) [File not signed] C:Program Files (x86)GIGABYTERGBFusionAACSSD_Lib.dll

2020-03-31 21:32 – 2020-03-31 21:32 – 000000000 ____L (Microsoft Corporation) [simlink -> C:Program FilesCommon FilesMicrosoft SharedClickToRunAppvIsvSubsystems64.dll] C:Program FilesMicrosoft OfficerootOffice16AppVIsvSubsystems64.dll

2020-03-31 21:32 – 2020-03-31 21:32 – 000000000 ____L (Microsoft Corporation) [simlink -> C:Program FilesCommon FilesMicrosoft SharedClickToRunC2R64.dll] C:Program FilesMicrosoft OfficerootOffice16c2r64.dll

2018-08-30 16:26 – 2018-08-30 16:26 – 000053760 _____ (MS) [File not signed] C:Program Files (x86)GIGABYTERGBFusionMsIo32_Galax.dll

2017-10-05 15:26 – 2017-10-05 15:26 – 002247168 _____ (TODO: <Company name>) [File not signed] C:Program Files (x86)GIGABYTERGBFusionCRtive.dll

2018-12-08 08:22 – 2018-12-08 08:22 – 002059264 _____ (TODO: <Company name>) [File not signed] C:Program Files (x86)GIGABYTERGBFusionGHidApi.dll

2021-02-19 15:39 – 2021-02-19 15:39 – 000469504 _____ (TODO: <Company name>) [File not signed] C:Program Files (x86)GIGABYTERGBFusionGvLedLib.dll

2020-12-24 15:00 – 2020-12-24 15:00 – 002109952 _____ (TODO: <Company name>) [File not signed] C:Program Files (x86)GIGABYTERGBFusionSMBCtrl.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

 

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:Program Files (x86)ArcPluginsArcPluginIE.dll => No File

Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-12-09] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-12-09] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-12-09] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-12-09] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-03-18 23:49 – 2021-12-17 21:28 – 000000852 _____ C:WINDOWSsystem32driversetchosts

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKUS-1-5-21-3361791484-2456666798-2596221411-1002Control PanelDesktop\Wallpaper -> C:UsersalikaAppDataLocalMicrosoftWindowsThemesRoamedThemeFilesDesktopBackground20211018_110646_hdr.jpg

DNS Servers: 75.75.75.75 – 75.75.76.76

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

HKUS-1-5-21-3361791484-2456666798-2596221411-1002…StartupApprovedRun: => “Steam”

HKUS-1-5-21-3361791484-2456666798-2596221411-1002…StartupApprovedRun: => “OneDrive”

HKUS-1-5-21-3361791484-2456666798-2596221411-1002…StartupApprovedRun: => “GogGalaxy”

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [UDP Query User{4F7D8558-EA3E-4BDA-97FE-C790DD0873E6}C:program files (x86)gog galaxygamescyberpunk 2077binx64cyberpunk2077.exe] => (Allow) C:program files (x86)gog galaxygamescyberpunk 2077binx64cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)

FirewallRules: [TCP Query User{FCAB9DD0-FF70-4E18-BB41-E9913937DDEE}C:program files (x86)gog galaxygamescyberpunk 2077binx64cyberpunk2077.exe] => (Allow) C:program files (x86)gog galaxygamescyberpunk 2077binx64cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)

FirewallRules: [{61A20E28-14BC-49C1-A0DC-25D6458E492A}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{443D28F5-85B5-4728-B9A0-E78618ACE109}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [UDP Query User{47A7B5DD-56DB-43A3-90C6-E7E2E631150B}C:program filese2esoftivcamivcam.exe] => (Allow) C:program filese2esoftivcamivcam.exe => No File

FirewallRules: [TCP Query User{6E910EE0-C135-4562-A629-31DC96DE0E97}C:program filese2esoftivcamivcam.exe] => (Allow) C:program filese2esoftivcamivcam.exe => No File

