[SOLVED] Possible PC got infected by Repack app

Status
Not open for further replies.

bajulito

Member
Joined
Dec 4, 2023
Posts
11
I'm not really sure but I think my PC was infected by Malware that I downloaded from the forum site (IObit Malware Fighter Pro Portable). I just tried it if it works on my PC then after closing the app. I noticed that the software was still running after I check Services/Autoruns. I even check if there was still a remaining folder from my files that was related to the IOBit file.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-12-2023
Ran by Burento (administrator) on BURENTO (Micro-Star International Co., Ltd. MS-7B89) (04-12-2023 21:34:17)
Running from C:\Users\atobe\Desktop\FRST64.exe
Loaded Profiles: Burento
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3758 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (Alex313031) [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\thorium.exe <19>
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3cf99e411755df38\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Wagnardsoft -> Wagnardsoft) C:\Users\atobe\Documents\GameOptimize\ISLC v1.0.2.8\ISLC v1.0.2.9\Intelligent standby list cleaner ISLC.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3022640 2023-10-28] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3cf99e411755df38\RtkAudUService64.exe [1963928 2023-11-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3572488 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3572488 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
IFEO\TextInputHost.exe: [Debugger] C:\Windows\system32\systray.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {90D97723-1CAE-41CC-B9D5-491AADBA022A} - System32\Tasks\Intelligent StandbyList Cleaner => C:\Users\atobe\Documents\GameOptimize\ISLC v1.0.2.8\ISLC v1.0.2.9\Intelligent standby list cleaner ISLC.exe [438968 2023-06-26] (Wagnardsoft -> Wagnardsoft)
Task: {5CBDC1F3-6B2D-46DC-B87E-2B12626B70E0} - System32\Tasks\Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask => {82aa0895-198a-4c1b-b2d1-c16894218afb} C:\Windows\System32\unifiedconsent.dll [282112 2023-12-01] (Microsoft Windows -> Microsoft Corporation)
Task: {DDDB94C7-97BF-4327-A226-439AF27753B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CAA64AA9-4C24-4733-B4B8-EB51A9BCB44D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BCB4F0B6-5FED-4D50-BDA8-A76A633C7E32} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3A8D7996-0538-4A97-9722-D3B67B6AC2E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36A37AD2-707E-4FA9-9A81-46657E2477F4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [256512 2023-12-01] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{9b00a095-6cf4-4375-a6b5-6c219ce0d2b0}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{9b00a095-6cf4-4375-a6b5-6c219ce0d2b0}: [DhcpNameServer] 1.1.1.1 1.0.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-04]
Edge Notifications: Default -> hxxps://www.facebook.com; hxxps://www.messenger.com; hxxps://www38.davisonbarker.pro; hxxps://www54.davisonbarker.pro; hxxps://z-upload.facebook.com
Edge Session Restore: Default -> is enabled.
Edge Extension: (Authenticator) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2023-11-25]
Edge Extension: (Enhancer for YouTube™) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlgfaleeejmphhnemjgiaekdbonkagkd [2023-11-25]
Edge Extension: (GoPlay Extension) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\edhdonadgbpnhhkdobemjnjdpmfdjnmf [2023-11-25]
Edge Extension: (MetaMask) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2023-11-25]
Edge Extension: (Perplexity - AI Companion) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hlgbcneanomplepojfcnclggenpcoldo [2023-11-25]
Edge Extension: (SaveFrom.net helper) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hndfjogdceachkbgioglehonpejcdhem [2023-11-25]
Edge Extension: (Transpose ▲▼ pitch ▹ speed ▹ loop for videos) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ioimlbgefgadofblnajllknopjboejda [2023-11-25]
Edge Extension: (Unpaywall) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2023-11-25]
Edge Extension: (Volume Master) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2023-11-25]
Edge Extension: (Edge relevant text changes) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-11-25]
Edge Extension: (uBlock Origin) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-11-25]
Edge Profile: C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2023-12-02]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AntiCheatExpert Service; C:\Program Files\AntiCheatExpert\SGuard\x64\SGuardSvc64.exe [2696560 2023-07-06] (HIGH MORALE DEVELOPMENTS LIMITED -> )
S3 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe [527800 2023-08-04] (Advanced Micro Devices Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9712432 2023-01-16] (BattlEye Innovations e.K. -> )
S4 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2023-10-03] (EasyAntiCheat Oy -> Epic Games, Inc.)
S4 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-12] (Epic Games Inc. -> Epic Games, Inc.)
S3 GameInputSvc; C:\Windows\System32\GameInputSvc.exe [50168 2023-12-01] (Microsoft Corporation -> Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [12153200 2022-05-26] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S3 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvmdig.inf_amd64_1e678564fff99713\Display.NvContainer\NVDisplay.Container.exe [1274888 2023-11-10] (NVIDIA Corporation -> NVIDIA Corporation)
S4 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [3863040 2022-10-25] (Microsoft Corporation) [File not signed]
S3 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [256264 2023-02-10] (Razer USA Ltd. -> Razer Inc)
S3 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [297736 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
S3 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [538424 2023-09-19] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 UltraViewService; C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe [238416 2023-08-26] (DUC FABULOUS CO.,LTD -> )
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9572824 2023-10-28] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 IMFservice; C:\Users\atobe\Documents\Installers\IOBit Malware\IObit Malware Fighter Pro v10.3.0.1077 Multilingual Portable\IObit Malware Fighter Pro 10.3.0.1077\App\IObit Malware Fighter\IMFSrv.exe [X]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACE-BASE; C:\Windows\system32\drivers\ACE-BASE.sys [1660968 2023-07-06] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [36928 2022-06-03] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 EagleX64; C:\Windows\system32\drivers\EagleX64.sys [174728 2023-03-10] (AhnLab, Inc. -> AhnLab, Inc.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [80264 2023-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 RvNetMP60; C:\Windows\System32\drivers\RvNetMP60.sys [58288 2023-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Famatech Corp.)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_006e; C:\Windows\System32\drivers\RzDev_006e.sys [56152 2021-03-22] (Razer USA Ltd. -> Razer Inc)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc. -> Razer Inc)
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-12-01] (Microsoft Windows -> Microsoft Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [21679192 2023-10-27] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55744 2023-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [578856 2023-11-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-07] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2023-09-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 xhunter1; C:\Windows\xhunter1.sys [1432232 2023-06-25] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-12-04 21:34 - 2023-12-04 21:34 - 000014635 _____ C:\Users\atobe\Desktop\FRST.txt
2023-12-04 21:33 - 2023-12-04 21:34 - 000000000 ____D C:\FRST
2023-12-04 21:22 - 2023-12-04 21:22 - 002384384 _____ (Farbar) C:\Users\atobe\Desktop\FRST64.exe
2023-12-04 20:15 - 2023-11-09 00:38 - 006258032 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2023-12-04 19:31 - 2023-12-04 19:31 - 000001360 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\memreduct.lnk
2023-12-04 02:00 - 2023-12-04 02:00 - 000000000 ____D C:\Users\atobe\AppData\Roaming\IObit
2023-12-04 02:00 - 2023-12-04 02:00 - 000000000 ____D C:\ProgramData\ProductData
2023-12-03 23:57 - 2023-12-04 02:00 - 000000000 ____D C:\ProgramData\IObit
2023-12-03 23:56 - 2022-10-24 17:29 - 000042360 _____ (IObit) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2023-12-03 00:08 - 2023-12-03 00:08 - 000001244 _____ C:\Users\atobe\Desktop\Roblox Studio.lnk
2023-12-02 22:38 - 2023-12-03 19:17 - 000000000 ____D C:\Users\atobe\AppData\Local\VirtualStore
2023-12-02 21:40 - 2023-12-02 21:40 - 000000000 ____D C:\SAVE
2023-12-02 21:37 - 2023-12-02 21:37 - 000000000 ____D C:\Windows\solcache
2023-12-02 21:35 - 2023-12-03 19:21 - 000000000 ____D C:\Sierra
2023-12-02 21:14 - 2023-12-02 21:14 - 000000000 ____D C:\bshift
2023-12-01 23:09 - 2023-12-01 23:09 - 000001585 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HWiNFO64.lnk
2023-12-01 22:32 - 2023-12-01 22:32 - 000001602 _____ C:\Users\atobe\Desktop\EarTrumpet.lnk
2023-12-01 20:43 - 2023-12-01 20:43 - 000000000 ____D C:\Users\atobe\AppData\Local\Datastead
2023-12-01 20:43 - 2017-12-08 18:01 - 000713216 _____ C:\Windows\system32\xvidcore.dll
2023-12-01 20:43 - 2017-12-08 18:01 - 000251392 _____ C:\Windows\system32\xvidvfw.dll
2023-12-01 20:43 - 2017-12-08 18:01 - 000172032 _____ C:\Windows\system32\xvid.ax
2023-12-01 16:22 - 2023-12-01 16:22 - 000002271 _____ C:\Users\Public\Desktop\NVIDIA RTX Voice.lnk
2023-12-01 16:22 - 2023-12-01 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-12-01 16:22 - 2020-03-12 21:58 - 000177896 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtxaudcap64v.dll
2023-12-01 16:22 - 2020-03-12 21:58 - 000155024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvrtxaudcap32v.dll
2023-12-01 16:22 - 2020-03-12 21:58 - 000054504 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvrtxvad64v.sys
2023-12-01 14:58 - 2023-12-01 14:58 - 000006430 __RSH C:\ProgramData\ntuser.pol
2023-12-01 12:27 - 2023-12-01 13:28 - 000000000 ____D C:\Program Files\AMD
2023-12-01 12:27 - 2023-12-01 12:27 - 000000000 ____D C:\ProgramData\AMD
2023-12-01 11:49 - 2023-12-01 11:56 - 000000000 ____D C:\MSI
2023-12-01 10:35 - 2023-12-01 10:35 - 000000000 ____D C:\Windows\InboxApps
2023-12-01 10:05 - 2023-12-01 10:05 - 000000000 ___HD C:\$WinREAgent
2023-12-01 09:55 - 2023-12-01 09:55 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-11-26 01:40 - 2023-11-26 01:40 - 000000574 _____ C:\Users\atobe\ezpcopensdkconfig_2e76164306b94a2b9a4f01ad3f8c6f77.xml
2023-11-26 00:52 - 2023-11-26 00:52 - 000000000 ____D C:\LocalStorage
2023-11-25 22:34 - 2023-11-25 22:34 - 000000205 _____ C:\Users\atobe\.spotdl-cache
2023-11-25 22:28 - 2023-11-23 17:56 - 000000000 ____D C:\ffmpeg
2023-11-25 22:06 - 2023-11-25 22:06 - 000000000 ____D C:\Users\atobe\AppData\Local\pip
2023-11-24 01:56 - 2023-11-24 01:56 - 000000000 ____D C:\Users\atobe\AppData\Roaming\NVIDIA
2023-11-24 01:48 - 2023-11-24 01:48 - 000000000 ____D C:\Users\atobe\AppData\Local\Krisp
2023-11-22 04:14 - 2023-11-22 04:14 - 000000000 ____D C:\Users\atobe\AppData\Local\NVIDIA Corporation
2023-11-18 23:29 - 2023-11-18 23:29 - 001296872 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2023-11-18 23:26 - 2023-11-18 23:26 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Easeware
2023-11-17 22:27 - 2023-11-17 22:27 - 000002385 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thorium.lnk
2023-11-17 21:38 - 2023-11-17 21:38 - 000001590 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 2.lnk
