Windows 11 installation has failed

[garnettoz]

hello
i'm trying to install win 11 with no success... getting this massage: "Windows 11 installation has failed"
what can i do ?
( i have win 10 . TPM 2 is on , also secure boot - on)
files attached : Addition,FRST
thanks!

 

[DR M]

Hello.

You want to upgrade to Windows 11, however your system is infected. You posted in the Security Arena section, so I assume you would like us to clean the system first.

Please, adhere to the guidelines below. As soon as I have your consent, I'll start the cleaning procedure.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

[garnettoz]

OK i read and accept it all. please help , thanks!

 

[DR M]

OK...

As I wrote above:

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.


Unfortunately, in your logs there is evidence of using such programs. Thus, I am going to request you to completely uninstall all products for which you do not have a valid Product Key, including all "cracked" software.

If you are willing to do that, please rerun a FRST scan after all the removals and attach both reports in your reply. If you prefer to leave the programs on your computer, let me know that, and I will be closing the topic.

 

[garnettoz]

OK i just uninstalled several programs . i think that is all the cracked programs i had. is there a way to find out if i have other programs that might be problematic?

 

[DR M]

Let's see the fresh logs first, please.

 

[garnettoz]

files attached : Addition,FRST
thanks!

 

[DR M]

Hello.

What about the following? Do you have a genuine license for each of these programs?

Adobe Creative Suite 6 Master Collection
Adobe Illustrator 2019
Adobe InDesign CC 2019
Adobe Photoshop CC 2019
Camtasia 2019
Ocster Backup Pro

What you have to realize is that I am not a "security policeman" or a "detective" to reveal pirated/cracked programs in a system. But removing this kind of programs is for your benefit. Regardless the legal/ethical part of the situation, using such programs makes your system extremely vulnerable, and, as I already said, it is the best and easiest way to infect your system. The reason I insist is because we may clean the computer, but if you leave cracks/patches etc. for programs to run, you will get infected again, soon or later.

 

[garnettoz]

the adobe programs i really need. the rest i uninstalled.
I honestly didn't understand why it was posted in the security section, I just want to install Windows 11

 

[DR M]

I honestly didn't understand why it was posted in the security section, I just want to install Windows 11

Bad luck? Or not!

Possibly you can't update because the system is infected. So, the recommendation is to clean the system first, and then upgrade.

I'll be back to you in a while.

 

[Maxstar]

I honestly didn't understand why it was posted in the security section, I just want to install Windows 11

Hi,

I have moved your thread from the Windows 11 section to here. I also noticed your system is infected with at least a common Trojan. Due to the infection and different modifications it made are the reason why you can't upgrade to Windows 11 at the moment. So please follow the further instructions provided by @DR M

 

[DR M]

OK, now we can begin. And there are a few other uninstalls I would like you to take care of, along with the programs we already talked about before.


1. P2P program

You have Bittorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

• If you decide to keep it, DON'T use it during the cleaning procedure.
• If you decide to uninstall it, uninstall it now.

2. Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads.

For now, please uninstall:

Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)


3. Wondershare

You won't need the following program, so please uninstall it now:

Wondershare Helper Compact 2.6.0


4. Popcorn Time

Popcorn Time is advertised as a program that will allow you to watch movies online for free. Although this may sound like a useful service, the Popcorn Time program is adware, thus it is detected by all the tools we use for cleaning a system. So, please uninstall that too.


5. Fresh FRST logs

After the above removals, please attach for me fresh FRST logs to check.



In your next reply please post:

1. What did you decide to do with the Torrent client
2. If uninstalling Java, Popcorn Time and the Wondershare program ran smoothly
3. The fresh FRST logs, Addition and FRST

 

[garnettoz]

for now i decided to keep Torrent client.
i have removed Java, Wondershare, Popcorn Time
thanks

 

[DR M]

for now i decided to keep Torrent client.

OK. Just do not use it during the cleaning process. Also, do not use eMule also. I just noticed it, and it's a P2P program too.

I'll review your logs and be back to you as soon as I am ready. This possibly will be tomorrow, since here it's late now (GMT +2).

 

[DR M]

There is a lot work to be done.

Let's begin. First, please move FRST tool directly on to your Desktop.