FirewallRules: [{ED6A1083-3CF0-4B27-B046-F9D3541EB736}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{997F8E6A-C0BE-494B-B706-64F8285FAE09}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{F1F49CF6-D969-4D0C-B3E4-FBE6B61FDD08}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{E230D9D9-F7A5-42E7-B6EF-67F330CAD4E2}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [UDP Query User{4CE67A88-CCBA-4C04-98D0-EB5F51659665}C:program files (x86)gog galaxygameskingdom come deliverancebinwin64kingdomcome.exe] => (Allow) C:program files (x86)gog galaxygameskingdom come deliverancebinwin64kingdomcome.exe (Warhorse Studios sro) [File not signed]

FirewallRules: [TCP Query User{717CD15F-08CA-483A-BCAC-150B5AA64374}C:program files (x86)gog galaxygameskingdom come deliverancebinwin64kingdomcome.exe] => (Allow) C:program files (x86)gog galaxygameskingdom come deliverancebinwin64kingdomcome.exe (Warhorse Studios sro) [File not signed]

FirewallRules: [{76AECAF7-91FB-4ACA-88CC-2602CDD96FBD}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe => No File

FirewallRules: [{5C0CA354-920A-4261-AA5E-FE7B3B32A56F}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe => No File

FirewallRules: [{1D7D90FD-2B7C-4E7D-9B32-907694E392C3}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [{19F30872-B25C-41C1-B03E-9D36CDC7E2B2}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [{064BDE48-C4F3-473C-BC3A-F2EB15CD8438}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{886435D6-8EF5-4B26-805E-DDC46EE23AAF}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{D712B255-80D1-4A41-9F39-084699A11A9F}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe => No File

FirewallRules: [{FE623A4D-D763-4FF1-A1E3-641D44D9E78A}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe => No File

FirewallRules: [{A98A29F9-E6A4-4D98-BC06-4F91FD594CEB}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{F2AE721E-542E-43A8-B730-7C250A831620}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{E188B257-CF74-424A-BB65-C1367CAC3E4B}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{82720E73-97E3-413F-BD17-C3285AFD3081}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [TCP Query User{A826F543-9C26-4EA9-B0B4-FFF0FDA1E33F}C:usersalikaappdatalocalwarthunderlauncher.exe] => (Allow) C:usersalikaappdatalocalwarthunderlauncher.exe (Gaijin Network LTD -> Gaijin)

FirewallRules: [UDP Query User{649E0AD9-6F77-4F3D-A918-F5E674E196E5}C:usersalikaappdatalocalwarthunderlauncher.exe] => (Allow) C:usersalikaappdatalocalwarthunderlauncher.exe (Gaijin Network LTD -> Gaijin)

FirewallRules: [TCP Query User{45D1091A-6717-486F-965D-436C9A9A38A2}C:usersalikaappdatalocalwarthunderwin64aces.exe] => (Allow) C:usersalikaappdatalocalwarthunderwin64aces.exe (Gaijin Network LTD -> Gaijin Entertainment)

FirewallRules: [UDP Query User{8DDAFD39-7B2C-443A-9663-BBDA1380ECF9}C:usersalikaappdatalocalwarthunderwin64aces.exe] => (Allow) C:usersalikaappdatalocalwarthunderwin64aces.exe (Gaijin Network LTD -> Gaijin Entertainment)

FirewallRules: [{F5B9FE5E-1CF2-45CF-923E-6EF41A62C5B3}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{73F6B298-8A5A-4F09-8B81-2807EDBBCB3E}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{57F70969-B951-4BBF-B959-50F164B1AA4D}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{4955D0B3-E83C-4C17-8AE7-5C79598DF960}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{7E70C027-A1B1-4A60-A0F1-0BB8EAE62BEA}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{36A8BD3C-74FF-481F-9786-96240A8FB085}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{6D714C4A-2706-4D85-A38E-8A23DEEBF13C}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{FBE745DA-4E68-4ECC-BCB7-77A8B117892F}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [TCP Query User{FCD3518F-6DE1-47B5-85BB-FE5C2C4DAF5B}C:usersalikaappdatalocalprogramsmicrosoft vs codecode.exe] => (Allow) C:usersalikaappdatalocalprogramsmicrosoft vs codecode.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [UDP Query User{7C757074-A859-4415-BCC4-A1D39C17AE7C}C:usersalikaappdatalocalprogramsmicrosoft vs codecode.exe] => (Allow) C:usersalikaappdatalocalprogramsmicrosoft vs codecode.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{FD278308-E17F-453D-AA29-1EF53668A3A7}C:usersalikaappdataroamingwinsupupdateclient32.exe] => (Allow) C:usersalikaappdataroamingwinsupupdateclient32.exe (NetSupport Ltd -> NetSupport Ltd)