2023-11-16 11:22 - 2023-11-16 11:22 - 000000000 ____D C:\Users\atobe\AppData\Local\NVIDIA
2023-11-16 10:55 - 2023-11-17 22:15 - 000000000 ____D C:\Users\atobe\AppData\Local\content_shell
2023-11-15 05:19 - 2023-11-17 22:27 - 000002348 _____ C:\Users\atobe\Desktop\thorium.lnk
2023-11-15 05:07 - 2023-11-17 22:52 - 000000000 ____D C:\Users\atobe\AppData\Local\Thorium
2023-11-15 04:44 - 2023-12-03 18:39 - 000000000 ____D C:\ProgramData\NVIDIA
2023-11-15 04:44 - 2023-11-24 01:56 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-11-15 04:44 - 2023-11-15 04:44 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2023-11-15 04:44 - 2023-11-15 04:44 - 000000000 ____D C:\Users\atobe\AppData\LocalLow\NVIDIA
2023-11-15 04:40 - 2023-12-04 20:39 - 000000000 ____D C:\Users\atobe\AppData\Local\D3DSCache
2023-11-15 04:40 - 2023-11-10 19:38 - 001487368 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001424064 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001424064 _____ C:\Windows\system32\vulkan-1.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001246400 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001246400 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001226872 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 000850512 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-11-15 04:40 - 2023-11-10 19:38 - 000850512 _____ C:\Windows\system32\vulkaninfo.exe
2023-11-15 04:40 - 2023-11-10 19:38 - 000731216 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-11-15 04:40 - 2023-11-10 19:38 - 000731216 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-11-15 04:39 - 2023-11-10 19:34 - 001541256 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 001198200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 000957960 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 000669712 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 000504840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 002171000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 001624712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 000997512 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 000810104 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-11-15 04:39 - 2023-11-10 19:33 - 000774280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 015095416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 012375160 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 006462600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 005862520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 005861000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 003619960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 000853112 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-11-15 04:39 - 2023-11-10 19:32 - 000459384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-11-15 04:39 - 2023-11-10 19:31 - 007866472 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2023-11-15 04:39 - 2023-11-10 19:30 - 006745880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-11-15 04:39 - 2023-11-10 10:07 - 000113883 _____ C:\Windows\system32\nvinfo.pb
2023-11-13 00:41 - 2023-11-17 23:25 - 000000000 ____D C:\Windows\system32\MSDtc
2023-11-12 03:45 - 2023-11-12 03:45 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Pegasun
2023-11-12 01:52 - 2023-11-12 01:52 - 000001828 _____ C:\Users\atobe\Desktop\CrystalDiskInfo.lnk
2023-11-12 01:52 - 2023-11-12 01:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2023-11-12 01:52 - 2023-11-12 01:52 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2023-11-12 01:15 - 2023-11-12 01:15 - 000000112 ___SH C:\bootTel.dat
2023-11-11 23:28 - 2023-11-11 23:28 - 000000000 ____D C:\Users\atobe\AppData\Local\Patch_My_PC,_LLC
2023-11-10 14:46 - 2023-11-11 15:50 - 000000000 ____D C:\Users\atobe\AppData\Local\Playnite
2023-11-10 08:08 - 2023-11-10 08:08 - 000000000 ____D C:\Users\atobe\AppData\LocalLow\Asobimo,Inc
2023-11-08 19:06 - 2022-05-16 17:23 - 000013576 ____H (Windows (R) Win 7 DDK provider) C:\Windows\acpimof.dll
2023-11-08 18:59 - 2023-11-08 19:07 - 000000000 ____D C:\ProgramData\MSI
2023-11-08 18:57 - 2023-12-01 11:56 - 000000000 ____D C:\Program Files (x86)\MSI
2023-11-08 16:21 - 2023-11-26 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2023-11-08 16:21 - 2023-11-25 23:17 - 000000000 ____D C:\Users\atobe\AppData\Local\Razer
2023-11-08 16:19 - 2023-11-25 23:17 - 000000000 ____D C:\Program Files (x86)\Razer
2023-11-08 16:08 - 2023-11-08 16:08 - 000001087 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RevoUPort.lnk
2023-11-08 00:11 - 2023-12-03 23:02 - 000000000 ____D C:\Users\atobe\Downloads\Video
2023-11-08 00:11 - 2023-11-11 22:53 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2023-11-08 00:11 - 2023-11-11 22:52 - 000000000 ____D C:\Users\atobe\AppData\Roaming\IDM
2023-11-08 00:11 - 2023-11-08 18:30 - 000000000 ____D C:\Users\atobe\AppData\Roaming\DMCache
2023-11-08 00:11 - 2023-11-08 00:11 - 000000000 ____D C:\Users\atobe\Downloads\Compressed
2023-11-08 00:11 - 2023-11-08 00:11 - 000000000 ____D C:\ProgramData\IDM
2023-11-04 23:37 - 2023-11-04 23:37 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-11-04 23:04 - 2023-12-01 16:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-11-04 22:40 - 2023-11-16 12:45 - 000001787 _____ C:\Users\atobe\Desktop\CLEAN TEMP .bat - Shortcut.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-12-04 21:33 - 2022-10-25 11:06 - 000840878 _____ C:\Windows\system32\PerfStringBackup.INI
2023-12-04 21:33 - 2019-12-07 17:13 - 000000000 ____D C:\Windows\INF
2023-12-04 21:31 - 2022-10-26 14:48 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-12-04 21:30 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\AppReadiness
2023-12-04 21:29 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-04 21:28 - 2022-10-26 01:59 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-04 21:28 - 2022-10-26 01:59 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-12-04 21:28 - 2019-12-07 17:03 - 000262144 _____ C:\Windows\system32\config\BBI
2023-12-04 20:59 - 2023-02-07 10:00 - 000000000 ____D C:\Users\atobe\Documents\GameOptimize
2023-12-04 20:16 - 2023-07-26 22:01 - 000000000 ___HD C:\Program Files (x86)\Temp
2023-12-04 20:15 - 2022-11-30 15:09 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-12-04 19:51 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-04 19:48 - 2023-10-29 20:29 - 000000000 ____D C:\Users\atobe\Documents\Installers
2023-12-03 23:56 - 2022-10-25 11:05 - 000000000 ____D C:\Windows\system32\MRT
2023-12-03 23:50 - 2022-11-11 21:04 - 000000000 ____D C:\Users\atobe\AppData\Roaming\vlc
2023-12-03 22:09 - 2022-10-26 01:59 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-12-03 18:51 - 2023-09-04 00:19 - 000000000 ____D C:\Games
2023-12-03 17:03 - 2022-10-26 18:05 - 000000000 ____D C:\Users\atobe\AppData\Local\CrashDumps
2023-12-03 00:08 - 2023-11-02 09:40 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-12-03 00:08 - 2023-01-11 10:30 - 000000256 _____ C:\Users\atobe\AppData\LocalLow\rbxcsettings.rbx
2023-12-03 00:05 - 2022-10-25 15:23 - 000000000 ____D C:\ProgramData\Package Cache
2023-12-03 00:00 - 2023-07-04 09:29 - 000000000 ___RD C:\Users\atobe\Documents\RevoUninstaller_Portable
2023-12-02 23:59 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-12-02 22:22 - 2022-11-30 14:49 - 000000000 ____D C:\ProgramData\chocolatey
2023-12-02 21:39 - 2022-10-26 14:55 - 000000000 ____D C:\Program Files (x86)\Steam
2023-12-02 19:09 - 2022-11-21 20:36 - 000000000 ____D C:\Users\atobe\Documents\Games
2023-12-01 23:20 - 2022-10-25 15:07 - 000000000 ____D C:\Windows\pss
2023-12-01 16:59 - 2023-08-07 14:02 - 000000000 ____D C:\Users\atobe\AppData\Roaming\discord
2023-12-01 16:58 - 2023-08-07 14:02 - 000000000 ____D C:\Users\atobe\AppData\Local\Discord
2023-12-01 16:57 - 2023-07-26 21:53 - 000000061 _____ C:\ProgramData\perma.bm
2023-12-01 16:57 - 2022-11-17 16:41 - 000000000 _____ C:\ProgramData\system.conf
2023-12-01 16:57 - 2022-10-26 18:18 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk
2023-12-01 16:57 - 2022-10-26 01:59 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-01 16:57 - 2022-10-25 18:05 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2023-12-01 16:56 - 2022-12-13 02:41 - 000000000 ____D C:\ProgramData\Riot Games
2023-12-01 16:53 - 2023-08-07 14:02 - 000002227 _____ C:\Users\atobe\Desktop\Discord.lnk
2023-12-01 16:22 - 2022-10-25 16:24 - 000000000 ____D C:\temp
2023-12-01 15:18 - 2023-10-06 00:58 - 000000016 _____ C:\ProgramData\rtpeskt
2023-12-01 15:15 - 2023-01-26 11:43 - 000000016 _____ C:\ProgramData\mntemp
2023-12-01 13:55 - 2023-09-04 19:05 - 000000000 ____D C:\ProgramData\Windows Master Setup
2023-12-01 13:46 - 2022-11-24 04:23 - 000000000 ____D C:\Program Files\WinRAR
2023-12-01 13:28 - 2022-10-25 15:38 - 000000000 ____D C:\AMD
2023-12-01 13:15 - 2023-09-26 02:56 - 000080264 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2023-12-01 12:27 - 2022-11-03 12:17 - 000000000 ____D C:\Users\atobe\AppData\Local\Downloaded Installations
2023-12-01 12:27 - 2022-10-25 11:02 - 000000000 ____D C:\Users\atobe
2023-12-01 12:26 - 2023-09-13 22:56 - 000000000 ____D C:\Users\atobe\Documents\Realtek
2023-12-01 11:59 - 2022-11-30 15:09 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-12-01 10:36 - 2022-10-26 01:59 - 000259736 _____ C:\Windows\system32\FNTCACHE.DAT
2023-12-01 10:36 - 2022-10-25 11:03 - 000000000 ____D C:\Users\atobe\AppData\Local\Packages
2023-12-01 10:35 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SystemResources
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\oobe
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\Dism
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\Provisioning
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\bcastdvr
2023-12-01 10:35 - 2019-12-07 17:03 - 000000000 ____D C:\Windows\servicing
2023-12-01 10:28 - 2019-12-07 17:03 - 000000000 ____D C:\Windows\CbsTemp
2023-12-01 09:57 - 2019-12-07 17:54 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-12-01 09:57 - 2019-12-07 17:54 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2023-11-30 22:42 - 2022-10-26 01:59 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-11-25 23:25 - 2022-10-25 11:02 - 000000000 ____D C:\ProgramData\Razer
2023-11-25 22:57 - 2023-11-01 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2023-11-25 22:27 - 2023-10-05 23:44 - 000000000 ____D C:\Users\atobe\Documents\Docs
2023-11-25 19:57 - 2022-11-03 01:01 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2023-11-25 19:56 - 2023-10-10 13:45 - 000000000 ____D C:\Users\atobe\Documents\Image-Line
2023-11-25 19:56 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\registration
2023-11-17 21:46 - 2022-10-26 14:55 - 000000000 ____D C:\Users\atobe\AppData\Local\Steam
2023-11-17 03:50 - 2022-12-11 19:05 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-11-16 12:31 - 2023-01-11 10:30 - 000000000 ____D C:\Users\atobe\AppData\Local\Roblox
2023-11-15 05:16 - 2022-09-08 11:12 - 000000000 ____D C:\Windows\SystemTemp
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ___SD C:\Windows\system32\UNP
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\ShellComponents
2023-11-15 04:20 - 2022-10-25 11:05 - 182871392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-11-12 21:10 - 2022-12-13 02:42 - 000000000 ____D C:\Program Files\Riot Vanguard
2023-11-12 03:46 - 2022-11-03 04:07 - 000000000 ____D C:\Users\atobe\AppData\Local\OO Software
2023-11-10 08:09 - 2023-01-26 11:43 - 000000000 ____D C:\Users\atobe\AppData\LocalLow\Unity
2023-11-08 18:59 - 2022-10-25 11:03 - 000000000 ____D C:\ProgramData\Packages
2023-11-07 23:07 - 2023-09-25 19:27 - 000000000 ____D C:\Program Files (x86)\UltraViewer
2023-11-07 15:05 - 2022-10-26 01:59 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-11-04 23:59 - 2022-10-25 11:02 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Microsoft\Windows