1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-371766171-3871328283-1393605152-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> "C:\Program Files\HandBrake\HandBrake.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-371766171-3871328283-1393605152-1001_Classes\CLSID\{2a822d50-99ba-d57a-1f24-45ac881d2a37}\localserver32 -> "D:\incoming\eXoDOS_Lite\Core\LaunchBox.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [MysticThumbs] -> {68C300AC-2314-4992-99E3-957A9F6C6D79} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [MysticThumbs] -> {68C300AC-2314-4992-99E3-957A9F6C6D79} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [MysticThumbs] -> {68C300AC-2314-4992-99E3-957A9F6C6D79} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MysticThumbs] -> {68C300AC-2314-4992-99E3-957A9F6C6D79} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
Shortcut: C:\Users\Aviv\Desktop\games\Lemmings.lnk -> E:\roms\pc\=THINKING=\lemmings_amiga_win\Lemmings\Lemmings.bat (No File)
AlternateDataStreams: C:\ProgramData\TEMP:535FBEA2 [126]
IE trusted site: HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\...\StartupApproved\Run: => "winlogui"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\StartupApproved\StartupFolder: => "explorer.exe"
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\StartupApproved\Run: => "Web Companion"
FirewallRules: [{365E0F37-EC0C-4B25-B660-3B3A84A67C9E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{273A61AF-8949-4777-A0AF-B2B41B41D851}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{86395547-21A4-4778-8BFA-C1EBFAC75DAF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{1DF56297-9B0E-4EEF-8AF2-1CE8E1FE2341}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{1BF801A9-40E8-47B8-91B7-0D4257A18993}] => (Allow) D:\Games\Might.and.Magic.Heroes.VI\Might & Magic Heroes VI.exe => No File
FirewallRules: [{797C46F6-5CE8-49B7-8E81-482D291E12A3}] => (Allow) D:\Games\Might.and.Magic.Heroes.VI\Might & Magic Heroes VI.exe => No File
FirewallRules: [UDP Query User{9B91A4F7-9D37-429D-BD33-EF5CB6945B2A}E:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Block) E:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe => No File
FirewallRules: [TCP Query User{0E143085-6FE8-4A4A-A08E-26B4443EB944}E:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Block) E:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe => No File
FirewallRules: [UDP Query User{BC41ABA0-1B1B-4A7E-AC1F-B09632A9AE3D}C:\games\mortal kombat xl\binaries\retail\mk10.exe] => (Block) C:\games\mortal kombat xl\binaries\retail\mk10.exe => No File
FirewallRules: [TCP Query User{DDD8B9D3-1249-4BB3-9526-CF4A39A82A44}C:\games\mortal kombat xl\binaries\retail\mk10.exe] => (Block) C:\games\mortal kombat xl\binaries\retail\mk10.exe => No File
FirewallRules: [UDP Query User{496CEA95-B85A-4940-9EB1-5C23FDAAFCAB}C:\games\borderlands game of the year enhanced\binaries\win64\borderlandsgoty.exe] => (Block) C:\games\borderlands game of the year enhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [TCP Query User{E201DE75-4EE3-41D5-8AA4-B303D73EBF82}C:\games\borderlands game of the year enhanced\binaries\win64\borderlandsgoty.exe] => (Block) C:\games\borderlands game of the year enhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [{7D0BB330-25A5-4B2D-A15E-56334CE972A6}] => (Allow) %SystemDrive%\Games\Max Payne 3\MaxPayne3.exe => No File
FirewallRules: [UDP Query User{7E58B900-1816-4A07-8DD7-F826E01845F1}C:\games\worms wmd\game\worms w.m.d.exe] => (Block) C:\games\worms wmd\game\worms w.m.d.exe => No File
FirewallRules: [TCP Query User{3B897115-BA80-49CA-80F0-FF336CE02255}C:\games\worms wmd\game\worms w.m.d.exe] => (Block) C:\games\worms wmd\game\worms w.m.d.exe => No File
FirewallRules: [UDP Query User{D7B3F809-E8AB-4772-9C57-77DA6F87DFF2}C:\users\aviv\appdata\local\programs\deezloader remix\deezloader remix.exe] => (Allow) C:\users\aviv\appdata\local\programs\deezloader remix\deezloader remix.exe => No File
FirewallRules: [TCP Query User{C64E064C-1F2C-4AD0-AB79-713EC6355761}C:\users\aviv\appdata\local\programs\deezloader remix\deezloader remix.exe] => (Allow) C:\users\aviv\appdata\local\programs\deezloader remix\deezloader remix.exe => No File
FirewallRules: [{F7C9DE70-4B5F-4FED-977A-778A28CF930E}] => (Block) C:\Program Files\Ocster Backup\bin\backupClientAdminAccess-ox.exe (Ocster GmbH & Co. KG -> )