FirewallRules: [UDP Query User{CEA1C2D4-6129-4F38-A69E-D2E52E8586FE}C:usersalikaappdataroamingwinsupupdateclient32.exe] => (Allow) C:usersalikaappdataroamingwinsupupdateclient32.exe (NetSupport Ltd -> NetSupport Ltd)

FirewallRules: [TCP Query User{0E947F6E-3813-45C6-9CA6-80D8A672674E}C:usersalikaappdataroamingwinsupupdateclient32.exe] => (Block) C:usersalikaappdataroamingwinsupupdateclient32.exe (NetSupport Ltd -> NetSupport Ltd)

FirewallRules: [UDP Query User{6C435EFB-E458-4451-81EF-76EA3A573495}C:usersalikaappdataroamingwinsupupdateclient32.exe] => (Block) C:usersalikaappdataroamingwinsupupdateclient32.exe (NetSupport Ltd -> NetSupport Ltd)

FirewallRules: [{C8C4CE2F-AAC1-4383-A7CE-2368794C80F5}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{8AA5892A-7BAD-4D7F-B01B-B84A2677DF0E}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{3E3BF815-DCFE-4354-A3D9-13E16B921CF7}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{1CCDEE7A-D0FE-4BC0-A89B-980070917D48}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{2F5F4417-2133-4FBE-8D3D-3792012D99FB}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication96.0.1054.62msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

 

==================== Restore Points =========================

 

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (12/23/2021 02:08:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Mytestapp.exe, version: 0.0.0.0, time stamp: 0x61b6e0f4

Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6

Exception code: 0xc0000028

Fault offset: 0x0000000000102346

Faulting process id: 0x1a44

Faulting application start time: 0x01d7f7cbca0b5388

Faulting application path: D:ProgrammingMytestappsrcMytestapp.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: 2405b156-77a7-4439-b463-1c124af3d85f

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/23/2021 01:39:14 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Mytestapp.exe, version: 0.0.0.0, time stamp: 0x61b6e0f4

Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6

Exception code: 0xc0000028

Fault offset: 0x0000000000102346

Faulting process id: 0x2ecc

Faulting application start time: 0x01d7f7c76db40c35

Faulting application path: D:ProgrammingMytestappsrcMytestapp.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: 0521e814-a8a9-44b8-a59b-6b2fceaffc81

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/23/2021 01:19:13 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Mytestapp.exe, version: 0.0.0.0, time stamp: 0x61b6e0f4

Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6

Exception code: 0xc0000028

Fault offset: 0x0000000000102346

Faulting process id: 0x2444

Faulting application start time: 0x01d7f7c4b1100d88

Faulting application path: D:ProgrammingMytestappsrcMytestapp.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: dcaa655f-70b9-4ca2-93ba-f57b23b1fcd2

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/23/2021 12:21:44 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: simple_paint.exe, version: 3.30.0.0, time stamp: 0x5f245dc0

Faulting module name: simple_paint.exe, version: 3.30.0.0, time stamp: 0x5f245dc0

Exception code: 0xc0000005

Fault offset: 0x00000000002a7b04

Faulting process id: 0x3b88

Faulting application start time: 0x01d7f7bceacca421

Faulting application path: C:MyLibsIUPLuasimple_paint.exe

Faulting module path: C:MyLibsIUPLuasimple_paint.exe

Report Id: 3aed6a93-09e6-49f3-a954-ba2d9ece4c1b

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/22/2021 11:30:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Mytestapp.exe, version: 0.0.0.0, time stamp: 0x61b6e0f4

