Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: US charges Samourai cryptomixer founders for laundering $100 million

Featured Deal: A one-year Sam's Club membership is only $14 now

Latest Buyer's Guide: How to setup a VPN on your router: Detailed walkthrough

RTP Detection - Trojan - Outbound - Domain - en.ibelink.com.hk

Started by Netviperx , Apr 11 2024 01:22 PM

Please log in to reply

19 replies to this topic

#1 Netviperx

Members
12 posts
OFFLINE

Local time:12:30 AM

Posted 11 April 2024 - 01:22 PM

Hello,

I am using malwarebytes - get this pop up whenever I click on my password manager - Please help me, I noticed that someone was using one of my gaming accounts and that propted me to see what was happening. Then used malwarebytes and found this.

Regards,
Netviperx

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,428 posts
OFFLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 12 April 2024 - 03:56 PM

Greetings and :welcome:

to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
It is important to not run any tools or take any steps other than those I will provide for you.
Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
Please copy and paste all logs into your post unless otherwise requested.
When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

Download Farbar Recover Scan Tool for 64 bit systems and note where the file is saved (Desktop, Downloads, etc.) <<< Important
If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
Right click on the icon and select Run as administrator
Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
Click Yes to the disclaimer
Click Scan and allow the program to run
Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
2 Notepad documents should now be open on your desktop.
Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

FRST.txt
Addition.txt

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#3 Netviperx

Topic Starter

Members
12 posts
OFFLINE

Local time:12:30 AM

Posted 13 April 2024 - 11:14 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by netvi (13-04-2024 09:11:15)
Running from C:\Users\netvi\Downloads
Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) (2023-09-22 01:02:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-972714221-4249912248-3257112829-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-972714221-4249912248-3257112829-503 - Limited - Disabled)
Guest (S-1-5-21-972714221-4249912248-3257112829-501 - Limited - Disabled)
netvi (S-1-5-21-972714221-4249912248-3257112829-1001 - Administrator - Enabled) => C:\Users\netvi
WDAGUtilityAccount (S-1-5-21-972714221-4249912248-3257112829-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AniMe Matrix MB EN (HKLM\...\{399B6DA7-B609-426E-95F8-B9A83FB7D06E}) (Version: 1.0.1 - ASUS)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 5.7.9 - ASUS)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.2.8.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{3a214f7b-1385-4a44-8235-9257c76b77c4}) (Version: 1.2.8.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.20 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{49c4358d-054e-4cf1-9ec1-dca3487f304a}) (Version: 1.1.0.20 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.3.9.5 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{a51a52ef-375e-4963-8736-c98fae7373c4}) (Version: 1.3.9.5 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.39 - ASUSTek COMPUTER INC.) Hidden
ASUS Framework Service (HKLM-x32\...\{339A6383-7862-46DA-8A9D-E84180EF9424}) (Version: 4.0.1.3 - ASUSTeK Computer Inc.)
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 4.01.23 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.111 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{6FB66775-BB93-4D0A-9871-4CC9B2E87BF3}) (Version: 1.1.23 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{179f415f-2ff3-4db1-bcc1-d5730f746db8}) (Version: 1.1.23 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.42 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.42 - ASUS)
AURA Service (HKLM-x32\...\{56EEEF7D-0AE3-401A-898B-581719D005AE}) (Version: 3.07.33 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{8c7eaca7-3c49-433c-b087-eaf0abb806d9}) (Version: 3.07.33 - ASUSTeK Computer Inc.)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.48.6 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{2f11e68d-297d-4e28-80e0-b98178606bea}) (Version: 1.1.48.6 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.10.3 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{79e8502b-eaf7-4831-b53d-2da128540d16}) (Version: 1.0.10.3 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{AEB35C6C-B6D4-4AA0-8452-DE699737B5F6}) (Version: 1.3.82.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{35905844-0610-427D-86A0-2103FABE3D4D}) (Version: 2.0.42.0 - Epic Games, Inc.)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 4.TTRS.2023 - Thrustmaster)
GameSDK Service (HKLM-x32\...\{021d69c3-d686-4a94-8fb5-fd1ee782fb14}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.)
GameSDK Service (HKLM-x32\...\{7160DA8D-3F25-4F6E-ABC8-F693551D82FA}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.123 - Google LLC)
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000250-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.250.0.2 - Intel Corporation)
Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.20 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{dc7f4211-4fe4-4975-8f3a-5f504ba577e2}) (Version: 1.1.20 - KINGSTON COMPONENTS INC.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Malwarebytes version 5.1.2.109 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.2.109 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Graphics Driver 551.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 551.61 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.7 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{1d74a898-7a92-484d-8f3b-e3b68dfb1264}) (Version: 1.0.9.7 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.3 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{6e0eff60-c502-43bb-8f56-360ca07e73d9}) (Version: 1.1.0.3 - Patriot Memory) Hidden
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{549da357-1b81-456b-83f2-dcc47c41dfff}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
PS Remote Play (HKLM-x32\...\{5671DFC7-30C0-4A7F-845B-698BBB818B64}) (Version: 6.5.0.08180 - Sony Interactive Entertainment Inc.)
RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - Sector3 Studios)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.9.0331.032712 - Razer Inc.)
Riot Client (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Roblox Player for netvi (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for netvi (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\roblox-studio) (Version: - Roblox Corporation)
ROG Live Service (HKLM\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 2.3.16.0 - ASUSTek COMPUTER INC.)
ROGFontInstaller (HKLM\...\{605108C1-153E-43D8-8A67-7CE326B00ECA}) (Version: 1.0.0 - ASUS)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
THX Spatial Audio USB 1532-0520 (HKLM\...\{89EC84D8-EFBD-472A-9A0C-16FF8A9342EB}) (Version: 3.0.37.0 - THX) Hidden
THX Spatial Audio USB 1532-0520 (HKLM\...\{EE0B803C-3A01-4BF7-99AE-BA86DCCA7368}) (Version: 3.0.37.0 - THX)
THX V3 APO Presets (HKLM\...\{13AFFB3A-EB63-465D-AE01-A72ACF442691}) (Version: 3.0.36.0 - THX) Hidden
THX V3 APO Presets (HKLM-x32\...\{8f44de26-0099-47b7-b3eb-bc9d875f534a}) (Version: 3.0.36.0 - THX) Hidden
Twitch Studio (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF372B0}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.6 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{82f9b0cd-20fe-4ed6-a632-ef6daefb3c0d}) (Version: 1.0.0.6 - PD) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{e42c5874-37b0-4977-9e8d-70bf006e1f76}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden

Chrome apps:
============
Docs (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\f91b46116d9fa9c769afc203ad8ef11e) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\deb78e7d36303e9825275a819e375913) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\7e075dea22d54b7bfca6e4daca27ec69) (Version: 1.0 - Google\Chrome)
Sheets (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\7a307b524dfca3e27e66dbd053fa1e80) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\7c27dffd5999357ed9505b65d0784d2e) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\0c6ee55f92ff88353e47b9d7fc8152ed) (Version: 1.0 - Google\Chrome)

Packages:
=========

ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.8.9.0_x64__qmba6cd70vzyy [2024-03-26] (ASUSTeK COMPUTER INC.)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1200.442.0_x64__8wekyb3d8bbwe [2024-03-22] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-03-12] (HP Inc.)
Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-13] (Microsoft Corporation)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-31] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-01] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24031.69.0_x64__cw5n1h2txyewy [2024-04-09] (Microsoft Windows) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.965.0_x64__56jybvy8sckqj [2024-03-26] (NVIDIA Corp.)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2403.237.0_x64__8wekyb3d8bbwe [2024-03-15] (Microsoft Corporation) [Startup Task]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-11] (Spotify AB) [Startup Task]
Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-04-10] (Microsoft Windows)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-01] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-972714221-4249912248-3257112829-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\netvi\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-972714221-4249912248-3257112829-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_830091b3ebd4b98a\nvshext.dll [2024-02-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-11] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\netvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\netvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\netvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\netvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\netvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\netvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\netvi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Shawn (wavegroup.co) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2023-11-09 02:59 - 2023-02-27 13:39 - 001393152 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.Runtime.dll
2023-09-28 17:16 - 2023-07-19 19:31 - 000322048 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ac_node_addon\build\Release\ac_node_addon.node
2023-09-28 17:16 - 2023-07-17 16:37 - 000175616 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ffi-napi\build\Release\ffi_bindings.node
2023-09-28 17:16 - 2023-04-14 14:18 - 000159744 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ref-napi\prebuilds\win32-ia32\electron.napi.node
2023-09-28 17:16 - 2023-04-14 14:18 - 000319488 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\sharp\build\Release\sharp-win32-ia32.node
2023-09-28 17:16 - 2023-04-26 16:06 - 000541696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\usb\prebuilds\win32-ia32\node.napi.node
2023-12-29 14:36 - 2024-04-13 08:59 - 000044800 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.02.32\PEbiosinterface32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\netvi\OneDrive\Desktop\KVRT.exe:MBAM.Zone.Identifier [183]
AlternateDataStreams: C:\Users\netvi\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [343]
AlternateDataStreams: C:\Users\netvi\Downloads\esetonlinescanner.exe:MBAM.Zone.Identifier [166]
AlternateDataStreams: C:\Users\netvi\Downloads\FRST64 (1).exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\netvi\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\netvi\Downloads\TwitchStudioSetup-network_[referrer-studio_page].exe:MBAM.Zone.Identifier [214]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [2902]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-06 22:24 - 2024-04-11 10:48 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Users\netvi\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-972714221-4249912248-3257112829-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\netvi\OneDrive\Desktop\mystical-foggy-5120x2880-12991.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F816F4B7-E5DF-4185-A6F3-56192E4E4931}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Allow) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [UDP Query User{292C4062-87C4-42B3-865A-FD463EB83B8F}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Allow) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [TCP Query User{5C3E0F0A-207D-4688-ABFA-4B8EAD84D99E}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Allow) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [UDP Query User{36430130-9486-4DAC-8B75-B69A845ACFF4}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Allow) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{FB02509C-0567-4719-9117-DF0F6CEE1700}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A3BC6C80-9723-4112-8390-917AF6CD21F7}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0E404A73-AAAD-422D-9249-DA3D01EBCD7E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{42DB1D92-334D-4AEF-BE2A-BDE1BE2FE022}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{90DDD00B-F083-45FF-90F7-B3246EF01BF3}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{0C7783DF-6867-4D1E-88EB-763A619334A9}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{C41E963A-9447-405E-96DC-36BA03E0A591}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Block) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [UDP Query User{BD5283A5-5D02-4383-8456-DA03BF4E10F4}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Block) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [TCP Query User{8AAA5632-F5FC-47B2-9CFB-B84A5D377B34}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{CDB35695-C1FC-42F2-B65E-4F303C10FCD2}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{DCA945F4-FFB6-4A00-A141-E2960D9BC24E}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (GAIJIN NETWORK LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{1C31B620-FDC1-45F7-9FFA-89507819FE34}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (GAIJIN NETWORK LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{0C507AD2-5452-4BB8-B0B6-DF1A3CB5F50F}C:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe (GAIJIN NETWORK LTD -> Gaijin)
FirewallRules: [UDP Query User{2F07FBF7-273A-4EF8-A836-1CE23B6A2B68}C:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe (GAIJIN NETWORK LTD -> Gaijin)
FirewallRules: [TCP Query User{AE4D542D-7027-4096-A4AA-D8333C66DCAA}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Allow) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [UDP Query User{A83073FF-2789-42CE-B28C-F12B1714A370}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Allow) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [TCP Query User{B5994217-F361-4C9F-9FE3-4FC0663E67AC}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{43E1AC34-CC6E-4A38-AD43-5D647C66A434}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{4F83933F-45B5-4B86-9F0C-9EF1949E33EE}C:\users\netvi\appdata\roaming\twitch studio\bin\twitchstudioagent.exe] => (Allow) C:\users\netvi\appdata\roaming\twitch studio\bin\twitchstudioagent.exe (Twitch Interactive, Inc. -> )
FirewallRules: [UDP Query User{9BAACE9A-F1C2-4A81-A23E-C2AC380AC870}C:\users\netvi\appdata\roaming\twitch studio\bin\twitchstudioagent.exe] => (Allow) C:\users\netvi\appdata\roaming\twitch studio\bin\twitchstudioagent.exe (Twitch Interactive, Inc. -> )
FirewallRules: [{9ABC1BE7-678C-4C25-9CB0-92EC5C28E03B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

09-04-2024 17:04:10 Windows Update
11-04-2024 10:39:38 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/13/2024 08:59:29 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DIGGITY$ via https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/13/2024 08:59:29 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/12/2024 08:31:13 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DIGGITY$ via https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/12/2024 08:31:13 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(15ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/12/2024 07:31:12 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DIGGITY$ via https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/12/2024 07:31:08 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(359ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/12/2024 02:00:35 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DIGGITY$ via https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/12/2024 02:00:35 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(125ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

System errors:
=============
Error: (04/12/2024 01:02:31 PM) (Source: DCOM) (EventID: 10005) (User: DIGGITY)
Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_e18bc with arguments "Unavailable" in order to run the server:
Windows.Media.Capture.Internal.AppCaptureShell

Error: (04/12/2024 01:02:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GameDVR and Broadcast User Service_e18bc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/12/2024 01:02:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GameDVR and Broadcast User Service_e18bc service to connect.