FirewallRules: [{9E62403C-CDD6-4373-94B5-9375C3258F84}] => (Allow) C:\Program Files\CyberLink\PowerDVD19\CastingStation.exe => No File
FirewallRules: [{EACD79EE-7ADA-40F0-815A-63D382A8CD86}] => (Allow) C:\Program Files\CyberLink\PowerDVD19\Movie\PowerDVDMovie.exe => No File
FirewallRules: [{2AAADC1B-63A1-462E-BE66-E5D6D3B06A59}] => (Allow) C:\Program Files\CyberLink\PowerDVD19\PowerDVD19Agent.exe => No File
FirewallRules: [{DD07E261-8D6D-4091-A097-8001B7F02063}] => (Allow) C:\Program Files\CyberLink\PowerDVD19\ShareModule32\Kernel\DMS\CLMSServerPDVD19.exe => No File
FirewallRules: [{56C26828-BB66-415A-B888-CDC727107662}] => (Allow) C:\Program Files\CyberLink\PowerDVD19\PowerDVD.exe => No File
FirewallRules: [UDP Query User{3802884D-DFF0-4F81-A2BA-5DC3DB16913A}C:\program files (x86)\popcorn time\nodejs\node.exe] => (Allow) C:\program files (x86)\popcorn time\nodejs\node.exe => No File
FirewallRules: [TCP Query User{1A92B09B-9B7B-425B-A2E6-E81F195F3719}C:\program files (x86)\popcorn time\nodejs\node.exe] => (Allow) C:\program files (x86)\popcorn time\nodejs\node.exe => No File
FirewallRules: [{F4CD6595-B0E6-49DA-AD8C-91F073E83639}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe => No File
FirewallRules: [{70CCB577-DAAC-4E38-A5BB-1AE88CB0E881}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe => No File
FirewallRules: [{253E17B6-4C96-4AE8-A8EC-5BF986C0E804}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\UcMapi.exe => No File
FirewallRules: [{28E76C3E-D202-4DA0-86DD-C637116CF6CE}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\UcMapi.exe => No File
FirewallRules: [{35F024A7-C4EB-4552-A5C0-3D7A8ADDD4A4}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\Lync.exe => No File
FirewallRules: [{E4BCC9A8-F1FC-4961-8434-50A0D50F31CC}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\Lync.exe => No File
FirewallRules: [{2657568E-F5E4-45E2-932E-4BBA926FE93C}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\outlook.exe => No File
FirewallRules: [{B09DD18A-FD9B-4CF5-9E15-A73CC097A192}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{2A9CAEB4-845F-4E4B-BE8B-75A9045612A4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{369E59AD-28FD-44A1-B970-111DECCD3116}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{D63DDE1C-B88B-4B0B-AE1E-78CED69FC0CA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{0F241C6C-C375-4778-AF05-18339BDC9EE8}C:\users\aviv\desktop\atomic.heart.vr.adventures\atomic.heart.vr.adventures\atomic_heart_vr_adventures\sovietlunaparkvr\binaries\win64\game_3826-win64-shipping.exe] => (Block) C:\users\aviv\desktop\atomic.heart.vr.adventures\atomic.heart.vr.adventures\atomic_heart_vr_adventures\sovietlunaparkvr\binaries\win64\game_3826-win64-shipping.exe => No File
FirewallRules: [UDP Query User{F4862A70-8C77-42F2-9E0C-B69C54063759}C:\users\aviv\desktop\atomic.heart.vr.adventures\atomic.heart.vr.adventures\atomic_heart_vr_adventures\sovietlunaparkvr\binaries\win64\game_3826-win64-shipping.exe] => (Block) C:\users\aviv\desktop\atomic.heart.vr.adventures\atomic.heart.vr.adventures\atomic_heart_vr_adventures\sovietlunaparkvr\binaries\win64\game_3826-win64-shipping.exe => No File
FirewallRules: [TCP Query User{F7A1F688-FB76-404D-99A3-50AE155BBF10}D:\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Block) D:\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe => No File
FirewallRules: [UDP Query User{21240E61-A381-446D-A599-6F78A628A6D7}D:\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Block) D:\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe => No File
FirewallRules: [{41DF146C-21F3-4988-9F88-7791AA7FC505}] => (Allow) d:\GOG Games\Age of Wonders III\AoW3.exe => No File
FirewallRules: [{78754016-C2D7-4218-A26D-3FACE00489AB}] => (Allow) d:\GOG Games\Age of Wonders III\AoW3_Debug.exe => No File
FirewallRules: [{1275392C-9BB6-47BC-AFF2-45952FE7A40C}] => (Allow) d:\GOG Games\Age of Wonders III\AoW3Launcher.exe => No File
FirewallRules: [{6E0BACF0-5978-4C7F-BAE2-2A714E1B4776}] => (Allow) D:\Games\Evolved Games\Terminator Salvation\TerminatorSalvation.exe => No File
FirewallRules: [{E5FF4E95-D7B1-4539-9D9E-C6B43AEA6B02}] => (Allow) D:\Games\Evolved Games\Terminator Salvation\TerminatorSalvation.exe => No File
FirewallRules: [{4CF8F594-4E72-4927-8203-1405EAA7C817}] => (Allow) C:\Users\Aviv\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520\SMPCSetup.exe => No File