==================== Files in the root of some directories ========

2023-04-06 11:59 - 2023-04-08 18:49 - 000152276 _____ () C:\Users\atobe\AppData\Local\keyword.txt
2023-04-06 11:59 - 2023-04-08 18:49 - 000067928 _____ () C:\Users\atobe\AppData\Local\keyword.zip
2023-09-25 20:31 - 2023-09-25 20:31 - 000007601 _____ () C:\Users\atobe\AppData\Local\Resmon.ResmonCfg
2023-04-06 11:59 - 2023-04-09 00:42 - 000819383 _____ () C:\Users\atobe\AppData\Local\YouMeIMLogV2.txt
2023-04-06 11:59 - 2023-04-06 11:59 - 000008192 _____ () C:\Users\atobe\AppData\Local\youmeimprofile.db
2023-04-06 12:14 - 2023-04-06 12:14 - 000016384 _____ () C:\Users\atobe\AppData\Local\youme_im_message.db
2023-04-06 12:14 - 2023-04-06 12:14 - 000008192 _____ () C:\Users\atobe\AppData\Local\youme_im_notice.db
2023-04-06 11:59 - 2023-04-08 18:50 - 000008192 _____ () C:\Users\atobe\AppData\Local\youme_im_report.db

==================== FLock ==============================

2023-11-02 13:32 C:\Windows\UV_LastPW.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2023
Ran by Burento (04-12-2023 21:35:01)
Running from C:\Users\atobe\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.3758 (X64) (2022-10-25 03:00:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1914130881-976919837-3734132408-500 - Administrator - Disabled)
Burento (S-1-5-21-1914130881-976919837-3734132408-1001 - Administrator - Enabled) => C:\Users\atobe
DefaultAccount (S-1-5-21-1914130881-976919837-3734132408-503 - Limited - Disabled)
Guest (S-1-5-21-1914130881-976919837-3734132408-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1914130881-976919837-3734132408-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.08.02.027 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.24.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{94dc9043-935f-4e10-ac8b-5ce0ac055188}) (Version: 5.08.02.027 - Advanced Micro Devices, Inc.) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
CPUID CPU-Z MSI 2.06 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 2.06 - CPUID, Inc.)
CrystalDiskInfo 9.1.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.1.1 - Crystal Dew World)
Discord (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Discord) (Version: 1.0.9016 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{20235E2B-1E9F-473D-A215-B2467F1F06E3}) (Version: 1.3.51.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.3 - )
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
LatencyMon 7.31 (HKLM\...\LatencyMon_is1) (Version: 7.31 - Resplendence Software Projects Sp.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Core Host - 3.1.31 (x64) (HKLM\...\{97ECD882-397F-4825-B7FB-1B9DF76B7DD9}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.31 (x64) (HKLM\...\{4CF84AED-891D-4ECD-93FB-94B58A43F454}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.31 (x64) (HKLM\...\{337A821B-2ED5-42BC-8699-238B600CBB73}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.11 (x64) (HKLM\...\{B92B890A-04F2-4880-BA20-20D4364FB263}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.11 (x64) (HKLM\...\{5E63E49B-C88C-46C5-855C-A7B07C11CDC8}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.11 (x64) (HKLM\...\{C3DD1448-513A-4DB8-978D-6991562EA63D}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 (HKLM-x32\...\{1de5e707-82da-4db6-b810-5d140cc4cbb3}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33130 (HKLM-x32\...\{2cfeba4a-21f8-4ea7-9927-c5a5c6f13cc9}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33130 (HKLM\...\{C31777DB-51C1-4B19-9F80-38EF5C1D7C89}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33130 (HKLM\...\{1CA7421F-A225-4A9C-B320-A36981A2B789}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33130 (HKLM-x32\...\{5CA9AE7B-2EFC-4F02-81CD-32ABE173C755}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33130 (HKLM-x32\...\{DF1B52DF-C88E-4DDF-956B-6E7A03327F46}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.31 (x64) (HKLM\...\{F3479C10-2CEA-4C17-8C49-5AD92965254D}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.31 (x64) (HKLM-x32\...\{2c0fd312-a570-439d-8831-42fe66080acc}) (Version: 3.1.31.31813 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM\...\{A39D4115-3A27-4245-AE92-3214B8B21932}) (Version: 48.47.50419 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM-x32\...\{c4846f79-a633-4ae4-92a3-92fdbeb33da2}) (Version: 6.0.11.31823 - Microsoft Corporation)
NVIDIA Graphics Driver 546.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.17 - NVIDIA Corporation)
NVIDIA NVIDIA RTX Voice Driver 1.0.0.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_RTXVoice.Driver) (Version: 1.0.0.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA RTX Voice Application (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_RTXVoice) (Version: 0.5.12.6 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.8.1031.110912 - Razer Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9601.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.64.316.2023 - Realtek)
Riot Client (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roblox Player for Burento (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: 2.55.0 - TechPowerUp)
Thorium (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Thorium) (Version: 117.0.5938.157 - The Thorium Authors)
Tony Hawks Pro Skater 1 Plus 2 (HKLM-x32\...\Tony Hawks Pro Skater 1 Plus 2_is1) (Version: - )
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UltraViewer version 6.6.48 (HKLM-x32\...\{E0FABD74-083B-47F4-AC5B-CA4237BF8913}_is1) (Version: 6.6.48 - DucFabulous)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VALORANT (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Windows Driver Package - Razer Inc. (WinUSB) USB (05/04/2016 6.2.9200.16385) (HKLM\...\874D6B1A2BD2AE8FF3594AB704F2A4A3F8342FB5) (Version: 05/04/2016 6.2.9200.16385 - Razer Inc.)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)

Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.3.0.0_x86__1sdd7yawvg6ne [2023-11-25] (File-New-Project) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-11-28] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.48.312.0_x64__dt26b99r8h8gj [2023-12-01] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 -> "C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\notification_helper.exe (Alex313031) [File not signed]
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmdig.inf_amd64_1e678564fff99713\nvshext.dll [2023-11-10] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.XVID] => c:\windows\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\atobe\Desktop\CLEAN TEMP .bat - Shortcut.lnk -> C:\Users\atobe\Documents\GameOptimize\Aysa FPS Folder\clean\CLEAN TEMP .bat ()

==================== Loaded Modules (Whitelisted) =============

2022-05-23 02:57 - 2022-05-23 02:57 - 000613376 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2016-07-31 05:42 - 2016-07-31 05:42 - 002772692 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2017-04-03 01:01 - 2017-04-03 01:01 - 001748992 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 000498176 _____ () [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\libegl.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 008403968 _____ () [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\libglesv2.dll
2023-11-17 22:27 - 2023-10-11 02:19 - 005973504 _____ () [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\vk_swiftshader.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 237415424 _____ (Alex313031) [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\chrome.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 001394688 _____ (Alex313031) [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [5138]
AlternateDataStreams: C:\ProgramData\perma.bm:4A13D2B240 [5138]
AlternateDataStreams: C:\ProgramData\rtpeskt:1F3D48CBE8 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:0F57F3FDE6 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:422D4106AB [5138]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:98F6F85C [114]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk:718E15FDE8 [5138]
AlternateDataStreams: C:\Users\atobe\Application Data:401b39480725c581a77cd78cb5a228f5 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\atobe\Application Data:6f253e6e4a0b5d350d885c54873a9999 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:9e1811b514796fb3fd8d48513cdb9024 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:a4a7135d5fc196220c4b1dfe38793a5a [394]
AlternateDataStreams: C:\Users\atobe\Application Data:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\atobe\Application Data:ec26fcc64579419b6922f3893f7e4905 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:401b39480725c581a77cd78cb5a228f5 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:6f253e6e4a0b5d350d885c54873a9999 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:9e1811b514796fb3fd8d48513cdb9024 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:a4a7135d5fc196220c4b1dfe38793a5a [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:ec26fcc64579419b6922f3893f7e4905 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8374]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.cmd: => <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 17:14 - 2023-09-26 10:08 - 000003200 _____ C:\Windows\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site
109.94.209.70 fitgirlrepacks.pro # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.pro # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 fitgirl-repacks-site.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks-site.org # Fake FitGirl site
109.94.209.70 fitgirls-repacks.com # Fake FitGirl site
109.94.209.70 fitgirlrepack.cc # Fake FitGirl site
109.94.209.70 fitgirlrepacks.org # Fake FitGirl site