Error: (04/11/2024 08:04:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Background Intelligent Transfer Service service did not shut down properly after receiving a preshutdown control.

Error: (04/11/2024 08:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DIGGITY)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (04/11/2024 06:16:20 PM) (Source: DCOM) (EventID: 10005) (User: DIGGITY)
Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_a9a8c with arguments "Unavailable" in order to run the server:
Windows.Media.Capture.Internal.AppCaptureShell

Error: (04/11/2024 06:16:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GameDVR and Broadcast User Service_a9a8c service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/11/2024 06:16:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GameDVR and Broadcast User Service_a9a8c service to connect.

CodeIntegrity:
===============
Date: 2024-04-13 09:08:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 4007 12/08/2020
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX B450-F GAMING II
Processor: AMD Ryzen 7 5800X 8-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 32670.02 MB
Available physical RAM: 24578.06 MB
Total Virtual: 37534.02 MB
Available Virtual: 27097.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.82 GB) (Free:509.9 GB) (Model: Samsung SSD 970 EVO Plus 1TB) NTFS

\\?\Volume{06c41e27-86d7-46e3-95ac-1d40e9d56b5d}\ () (Fixed) (Total:0.58 GB) (Free:0.05 GB) NTFS
\\?\Volume{58e14911-cf2d-492b-b242-89e24b259e6e}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Edited by Oh My!, 14 April 2024 - 08:02 AM.

#4 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,428 posts
OFFLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 13 April 2024 - 06:58 PM

The Addition.txt report was posted twice. Please copy and paste the FRST.txt report in your reply.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#5 Netviperx

Topic Starter

Members
12 posts
OFFLINE

Local time:12:30 AM

Posted 13 April 2024 - 08:03 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024

Ran by netvi (administrator) on DIGGITY (13-04-2024 09:10:34)

Running from C:\Users\netvi\Downloads\FRST64 (1).exe

Loaded Profiles: netvi

Platform: Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe

(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>

(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzAppManager

(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzBTLEManager

(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzDeviceManager

(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzDiagnostic

(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzIoTDeviceManager

(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSmartlightingDeviceManager

(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <5>

(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe

(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe

(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> Razer Inc) C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mw\RzTHX0520.exe

(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>

(C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe

(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe

(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>

(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe

(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe <6>

(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe

(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe

(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>

(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe

(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe

(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUS Inc.) C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe

(services.exe ->) (ASUSTeK COMPUTER INC. -> Asustek Computer Inc.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe

(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.20\AsusFanControlService.exe

(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.32\atkexComSvc.exe

(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe

(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe

(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe

(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®) C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe

(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>

(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_830091b3ebd4b98a\Display.NvContainer\NVDisplay.Container.exe <2>

(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe

(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe

(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe

(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe

(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe

(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe

(services.exe ->) (THX LTD. -> VisiSonics) C:\Windows\System32\VSSrv.exe

(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe

(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe

(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe

(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe

(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe

(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe <2>

(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <7>

(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe

(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe

(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\netvi\AppData\Local\Microsoft\OneDrive\24.055.0317.0002\FileCoAuth.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(VSSrv.exe ->) (THX LTD. -> VisiSonics) C:\Windows\System32\VSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\Run: [MicrosoftEdgeAutoLaunch_3C73999FB7ABA6AF105DB70048766CFC] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4063784 2024-04-03] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37448168 2024-04-10] (Epic Games Inc. -> Epic Games, Inc.)

HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70926368 2024-04-10] (Riot Games, Inc. -> Riot Games, Inc.)

HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4384104 2024-03-06] (Valve Corp. -> Valve Corporation)

HKU\S-1-5-21-972714221-4249912248-3257112829-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3593992 2024-03-26] (Razer USA Ltd. -> Razer Inc.)

HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3593992 2024-03-26] (Razer USA Ltd. -> Razer Inc.)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe [2024-04-11] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6A3F0744-B34E-43B5-8721-058F2F38FF5C} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [313192 2023-06-26] (ASUSTeK COMPUTER INC. -> ASUS)

Task: {BD2171FD-9CC6-4513-BB45-A317FA481093} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1881448 2023-06-26] (ASUSTeK COMPUTER INC. -> ASUS)

Task: {EF98A29E-4A73-4214-96A2-8D80B4AD0560} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d9f26a2b528324 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-28] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)

Task: {E089FD93-2BDE-4EE3-8DB6-0E7F9FFD8EBB} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-28] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)

Task: {554FB766-C1D0-40BE-8715-81A5A4EED710} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [139091304 2023-07-19] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)

Task: {ABA187D9-D68F-406B-8825-2969CBCD18EB} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1254760 2023-07-05] (ASUSTeK COMPUTER INC. -> ASUS)

Task: {8552564B-6DAB-41BF-B1D7-5305463F3CFE} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)

Task: {9F0C9CE2-A67F-4B8C-AE88-5C9D4E4EA8E5} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\netvi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)

Task: {D5EBD7D3-65C2-4581-8CC5-2731C5D8041C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\netvi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)

Task: {AC54C04A-1B92-4A86-B2CE-71B04A572792} - System32\Tasks\GoogleUpdateTaskMachineCore{63BCEA07-C923-4126-9F2D-DC773B98B1F5} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-09-28] (Google LLC -> Google LLC)

Task: {6731A81F-437B-421C-B7D0-0C66D759C329} - System32\Tasks\GoogleUpdateTaskMachineUA{8451CCA1-6F40-48DF-8E77-EA29110AE444} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-09-28] (Google LLC -> Google LLC)

Task: {6EFDC827-E86B-4A23-BFFB-9C4AF22D7529} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-12] (HP Inc. -> HP Inc.)

Task: {3BBD301F-841A-4C33-A0BA-1E45595825F3} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-12] (HP Inc. -> HP Inc.)

Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)

Task: {0E52A9C6-3E8E-442C-9DD3-0D9251790D74} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

Task: {445FA6C4-F817-471A-90A6-E691E8C16A30} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {CDDE3BB0-C1E0-44CE-A660-FBF613C58625} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler

Task: {A98C4783-E6F1-4F13-8782-319769EE11A6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {1BC456FE-C852-4178-A2C0-73879BE286A4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {E49E2443-4BB2-40F9-82C0-989B6945E37C} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {784BDCC2-5BA9-4F0F-B51C-895A5EE01C6F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {7B4FAF3C-33BA-4A4D-B419-08BD771A683C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {68CE426C-9C1C-439F-933B-9834BD8B3A3E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{a3992026-01e6-46a2-833a-1b707b710289}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{fa107eec-3683-4b78-ba98-eba3d6021698}: [DhcpNameServer] 192.168.1.1

Edge:

=======

Edge Profile: C:\Users\netvi\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-13]

Edge Extension: (Google Docs Offline) - C:\Users\netvi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-31]

Edge Extension: (Edge relevant text changes) - C:\Users\netvi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-23]

Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default [2024-04-13]

CHR Extension: (Google Docs Offline) - C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-18]

CHR Extension: (Malwarebytes Browser Guard) - C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-04-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-28]

CHR Profile: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-04-11]

CHR Notifications: Profile 1 -> hxxps://app.zoom.us; hxxps://meet.google.com

CHR Extension: (Google Docs Offline) - C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-19]

CHR Extension: (Chrome Web Store Payments) - C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-12-12]

CHR Profile: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-04-11]

CHR Extension: (Google Docs Offline) - C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-03]

CHR Extension: (Chrome Web Store Payments) - C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-03]

CHR Profile: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\System Profile [2024-04-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [401880 2023-12-29] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.32\atkexComSvc.exe [907112 2023-12-29] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)

S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-28] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)

R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [502120 2023-11-22] (ASUSTeK COMPUTER INC. -> Asustek Computer Inc.)

R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.20\AsusFanControlService.exe [1722216 2023-05-19] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)

S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-28] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)

S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [838760 2024-04-13] (ASUSTeK Computer Inc. -> )

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15689512 2024-02-25] (BattlEye Innovations e.K. -> )

S3 CorsairDeviceListerService; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairDeviceListerService.exe [151080 2023-10-17] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2024-03-26] (EasyAntiCheat Oy -> Epic Games, Inc)

S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [954704 2023-12-14] (EasyAntiCheat Oy -> Epic Games, Inc.)

S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-05-01] (Epic Games Inc. -> Epic Games, Inc.)

R2 GameSDK Service; C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe [397544 2022-05-31] (ASUSTeK COMPUTER INC. -> ASUS Inc.)

R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-03-12] (HP Inc. -> HP Inc.)

S3 iCUEUpdateService; C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEUpdateService.exe [384552 2023-10-17] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [4801896 2023-12-01] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8884840 2024-04-11] (Malwarebytes Inc. -> Malwarebytes)

S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-04-11] (Malwarebytes Inc. -> Malwarebytes)

S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [13142392 2024-03-14] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)

R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_830091b3ebd4b98a\Display.NvContainer\NVDisplay.Container.exe [1274992 2024-02-17] (NVIDIA Corporation -> NVIDIA Corporation)

R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1874864 2024-03-21] (Razer USA Ltd. -> Razer Inc.)

R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [231856 2024-03-21] (Razer USA Ltd. -> Razer Inc.)

R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1361360 2023-03-06] (Razer USA Ltd. -> Razer Inc.)

R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [256264 2023-02-10] (Razer USA Ltd. -> Razer Inc)

R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [298248 2024-03-26] (Razer USA Ltd. -> Razer Inc.)

R2 ROG Live Service; C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe [2010584 2024-02-29] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)

R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [538424 2023-11-09] (Razer USA Ltd. -> Razer Inc.)

R2 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [295592 2023-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®)

S3 TwitchService; C:\Program Files\Common Files\Twitch\TwitchService.exe [345400 2024-04-12] (Twitch Interactive, Inc. -> )

R2 VSSrv; C:\WINDOWS\System32\VSSrv.exe [3359592 2023-11-23] (THX LTD. -> VisiSonics)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)

R1 Asusgio3; C:\WINDOWS\system32\drivers\AsIO3.sys [59344 2023-11-22] (ASUSTeK COMPUTER INC. -> Asustek Computer Inc.)

R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47032 2023-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22968 2023-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R1 CTIAIO; C:\WINDOWS\system32\drivers\CtiAIo64.sys [34520 2023-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [54752 2023-07-25] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)

S3 logi_generic_hid_filter; C:\WINDOWS\system32\drivers\logi_generic_hid_filter.sys [62288 2023-09-11] (Logitech Inc -> Logitech)

S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2023-09-11] (Logitech Inc -> Logitech)

S3 logi_joy_hid_filter; C:\WINDOWS\system32\drivers\logi_joy_hid_filter.sys [63824 2023-09-11] (Logitech Inc -> Logitech)

S3 logi_joy_hid_lo; C:\WINDOWS\system32\drivers\logi_joy_hid_lo.sys [51536 2023-09-11] (Logitech Inc -> Logitech)

S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2023-09-11] (Logitech Inc -> Logitech)

S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2023-09-11] (Logitech Inc -> Logitech)

R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [234312 2024-04-13] (Malwarebytes Inc. -> Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-04-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-04-13] (Malwarebytes Inc. -> Malwarebytes)

R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [19000 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)

R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)

S3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2022-05-22] (Oculus VR, LLC -> Facebook Inc.)

R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [65808 2024-01-11] (Razer USA Ltd. -> Razer Inc)

S3 RzDev_008a; C:\WINDOWS\System32\drivers\RzDev_008a.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)

R3 RzDev_0257; C:\WINDOWS\System32\drivers\RzDev_0257.sys [64680 2022-08-18] (Razer USA Ltd. -> Razer Inc)

R3 RzDev_0520; C:\WINDOWS\System32\drivers\RzDev_0520.sys [54088 2021-03-22] (Razer USA Ltd. -> Razer Inc)

S3 tmhidusb; C:\WINDOWS\system32\DRIVERS\tmhidusb.sys [568384 2023-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster)

R3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20936 2024-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [601376 2024-04-09] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-09] (Microsoft Windows -> Microsoft Corporation)

S3 cpuz157; \??\C:\WINDOWS\temp\cpuz157\cpuz157_x64.sys [X] <==== ATTENTION

S3 cpuz158; \??\C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-13 09:08 - 2024-04-13 09:10 - 002394112 _____ (Farbar) C:\Users\netvi\Downloads\FRST64 (1).exe