FirewallRules: [{5F2E9772-1D80-4087-A501-C53891706E4F}] => (Allow) C:\Users\Aviv\AppData\Local\Temp\ShowMyPC\-ShowMyPC3520\tvnserver.exe => No File
FirewallRules: [TCP Query User{47EB30CD-A6D3-4E37-9E61-5B21A92C65A9}D:\games\borderlands game of the year enhanced\binaries\win64\borderlandsgoty.exe] => (Block) D:\games\borderlands game of the year enhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [UDP Query User{85A1C903-EBAC-432A-BA61-15E328AC2614}D:\games\borderlands game of the year enhanced\binaries\win64\borderlandsgoty.exe] => (Block) D:\games\borderlands game of the year enhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [{32E64752-A4BC-41B5-ACDC-CBE5C9A8CE44}] => (Allow) C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsControlPanel.exe => No File
FirewallRules: [{10C3F344-033E-4A64-A6B4-058DF67514B5}] => (Allow) C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsControlPanel.exe => No File
FirewallRules: [{9B8575DF-0D4E-4CCC-BF89-CAF62664F605}] => (Allow) C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs.exe => No File
FirewallRules: [{5EAF5C01-1910-4866-B34A-2A78FE206B88}] => (Allow) C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs.exe => No File
FirewallRules: [{1C4A9B37-095C-4CC2-8E28-4BD8E8C9DF93}] => (Allow) C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs32.dll => No File
FirewallRules: [{FB357BB8-41D4-4C3E-B520-221D6FF771EE}] => (Allow) C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs32.dll => No File
FirewallRules: [{7F094912-B60C-488E-BF69-5874237A52C4}] => (Allow) C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs64.dll => No File
FirewallRules: [{10BE3AB3-A092-4C2B-AD9C-CEB88D4FDFB3}] => (Allow) C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs64.dll => No File
FirewallRules: [TCP Query User{F6DF3BC2-C7C5-48D2-9E91-136711A583FD}C:\users\aviv\downloads\cannon-fodder.exe] => (Allow) C:\users\aviv\downloads\cannon-fodder.exe => No File
FirewallRules: [UDP Query User{97B0B08E-1010-4E39-9956-39C7E73C9CA7}C:\users\aviv\downloads\cannon-fodder.exe] => (Allow) C:\users\aviv\downloads\cannon-fodder.exe => No File
FirewallRules: [TCP Query User{7B4548B8-29F6-4249-AAA5-A6B7195A5345}C:\program files (x86)\reolink client\reolink client.exe] => (Allow) C:\program files (x86)\reolink client\reolink client.exe => No File
FirewallRules: [UDP Query User{371832D4-5B8E-46AB-B5E7-F1329BDFF3F5}C:\program files (x86)\reolink client\reolink client.exe] => (Allow) C:\program files (x86)\reolink client\reolink client.exe => No File
FirewallRules: [TCP Query User{D9345B2D-9E25-4253-94DE-6402A9BA3088}C:\program files (x86)\checkvideo\checkvideo ip camera scanner\bin\checkvideo_ip_camera_scanner.exe] => (Allow) C:\program files (x86)\checkvideo\checkvideo ip camera scanner\bin\checkvideo_ip_camera_scanner.exe => No File
FirewallRules: [UDP Query User{4155DE34-F0DE-49E4-9159-0AA4E5C87F5E}C:\program files (x86)\checkvideo\checkvideo ip camera scanner\bin\checkvideo_ip_camera_scanner.exe] => (Allow) C:\program files (x86)\checkvideo\checkvideo ip camera scanner\bin\checkvideo_ip_camera_scanner.exe => No File
FirewallRules: [{90D6512B-C653-4DF5-AFA5-79E96CD92F73}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe => No File
FirewallRules: [{43D349BE-0A61-4422-B51C-F2A378B918AA}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe => No File
FirewallRules: [TCP Query User{589A33A5-A31B-44C7-99C1-95444510492D}E:\gog games\star control origins\game\starcontrol_dx11.exe] => (Block) E:\gog games\star control origins\game\starcontrol_dx11.exe => No File
FirewallRules: [UDP Query User{1AEA7DD1-BCBE-40A0-B2A4-964B05791F11}E:\gog games\star control origins\game\starcontrol_dx11.exe] => (Block) E:\gog games\star control origins\game\starcontrol_dx11.exe => No File
FirewallRules: [TCP Query User{9B08D200-CAFE-4B09-84FD-155F91B3E344}E:\games\mortal kombat 11\binaries\retail\mk11.exe] => (Block) E:\games\mortal kombat 11\binaries\retail\mk11.exe => No File
FirewallRules: [UDP Query User{8C94E1D8-5210-4551-81A7-9D9E25FCCDBF}E:\games\mortal kombat 11\binaries\retail\mk11.exe] => (Block) E:\games\mortal kombat 11\binaries\retail\mk11.exe => No File
FirewallRules: [TCP Query User{AF5642DD-3BEA-49FF-A9AA-52CBF9A0A201}C:\users\aviv\desktop\command-and-conquer-tiberian-sun.exe] => (Allow) C:\users\aviv\desktop\command-and-conquer-tiberian-sun.exe => No File