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Control Panel\Desktop\\Wallpaper -> D:\Users\Brent Martin\Pictures\Neomuhae II\338915506_1357099454858559_4899861212144086898_n.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat_EOS => 3
MSCONFIG\Services: EpicOnlineServices => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IMFservice => 3
MSCONFIG\Services: PCManager Service => 2
MSCONFIG\Services: ProtonVPN Service => 3
MSCONFIG\Services: ProtonVPN WireGuard => 3
MSCONFIG\Services: RvControlSvc => 3
MSCONFIG\Services: TeamViewer => 3
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "RadminVPN"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Netmarble Launcher"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_99AB2386BA0AFF948500766949EA6367"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Glyph Client"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "ProtonVPN"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "TeraBox"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "TeraBoxWeb"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "IDMan"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8C426E08-8407-4F95-BF4C-05ABAB54CB31}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{0D07FBA8-8BAF-47CF-9165-4B25DCE202DC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{6552CA0D-5356-4F62-B5D3-5408DA567C2D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C9016994-AB95-4EBE-B38C-0831ADA9235A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{60112DA9-7D02-4E20-9368-B8A53BD3827B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7E5FDBD4-70E3-4051-9E2D-FD8CA30BBF08}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{0671EB70-A463-47DB-A762-93C6096A11B8}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{422BA90D-D9FD-4C6B-A28B-A618127D4A29}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{6D972FA1-2B08-45CF-88AE-D3D8A4671F5F}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{489794AE-77EE-4797-A9FB-1BC73B6338DB}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{E829A648-6E48-4FDF-8DD0-2E5F7369B156}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{47457A3F-903A-4FC4-B205-9E4BF36747D5}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{E0CEDCC0-9D81-46D1-84F1-761031F30982}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{BE838F45-ADB0-4B80-9644-8F9F7B235618}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{0BC962BA-E681-4A13-B6CE-6BA2B28302E0}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{9FA623B2-5480-4781-9D80-03CD2C276DDE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{83B21BF0-6A74-4816-B486-C9D1ED0076DE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{5B4C74F8-F4C4-4578-807F-E6AE1AC38BC6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{371380C1-C5D0-4933-A7A5-1B0B4364BA32}] => (Allow) LPort=2099
FirewallRules: [{05027FC0-8EC2-4817-8A28-300A936F02A8}] => (Allow) LPort=5223
FirewallRules: [{D06A136F-6262-4CA9-A2F4-D5DB5233A51C}] => (Allow) LPort=5222
FirewallRules: [{1D4848FC-E387-4176-9FD1-10D369897E5D}] => (Allow) LPort=80
FirewallRules: [{5FA538C9-A3E8-4A88-AAFB-97FF9860DBD7}] => (Allow) LPort=443
FirewallRules: [{5C7D414D-7BD6-47C8-A720-8BAF0FEB7870}] => (Allow) LPort=8088
FirewallRules: [{434D6E9A-D91A-47B2-A6B9-8B643842B768}] => (Allow) LPort=8088
FirewallRules: [{5E7A6138-AC4D-4959-B565-92C622FC0BFA}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{03A58B38-BC2C-4DED-8212-333A192451E2}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{E048D2FD-BF2A-4000-AE5D-35DF888BDC45}] => (Allow) C:\Program Files\Riot Vanguard\vgc.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{E6DFDC83-8E59-41FF-9ACC-9685FCCAD980}] => (Allow) C:\Program Files\Riot Vanguard\vgc.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{E6825A23-D51C-4277-B011-98A44AD20FA9}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{0833BCBF-E22A-4C32-93AC-2E3DC38DC754}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{758C93E3-2803-4C8E-8853-6D901816A32A}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{548FB8E5-8E2E-4C87-84D5-3186479755F0}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{79F2A70B-17FA-4A0D-B4FE-5928C9ABFE16}C:\counter-strike-original\hl.exe] => (Allow) C:\counter-strike-original\hl.exe => No File
FirewallRules: [UDP Query User{6CCE973E-329D-4177-9B84-6C9EFC4F709D}C:\counter-strike-original\hl.exe] => (Allow) C:\counter-strike-original\hl.exe => No File
FirewallRules: [TCP Query User{33652D8A-1B9E-4DCC-90E6-50EE3685F797}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D42B1470-8396-403D-9BDE-FA7354CBD207}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{60CB3AF8-1CCE-4F9B-82C4-85B61B56391D}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{5CF05C24-A937-4575-80BA-A75EB4EEFBCC}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{CE491951-4055-49EB-B52D-56E416FE912F}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{980782DD-9CE6-40A7-8B61-908FB4469B09}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{745DEFB6-B960-4739-BE5D-E7D5A908F045}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{981BE553-31D0-40E3-AAB3-A9366A0C75B0}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{988747E5-EC80-4887-8854-929A302D7A8B}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{5C319DD3-3E88-4046-ABAE-B3095C16054D}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{F96FB750-C5D7-4E44-88EC-D9B277CCF7C9}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{E9E0256F-4DB3-4E1B-BA78-B003841A35DC}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{956B912A-C22D-4A56-8A74-C34970B71891}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{6013F402-18C8-48F3-B055-DF8A965A70E4}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{62A45987-67BE-4018-83AF-2E1A5BC0D379}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{7D80EA22-EBCB-4E0F-AAF2-4A992C526050}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{D0DDE83B-B89E-4E8D-B161-62BC9C775563}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{18B54967-04C7-4E74-9DCF-AEB13BB58F44}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{85F7C383-4411-4167-9818-66F2160C6360}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{79D42EF5-BFAA-430C-85E6-7730F2F10FB9}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{33A7D57C-BED6-4C75-9CA2-C8555C4BCD09}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{F7D55B4B-C34F-4962-A721-6B140F88AFEF}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{16B82B12-BB62-4F78-A283-AB4CD8746E29}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{DD8BBE80-6B3E-4AC2-8659-A747E6884E8C}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{76DBF020-19EE-4617-B480-72476631C6BC}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{41DF0742-D3C5-4F6E-82C9-1B75388613C7}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{E3A5AF8C-8FE9-42B8-82C6-BC5CED286852}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{116A493E-7EF2-4D0F-9550-91EE7F261653}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{6B551386-E949-4F29-A708-FFB359E1EB59}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{0855753B-A884-4FF2-A3AC-09BDFD80022D}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [TCP Query User{A59ADE67-D1F9-4668-B5F2-1FAB6AE042D0}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe] => (Allow) C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe => No File
FirewallRules: [UDP Query User{3DD2B027-C64B-4076-8135-ADF07C69DEAC}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe] => (Allow) C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe => No File
FirewallRules: [TCP Query User{6EA57D2E-459B-45C7-BF42-77E4A9FA9890}C:\program files\gamelauncher\roo_pc\ro.exe] => (Allow) C:\program files\gamelauncher\roo_pc\ro.exe => No File
FirewallRules: [UDP Query User{EBE5B732-0177-4534-B587-5006A1FAAFDD}C:\program files\gamelauncher\roo_pc\ro.exe] => (Allow) C:\program files\gamelauncher\roo_pc\ro.exe => No File
FirewallRules: [TCP Query User{A7DA3341-BF91-4D18-B714-030E59BA00C7}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex] => (Allow) C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex => No File
FirewallRules: [UDP Query User{3976A0C3-57B7-4BED-A1A1-F130BAFB94FD}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex] => (Allow) C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex => No File
FirewallRules: [{DE056BE2-CC18-4483-ACB7-4562F6BC471A}] => (Allow) E:\SteamLibrary\steamapps\common\LEAP Playtest\start_protected_game.exe => No File
FirewallRules: [{5A9A3304-09E7-4ED6-A072-7370F1FACF5F}] => (Allow) E:\SteamLibrary\steamapps\common\LEAP Playtest\start_protected_game.exe => No File
FirewallRules: [{319F2BA6-65FD-49A2-A6BB-0238582FB148}] => (Allow) E:\SteamLibrary\steamapps\common\Retail Royale\IkeaBR_Server.exe => No File
FirewallRules: [{EB5340BA-B79D-4AF4-B030-2DCCB18E3826}] => (Allow) E:\SteamLibrary\steamapps\common\Retail Royale\IkeaBR_Server.exe => No File
FirewallRules: [{AAFD46BC-FCF2-4A6C-864B-A9BDBCB2ACE4}] => (Allow) C:\Program => No File
FirewallRules: [{D0D47D0A-941D-4AEF-B506-9284145F0A2E}] => (Allow) C:\Program => No File
FirewallRules: [{450F9AE4-AB25-4FDA-BB12-7D2878133A87}] => (Allow) C:\Program => No File
FirewallRules: [{70D07DDA-F878-4A85-A90C-1DFB557FDCCF}] => (Allow) C:\Program => No File
FirewallRules: [TCP Query User{F9F5D99C-829F-4B2C-80BE-D389F05BB162}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [UDP Query User{C3F12465-67CF-47F4-B278-B1A0879837EB}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [TCP Query User{081E98F2-85E6-4478-A6AB-392126C9C392}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [UDP Query User{0D03F58F-14B8-41F5-9F15-741D54A0A9C8}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [{0A1FA9CB-B647-4AFC-A4F5-CC1E7E71ECF8}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{00BF8CF7-C3F5-4462-B2EC-227E9C1831B8}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{52384158-878E-4184-929D-6CACD93CECD3}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{1C09A530-F61D-4C51-AAE9-FF1B518E9A4C}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{C6857852-45D2-43D6-9D49-FFE001F708F5}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{F4FFA4A8-5AF6-43E2-9770-CDDDD90620DD}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [TCP Query User{33B2BDAD-F627-43B9-82C0-A13774B12483}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe] => (Allow) C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe => No File
FirewallRules: [UDP Query User{1AFE6EC2-31BF-497C-A4C0-E91C495B9BE0}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe] => (Allow) C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe => No File
FirewallRules: [TCP Query User{7B8D5A2E-6543-40F9-90B9-3AC0BDC5A3B0}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [UDP Query User{2B1711FE-A84B-4EBD-8294-ECA9AD800C7D}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [{5AD0833E-69EA-41D4-B74A-32221030FB03}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1C7BBB07-DB0A-4BE0-8579-E5EAC04CCC3A}C:\users\atobe\documents\games\warcraft iii\war3.exe] => (Allow) C:\users\atobe\documents\games\warcraft iii\war3.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{F834D4E9-7889-49E2-86E2-3738BBF06CB4}C:\users\atobe\documents\games\warcraft iii\war3.exe] => (Allow) C:\users\atobe\documents\games\warcraft iii\war3.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{702757D7-9BA2-46B4-8439-0B0CC9E39477}D:\games\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left4dead2.exe => No File
FirewallRules: [UDP Query User{4B3F44D7-94B5-46AD-AE09-EDA247F1D9F9}D:\games\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left4dead2.exe => No File
FirewallRules: [TCP Query User{71FC2A33-4C5A-43BA-9218-FE8C1FF86307}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe => No File
FirewallRules: [UDP Query User{CCBF34CF-646E-4156-9FFF-128AD5B43C86}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe => No File
FirewallRules: [TCP Query User{9D5241FD-DA39-44A5-9301-08D4DB046B85}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe] => (Allow) C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe => No File
FirewallRules: [UDP Query User{F27810E7-4747-490D-BB0C-796545A23282}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe] => (Allow) C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe => No File
FirewallRules: [TCP Query User{73050D7E-037A-4588-9D19-4621CCF70CE0}C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe] => (Allow) C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe (Activision Publishing Inc -> Activision Publishing Inc.) [File not signed]
FirewallRules: [UDP Query User{850FB46A-2C73-4E35-800B-DC371BB9E20F}C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe] => (Allow) C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe (Activision Publishing Inc -> Activision Publishing Inc.) [File not signed]
FirewallRules: [{991B79BC-CD9D-42E6-8CF9-1F71B0C321C8}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{D14BD3A7-EFD4-4E7D-8D2D-66DB35BA29F4}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{524D4CE7-33EE-4D31-A597-662816B14943}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{335CEB8E-1D32-4E26-9141-0773D3B8D333}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{DCC367E1-BDBB-4E70-B4FF-F67C36385F14}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{003DF336-4F41-48E0-976D-59056A48A3A4}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{FBB0090E-74BF-47FA-B40F-CFC80D5E8E5A}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [{75246FBA-2CE2-4430-8ECA-435913DB3CBA}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [{BBA18ABF-A492-44D1-94A8-4A55CB27C533}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [{43B9A126-A5B2-4B81-834F-77049BEE1C51}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [TCP Query User{C4BCC487-FFB9-4B86-9566-09DC67D7635B}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe] => (Allow) C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [UDP Query User{6C0AF0C4-62FA-46FD-B34A-11CB57CA83F3}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe] => (Allow) C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [TCP Query User{1D7EA484-0CEE-43ED-B700-29A1F6F0A89A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{E5613A94-2E4E-4435-BEC5-D752ADC76846}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{A5ACB11B-A731-4F7C-B472-57FDFB48A6BC}] => (Allow) LPort=26822
FirewallRules: [{37626B05-4BA5-403D-819A-324FAD04C1D5}] => (Allow) LPort=32683
FirewallRules: [TCP Query User{B1D03B68-BF38-441E-9A62-CAC2F8344E88}C:\users\atobe\documents\installers\thorium\bin\thorium.exe] => (Allow) C:\users\atobe\documents\installers\thorium\bin\thorium.exe => No File
FirewallRules: [UDP Query User{C6C2C3BE-8391-42F4-82B8-FF4CFA166D9A}C:\users\atobe\documents\installers\thorium\bin\thorium.exe] => (Allow) C:\users\atobe\documents\installers\thorium\bin\thorium.exe => No File
FirewallRules: [{C9975CF6-AC79-422D-9E74-A428CFB81CC2}] => (Allow) C:\Users\atobe\AppData\Local\Thorium\Application\thorium.exe (Alex313031) [File not signed]
FirewallRules: [{6566A870-706E-40D7-9988-B117983E7E45}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe => No File
FirewallRules: [{8B200EF4-E551-4F41-AF3C-F6B8BA8C478B}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe => No File
FirewallRules: [TCP Query User{840B1CBC-2DFE-45E8-BC41-51818182C01B}C:\games\half-life1016\hl.exe] => (Allow) C:\games\half-life1016\hl.exe => No File
FirewallRules: [UDP Query User{52D8700C-E4E0-4D0E-89EC-8C4231855934}C:\games\half-life1016\hl.exe] => (Allow) C:\games\half-life1016\hl.exe => No File
FirewallRules: [TCP Query User{A81B389D-6747-4A9B-867D-5AF3CC53CC79}C:\program files\half-life1016\hl.exe] => (Block) C:\program files\half-life1016\hl.exe => No File
FirewallRules: [UDP Query User{F5E8AC9E-C8F0-4331-AF5C-44E89D1CCF60}C:\program files\half-life1016\hl.exe] => (Block) C:\program files\half-life1016\hl.exe => No File
FirewallRules: [TCP Query User{5FD326DE-16F2-4CBE-803F-BA5496B60ACE}C:\sierra\hl.exe] => (Allow) C:\sierra\hl.exe => No File
FirewallRules: [UDP Query User{5BC1D687-B0D6-4D77-8B83-37A0E778D8F9}C:\sierra\hl.exe] => (Allow) C:\sierra\hl.exe => No File

==================== Restore Points =========================

04-12-2023 02:12:13 Revo Uninstaller's restore point - yt-dlp
04-12-2023 21:30:37 FRST

==================== Faulty Device Manager Devices ============

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/04/2023 09:29:06 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 13:29:08 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 1ab66cf6-8656-49ed-b3fe-73b58edc2546

Method: GET(703ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (12/04/2023 08:33:29 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 12:33:31 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: bf556ba2-d5e8-4027-aae2-92f5cf4da228

Method: GET(547ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (12/04/2023 08:16:57 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 12:16:59 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 9a9cec55-2a13-4e21-b752-bc872182efc6

Method: GET(468ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (12/04/2023 08:14:15 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (12/04/2023 08:13:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/04/2023 02:12:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/04/2023 02:11:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (12/04/2023 02:11:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (12/04/2023 09:32:53 PM) (Source: DCOM) (EventID: 10010) (User: BURENTO)
Description: The server MicrosoftWindows.Client.CBS_1000.19053.1000.0_x64__cw5n1h2txyewy!InputApp did not register with DCOM within the required timeout.

Error: (12/04/2023 09:32:45 PM) (Source: DCOM) (EventID: 10010) (User: BURENTO)
Description: The server MicrosoftWindows.Client.CBS_1000.19053.1000.0_x64__cw5n1h2txyewy!InputApp did not register with DCOM within the required timeout.

Error: (12/04/2023 09:31:53 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (12/04/2023 09:31:49 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (12/04/2023 09:31:46 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (12/04/2023 09:31:42 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (12/04/2023 09:31:38 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (12/04/2023 09:31:34 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


Windows Defender:
================
Date: 2023-12-02 23:51:55
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
HackTool:Win32/Keygen threat description - Microsoft Security Intelligence
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_C:\Users\atobe\Downloads\Programs\Movavi Video Converter Premium 22.4.0.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.401.1546.0, AS: 1.401.1546.0, NIS: 1.401.1546.0
Engine Version: AM: 1.1.23100.2009, NIS: 1.1.23100.2009

Date: 2023-12-02 23:51:44
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
HackTool:Win32/Keygen threat description - Microsoft Security Intelligence
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_C:\Users\atobe\Downloads\Programs\Movavi Video Converter Premium 22.4.0.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.401.1546.0, AS: 1.401.1546.0, NIS: 1.401.1546.0
Engine Version: AM: 1.1.23100.2009, NIS: 1.1.23100.2009

Date: 2023-12-02 23:51:34
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
HackTool:Win32/Keygen threat description - Microsoft Security Intelligence
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_C:\Users\atobe\Downloads\Programs\Movavi Video Converter Premium 22.4.0.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.401.1546.0, AS: 1.401.1546.0, NIS: 1.401.1546.0
Engine Version: AM: 1.1.23100.2009, NIS: 1.1.23100.2009

Date: 2023-12-01 13:52:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Custom Scan
Event[0]:

Date: 2023-11-25 19:57:53
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0

==================== Memory info ===========================

BIOS: American Megatrends International, LLC. 2.K0 10/20/2023
Motherboard: Micro-Star International Co., Ltd. B450M MORTAR MAX (MS-7B89)
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 16309.54 MB
Available physical RAM: 12367.57 MB
Total Virtual: 18997.54 MB
Available Virtual: 13588.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:341.16 GB) (Free:170.58 GB) (Model: Samsung SSD 860 EVO 500GB) NTFS
Drive d: (HDD) (Fixed) (Total:930.91 GB) (Free:733.5 GB) (Model: WDC WD10EZEX-21M2NA0) NTFS
Drive e: (New Volume) (Fixed) (Total:123.96 GB) (Free:35.67 GB) (Model: Samsung SSD 860 EVO 500GB) NTFS

\\?\Volume{306c1475-881e-499f-8a6a-4e1f7517d9b8}\ () (Fixed) (Total:0.52 GB) (Free:0.06 GB) NTFS
\\?\Volume{7d909c85-b9a6-4f5d-8695-1f401beb88e5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CF2238B6)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B6A65161)

Partition: GPT.

==================== End of Addition.txt =======================
 
Hello, bajulito.

Welcome to Sysnative Forums.
EPFGbk7.gif



Indeed you are infected.

Please, adhere to the guidelines below. As soon as I have your consent, I'll start the cleaning procedure.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
Got it sir! Thank you so much for the response! I'll be waiting for your next instructions to fix this! Thank you again!
 
Thanks for the confirmation, bajulito.