2024-04-13 08:59 - 2024-04-13 08:59 - 000234312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys

2024-04-13 08:59 - 2024-04-13 08:59 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2024-04-12 19:32 - 2024-04-12 19:32 - 000027138 _____ C:\Users\netvi\Downloads\254144_42145d29340b34523fb7f56b29a429e9 (2).pdf

2024-04-12 19:26 - 2024-04-12 19:26 - 000027138 _____ C:\Users\netvi\Downloads\254144_42145d29340b34523fb7f56b29a429e9 (1).pdf

2024-04-12 19:25 - 2024-04-12 19:25 - 000469502 _____ C:\Users\netvi\Downloads\210175_dbaf50aea744edeabc06993378fce971.pdf

2024-04-12 19:23 - 2024-04-12 19:23 - 000027138 _____ C:\Users\netvi\Downloads\254144_42145d29340b34523fb7f56b29a429e9.pdf

2024-04-12 17:13 - 2024-04-12 17:14 - 000000000 ____D C:\Users\netvi\AppData\Roaming\Twitch Studio

2024-04-12 17:13 - 2024-04-12 17:13 - 000001134 _____ C:\Users\netvi\OneDrive\Desktop\Twitch Studio.lnk

2024-04-12 17:13 - 2024-04-12 17:13 - 000001114 _____ C:\Users\netvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Studio.lnk

2024-04-12 17:09 - 2024-04-12 17:13 - 001294000 _____ (Twitch Interactive, Inc.) C:\Users\netvi\Downloads\TwitchStudioSetup-network_[referrer-studio_page].exe

2024-04-11 11:25 - 2024-04-11 11:25 - 000003842 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn

2024-04-11 11:25 - 2024-04-11 11:25 - 000003400 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime

2024-04-11 11:10 - 2024-04-11 11:10 - 000000000 ____D C:\KVRT2020_Data

2024-04-11 11:09 - 2024-04-11 11:10 - 110894960 _____ (AO Kaspersky Lab) C:\Users\netvi\OneDrive\Desktop\KVRT.exe

2024-04-11 11:03 - 2024-04-11 11:03 - 000000727 _____ C:\Users\netvi\OneDrive\Desktop\Malwarebytes Website Blocked Report 2024-04-11 174952.txt

2024-04-11 10:54 - 2024-04-11 14:47 - 000000000 ____D C:\Users\netvi\AppData\Local\ESET

2024-04-11 10:54 - 2024-04-11 10:54 - 008389496 _____ (ESET) C:\Users\netvi\Downloads\esetonlinescanner.exe

2024-04-11 10:54 - 2024-04-11 10:54 - 000001378 _____ C:\Users\netvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk

2024-04-11 10:39 - 2024-04-11 10:48 - 002166562 _____ C:\Users\netvi\Downloads\Fixlog.txt

2024-04-11 10:39 - 2024-04-11 10:39 - 000028672 _____ C:\exportBCDfile

2024-04-11 10:23 - 2024-04-11 10:23 - 000025377 _____ C:\Users\netvi\Downloads\Shortcut.txt

2024-04-11 10:07 - 2024-04-13 09:10 - 000030641 _____ C:\Users\netvi\Downloads\FRST.txt

2024-04-11 10:07 - 2024-04-13 09:10 - 000000000 ____D C:\FRST

2024-04-11 10:07 - 2024-04-11 10:28 - 000045471 _____ C:\Users\netvi\Downloads\Addition.txt

2024-04-11 10:06 - 2024-04-11 10:07 - 002394112 _____ (Farbar) C:\Users\netvi\Downloads\FRST64.exe

2024-04-11 10:04 - 2024-04-11 10:04 - 008790880 _____ (Malwarebytes) C:\Users\netvi\Downloads\adwcleaner.exe

2024-04-11 10:04 - 2024-04-11 10:04 - 000000000 ____D C:\AdwCleaner

2024-04-11 08:59 - 2024-04-13 09:09 - 000000000 ____D C:\Users\netvi\AppData\Local\Malwarebytes

2024-04-11 08:59 - 2024-04-11 08:59 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2024-04-11 08:59 - 2024-04-11 08:59 - 000000000 ____D C:\ProgramData\Malwarebytes

2024-04-11 08:59 - 2024-04-11 08:59 - 000000000 ____D C:\Program Files\Malwarebytes

2024-04-11 08:58 - 2024-04-11 08:58 - 002589624 _____ (Malwarebytes) C:\Users\netvi\Downloads\MBSetup-4.4.exe

2024-04-10 07:17 - 2024-04-10 07:18 - 000000000 ___HD C:\$WinREAgent

2024-04-04 18:15 - 2024-04-04 18:22 - 000000252 _____ C:\Users\netvi\AppData\LocalLow\rbxcsettings.rbx

2024-04-04 09:02 - 2024-04-04 09:02 - 000027888 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_370318606679.dll

2024-04-02 19:10 - 2024-04-02 19:10 - 000104787 _____ C:\Users\netvi\Downloads\Freedom Riders Wmns History.pdf

2024-04-02 19:10 - 2024-04-02 19:10 - 000065983 _____ C:\Users\netvi\Downloads\1st Female Doctor.pdf

2024-04-02 19:10 - 2024-04-02 19:10 - 000065983 _____ C:\Users\netvi\Downloads\1st Female Doctor (1).pdf

2024-04-02 19:06 - 2024-04-02 19:06 - 000060467 _____ C:\Users\netvi\Downloads\Response Forms Wmns History-2.pdf

2024-04-01 18:00 - 2024-04-01 18:00 - 000549973 _____ C:\Users\netvi\Downloads\Welcome Information.pdf

2024-04-01 08:42 - 2024-04-01 08:42 - 002482893 _____ C:\Users\netvi\Downloads\220706_4a9949207ca1d5929c0204289f7a780f.pdf

2024-03-27 22:09 - 2024-03-27 22:09 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs

2024-03-27 17:52 - 2024-03-27 17:52 - 000024320 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json

2024-03-27 17:52 - 2024-03-27 17:52 - 000024320 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json

2024-03-27 11:25 - 2024-03-27 11:25 - 000081104 _____ C:\Users\netvi\Downloads\Receipt (3_27_2024)_6162278.pdf

2024-03-26 12:48 - 2024-03-26 12:48 - 000000000 ____D C:\Users\netvi\AppData\Local\WarThunder

2024-03-26 12:48 - 2024-03-26 12:48 - 000000000 ____D C:\ProgramData\WarThunder

2024-03-26 12:47 - 2024-03-26 13:16 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat

2024-03-26 12:47 - 2024-03-26 12:47 - 000000000 ____D C:\ProgramData\Gaijin

2024-03-26 12:25 - 2024-03-26 12:25 - 000000222 _____ C:\Users\netvi\OneDrive\Desktop\War Thunder.url

2024-03-21 00:17 - 2024-03-21 00:17 - 000351664 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaSDK64.dll

2024-03-21 00:11 - 2024-03-21 00:11 - 000312752 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaSDK.dll

2024-03-18 13:57 - 2024-03-18 13:57 - 000621466 _____ C:\Users\netvi\Downloads\Wiley Management Inc - 28 SS (Weekly&BiWeekly).xlsb

2024-03-18 13:57 - 2024-03-18 13:57 - 000621466 _____ C:\Users\netvi\Downloads\Wiley Management Inc - 28 SS (Weekly&BiWeekly) (1).xlsb

2024-03-17 11:08 - 2024-03-17 11:08 - 000115373 _____ C:\Users\netvi\Downloads\Text Structure 7th grade (1).pdf

2024-03-17 11:06 - 2024-03-17 11:06 - 000115373 _____ C:\Users\netvi\Downloads\Text Structure 7th grade.pdf

2024-03-15 13:39 - 2024-03-15 13:39 - 000027911 _____ C:\Users\netvi\Downloads\Saxon Practice Sheet-1 (6).pdf

2024-03-15 09:52 - 2024-03-15 09:52 - 000165043 _____ C:\Users\netvi\Downloads\'Cat Walked by Himself' _8th).pdf

2024-03-14 14:08 - 2024-03-14 14:08 - 000000000 ____D C:\Users\netvi\AppData\Roaming\Arrowhead

2024-03-14 14:08 - 2024-03-14 12:41 - 013142392 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des

2024-03-14 12:41 - 2024-03-14 12:41 - 000000222 _____ C:\Users\netvi\OneDrive\Desktop\HELLDIVERS™ 2.url

2024-03-14 10:52 - 2024-03-14 10:52 - 000027911 _____ C:\Users\netvi\Downloads\Saxon Practice Sheet-1 (5).pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-13 09:06 - 2023-09-28 17:02 - 000848500 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2024-04-13 09:06 - 2022-05-06 22:22 - 000000000 ____D C:\WINDOWS\INF

2024-04-13 09:05 - 2023-09-28 17:08 - 000000000 ____D C:\Program Files (x86)\Google

2024-04-13 09:05 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemTemp

2024-04-13 09:01 - 2023-11-25 12:40 - 000000000 ____D C:\Users\netvi\AppData\Local\Steam

2024-04-13 09:01 - 2023-11-25 12:40 - 000000000 ____D C:\Program Files (x86)\Steam

2024-04-13 08:59 - 2023-09-28 18:34 - 000000000 ____D C:\Users\netvi\AppData\Roaming\asus_framework

2024-04-13 08:59 - 2023-09-21 18:01 - 000000000 ____D C:\ProgramData\NVIDIA

2024-04-13 08:59 - 2023-09-21 18:00 - 000877320 _____ C:\WINDOWS\system32\wpbbin.exe

2024-04-13 08:59 - 2023-09-21 18:00 - 000838760 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe

2024-04-13 08:59 - 2023-09-21 18:00 - 000012288 ___SH C:\DumpStack.log.tmp

2024-04-13 08:59 - 2023-09-21 18:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2024-04-13 08:59 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ServiceState

2024-04-13 08:59 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2024-04-12 23:00 - 2022-05-06 22:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI

2024-04-12 19:40 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\AppReadiness

2024-04-12 19:35 - 2024-01-08 17:57 - 000000000 ____D C:\Users\netvi\OneDrive\Desktop\Waiting Time Penalties

2024-04-12 17:13 - 2023-10-19 10:00 - 000000000 ____D C:\Program Files\Common Files\Twitch

2024-04-12 17:08 - 2023-09-21 18:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2024-04-12 14:10 - 2023-12-12 10:52 - 000002396 _____ C:\Users\netvi\OneDrive\Desktop\Ken - Chrome.lnk

2024-04-12 12:22 - 2024-02-19 10:10 - 000000000 ____D C:\Users\netvi\AppData\Roaming\riot-client-ux

2024-04-12 12:22 - 2023-09-28 17:53 - 000000000 ____D C:\Users\netvi\AppData\Roaming\EasyAntiCheat

2024-04-12 10:28 - 2023-09-28 20:14 - 000000000 ____D C:\Users\netvi\AppData\Local\CrashDumps

2024-04-12 10:14 - 2023-09-28 17:16 - 000000000 ____D C:\Program Files\ASUS

2024-04-11 19:31 - 2023-11-07 16:09 - 000000000 ____D C:\ProgramData\Riot Games

2024-04-11 17:58 - 2023-11-18 10:21 - 000001397 _____ C:\Users\netvi\OneDrive\Desktop\Roblox Player.lnk

2024-04-11 17:58 - 2023-11-18 10:21 - 000000000 ____D C:\Users\netvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2024-04-11 10:47 - 2023-09-28 17:05 - 000000000 ____D C:\Users\netvi\AppData\Local\Packages

2024-04-11 10:46 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\CbsTemp

2024-04-11 09:16 - 2023-09-28 17:08 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2024-04-11 08:59 - 2022-05-06 22:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2024-04-11 07:23 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps

2024-04-10 19:23 - 2023-12-28 20:58 - 000000098 _____ C:\Users\netvi\AppData\Roaming\LauncherSettings_live.cfg

2024-04-10 10:38 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate

2024-04-10 10:23 - 2023-09-21 18:00 - 000303680 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2024-04-10 10:02 - 2023-10-08 22:05 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView

2024-04-10 10:02 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemResources

2024-04-10 10:02 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm

2024-04-10 10:02 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates

2024-04-10 10:02 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\bcastdvr

2024-04-10 07:21 - 2023-10-01 12:53 - 000000000 ____D C:\WINDOWS\system32\MRT

2024-04-10 07:20 - 2023-10-01 12:53 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2024-04-10 07:19 - 2023-09-21 18:04 - 003213824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

2024-04-10 07:07 - 2023-09-21 18:02 - 000000000 ____D C:\ProgramData\Packages

2024-04-09 15:13 - 2023-09-21 18:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2024-04-08 18:42 - 2023-09-28 17:05 - 000000000 ____D C:\Users\netvi\AppData\Local\D3DSCache