FirewallRules: [UDP Query User{BC35A604-5CA6-4864-9BD1-7A3B9B57EB7D}C:\users\aviv\desktop\command-and-conquer-tiberian-sun.exe] => (Allow) C:\users\aviv\desktop\command-and-conquer-tiberian-sun.exe => No File
FirewallRules: [TCP Query User{A396C024-BF3A-4C32-BE77-CD2F9F1C3C73}E:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{6E5A7B85-2F9B-46D4-A644-535D7B4DDCB1}E:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{4DBD8670-1318-4CD7-BCC3-8313CF6C47B8}C:\users\aviv\desktop\anydesk.exe] => (Allow) C:\users\aviv\desktop\anydesk.exe => No File
FirewallRules: [UDP Query User{E0AC8932-A581-4E44-8D1A-54B30F6B0D30}C:\users\aviv\desktop\anydesk.exe] => (Allow) C:\users\aviv\desktop\anydesk.exe => No File
FirewallRules: [TCP Query User{D525D755-17FE-4AF7-9B66-A2AA9360606F}C:\users\aviv\downloads\starcraft-2-wings-of-liberty.exe] => (Allow) C:\users\aviv\downloads\starcraft-2-wings-of-liberty.exe => No File
FirewallRules: [UDP Query User{D3CE573D-F6B4-420B-8111-19ED4C693DE1}C:\users\aviv\downloads\starcraft-2-wings-of-liberty.exe] => (Allow) C:\users\aviv\downloads\starcraft-2-wings-of-liberty.exe => No File
FirewallRules: [{47840CBA-272E-4619-B5A2-7A63F9DFE636}] => (Allow) C:\Program Files (x86)\Download Studio\dstudio-gui.exe => No File
FirewallRules: [{BC19508D-9BFB-477A-BB22-3B2093DC2A15}] => (Allow) C:\Program Files (x86)\Download Studio\QtWebEngineProcess.exe => No File
FirewallRules: [{850CCDC6-5F96-494E-B4E7-6160B867B1AA}] => (Allow) C:\Program Files (x86)\Download Studio\dstudio-gui.exe => No File
FirewallRules: [{93920A5F-E75E-447B-AE79-38648F79E2BB}] => (Allow) C:\Program Files (x86)\Download Studio\QtWebEngineProcess.exe => No File
FirewallRules: [{28392E4F-86BD-401D-BB16-5CDFFC0BE2CF}] => (Allow) C:\Program Files (x86)\Download Studio\dstudio.exe => No File
FirewallRules: [{B2948292-0E2E-4774-A3BB-F70F3B521FBB}] => (Allow) C:\Program Files (x86)\Download Studio\dstudio.exe => No File
FirewallRules: [TCP Query User{4C2FBB06-584D-43B4-A4E4-11A6223708E2}D:\games\starcraft\starcraft ii\versions\base83830\sc2_x64.exe] => (Allow) D:\games\starcraft\starcraft ii\versions\base83830\sc2_x64.exe => No File
FirewallRules: [UDP Query User{8790517F-CBEF-42FE-A495-589F6EB81B90}D:\games\starcraft\starcraft ii\versions\base83830\sc2_x64.exe] => (Allow) D:\games\starcraft\starcraft ii\versions\base83830\sc2_x64.exe => No File
FirewallRules: [TCP Query User{185C4FE5-0E81-4722-9A23-62568D45ED12}D:\incoming\naruto.to.boruto.shinobi.striker\naruto.to.boruto.shinobi.striker\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Block) D:\incoming\naruto.to.boruto.shinobi.striker\naruto.to.boruto.shinobi.striker\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe => No File
FirewallRules: [UDP Query User{0481DFC4-327A-4B84-A7E4-6E54580A4A72}D:\incoming\naruto.to.boruto.shinobi.striker\naruto.to.boruto.shinobi.striker\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Block) D:\incoming\naruto.to.boruto.shinobi.striker\naruto.to.boruto.shinobi.striker\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe => No File
FirewallRules: [TCP Query User{1BBE0BDB-5DC9-4848-BB25-965DD610C561}C:\program files\windowsapps\audirvana.audirvana-4118-9684-d80dbb7827cd_1.6.0.0_x64__q3nymrkmej12j\audirvana\audirvana.exe] => (Allow) C:\program files\windowsapps\audirvana.audirvana-4118-9684-d80dbb7827cd_1.6.0.0_x64__q3nymrkmej12j\audirvana\audirvana.exe => No File
FirewallRules: [UDP Query User{808987B5-89C9-40EA-9B06-60CCEF1EAC80}C:\program files\windowsapps\audirvana.audirvana-4118-9684-d80dbb7827cd_1.6.0.0_x64__q3nymrkmej12j\audirvana\audirvana.exe] => (Allow) C:\program files\windowsapps\audirvana.audirvana-4118-9684-d80dbb7827cd_1.6.0.0_x64__q3nymrkmej12j\audirvana\audirvana.exe => No File
FirewallRules: [TCP Query User{134D4DF4-B3A9-42A2-A7AA-D3DC25FEFE9F}C:\program files\windowsapps\audirvana.audirvana-4118-9684-d80dbb7827cd_1.6.1.0_x64__q3nymrkmej12j\audirvana\audirvana.exe] => (Allow) C:\program files\windowsapps\audirvana.audirvana-4118-9684-d80dbb7827cd_1.6.1.0_x64__q3nymrkmej12j\audirvana\audirvana.exe => No File
FirewallRules: [UDP Query User{6A0B66AA-13CB-488B-A927-C16CAAEE3FC0}C:\program files\windowsapps\audirvana.audirvana-4118-9684-d80dbb7827cd_1.6.1.0_x64__q3nymrkmej12j\audirvana\audirvana.exe] => (Allow) C:\program files\windowsapps\audirvana.audirvana-4118-9684-d80dbb7827cd_1.6.1.0_x64__q3nymrkmej12j\audirvana\audirvana.exe => No File