Before we start the actual cleaning procedure, let me know if you intentionally set these:

Code:
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.cmd: => <==== ATTENTION


Also, I am letting you know that there are signs of disk D failure:

Code:
Error: (12/04/2023 09:31:53 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

It would be good, to do the following just to ensure that the disk won't fail soon:
  • Download CrystalDiskInfo from here and save it to your Desktop.
  • Run the installer to install the program.
  • When finished, open the installed program by double clicking on it.
  • If everything is working properly, you should see the status “Good“ displayed. Other statuses you might see include “Bad” (which usually indicates a drive that’s dead or near death), “Caution” (which indicates a drive that you should most likely be thinking about backing up and replacing), and “Unknown” (which just means that information could not be obtained).
  • Change the C letter and check what the result is for disk D and E.
  • Let me know the results.


In your next reply please post:
  1. Your reply about the settings on policies and the extensions.
  2. The result of the CrystalDiskInfo for all your disks.
 
Good morning Sir!

Regarding this one, As I'd remember, These settings were also included in my optimization for me to lessen running apps for me to increase my gaming performance. Will there be any errors or problem if I turned those off? Should I revert it from default?
Code:
Code:
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.cmd: => <==== ATTENTION

And for this one sir, I already checked that from CrystalDiskinfo you mentioned before. And I'm just waiting for my funds for me to buy new SSD. I knew there was already problem on it. Still thanking you for noticing that.
Code:
Code:
Error: (12/04/2023 09:31:53 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

I think this should be replaced asap.

1701915074779.png

Thanks again sir for the quick response. Let me know what's the next step
 
Hello!

Yes, you must replace the D drive as soon as possible.

We can start now, and I hope you are ready. :-)


1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
IFEO\TextInputHost.exe: [Debugger] C:\Windows\system32\systray.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S4 IMFservice; C:\Users\atobe\Documents\Installers\IOBit Malware\IObit Malware Fighter Pro v10.3.0.1077 Multilingual Portable\IObit Malware Fighter Pro 10.3.0.1077\App\IObit Malware Fighter\IMFSrv.exe [X]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
2023-12-04 02:00 - 2023-12-04 02:00 - 000000000 ____D C:\Users\atobe\AppData\Roaming\IObit
2023-12-04 02:00 - 2023-12-04 02:00 - 000000000 ____D C:\ProgramData\ProductData
2023-12-03 23:57 - 2023-12-04 02:00 - 000000000 ____D C:\ProgramData\IObit
2023-12-03 23:56 - 2022-10-24 17:29 - 000042360 _____ (IObit) C:\Windows\system32\Drivers\IMFCameraProtect.sys
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 -> "C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => No File
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [5138]
AlternateDataStreams: C:\ProgramData\perma.bm:4A13D2B240 [5138]
AlternateDataStreams: C:\ProgramData\rtpeskt:1F3D48CBE8 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:0F57F3FDE6 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:422D4106AB [5138]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:98F6F85C [114]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk:718E15FDE8 [5138]
AlternateDataStreams: C:\Users\atobe\Application Data:401b39480725c581a77cd78cb5a228f5 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\atobe\Application Data:6f253e6e4a0b5d350d885c54873a9999 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:9e1811b514796fb3fd8d48513cdb9024 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:a4a7135d5fc196220c4b1dfe38793a5a [394]
AlternateDataStreams: C:\Users\atobe\Application Data:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\atobe\Application Data:ec26fcc64579419b6922f3893f7e4905 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:401b39480725c581a77cd78cb5a228f5 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:6f253e6e4a0b5d350d885c54873a9999 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:9e1811b514796fb3fd8d48513cdb9024 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:a4a7135d5fc196220c4b1dfe38793a5a [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:ec26fcc64579419b6922f3893f7e4905 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8374]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
MSCONFIG\Services: IMFservice => 3
MSCONFIG\Services: PCManager Service => 2
MSCONFIG\Services: ProtonVPN Service => 3
MSCONFIG\Services: ProtonVPN WireGuard => 3
MSCONFIG\Services: RvControlSvc => 3
MSCONFIG\Services: TeamViewer => 3
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run32: => "RadminVPN"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Netmarble Launcher"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Glyph Client"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "ProtonVPN"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "TeraBox"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "TeraBoxWeb"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "IDMan"
FirewallRules: [{E0CEDCC0-9D81-46D1-84F1-761031F30982}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{BE838F45-ADB0-4B80-9644-8F9F7B235618}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{0BC962BA-E681-4A13-B6CE-6BA2B28302E0}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{9FA623B2-5480-4781-9D80-03CD2C276DDE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{83B21BF0-6A74-4816-B486-C9D1ED0076DE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{5B4C74F8-F4C4-4578-807F-E6AE1AC38BC6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{371380C1-C5D0-4933-A7A5-1B0B4364BA32}] => (Allow) LPort=2099
FirewallRules: [{05027FC0-8EC2-4817-8A28-300A936F02A8}] => (Allow) LPort=5223
FirewallRules: [{D06A136F-6262-4CA9-A2F4-D5DB5233A51C}] => (Allow) LPort=5222
FirewallRules: [{1D4848FC-E387-4176-9FD1-10D369897E5D}] => (Allow) LPort=80
FirewallRules: [{5FA538C9-A3E8-4A88-AAFB-97FF9860DBD7}] => (Allow) LPort=443
FirewallRules: [{5C7D414D-7BD6-47C8-A720-8BAF0FEB7870}] => (Allow) LPort=8088
FirewallRules: [{434D6E9A-D91A-47B2-A6B9-8B643842B768}] => (Allow) LPort=8088
FirewallRules: [{F96FB750-C5D7-4E44-88EC-D9B277CCF7C9}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{E9E0256F-4DB3-4E1B-BA78-B003841A35DC}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{956B912A-C22D-4A56-8A74-C34970B71891}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{6013F402-18C8-48F3-B055-DF8A965A70E4}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{62A45987-67BE-4018-83AF-2E1A5BC0D379}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{7D80EA22-EBCB-4E0F-AAF2-4A992C526050}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{D0DDE83B-B89E-4E8D-B161-62BC9C775563}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{18B54967-04C7-4E74-9DCF-AEB13BB58F44}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{85F7C383-4411-4167-9818-66F2160C6360}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{79D42EF5-BFAA-430C-85E6-7730F2F10FB9}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{33A7D57C-BED6-4C75-9CA2-C8555C4BCD09}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{F7D55B4B-C34F-4962-A721-6B140F88AFEF}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{16B82B12-BB62-4F78-A283-AB4CD8746E29}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{DD8BBE80-6B3E-4AC2-8659-A747E6884E8C}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{76DBF020-19EE-4617-B480-72476631C6BC}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{41DF0742-D3C5-4F6E-82C9-1B75388613C7}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{E3A5AF8C-8FE9-42B8-82C6-BC5CED286852}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{116A493E-7EF2-4D0F-9550-91EE7F261653}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{6B551386-E949-4F29-A708-FFB359E1EB59}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{0855753B-A884-4FF2-A3AC-09BDFD80022D}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [TCP Query User{A59ADE67-D1F9-4668-B5F2-1FAB6AE042D0}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe] => (Allow) C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe => No File
FirewallRules: [UDP Query User{3DD2B027-C64B-4076-8135-ADF07C69DEAC}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe] => (Allow) C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe => No File
FirewallRules: [TCP Query User{6EA57D2E-459B-45C7-BF42-77E4A9FA9890}C:\program files\gamelauncher\roo_pc\ro.exe] => (Allow) C:\program files\gamelauncher\roo_pc\ro.exe => No File
FirewallRules: [UDP Query User{EBE5B732-0177-4534-B587-5006A1FAAFDD}C:\program files\gamelauncher\roo_pc\ro.exe] => (Allow) C:\program files\gamelauncher\roo_pc\ro.exe => No File
FirewallRules: [TCP Query User{A7DA3341-BF91-4D18-B714-030E59BA00C7}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex] => (Allow) C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex => No File
FirewallRules: [UDP Query User{3976A0C3-57B7-4BED-A1A1-F130BAFB94FD}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex] => (Allow) C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex => No File
FirewallRules: [{DE056BE2-CC18-4483-ACB7-4562F6BC471A}] => (Allow) E:\SteamLibrary\steamapps\common\LEAP Playtest\start_protected_game.exe => No File
FirewallRules: [{5A9A3304-09E7-4ED6-A072-7370F1FACF5F}] => (Allow) E:\SteamLibrary\steamapps\common\LEAP Playtest\start_protected_game.exe => No File
FirewallRules: [{319F2BA6-65FD-49A2-A6BB-0238582FB148}] => (Allow) E:\SteamLibrary\steamapps\common\Retail Royale\IkeaBR_Server.exe => No File
FirewallRules: [{EB5340BA-B79D-4AF4-B030-2DCCB18E3826}] => (Allow) E:\SteamLibrary\steamapps\common\Retail Royale\IkeaBR_Server.exe => No File
FirewallRules: [{AAFD46BC-FCF2-4A6C-864B-A9BDBCB2ACE4}] => (Allow) C:\Program => No File
FirewallRules: [{D0D47D0A-941D-4AEF-B506-9284145F0A2E}] => (Allow) C:\Program => No File
FirewallRules: [{450F9AE4-AB25-4FDA-BB12-7D2878133A87}] => (Allow) C:\Program => No File
FirewallRules: [{70D07DDA-F878-4A85-A90C-1DFB557FDCCF}] => (Allow) C:\Program => No File
FirewallRules: [TCP Query User{F9F5D99C-829F-4B2C-80BE-D389F05BB162}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [UDP Query User{C3F12465-67CF-47F4-B278-B1A0879837EB}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [TCP Query User{081E98F2-85E6-4478-A6AB-392126C9C392}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [UDP Query User{0D03F58F-14B8-41F5-9F15-741D54A0A9C8}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [{0A1FA9CB-B647-4AFC-A4F5-CC1E7E71ECF8}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{00BF8CF7-C3F5-4462-B2EC-227E9C1831B8}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{52384158-878E-4184-929D-6CACD93CECD3}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{1C09A530-F61D-4C51-AAE9-FF1B518E9A4C}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{C6857852-45D2-43D6-9D49-FFE001F708F5}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{F4FFA4A8-5AF6-43E2-9770-CDDDD90620DD}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [TCP Query User{33B2BDAD-F627-43B9-82C0-A13774B12483}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe] => (Allow) C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe => No File
FirewallRules: [UDP Query User{1AFE6EC2-31BF-497C-A4C0-E91C495B9BE0}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe] => (Allow) C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe => No File
FirewallRules: [TCP Query User{7B8D5A2E-6543-40F9-90B9-3AC0BDC5A3B0}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [UDP Query User{2B1711FE-A84B-4EBD-8294-ECA9AD800C7D}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [TCP Query User{702757D7-9BA2-46B4-8439-0B0CC9E39477}D:\games\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left4dead2.exe => No File
FirewallRules: [UDP Query User{4B3F44D7-94B5-46AD-AE09-EDA247F1D9F9}D:\games\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left4dead2.exe => No File
FirewallRules: [TCP Query User{71FC2A33-4C5A-43BA-9218-FE8C1FF86307}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe => No File
FirewallRules: [UDP Query User{CCBF34CF-646E-4156-9FFF-128AD5B43C86}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe => No File
FirewallRules: [TCP Query User{9D5241FD-DA39-44A5-9301-08D4DB046B85}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe] => (Allow) C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe => No File
FirewallRules: [UDP Query User{F27810E7-4747-490D-BB0C-796545A23282}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe] => (Allow) C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C6C2C3BE-8391-42F4-82B8-FF4CFA166D9A}C:\users\atobe\documents\installers\thorium\bin\thorium.exe] => (Allow) C:\users\atobe\documents\installers\thorium\bin\thorium.exe => No File
FirewallRules: [{6566A870-706E-40D7-9988-B117983E7E45}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe => No File
FirewallRules: [{8B200EF4-E551-4F41-AF3C-F6B8BA8C478B}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe => No File
FirewallRules: [TCP Query User{840B1CBC-2DFE-45E8-BC41-51818182C01B}C:\games\half-life1016\hl.exe] => (Allow) C:\games\half-life1016\hl.exe => No File
FirewallRules: [UDP Query User{52D8700C-E4E0-4D0E-89EC-8C4231855934}C:\games\half-life1016\hl.exe] => (Allow) C:\games\half-life1016\hl.exe => No File
FirewallRules: [TCP Query User{A81B389D-6747-4A9B-867D-5AF3CC53CC79}C:\program files\half-life1016\hl.exe] => (Block) C:\program files\half-life1016\hl.exe => No File
FirewallRules: [UDP Query User{F5E8AC9E-C8F0-4331-AF5C-44E89D1CCF60}C:\program files\half-life1016\hl.exe] => (Block) C:\program files\half-life1016\hl.exe => No File
FirewallRules: [TCP Query User{5FD326DE-16F2-4CBE-803F-BA5496B60ACE}C:\sierra\hl.exe] => (Allow) C:\sierra\hl.exe => No File
FirewallRules: [UDP Query User{5BC1D687-B0D6-4D77-8B83-37A0E778D8F9}C:\sierra\hl.exe] => (Allow) C:\sierra\hl.exe => No File
Unlock: C:\Windows\UV_LastPW.ini
C:\Windows\UV_LastPW.ini
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.[/*]
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.


2. Eset Online Scan

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.