Faulting module name: Mytestapp.exe, version: 0.0.0.0, time stamp: 0x61b6e0f4

Exception code: 0xc0000005

Fault offset: 0x00000000001a4663

Faulting process id: 0x2580

Faulting application start time: 0x01d7f7b520ee9d9b

Faulting application path: D:ProgrammingMytestappsrcMytestapp.exe

Faulting module path: D:ProgrammingMytestappsrcMytestapp.exe

Report Id: 15ebc736-b17d-4978-9d4d-dd853739cd0e

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/22/2021 10:54:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Mytestapp.exe, version: 0.0.0.0, time stamp: 0x61b6e0f4

Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6

Exception code: 0xc0000028

Fault offset: 0x0000000000102346

Faulting process id: 0x2060

Faulting application start time: 0x01d7f7b0bd2ac9f9

Faulting application path: D:ProgrammingMytestappsrcMytestapp.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: a7233755-48d4-4d40-90e5-327504799e36

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/22/2021 10:54:03 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Mytestapp.exe, version: 0.0.0.0, time stamp: 0x61b6e0f4

Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6

Exception code: 0xc0000028

Fault offset: 0x0000000000102346

Faulting process id: 0x2b98

Faulting application start time: 0x01d7f7b0b98203bd

Faulting application path: D:ProgrammingMytestappsrcMytestapp.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: 4998109e-b475-4dd3-8444-2dae674edeb2

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/22/2021 10:29:25 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Mytestapp.exe, version: 0.0.0.0, time stamp: 0x61b6e0f4

Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6

Exception code: 0xc0000028

Fault offset: 0x0000000000102346

Faulting process id: 0x1de8

Faulting application start time: 0x01d7f7ad480b5462

Faulting application path: D:ProgrammingMytestappsrcMytestapp.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: f3fbca97-7f8e-4ffd-8b9a-5d9db25a4228

Faulting package full name: 

Faulting package-relative application ID:

 

 

System errors:

=============

Error: (12/23/2021 02:12:29 AM) (Source: DCOM) (EventID: 10010) (User: DENOFMUTANTSPC)

Description: The server AD2F1837.HPPrinterControl_133.1.340.0_x64__v10z8vjag6ke6!AD2F1837.HPPrinterControl.AppX3pygpm0xnrdftm5n1tftckhgsgz4zqvb.mca did not register with DCOM within the required timeout.

 

Error: (12/22/2021 11:19:59 AM) (Source: Netwtw04) (EventID: 5010) (User: )

Description: Intel® Dual Band Wireless-AC 3168 : The network adapter has returned an invalid value to the driver.

5010 – Driver DBG_ASSERT – instead of BSOD

 

Error: (12/22/2021 11:19:58 AM) (Source: Netwtw04) (EventID: 5010) (User: )

Description: Intel® Dual Band Wireless-AC 3168 : The network adapter has returned an invalid value to the driver.

5010 – Driver DBG_ASSERT – instead of BSOD

 

Error: (12/22/2021 11:19:56 AM) (Source: Netwtw04) (EventID: 5010) (User: )

Description: Intel® Dual Band Wireless-AC 3168 : The network adapter has returned an invalid value to the driver.

5010 – Driver DBG_ASSERT – instead of BSOD

 

Error: (12/22/2021 11:19:13 AM) (Source: Netwtw04) (EventID: 5010) (User: )

Description: Intel® Dual Band Wireless-AC 3168 : The network adapter has returned an invalid value to the driver.

5010 – Driver DBG_ASSERT – instead of BSOD

 

Error: (12/22/2021 11:19:11 AM) (Source: Netwtw04) (EventID: 5010) (User: )

Description: Intel® Dual Band Wireless-AC 3168 : The network adapter has returned an invalid value to the driver.

5010 – Driver DBG_ASSERT – instead of BSOD

 

Error: (12/22/2021 12:50:35 AM) (Source: Netwtw04) (EventID: 5010) (User: )

Description: Intel® Dual Band Wireless-AC 3168 : The network adapter has returned an invalid value to the driver.