FirewallRules: [TCP Query User{EDFB8CF7-D065-4C95-9E2D-D9ED2CCC4A52}D:\games\starcraft\starcraft ii\versions\base84643\sc2_x64.exe] => (Allow) D:\games\starcraft\starcraft ii\versions\base84643\sc2_x64.exe => No File
FirewallRules: [UDP Query User{19A6F20D-8C93-4A55-A0C1-C9941EFA109C}D:\games\starcraft\starcraft ii\versions\base84643\sc2_x64.exe] => (Allow) D:\games\starcraft\starcraft ii\versions\base84643\sc2_x64.exe => No File
FirewallRules: [{7943AD7D-296C-42DE-A1C6-CFFA70DAE119}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{E3672E84-EE00-4FF6-9DFF-847E8AFC20ED}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{6B7C2C80-D5A2-4D8E-AC8F-5633D00763E7}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{1B730542-3C53-433D-9E2B-53A622E5A41E}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{0E96D7EF-3210-4C9B-B01C-614C705BABCF}D:\incoming\exodos_lite\exo\download\aria2c.exe] => (Allow) D:\incoming\exodos_lite\exo\download\aria2c.exe => No File
FirewallRules: [UDP Query User{1933A462-7A9B-4412-977A-9E9A5955C622}D:\incoming\exodos_lite\exo\download\aria2c.exe] => (Allow) D:\incoming\exodos_lite\exo\download\aria2c.exe => No File
FirewallRules: [TCP Query User{A02920A4-A38D-45ED-A0D4-ECEB8B18D55E}D:\program files\plitch\plitch.exe] => (Allow) D:\program files\plitch\plitch.exe => No File
FirewallRules: [UDP Query User{676AB21D-580A-4616-ACEA-C13ECCEA50E0}D:\program files\plitch\plitch.exe] => (Allow) D:\program files\plitch\plitch.exe => No File
FirewallRules: [TCP Query User{F4223F16-7624-4703-B0A1-A1E56ABA41D5}E:\games\halo infinite\haloinfinite.exe] => (Allow) E:\games\halo infinite\haloinfinite.exe => No File
FirewallRules: [UDP Query User{4A42F9DF-6C1D-494E-8223-6F254B9B7528}E:\games\halo infinite\haloinfinite.exe] => (Allow) E:\games\halo infinite\haloinfinite.exe => No File
FirewallRules: [TCP Query User{F8F865CD-6AE7-4798-9AF1-85FE06EEA220}E:\games\exodos_lite\exo\download\aria2c.exe] => (Allow) E:\games\exodos_lite\exo\download\aria2c.exe => No File
FirewallRules: [UDP Query User{CFC7DEAB-F01D-4D74-9529-5C5197C5EC6C}E:\games\exodos_lite\exo\download\aria2c.exe] => (Allow) E:\games\exodos_lite\exo\download\aria2c.exe => No File
FirewallRules: [TCP Query User{C5A9B631-56CD-4777-BE46-FDE203F66A6C}E:\games\exodos_lite\exo\download\aria2c.exe] => (Allow) E:\games\exodos_lite\exo\download\aria2c.exe => No File
FirewallRules: [UDP Query User{DEED1857-28FD-40B3-B916-1D3CFBA5EB3F}E:\games\exodos_lite\exo\download\aria2c.exe] => (Allow) E:\games\exodos_lite\exo\download\aria2c.exe => No File
FirewallRules: [{12130FB6-CF4F-4157-AF16-D886375D7D80}] => (Allow) E:\Games\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{D8AAF80D-8AD9-4BBF-82FA-F7ED42DE873B}] => (Allow) E:\Games\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [TCP Query User{2FCA4CF2-2F51-49CD-AA54-71EE7F76F574}E:\program files (x86)\r.g. mechanics\warcraft 3\war3.exe] => (Block) E:\program files (x86)\r.g. mechanics\warcraft 3\war3.exe => No File
FirewallRules: [UDP Query User{DBAA2A8B-C899-4646-8105-C3C15BCA59EC}E:\program files (x86)\r.g. mechanics\warcraft 3\war3.exe] => (Block) E:\program files (x86)\r.g. mechanics\warcraft 3\war3.exe => No File
FirewallRules: [TCP Query User{4D7E2349-2EB4-4DFF-9689-6CD0C6136E4C}E:\games\nba 2k23\nba2k23.exe] => (Block) E:\games\nba 2k23\nba2k23.exe => No File
FirewallRules: [UDP Query User{BF6BD753-D344-4E7D-87C4-3A2F0D0383AA}E:\games\nba 2k23\nba2k23.exe] => (Block) E:\games\nba 2k23\nba2k23.exe => No File
FirewallRules: [{DCBBE93B-3E5E-4346-B2F8-B033D33A209E}] => (Allow) C:\Users\Aviv\AppData\Local\Temp\bittorrent\bittorrent.exe => No File
FirewallRules: [{8A5CE1E7-D545-42B5-B510-FBDE31CF91D1}] => (Allow) C:\Users\Aviv\AppData\Local\Temp\bittorrent\bittorrent.exe => No File
FirewallRules: [TCP Query User{487AC62E-4404-4CA7-886F-7811C88D5E60}C:\users\aviv\appdata\local\temp\is-mv9rq.tmp\qbittorrent.exe] => (Block) C:\users\aviv\appdata\local\temp\is-mv9rq.tmp\qbittorrent.exe => No File
FirewallRules: [UDP Query User{09CCCD04-210A-49CD-911C-DE5C5F3686F0}C:\users\aviv\appdata\local\temp\is-mv9rq.tmp\qbittorrent.exe] => (Block) C:\users\aviv\appdata\local\temp\is-mv9rq.tmp\qbittorrent.exe => No File
FirewallRules: [TCP Query User{F44D7ACA-F00B-42BF-A2CA-90ED807A662F}E:\games\nba 2k23\nba2k23.exe] => (Block) E:\games\nba 2k23\nba2k23.exe => No File