2024-04-08 10:00 - 2023-09-28 17:06 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-972714221-4249912248-3257112829-1001

2024-04-08 10:00 - 2023-09-28 17:06 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-972714221-4249912248-3257112829-1001

2024-04-08 10:00 - 2023-09-28 17:06 - 000002379 _____ C:\Users\netvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2024-04-07 11:34 - 2023-12-28 20:58 - 000000049 _____ C:\Users\netvi\AppData\Roaming\TheHunterSettings_steam_live.cfg

2024-04-06 08:32 - 2023-09-21 18:01 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2024-04-05 10:44 - 2023-12-28 20:32 - 000016837 _____ C:\Users\netvi\AppData\Roaming\TheHunterSettings_live.bin

2024-04-04 18:16 - 2023-11-18 10:21 - 000001397 _____ C:\Users\netvi\OneDrive\Desktop\Roblox Studio.lnk

2024-04-04 18:16 - 2023-11-18 10:21 - 000000000 ____D C:\Users\netvi\AppData\Local\Roblox

2024-04-04 17:11 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2024-04-04 14:17 - 2023-09-28 17:03 - 000000000 ____D C:\Users\netvi

2024-04-04 09:02 - 2023-09-28 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer

2024-04-04 09:01 - 2023-09-28 18:26 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK

2024-04-03 08:26 - 2023-09-21 18:01 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2024-04-03 08:26 - 2023-09-21 18:01 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2024-03-27 23:19 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth

2024-03-27 22:09 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2024-03-27 22:09 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2024-03-27 22:09 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2024-03-27 22:09 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences

2024-03-27 22:09 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\oobe

2024-03-27 22:09 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient

2024-03-27 22:09 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\DDFs

2024-03-27 22:09 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellComponents

2024-03-27 22:09 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\Provisioning

2024-03-26 19:53 - 2023-09-28 17:03 - 000000000 ___SD C:\Users\netvi\AppData\Roaming\Microsoft\Protect

2024-03-26 12:48 - 2023-12-03 17:41 - 000000000 ____D C:\Users\netvi\OneDrive\Documents\My Games

2024-03-26 12:25 - 2023-12-13 18:56 - 000000000 ____D C:\Users\netvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2024-03-18 13:37 - 2023-09-28 17:06 - 000000000 ____D C:\Users\netvi\AppData\Local\PlaceholderTileLogoFolder

2024-03-18 10:18 - 2023-09-21 18:01 - 000000000 ____D C:\ProgramData\ASUS

2024-03-14 14:08 - 2023-09-28 17:10 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories ========

2023-12-28 20:58 - 2024-04-10 19:23 - 000000098 _____ () C:\Users\netvi\AppData\Roaming\LauncherSettings_live.cfg

2023-12-28 20:32 - 2024-04-05 10:44 - 000016837 _____ () C:\Users\netvi\AppData\Roaming\TheHunterSettings_live.bin

2023-12-28 20:58 - 2024-04-07 11:34 - 000000049 _____ () C:\Users\netvi\AppData\Roaming\TheHunterSettings_steam_live.cfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

#6 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,428 posts
OFFLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 14 April 2024 - 09:11 AM

Thank you for the reports.

Is the Password Manager part of Chrome? If not, what Password Manager are you referring to?

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Zip: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections
S3 cpuz157; \??\C:\WINDOWS\temp\cpuz157\cpuz157_x64.sys [X] <==== ATTENTION 
S3 cpuz158; \??\C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION 
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File) 
Task: {8552564B-6DAB-41BF-B1D7-5305463F3CFE} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File) 
Task: {9F0C9CE2-A67F-4B8C-AE88-5C9D4E4EA8E5} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\netvi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File) 
Task: {D5EBD7D3-65C2-4581-8CC5-2731C5D8041C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\netvi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) 
CustomCLSID: HKU\S-1-5-21-972714221-4249912248-3257112829-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\netvi\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File 
CustomCLSID: HKU\S-1-5-21-972714221-4249912248-3257112829-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
The tool will create a zipped folder in the same location from where FRST was run with today's date, example: 06.11.2016_13.24.50.zip. Upload the file to GoFile or the file hosting site of your choice and send me a Personal Message with the download link

Which Password Manager?
Fixlog
Uploaded zip file

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#7 Netviperx

Topic Starter

Members
12 posts
OFFLINE

Local time:12:30 AM

Posted 15 April 2024 - 10:20 AM

Yes its in chrome.

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024

Ran by netvi (15-04-2024 08:16:25) Run:2

Running from C:\Users\netvi\Downloads

Loaded Profiles: netvi

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start::

SystemRestore: On

CreateRestorePoint:

CloseProcesses:

Zip: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections

S3 cpuz157; \??\C:\WINDOWS\temp\cpuz157\cpuz157_x64.sys [X] <==== ATTENTION

S3 cpuz158; \??\C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)

Task: {9F0C9CE2-A67F-4B8C-AE88-5C9D4E4EA8E5} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\netvi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)

Task: {D5EBD7D3-65C2-4581-8CC5-2731C5D8041C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\netvi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)

Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)

CustomCLSID: HKU\S-1-5-21-972714221-4249912248-3257112829-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\netvi\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File

CustomCLSID: HKU\S-1-5-21-972714221-4249912248-3257112829-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File

cmd: sfc /scannow

cmd: DISM /Online /Cleanup-Image /CheckHealth

End::

*****************

SystemRestore: On => completed

Restore point was successfully created.

Processes closed successfully.

================== Zip: ===================

C:\ProgramData\Malwarebytes\MBAMService\MwacDetections -> copied successfully to C:\Users\netvi\OneDrive\Desktop\15.04.2024_08.16.31.zip

=========== Zip: End ===========

HKLM\System\CurrentControlSet\Services\cpuz157 => removed successfully

cpuz157 => service removed successfully

HKLM\System\CurrentControlSet\Services\cpuz158 => removed successfully

cpuz158 => service removed successfully

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8552564B-6DAB-41BF-B1D7-5305463F3CFE}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8552564B-6DAB-41BF-B1D7-5305463F3CFE}" => removed successfully

C:\WINDOWS\System32\Tasks\ASUS\P508PowerAgent_sdk => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\P508PowerAgent_sdk" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F0C9CE2-A67F-4B8C-AE88-5C9D4E4EA8E5}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F0C9CE2-A67F-4B8C-AE88-5C9D4E4EA8E5}" => removed successfully

C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5EBD7D3-65C2-4581-8CC5-2731C5D8041C}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5EBD7D3-65C2-4581-8CC5-2731C5D8041C}" => removed successfully

C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully

C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully

HKU\S-1-5-21-972714221-4249912248-3257112829-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000} => removed successfully

HKU\S-1-5-21-972714221-4249912248-3257112829-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b} => removed successfully

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.