5010 – Driver DBG_ASSERT – instead of BSOD

 

Error: (12/22/2021 12:50:32 AM) (Source: Netwtw04) (EventID: 5010) (User: )

Description: Intel® Dual Band Wireless-AC 3168 : The network adapter has returned an invalid value to the driver.

5010 – Driver DBG_ASSERT – instead of BSOD

 

 

Windows Defender:

================

Date: 2021-12-17 12:22:32

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: TrojanDownloader:BAT/Powdow.G!MSR

Severity: Severe

Category: Trojan Downloader

Path: file:_C:UsersalikaAppDataRoamingtest2.bat

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: User

Process Name: Unknown

Security intelligence Version: AV: 1.355.414.0, AS: 1.355.414.0, NIS: 1.355.414.0

Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4

 

Date: 2021-12-17 12:22:32

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: TrojanDownloader:Win64/Malgent!MSR

Severity: Severe

Category: Trojan Downloader

Path: file:_C:Gamestest3.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: User

Process Name: Unknown

Security intelligence Version: AV: 1.355.414.0, AS: 1.355.414.0, NIS: 1.355.414.0

Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4

 

Date: 2021-12-17 12:22:32

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: VirTool:VBS/DisableDefender.B!dha

Severity: Severe

Category: Tool

Path: file:_C:UsersalikaAppDataRoamingtun.dll

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: User

Process Name: Unknown

Security intelligence Version: AV: 1.355.414.0, AS: 1.355.414.0, NIS: 1.355.414.0

Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4

 

Date: 2021-12-17 12:22:32

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: VirTool:VBS/TurtleLoader.HT!dha

Severity: Severe

Category: Tool

Path: file:_C:UsersalikaAppDataRoamingreboot.dll

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: User

Process Name: Unknown

Security intelligence Version: AV: 1.355.414.0, AS: 1.355.414.0, NIS: 1.355.414.0

Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4

 

Date: 2021-12-17 12:11:24

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: TrojanDownloader:Win64/Malgent!MSR

Severity: Severe

Category: Trojan Downloader

Path: file:_C:Gamestest3.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: Real-Time Protection

Process Name: C:UsersalikaDownloadsMSERT.exe

Security intelligence Version: AV: 1.355.414.0, AS: 1.355.414.0, NIS: 1.355.414.0

Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4

Event[0]:

 

Date: 2021-12-16 18:41:26

Description: 

Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.

Security intelligence Attempted: Current

Error Code: 0x80070003

Error description: The system cannot find the path specified. 

Security intelligence version: 0.0.0.0;0.0.0.0

Engine version: 0.0.0.0

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. F1 04/13/2020

Motherboard: Gigabyte Technology Co., Ltd. B460M DS3H AC-Y1

Processor: Intel® Core™ i7-10700F CPU @ 2.90GHz

Percentage of memory in use: 38%

Total physical RAM: 16316.45 MB

Available physical RAM: 9993.19 MB

Total Virtual: 23484.45 MB

Available Virtual: 12894.55 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:446.43 GB) (Free:202.53 GB) NTFS

Drive d: (Storage) (Fixed) (Total:931.5 GB) (Free:554.76 GB) NTFS

 

\?Volume{c9434df7-239e-4ab2-ba51-afe6990062b0} (Recovery) (Fixed) (Total:0.59 GB) (Free:0.16 GB) NTFS

\?Volume{d5e4576e-e945-459e-87b7-8b283c1348fd} (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==================== End of Addition.txt =======================


https://www.bleepingcomputer.com/forums/t/765500/how-can-i-prevent-powershell-from-being-hijacked-again/

Erlando F Rasatro

Next Post

5 ways to improve MSP marketing and sales

Tue Mar 22 , 2022
As a rule, businesses can’t expect to survive without a solid sales and marketing strategy. MSPs are no different. MSP marketing aims to generate interest in the company’s services through focused methods, investing in the proper channels and persistence. The MSP industry is expanding: Statista forecast the market to […]