FirewallRules: [UDP Query User{C358F1A1-BD7D-44B1-9CDE-CA443615F96B}E:\games\nba 2k23\nba2k23.exe] => (Block) E:\games\nba 2k23\nba2k23.exe => No File
FirewallRules: [{7784FE6D-0AB5-4814-9B0F-36BAC491EFB8}] => (Block) %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe => No File
FirewallRules: [TCP Query User{D6C1CBC4-2B44-43FE-A87F-DEB5802D425F}C:\program files\openra\dune2000.exe] => (Allow) C:\program files\openra\dune2000.exe => No File
FirewallRules: [UDP Query User{62A22774-C261-4964-914D-F1B9068C79AF}C:\program files\openra\dune2000.exe] => (Allow) C:\program files\openra\dune2000.exe => No File
FirewallRules: [{863CB64F-7DA7-4E78-BDF0-9D92271D9DDC}] => (Block) %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe => No File
FirewallRules: [TCP Query User{79FEFEA5-3ADC-45EC-A097-5916BB047A2B}C:\users\aviv\desktop\anydesk.exe] => (Allow) C:\users\aviv\desktop\anydesk.exe => No File
FirewallRules: [UDP Query User{83FDBF09-A5E5-47B3-9203-1253044F6647}C:\users\aviv\desktop\anydesk.exe] => (Allow) C:\users\aviv\desktop\anydesk.exe => No File
FirewallRules: [TCP Query User{71849757-45BD-4371-B9A7-967EEF95C9FE}C:\users\aviv\appdata\local\temp\is-iuhen.tmp\qbittorrent.exe] => (Allow) C:\users\aviv\appdata\local\temp\is-iuhen.tmp\qbittorrent.exe => No File
FirewallRules: [UDP Query User{CBD643F3-012D-4EE4-9942-DD100E4EABFA}C:\users\aviv\appdata\local\temp\is-iuhen.tmp\qbittorrent.exe] => (Allow) C:\users\aviv\appdata\local\temp\is-iuhen.tmp\qbittorrent.exe => No File
FirewallRules: [{FE697101-5BB2-4A95-89F5-7C174C80E683}] => (Allow) C:\Users\Aviv\AppData\Local\Programs\Opera\102.0.4880.56\opera.exe => No File
FirewallRules: [{019D75F2-0C41-4CBB-89D1-81FC57AF0CAF}] => (Allow) C:\Program Files (x86)\Popcorn Time\nodejs\node.exe => No File
FirewallRules: [{79745028-710E-4028-AF1A-1874EB3799E1}] => (Allow) C:\Program Files (x86)\Popcorn Time\nodejs\node.exe => No File
FirewallRules: [{96A7B2A5-9501-4823-BDCC-D7A9BC95B7F2}] => (Allow) C:\Users\Aviv\AppData\Local\Programs\safe-watch\safe-watch.exe => No File
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\Run: [Taskbarify] => C:\Users\Aviv\AppData\Local\Programs\Taskbarify\Taskbarify.exe (No File)
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No File) <==== ATTENTION
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\Policies\Explorer: [NoSecurityTab] 0
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\MountPoints2: {646410fd-1da3-11eb-af8e-001a7dda7102} - "V:\automenu.exe"
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\MountPoints2: {64641159-1da3-11eb-af8e-001a7dda7102} - "V:\automenu.exe"
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\MountPoints2: {646411ad-1da3-11eb-af8e-001a7dda7102} - "V:\automenu.exe"
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\MountPoints2: {a182ade2-fa0f-11e8-aa93-806e6f6e6963} - "H:\LaunchU3.exe" -a
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\MountPoints2: {f54e488d-1dd1-11eb-af8f-001a7dda7102} - "V:\automenu.exe"
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\MountPoints2: {f54e498f-1dd1-11eb-af8f-001a7dda7102} - "V:\autorun.exe"
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {96A97389-955C-45FB-ACB3-608736509470} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2144664 2023-08-01] (Avast Software s.r.o. -> Avast Software)
Task: {54AF16B5-C839-406A-B503-B431F9F413CB} - System32\Tasks\DriverFix => "C:\Program Files (x86)\DriverFix\DriverFix.exe"  -auto (No File) <==== ATTENTION
Task: {A31D2359-DF33-4CB8-9EF3-2E9BA292CB4D} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Aviv\Desktop\esetonlinescanner_enu.exe  LOGON (No File)
Task: {A56FFF41-7B21-42CA-830C-21143B73481E} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Aviv\Desktop\esetonlinescanner_enu.exe  SCHED (No File)
Task: {104779F8-EFA1-4422-A5E5-9184A566ED12} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-371766171-3871328283-1393605152-1001 => C:\Users\Aviv\AppData\Local\Programs\Messenger\MessengerHelper.exe  --lassie (No File)
Task: {857F1711-0215-4683-B96A-19F2EB0FC9BA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe  (No File)
Task: {1B716605-D656-4E0F-9F72-5F83592AD01A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe  (No File)