Verification 1% complete.

Verification 2% complete.

Verification 3% complete.

Verification 4% complete.

Verification 5% complete.

Verification 6% complete.

Verification 7% complete.

Verification 8% complete.

Verification 9% complete.

Verification 10% complete.

Verification 11% complete.

Verification 12% complete.

Verification 13% complete.

Verification 14% complete.

Verification 15% complete.

Verification 16% complete.

Verification 17% complete.

Verification 18% complete.

Verification 19% complete.

Verification 20% complete.

Verification 21% complete.

Verification 22% complete.

Verification 23% complete.

Verification 24% complete.

Verification 25% complete.

Verification 26% complete.

Verification 27% complete.

Verification 28% complete.

Verification 29% complete.

Verification 30% complete.

Verification 31% complete.

Verification 32% complete.

Verification 33% complete.

Verification 34% complete.

Verification 35% complete.

Verification 36% complete.

Verification 37% complete.

Verification 38% complete.

Verification 39% complete.

Verification 40% complete.

Verification 41% complete.

Verification 42% complete.

Verification 43% complete.

Verification 44% complete.

Verification 45% complete.

Verification 46% complete.

Verification 47% complete.

Verification 48% complete.

Verification 49% complete.

Verification 50% complete.

Verification 51% complete.

Verification 52% complete.

Verification 53% complete.

Verification 54% complete.

Verification 55% complete.

Verification 56% complete.

Verification 57% complete.

Verification 58% complete.

Verification 59% complete.

Verification 60% complete.

Verification 61% complete.

Verification 62% complete.

Verification 63% complete.

Verification 64% complete.

Verification 65% complete.

Verification 66% complete.

Verification 67% complete.

Verification 68% complete.

Verification 69% complete.

Verification 70% complete.

Verification 71% complete.

Verification 72% complete.

Verification 73% complete.

Verification 74% complete.

Verification 75% complete.

Verification 76% complete.

Verification 77% complete.

Verification 78% complete.

Verification 79% complete.

Verification 80% complete.

Verification 81% complete.

Verification 82% complete.

Verification 83% complete.

Verification 84% complete.

Verification 85% complete.

Verification 86% complete.

Verification 87% complete.

Verification 88% complete.

Verification 89% complete.

Verification 90% complete.

Verification 91% complete.

Verification 92% complete.

Verification 93% complete.

Verification 94% complete.

Verification 95% complete.

Verification 96% complete.

Verification 97% complete.

Verification 98% complete.

Verification 99% complete.

Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool

Version: 10.0.22621.2792

Image Version: 10.0.22631.3447

No component store corruption detected.

The operation completed successfully.

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 08:17:43 ====

#8 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,428 posts
OFFLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 15 April 2024 - 01:17 PM

Thank you.

Upload the C:\Users\netvi\OneDrive\Desktop\15.04.2024_08.16.31.zip file to GoFile or the file hosting site of your choice and send me a Personal Message with the download link.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#9 Netviperx

Topic Starter

Members
12 posts
OFFLINE

Local time:12:30 AM

Posted 16 April 2024 - 11:58 AM

Hello Gary,

I sent over the file.

Just wanted to thank you again for your help.

Regards,

Sean

#10 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,428 posts
OFFLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 16 April 2024 - 03:24 PM

My pleasure to work with you on this.

Sorry for the delay.

Please do this.

===================================================

Disabling Extensions in Google Chrome

--------------------

Press the Windows Key + R at the same time
Copy and paste the following into the Open: box

chrome --disable-extensions

Click OK
Test the Password Manager
If the symptom continues close Chrome and complete the next step

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
CloseProcesses:
cmd: TASKKILL /IM chrome.exe /F
Move: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Data C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Dataold
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
Upon reboot launch Chrome and check the Password Manager

Extension results?
Fixlog, if applicable
Password Manager status

Edited by Oh My!, 18 April 2024 - 07:20 PM.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#11 Netviperx

Topic Starter

Members
12 posts
OFFLINE

Local time:12:30 AM

Posted 18 April 2024 - 12:23 PM

Extension - Still had the issue.
Fix - Still have the issue.

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.04.2024
Ran by netvi (18-04-2024 10:20:29) Run:3
Running from C:\Users\netvi\Downloads
Loaded Profiles: netvi
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CloseProcesses:
cmd: TASKKILL /IM chrome.exe /F
Move: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Data C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Dataold
End::
*****************

Processes closed successfully.

========= TASKKILL /IM chrome.exe /F =========

ERROR: The process "chrome.exe" not found.

========= End of CMD: =========

"C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Data" => not found

The system needed a reboot.

==== End of Fixlog 10:20:31 ====

Edited by Oh My!, 18 April 2024 - 07:19 PM.

#12 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,428 posts
OFFLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 18 April 2024 - 07:21 PM

Please run the Fixlist again from Post #10.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#13 Netviperx

Topic Starter

Members
12 posts
OFFLINE

Local time:12:30 AM

Posted 18 April 2024 - 09:34 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.04.2024

Ran by netvi (18-04-2024 19:32:55) Run:4

Running from C:\Users\netvi\Downloads

Loaded Profiles: netvi

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start::

CloseProcesses:

cmd: TASKKILL /IM chrome.exe /F

Move: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Data C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Dataold

End::

*****************

Processes closed successfully.

========= TASKKILL /IM chrome.exe /F =========

ERROR: The process "chrome.exe" not found.

========= End of CMD: =========

"C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Data" moved successfully to C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Dataold

The system needed a reboot.

==== End of Fixlog 19:32:57 ====

#14 Netviperx

Topic Starter

Members
12 posts
OFFLINE

Local time:12:30 AM

Posted 18 April 2024 - 09:41 PM

Still happening. So weird.

#15 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,428 posts
OFFLINE

Gender:Male
Location:California
Local time:09:30 PM

Posted 19 April 2024 - 08:52 AM

Do you have a separate router and modem or is it a router/modem combination unit?

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
File: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Data
File: C:\Users\netvi\AppData\Local\Google\Chrome\User Data\Default\Login Dataold
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
Emptytemp:
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Upon reboot check Chrome

Router and modem?
Fixlog
Chrome?

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69