Task: {3578684A-E242-4611-955D-A1207D937CCC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\msoia.exe  scan upload mininterval:2880 (No File)
Task: {29504F5C-2F0B-4678-9A6F-BE28502A238D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\msoia.exe  scan upload (No File)
Task: {49F125F4-A03B-41AA-B013-4D62A13AAF39} - System32\Tasks\Microsoft\Windows\rempl\shell => %ProgramFiles%\rempl\sedlauncher.exe  (No File)
Task: {94FA73C7-750E-4873-AE6B-74775D039EAC} - System32\Tasks\Office 2019 Statique Activation Planificateur => D:\INSTALL\Microsoft  Office Professional Plus 2019 Retail\2. ActO19\ActO19.cmd -renewalonly (No File)
Task: {5C48C756-E8F2-408A-B984-509272C0D25C} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-371766171-3871328283-1393605152-1005 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  /reporting (No File)
Task: {D3006438-FEED-40C7-8C58-42678CEB33B3} - System32\Tasks\Opera scheduled Autoupdate 1695407146 => C:\Users\Aviv\AppData\Local\Programs\Opera\launcher.exe  --scheduledautoupdate $(Arg0) (No File)
FF NewTab: Mozilla\Firefox\Profiles\8r3a3e8u.default-1633981177428 -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=IS210801&iDate=2023-09-22 06:26:33&bName=
CHR HKLM-x32\...\Chrome\Extension: [makcojoppodhcgmmchohadhpkicoafka]
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
2023-12-10 20:27 - 2019-02-23 18:50 - 000000000 ____D C:\Program Files (x86)\Popcorn Time
2021-04-15 16:05 - 2021-04-15 16:05 - 000000050 _____ () C:\Users\Aviv\AppData\Roaming\Camdata.ini
2021-04-15 16:05 - 2021-04-15 16:05 - 000000408 _____ () C:\Users\Aviv\AppData\Roaming\CamLayout.ini
2021-04-15 16:05 - 2021-04-15 16:05 - 000000408 _____ () C:\Users\Aviv\AppData\Roaming\CamShapes.ini
2021-04-15 16:05 - 2021-04-15 16:05 - 000004549 _____ () C:\Users\Aviv\AppData\Roaming\CamStudio.cfg
2021-04-15 16:02 - 2021-04-15 16:02 - 000000096 _____ () C:\Users\Aviv\AppData\Roaming\version2.xml
C:\Program Files\Common Files\AVAST Software
C:\Program Files (x86)\Lavasoft
Task: {A0F3A97D-2A62-41E3-B835-C6D7A337DA9A} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineAQ => C:\WINDOWS\SysWOW64\MUI\dispspec\A-1-31-69\XH_1.4.88.22.exe  (Access Denied) <==== ATTENTION <==== ATTENTION
C:\WINDOWS\SysWOW64\MUI\dispspec\A-1-31-69
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Google
Task: {3A448BFD-0AAF-4D94-A1D5-E8B11A6C66B9} - System32\Tasks\Mozilla\ngkow => "C:\Users\Aviv\AppData\Roaming\sggkhk\mchost.exe"  -> "C:\Users\Aviv\AppData\Roaming\sggkhk\mchost.chm" <==== ATTENTION
C:\Users\Aviv\AppData\Roaming\sggkhk
HKU\S-1-5-21-371766171-3871328283-1393605152-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [5550856 2023-12-09] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
C:\Users\Aviv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe [2020-10-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
cmd: netsh advfirewall reset
Hosts:
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

[garnettoz]

it is seems like FRST64 fix got stuck. when i run it again it says it has finished.... see Fixlog file.
thanks

 

[DR M]

When the tool seems stuck, do not close it or try to recover it in any way. It is working and it needs its time to finish.

Eset Online Scan

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

[garnettoz]

it took all night...
please see attached scanlog,
thanks

 

[DR M]

Wow! Many items were detected! I'm sure you reviewed them and got an idea of what the Eset scan deleted.

The following scans will take less time.


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now.
  • When the scan has finished, a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Filestab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)

• Download Malwarebytes and save it to your Desktop.
• Once downloaded, close all programs and Windows on your computer.
• Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
• Follow the instructions to install the program.
• When finished, double click the program's icon created on your Desktop.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is NOT checked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Threat Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
  
  If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:

1. The AdwCleaner[S0*].txt
2. The Malwarebytes report

 

[garnettoz]

the scanner stuck this like over 15 min... (i'm still waiting)
AdwCleaner[S02] attached.