In your next reply please post:
  1. The fixlog.txt
  2. The eset.txt
 
Hello there sir! Just finished scanning.

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2023
Ran by Burento (07-12-2023 17:59:25) Run:1
Running from C:\Users\atobe\Desktop
Loaded Profiles: Burento
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
IFEO\TextInputHost.exe: [Debugger] C:\Windows\system32\systray.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S4 IMFservice; C:\Users\atobe\Documents\Installers\IOBit Malware\IObit Malware Fighter Pro v10.3.0.1077 Multilingual Portable\IObit Malware Fighter Pro 10.3.0.1077\App\IObit Malware Fighter\IMFSrv.exe [X]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
2023-12-04 02:00 - 2023-12-04 02:00 - 000000000 ____D C:\Users\atobe\AppData\Roaming\IObit
2023-12-04 02:00 - 2023-12-04 02:00 - 000000000 ____D C:\ProgramData\ProductData
2023-12-03 23:57 - 2023-12-04 02:00 - 000000000 ____D C:\ProgramData\IObit
2023-12-03 23:56 - 2022-10-24 17:29 - 000042360 _____ (IObit) C:\Windows\system32\Drivers\IMFCameraProtect.sys
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 -> "C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => No File
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [5138]
AlternateDataStreams: C:\ProgramData\perma.bm:4A13D2B240 [5138]
AlternateDataStreams: C:\ProgramData\rtpeskt:1F3D48CBE8 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:0F57F3FDE6 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:422D4106AB [5138]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:98F6F85C [114]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk:718E15FDE8 [5138]
AlternateDataStreams: C:\Users\atobe\Application Data:401b39480725c581a77cd78cb5a228f5 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\atobe\Application Data:6f253e6e4a0b5d350d885c54873a9999 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:9e1811b514796fb3fd8d48513cdb9024 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:a4a7135d5fc196220c4b1dfe38793a5a [394]
AlternateDataStreams: C:\Users\atobe\Application Data:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\atobe\Application Data:ec26fcc64579419b6922f3893f7e4905 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:401b39480725c581a77cd78cb5a228f5 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:6f253e6e4a0b5d350d885c54873a9999 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:9e1811b514796fb3fd8d48513cdb9024 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:a4a7135d5fc196220c4b1dfe38793a5a [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:ec26fcc64579419b6922f3893f7e4905 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8374]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
MSCONFIG\Services: IMFservice => 3
MSCONFIG\Services: PCManager Service => 2
MSCONFIG\Services: ProtonVPN Service => 3
MSCONFIG\Services: ProtonVPN WireGuard => 3
MSCONFIG\Services: RvControlSvc => 3
MSCONFIG\Services: TeamViewer => 3
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run32: => "RadminVPN"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Netmarble Launcher"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Glyph Client"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "ProtonVPN"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "TeraBox"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "TeraBoxWeb"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "IDMan"
FirewallRules: [{E0CEDCC0-9D81-46D1-84F1-761031F30982}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{BE838F45-ADB0-4B80-9644-8F9F7B235618}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{0BC962BA-E681-4A13-B6CE-6BA2B28302E0}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{9FA623B2-5480-4781-9D80-03CD2C276DDE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{83B21BF0-6A74-4816-B486-C9D1ED0076DE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{5B4C74F8-F4C4-4578-807F-E6AE1AC38BC6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{371380C1-C5D0-4933-A7A5-1B0B4364BA32}] => (Allow) LPort=2099
FirewallRules: [{05027FC0-8EC2-4817-8A28-300A936F02A8}] => (Allow) LPort=5223
FirewallRules: [{D06A136F-6262-4CA9-A2F4-D5DB5233A51C}] => (Allow) LPort=5222
FirewallRules: [{1D4848FC-E387-4176-9FD1-10D369897E5D}] => (Allow) LPort=80
FirewallRules: [{5FA538C9-A3E8-4A88-AAFB-97FF9860DBD7}] => (Allow) LPort=443
FirewallRules: [{5C7D414D-7BD6-47C8-A720-8BAF0FEB7870}] => (Allow) LPort=8088
FirewallRules: [{434D6E9A-D91A-47B2-A6B9-8B643842B768}] => (Allow) LPort=8088
FirewallRules: [{F96FB750-C5D7-4E44-88EC-D9B277CCF7C9}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{E9E0256F-4DB3-4E1B-BA78-B003841A35DC}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{956B912A-C22D-4A56-8A74-C34970B71891}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{6013F402-18C8-48F3-B055-DF8A965A70E4}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{62A45987-67BE-4018-83AF-2E1A5BC0D379}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{7D80EA22-EBCB-4E0F-AAF2-4A992C526050}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{D0DDE83B-B89E-4E8D-B161-62BC9C775563}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{18B54967-04C7-4E74-9DCF-AEB13BB58F44}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{85F7C383-4411-4167-9818-66F2160C6360}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{79D42EF5-BFAA-430C-85E6-7730F2F10FB9}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{33A7D57C-BED6-4C75-9CA2-C8555C4BCD09}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{F7D55B4B-C34F-4962-A721-6B140F88AFEF}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{16B82B12-BB62-4F78-A283-AB4CD8746E29}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{DD8BBE80-6B3E-4AC2-8659-A747E6884E8C}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{76DBF020-19EE-4617-B480-72476631C6BC}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{41DF0742-D3C5-4F6E-82C9-1B75388613C7}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{E3A5AF8C-8FE9-42B8-82C6-BC5CED286852}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{116A493E-7EF2-4D0F-9550-91EE7F261653}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{6B551386-E949-4F29-A708-FFB359E1EB59}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{0855753B-A884-4FF2-A3AC-09BDFD80022D}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [TCP Query User{A59ADE67-D1F9-4668-B5F2-1FAB6AE042D0}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe] => (Allow) C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe => No File
FirewallRules: [UDP Query User{3DD2B027-C64B-4076-8135-ADF07C69DEAC}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe] => (Allow) C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe => No File
FirewallRules: [TCP Query User{6EA57D2E-459B-45C7-BF42-77E4A9FA9890}C:\program files\gamelauncher\roo_pc\ro.exe] => (Allow) C:\program files\gamelauncher\roo_pc\ro.exe => No File
FirewallRules: [UDP Query User{EBE5B732-0177-4534-B587-5006A1FAAFDD}C:\program files\gamelauncher\roo_pc\ro.exe] => (Allow) C:\program files\gamelauncher\roo_pc\ro.exe => No File
FirewallRules: [TCP Query User{A7DA3341-BF91-4D18-B714-030E59BA00C7}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex] => (Allow) C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex => No File
FirewallRules: [UDP Query User{3976A0C3-57B7-4BED-A1A1-F130BAFB94FD}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex] => (Allow) C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex => No File
FirewallRules: [{DE056BE2-CC18-4483-ACB7-4562F6BC471A}] => (Allow) E:\SteamLibrary\steamapps\common\LEAP Playtest\start_protected_game.exe => No File
FirewallRules: [{5A9A3304-09E7-4ED6-A072-7370F1FACF5F}] => (Allow) E:\SteamLibrary\steamapps\common\LEAP Playtest\start_protected_game.exe => No File
FirewallRules: [{319F2BA6-65FD-49A2-A6BB-0238582FB148}] => (Allow) E:\SteamLibrary\steamapps\common\Retail Royale\IkeaBR_Server.exe => No File
FirewallRules: [{EB5340BA-B79D-4AF4-B030-2DCCB18E3826}] => (Allow) E:\SteamLibrary\steamapps\common\Retail Royale\IkeaBR_Server.exe => No File
FirewallRules: [{AAFD46BC-FCF2-4A6C-864B-A9BDBCB2ACE4}] => (Allow) C:\Program => No File
FirewallRules: [{D0D47D0A-941D-4AEF-B506-9284145F0A2E}] => (Allow) C:\Program => No File
FirewallRules: [{450F9AE4-AB25-4FDA-BB12-7D2878133A87}] => (Allow) C:\Program => No File
FirewallRules: [{70D07DDA-F878-4A85-A90C-1DFB557FDCCF}] => (Allow) C:\Program => No File
FirewallRules: [TCP Query User{F9F5D99C-829F-4B2C-80BE-D389F05BB162}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [UDP Query User{C3F12465-67CF-47F4-B278-B1A0879837EB}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [TCP Query User{081E98F2-85E6-4478-A6AB-392126C9C392}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [UDP Query User{0D03F58F-14B8-41F5-9F15-741D54A0A9C8}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [{0A1FA9CB-B647-4AFC-A4F5-CC1E7E71ECF8}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{00BF8CF7-C3F5-4462-B2EC-227E9C1831B8}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{52384158-878E-4184-929D-6CACD93CECD3}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{1C09A530-F61D-4C51-AAE9-FF1B518E9A4C}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{C6857852-45D2-43D6-9D49-FFE001F708F5}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{F4FFA4A8-5AF6-43E2-9770-CDDDD90620DD}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [TCP Query User{33B2BDAD-F627-43B9-82C0-A13774B12483}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe] => (Allow) C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe => No File
FirewallRules: [UDP Query User{1AFE6EC2-31BF-497C-A4C0-E91C495B9BE0}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe] => (Allow) C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe => No File
FirewallRules: [TCP Query User{7B8D5A2E-6543-40F9-90B9-3AC0BDC5A3B0}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [UDP Query User{2B1711FE-A84B-4EBD-8294-ECA9AD800C7D}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [TCP Query User{702757D7-9BA2-46B4-8439-0B0CC9E39477}D:\games\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left4dead2.exe => No File
FirewallRules: [UDP Query User{4B3F44D7-94B5-46AD-AE09-EDA247F1D9F9}D:\games\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left4dead2.exe => No File
FirewallRules: [TCP Query User{71FC2A33-4C5A-43BA-9218-FE8C1FF86307}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe => No File
FirewallRules: [UDP Query User{CCBF34CF-646E-4156-9FFF-128AD5B43C86}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe => No File
FirewallRules: [TCP Query User{9D5241FD-DA39-44A5-9301-08D4DB046B85}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe] => (Allow) C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe => No File
FirewallRules: [UDP Query User{F27810E7-4747-490D-BB0C-796545A23282}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe] => (Allow) C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C6C2C3BE-8391-42F4-82B8-FF4CFA166D9A}C:\users\atobe\documents\installers\thorium\bin\thorium.exe] => (Allow) C:\users\atobe\documents\installers\thorium\bin\thorium.exe => No File
FirewallRules: [{6566A870-706E-40D7-9988-B117983E7E45}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe => No File
FirewallRules: [{8B200EF4-E551-4F41-AF3C-F6B8BA8C478B}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe => No File
FirewallRules: [TCP Query User{840B1CBC-2DFE-45E8-BC41-51818182C01B}C:\games\half-life1016\hl.exe] => (Allow) C:\games\half-life1016\hl.exe => No File
FirewallRules: [UDP Query User{52D8700C-E4E0-4D0E-89EC-8C4231855934}C:\games\half-life1016\hl.exe] => (Allow) C:\games\half-life1016\hl.exe => No File
FirewallRules: [TCP Query User{A81B389D-6747-4A9B-867D-5AF3CC53CC79}C:\program files\half-life1016\hl.exe] => (Block) C:\program files\half-life1016\hl.exe => No File
FirewallRules: [UDP Query User{F5E8AC9E-C8F0-4331-AF5C-44E89D1CCF60}C:\program files\half-life1016\hl.exe] => (Block) C:\program files\half-life1016\hl.exe => No File
FirewallRules: [TCP Query User{5FD326DE-16F2-4CBE-803F-BA5496B60ACE}C:\sierra\hl.exe] => (Allow) C:\sierra\hl.exe => No File
FirewallRules: [UDP Query User{5BC1D687-B0D6-4D77-8B83-37A0E778D8F9}C:\sierra\hl.exe] => (Allow) C:\sierra\hl.exe => No File
Unlock: C:\Windows\UV_LastPW.ini
C:\Windows\UV_LastPW.ini
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TextInputHost.exe => removed successfully

"C:\Windows\system32\GroupPolicy\Machine" folder move:

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully

"C:\Windows\system32\GroupPolicy\User" folder move:

C:\Windows\system32\GroupPolicy\User => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Policies\Microsoft\Edge => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\System\CurrentControlSet\Services\IMFservice => removed successfully
IMFservice => service removed successfully
HKLM\System\CurrentControlSet\Services\uhssvc => removed successfully
uhssvc => service removed successfully
HKLM\System\CurrentControlSet\Services\rsDwf => removed successfully
rsDwf => service removed successfully

"C:\Users\atobe\AppData\Roaming\IObit" folder move:

C:\Users\atobe\AppData\Roaming\IObit => moved successfully

"C:\ProgramData\ProductData" folder move:

C:\ProgramData\ProductData => moved successfully

"C:\ProgramData\IObit" folder move:

C:\ProgramData\IObit => moved successfully
C:\Windows\system32\Drivers\IMFCameraProtect.sys => moved successfully
HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{5ea9a442-5352-ed6e-d37f-9d511e7e2caa} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObit Malware Fighter => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObit Malware Fighter => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObit Malware Fighter => removed successfully
C:\ProgramData\mntemp => ":8EAD8B3507" ADS removed successfully
C:\ProgramData\perma.bm => ":4A13D2B240" ADS removed successfully
C:\ProgramData\rtpeskt => ":1F3D48CBE8" ADS removed successfully
C:\ProgramData\system.conf => ":0F57F3FDE6" ADS removed successfully
C:\ProgramData\system.conf => ":422D4106AB" ADS removed successfully
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully
C:\ProgramData\TEMP => ":98F6F85C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini => ":41964AA945" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk => ":BE32D07BC5" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk => ":E77773B271" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk => ":718E15FDE8" ADS removed successfully
C:\Users\atobe\Application Data => ":401b39480725c581a77cd78cb5a228f5" ADS removed successfully
C:\Users\atobe\Application Data => ":671890e017d8a4fb26004192461213ff" ADS removed successfully
C:\Users\atobe\Application Data => ":6f253e6e4a0b5d350d885c54873a9999" ADS removed successfully
C:\Users\atobe\Application Data => ":9e1811b514796fb3fd8d48513cdb9024" ADS removed successfully
C:\Users\atobe\Application Data => ":a4a7135d5fc196220c4b1dfe38793a5a" ADS removed successfully
C:\Users\atobe\Application Data => ":cbb0660c87f0ef13f0dc1af5fc07272a" ADS removed successfully
C:\Users\atobe\Application Data => ":ec26fcc64579419b6922f3893f7e4905" ADS removed successfully
"C:\Users\atobe\AppData\Roaming" => ":401b39480725c581a77cd78cb5a228f5" ADS not found.
"C:\Users\atobe\AppData\Roaming" => ":671890e017d8a4fb26004192461213ff" ADS not found.
"C:\Users\atobe\AppData\Roaming" => ":6f253e6e4a0b5d350d885c54873a9999" ADS not found.
"C:\Users\atobe\AppData\Roaming" => ":9e1811b514796fb3fd8d48513cdb9024" ADS not found.
"C:\Users\atobe\AppData\Roaming" => ":a4a7135d5fc196220c4b1dfe38793a5a" ADS not found.
"C:\Users\atobe\AppData\Roaming" => ":cbb0660c87f0ef13f0dc1af5fc07272a" ADS not found.
"C:\Users\atobe\AppData\Roaming" => ":ec26fcc64579419b6922f3893f7e4905" ADS not found.
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="Remembering the fallen" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="Remembering the fallen" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="MSN" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="MSN" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="Remembering the fallen" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="Remembering the fallen" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IMFservice => removed successfully
HKLM\System\CurrentControlSet\Services\IMFservice => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PCManager Service => removed successfully
HKLM\System\CurrentControlSet\Services\PCManager Service => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ProtonVPN Service => removed successfully
HKLM\System\CurrentControlSet\Services\ProtonVPN Service => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ProtonVPN WireGuard => removed successfully
HKLM\System\CurrentControlSet\Services\ProtonVPN WireGuard => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RvControlSvc => removed successfully
HKLM\System\CurrentControlSet\Services\RvControlSvc => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer => removed successfully
HKLM\System\CurrentControlSet\Services\TeamViewer => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\AnyDesk.lnk" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\RadminVPN" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RadminVPN" => not found
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Netmarble Launcher" => removed successfully
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Netmarble Launcher" => not found
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Glyph Client" => removed successfully
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Glyph Client" => not found
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\ProtonVPN" => removed successfully
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ProtonVPN" => not found
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Overwolf" => removed successfully
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Overwolf" => not found
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\TeraBox" => removed successfully
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TeraBox" => not found
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\TeraBoxWeb" => removed successfully
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TeraBoxWeb" => not found
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\IDMan" => removed successfully
"HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IDMan" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0CEDCC0-9D81-46D1-84F1-761031F30982}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE838F45-ADB0-4B80-9644-8F9F7B235618}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0BC962BA-E681-4A13-B6CE-6BA2B28302E0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FA623B2-5480-4781-9D80-03CD2C276DDE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83B21BF0-6A74-4816-B486-C9D1ED0076DE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B4C74F8-F4C4-4578-807F-E6AE1AC38BC6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{371380C1-C5D0-4933-A7A5-1B0B4364BA32}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05027FC0-8EC2-4817-8A28-300A936F02A8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D06A136F-6262-4CA9-A2F4-D5DB5233A51C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D4848FC-E387-4176-9FD1-10D369897E5D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5FA538C9-A3E8-4A88-AAFB-97FF9860DBD7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C7D414D-7BD6-47C8-A720-8BAF0FEB7870}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{434D6E9A-D91A-47B2-A6B9-8B643842B768}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F96FB750-C5D7-4E44-88EC-D9B277CCF7C9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9E0256F-4DB3-4E1B-BA78-B003841A35DC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{956B912A-C22D-4A56-8A74-C34970B71891}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6013F402-18C8-48F3-B055-DF8A965A70E4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{62A45987-67BE-4018-83AF-2E1A5BC0D379}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D80EA22-EBCB-4E0F-AAF2-4A992C526050}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0DDE83B-B89E-4E8D-B161-62BC9C775563}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18B54967-04C7-4E74-9DCF-AEB13BB58F44}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85F7C383-4411-4167-9818-66F2160C6360}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79D42EF5-BFAA-430C-85E6-7730F2F10FB9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A7D57C-BED6-4C75-9CA2-C8555C4BCD09}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7D55B4B-C34F-4962-A721-6B140F88AFEF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16B82B12-BB62-4F78-A283-AB4CD8746E29}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD8BBE80-6B3E-4AC2-8659-A747E6884E8C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{76DBF020-19EE-4617-B480-72476631C6BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41DF0742-D3C5-4F6E-82C9-1B75388613C7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3A5AF8C-8FE9-42B8-82C6-BC5CED286852}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{116A493E-7EF2-4D0F-9550-91EE7F261653}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B551386-E949-4F29-A708-FFB359E1EB59}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0855753B-A884-4FF2-A3AC-09BDFD80022D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A59ADE67-D1F9-4668-B5F2-1FAB6AE042D0}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3DD2B027-C64B-4076-8135-ADF07C69DEAC}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6EA57D2E-459B-45C7-BF42-77E4A9FA9890}C:\program files\gamelauncher\roo_pc\ro.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EBE5B732-0177-4534-B587-5006A1FAAFDD}C:\program files\gamelauncher\roo_pc\ro.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A7DA3341-BF91-4D18-B714-030E59BA00C7}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3976A0C3-57B7-4BED-A1A1-F130BAFB94FD}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE056BE2-CC18-4483-ACB7-4562F6BC471A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A9A3304-09E7-4ED6-A072-7370F1FACF5F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{319F2BA6-65FD-49A2-A6BB-0238582FB148}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB5340BA-B79D-4AF4-B030-2DCCB18E3826}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AAFD46BC-FCF2-4A6C-864B-A9BDBCB2ACE4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0D47D0A-941D-4AEF-B506-9284145F0A2E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{450F9AE4-AB25-4FDA-BB12-7D2878133A87}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70D07DDA-F878-4A85-A90C-1DFB557FDCCF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F9F5D99C-829F-4B2C-80BE-D389F05BB162}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C3F12465-67CF-47F4-B278-B1A0879837EB}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{081E98F2-85E6-4478-A6AB-392126C9C392}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0D03F58F-14B8-41F5-9F15-741D54A0A9C8}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A1FA9CB-B647-4AFC-A4F5-CC1E7E71ECF8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00BF8CF7-C3F5-4462-B2EC-227E9C1831B8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52384158-878E-4184-929D-6CACD93CECD3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C09A530-F61D-4C51-AAE9-FF1B518E9A4C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6857852-45D2-43D6-9D49-FFE001F708F5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4FFA4A8-5AF6-43E2-9770-CDDDD90620DD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{33B2BDAD-F627-43B9-82C0-A13774B12483}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1AFE6EC2-31BF-497C-A4C0-E91C495B9BE0}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7B8D5A2E-6543-40F9-90B9-3AC0BDC5A3B0}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2B1711FE-A84B-4EBD-8294-ECA9AD800C7D}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{702757D7-9BA2-46B4-8439-0B0CC9E39477}D:\games\left 4 dead 2\left4dead2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4B3F44D7-94B5-46AD-AE09-EDA247F1D9F9}D:\games\left 4 dead 2\left4dead2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{71FC2A33-4C5A-43BA-9218-FE8C1FF86307}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CCBF34CF-646E-4156-9FFF-128AD5B43C86}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9D5241FD-DA39-44A5-9301-08D4DB046B85}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F27810E7-4747-490D-BB0C-796545A23282}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C6C2C3BE-8391-42F4-82B8-FF4CFA166D9A}C:\users\atobe\documents\installers\thorium\bin\thorium.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6566A870-706E-40D7-9988-B117983E7E45}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B200EF4-E551-4F41-AF3C-F6B8BA8C478B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{840B1CBC-2DFE-45E8-BC41-51818182C01B}C:\games\half-life1016\hl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{52D8700C-E4E0-4D0E-89EC-8C4231855934}C:\games\half-life1016\hl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A81B389D-6747-4A9B-867D-5AF3CC53CC79}C:\program files\half-life1016\hl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F5E8AC9E-C8F0-4331-AF5C-44E89D1CCF60}C:\program files\half-life1016\hl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5FD326DE-16F2-4CBE-803F-BA5496B60ACE}C:\sierra\hl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5BC1D687-B0D6-4D77-8B83-37A0E778D8F9}C:\sierra\hl.exe" => removed successfully
"C:\Windows\UV_LastPW.ini" => was unlocked
C:\Windows\UV_LastPW.ini => moved successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32966824 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 960155937 B
Windows/system/drivers => 229847 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 9538672 B
systemprofile32 => 9641398 B
LocalService => 9641398 B
NetworkService => 9656680 B
atobe => 46644025 B

RecycleBin => 0 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:59:50 ====


7 Dec 2023 19:46:56 pm
Files scanned: 597124
Detected files: 13
Cleaned files: 13
Total scan time 01:36:15
Scan status: Finished
C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dll Win64/HackTool.Crack.BJ potentially unsafe application cleaned by deleting

C:\Users\atobe\Documents\GameOptimize\Aysa FPS Folder\clean\CLEAN TEMP .bat BAT/CleanLog.A potentially unsafe application cleaned by deleting

C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe a variant of Win32/HackTool.Crack.KN potentially unsafe application cleaned by deleting

C:\Windows\PowerRun.exe Win32/HackTool.PowerRun.B potentially unsafe application cleaned by deleting

D:\Users\Brent Martin\AppData\Roaming\ServiceMicrosoftApi\BURENTOBrent Martine.exe a variant of Win64/CoinMiner.NZ potentially unwanted application cleaned by deleting

D:\Users\Brent Martin\AppData\Roaming\ServiceMicrosoftApi\BURENTOBrent Martinm.exe a variant of Win64/CoinMiner.PO potentially unwanted application cleaned by deleting

D:\Users\Brent Martin\AppData\Roaming\ServiceMicrosoftApi\ScreanDriver.exe a variant of MSIL/CoinMiner.AE potentially unwanted application cleaned by deleting

D:\Users\Brent Martin\AppData\Roaming\uTorrent\updates\3.5.5_45966.exe a variant of Win32/uTorrent.E potentially unwanted application cleaned by deleting

D:\Users\Brent Martin\AppData\Roaming\uTorrent\updates\3.5.5_45988.exe a variant of Win32/uTorrent.E potentially unwanted application cleaned by deleting

D:\Users\Brent Martin\AppData\Roaming\uTorrent\updates\3.5.5_46010.exe a variant of Win32/uTorrent.E potentially unwanted application cleaned by deleting

D:\Users\Brent Martin\AppData\Roaming\uTorrent\updates\3.5.5_46038.exe a variant of Win32/uTorrent.E potentially unwanted application cleaned by deleting

D:\Users\Brent Martin\AppData\Roaming\uTorrent\updates\3.5.5_46074.exe a variant of Win32/uTorrent.E potentially unwanted application cleaned by deleting

D:\Users\Brent Martin\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/uTorrent.E potentially unwanted application cleaned by deleting
 
OK, have you seen what Eset deleted?

Among others:

Code:
C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dll Win64/HackTool.Crack.BJ potentially unsafe application cleaned by deleting
C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe a variant of Win32/HackTool.Crack.KN potentially unsafe application cleaned by deleting

Have in mind that using pirated programs, cracks, patches etc. is the easiest and quicker way to infect your system. It is something I told you from the beginning, and asked you to remove any program not activated with a genuine license. Now is the time to complete that job, since it seems you forgot some behind. The thing is that, regardless the legal/ethic part of using such programs, we may clean now, but it is a matter of when you are going to get infected again, after we finish. Plus, we are wasting our time too.

So...

After you finish removing the pirated programs:


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.


In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
 
My apologies for that sir, I forgot to delete that 2 apps I thought it has been already deleted.



# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-07-2023
# Duration: 00:00:06
# OS: Windows 10 (Build 19045.3758)
# Scanned: 32108
# Detected: 3


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Users\atobe\AppData\LocalLow\Tencent

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########



Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/7/23
Scan Time: 10:07 PM
Log File: fe473050-9509-11ee-b4dc-2cf05d88a7b6.json

-Software Information-
Version: 4.6.6.294
Components Version: 1.0.2201
Update Package Version: 1.0.78098
License: Trial

-System Information-
OS: Windows 10 (Build 19045.3758)
CPU: x64
File System: NTFS
User: Burento\Burento

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 240342
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 41 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)







Done
 
Next steps:

1. Run AdwCleaner (clean mode)
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Fresh FRST logs

Please, run FRST tool again, as you did before, and attach for me fresh logs, Addition and FRST. I would prefer to attach the 2 logs instead of copy/paste their content.


In your next reply please post:
  1. The AdwCleaner[C0*].txt
  2. The FRST logs, Addition and FRST
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-07-2023
# Duration: 00:00:00
# OS: Windows 10 (Build 19045.3758)
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\atobe\AppData\LocalLow\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1656 octets] - [07/12/2023 22:00:23]
AdwCleaner[S01].txt - [1717 octets] - [07/12/2023 23:09:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########


Done
 
Last edited:
Another fix, please:

FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\ntuser.pol:95CF30931B [5138]
AlternateDataStreams: C:\ProgramData\perma.bm:4A13D2B240 [5138]
AlternateDataStreams: C:\ProgramData\rtpeskt:1F3D48CBE8 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:422D4106AB [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk:718E15FDE8 [5138]
FirewallRules: [TCP Query User{0671EB70-A463-47DB-A762-93C6096A11B8}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{422BA90D-D9FD-4C6B-A28B-A618127D4A29}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{758C93E3-2803-4C8E-8853-6D901816A32A}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{548FB8E5-8E2E-4C87-84D5-3186479755F0}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{79F2A70B-17FA-4A0D-B4FE-5928C9ABFE16}C:\counter-strike-original\hl.exe] => (Allow) C:\counter-strike-original\hl.exe => No File
FirewallRules: [UDP Query User{6CCE973E-329D-4177-9B84-6C9EFC4F709D}C:\counter-strike-original\hl.exe] => (Allow) C:\counter-strike-original\hl.exe => No File
FirewallRules: [{524D4CE7-33EE-4D31-A597-662816B14943}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe => No File
FirewallRules: [{335CEB8E-1D32-4E26-9141-0773D3B8D333}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe => No File
FirewallRules: [{DCC367E1-BDBB-4E70-B4FF-F67C36385F14}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe => No File
FirewallRules: [{003DF336-4F41-48E0-976D-59056A48A3A4}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe => No File
FirewallRules: [{FBB0090E-74BF-47FA-B40F-CFC80D5E8E5A}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe => No File
FirewallRules: [{75246FBA-2CE2-4430-8ECA-435913DB3CBA}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe => No File
FirewallRules: [{BBA18ABF-A492-44D1-94A8-4A55CB27C533}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe => No File
FirewallRules: [{43B9A126-A5B2-4B81-834F-77049BEE1C51}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe => No File
FirewallRules: [TCP Query User{C4BCC487-FFB9-4B86-9566-09DC67D7635B}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe] => (Allow) C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{6C0AF0C4-62FA-46FD-B34A-11CB57CA83F3}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe] => (Allow) C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe => No File
IFEO\TextInputHost.exe: [Debugger] C:\Windows\system32\systray.exe
2023-12-07 17:44 - 2023-01-26 11:43 - 000000016 _____ C:\ProgramData\mntemp
2023-12-02 21:35 - 2023-12-03 19:21 - 000000000 ____D C:\Sierra
2023-11-18 23:26 - 2023-11-18 23:26 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Easeware
2023-11-11 23:28 - 2023-11-11 23:28 - 000000000 ____D C:\Users\atobe\AppData\Local\Patch_My_PC,_LLC
Folder: 2023-12-02 21:40 - 2023-12-02 21:40 - 000000000 ____D C:\SAVE
File: C:\ProgramData\rtpeskt
File: C:\ProgramData\perma.bm
File: C:\ProgramData\system.conf
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
Hosts:
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2023
Ran by Burento (08-12-2023 01:23:03) Run:2
Running from C:\Users\atobe\Desktop
Loaded Profiles: Burento
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\ntuser.pol:95CF30931B [5138]
AlternateDataStreams: C:\ProgramData\perma.bm:4A13D2B240 [5138]
AlternateDataStreams: C:\ProgramData\rtpeskt:1F3D48CBE8 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:422D4106AB [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk:718E15FDE8 [5138]
FirewallRules: [TCP Query User{0671EB70-A463-47DB-A762-93C6096A11B8}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{422BA90D-D9FD-4C6B-A28B-A618127D4A29}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{758C93E3-2803-4C8E-8853-6D901816A32A}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{548FB8E5-8E2E-4C87-84D5-3186479755F0}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{79F2A70B-17FA-4A0D-B4FE-5928C9ABFE16}C:\counter-strike-original\hl.exe] => (Allow) C:\counter-strike-original\hl.exe => No File
FirewallRules: [UDP Query User{6CCE973E-329D-4177-9B84-6C9EFC4F709D}C:\counter-strike-original\hl.exe] => (Allow) C:\counter-strike-original\hl.exe => No File
FirewallRules: [{524D4CE7-33EE-4D31-A597-662816B14943}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe => No File
FirewallRules: [{335CEB8E-1D32-4E26-9141-0773D3B8D333}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe => No File
FirewallRules: [{DCC367E1-BDBB-4E70-B4FF-F67C36385F14}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe => No File
FirewallRules: [{003DF336-4F41-48E0-976D-59056A48A3A4}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe => No File
FirewallRules: [{FBB0090E-74BF-47FA-B40F-CFC80D5E8E5A}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe => No File
FirewallRules: [{75246FBA-2CE2-4430-8ECA-435913DB3CBA}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe => No File
FirewallRules: [{BBA18ABF-A492-44D1-94A8-4A55CB27C533}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe => No File
FirewallRules: [{43B9A126-A5B2-4B81-834F-77049BEE1C51}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe => No File
FirewallRules: [TCP Query User{C4BCC487-FFB9-4B86-9566-09DC67D7635B}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe] => (Allow) C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{6C0AF0C4-62FA-46FD-B34A-11CB57CA83F3}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe] => (Allow) C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe => No File
IFEO\TextInputHost.exe: [Debugger] C:\Windows\system32\systray.exe
2023-12-07 17:44 - 2023-01-26 11:43 - 000000016 _____ C:\ProgramData\mntemp
2023-12-02 21:35 - 2023-12-03 19:21 - 000000000 ____D C:\Sierra
2023-11-18 23:26 - 2023-11-18 23:26 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Easeware
2023-11-11 23:28 - 2023-11-11 23:28 - 000000000 ____D C:\Users\atobe\AppData\Local\Patch_My_PC,_LLC
Folder: 2023-12-02 21:40 - 2023-12-02 21:40 - 000000000 ____D C:\SAVE
File: C:\ProgramData\rtpeskt
File: C:\ProgramData\perma.bm
File: C:\ProgramData\system.conf
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
Hosts:
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\ntuser.pol => ":95CF30931B" ADS removed successfully
C:\ProgramData\perma.bm => ":4A13D2B240" ADS removed successfully
C:\ProgramData\rtpeskt => ":1F3D48CBE8" ADS removed successfully
C:\ProgramData\system.conf => ":422D4106AB" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini => ":41964AA945" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk => ":BE32D07BC5" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk => ":E77773B271" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk => ":718E15FDE8" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0671EB70-A463-47DB-A762-93C6096A11B8}C:\program files (x86)\overwatch\_retail_\overwatch.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{422BA90D-D9FD-4C6B-A28B-A618127D4A29}C:\program files (x86)\overwatch\_retail_\overwatch.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{758C93E3-2803-4C8E-8853-6D901816A32A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{548FB8E5-8E2E-4C87-84D5-3186479755F0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{79F2A70B-17FA-4A0D-B4FE-5928C9ABFE16}C:\counter-strike-original\hl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6CCE973E-329D-4177-9B84-6C9EFC4F709D}C:\counter-strike-original\hl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{524D4CE7-33EE-4D31-A597-662816B14943}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{335CEB8E-1D32-4E26-9141-0773D3B8D333}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCC367E1-BDBB-4E70-B4FF-F67C36385F14}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{003DF336-4F41-48E0-976D-59056A48A3A4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBB0090E-74BF-47FA-B40F-CFC80D5E8E5A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75246FBA-2CE2-4430-8ECA-435913DB3CBA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBA18ABF-A492-44D1-94A8-4A55CB27C533}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43B9A126-A5B2-4B81-834F-77049BEE1C51}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C4BCC487-FFB9-4B86-9566-09DC67D7635B}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6C0AF0C4-62FA-46FD-B34A-11CB57CA83F3}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe" => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TextInputHost.exe => removed successfully
C:\ProgramData\mntemp => moved successfully

"C:\Sierra" folder move:

C:\Sierra => moved successfully

"C:\Users\atobe\AppData\Roaming\Easeware" folder move:

C:\Users\atobe\AppData\Roaming\Easeware => moved successfully

"C:\Users\atobe\AppData\Local\Patch_My_PC,_LLC" folder move:

C:\Users\atobe\AppData\Local\Patch_My_PC,_LLC => moved successfully

========================= Folder: 2023-12-02 21:40 - 2023-12-02 21:40 - 000000000 ____D C:\SAVE ========================

not found.

====== End of Folder: ======


========================= File: C:\ProgramData\rtpeskt ========================

C:\ProgramData\rtpeskt
File not signed
MD5: 98C72661C2EF4B4C2EFF8FE6163CF0BF
Creation and modification date: 2023-10-06 00:58 - 2023-12-07 20:13
Size: 000000016
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\ProgramData\perma.bm ========================

C:\ProgramData\perma.bm
File not signed
MD5: 3505CBDA48B15AD1AAD94DE7FB14773D
Creation and modification date: 2023-07-26 21:53 - 2023-12-07 20:13
Size: 000000061
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\ProgramData\system.conf ========================

C:\ProgramData\system.conf
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E <==== ATTENTION (zero byte File/Folder)
Creation and modification date: 2022-11-17 16:41 - 2023-12-07 20:13
Size: 000000000
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0-byte

====== End of File: ======


========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========

wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError

Access is denied.
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError

Access is denied.

========= End of Powershell: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78165821 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 8959064 B
Windows/system/drivers => 133793 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7490 B
NetworkService => 8660 B
atobe => 14457563 B

RecycleBin => 0 B
EmptyTemp: => 98.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:23:44 ====
 
And another one:

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
C:\SAVE
C:\ProgramData\rtpeskt
C:\ProgramData\perma.bm
C:\ProgramData\system.conf
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2023
Ran by Burento (08-12-2023 01:43:35) Run:3
Running from C:\Users\atobe\Desktop
Loaded Profiles: Burento
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
C:\SAVE
C:\ProgramData\rtpeskt
C:\ProgramData\perma.bm
C:\ProgramData\system.conf
End::
*****************

Restore point was successfully created.
Processes closed successfully.

"C:\SAVE" folder move:

C:\SAVE => moved successfully
C:\ProgramData\rtpeskt => moved successfully
C:\ProgramData\perma.bm => moved successfully
C:\ProgramData\system.conf => moved successfully


The system needed a reboot.

==== End of Fixlog 01:44:56 ====
 
Good! (y)

Is there any remaining issue/question/concern, regarding this computer?
 
Looks like we're done sir! Am I right? Btw, Thank you so much for your time and for your help! Much appreciated! I will not install any repack and any apps from illegal sites again! LOL TYSM!
 
Great!

wLPkDda.gif


Let's finish it!

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.
 
# Run at 8 Dec 2023 11:39:19 am
# KpRm (Kernel-panik) version 2.15.0
# Website https://kernel-panik.me/tool/kprm/
# Run by Burento from C:\Users\atobe\Downloads
# Computer Name: BURENTO
# OS: Windows 10 X64 (19045) (10.0.19045.3758)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\atobe\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2023-12-08-11-39-19

- Delete Tools -


## AdwCleaner
[OK] C:\Users\atobe\Desktop\AdwCleaner.exe deleted
[OK] C:\AdwCleaner deleted

## ESET Online Scanner
[OK] C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted

## FRST
[OK] C:\Users\atobe\Desktop\FRST-OlderVersion deleted
[OK] C:\Users\atobe\Desktop\FRST64.exe deleted
[OK] C:\Users\atobe\Desktop\Malware Reports\Addition.txt deleted
[OK] C:\Users\atobe\Desktop\Malware Reports\Fixlog.txt deleted
[OK] C:\Users\atobe\Desktop\Malware Reports\FRST.txt deleted
[OK] C:\Users\atobe\Desktop\Malware Reports\2nd run\Addition.txt deleted
[OK] C:\Users\atobe\Desktop\Malware Reports\2nd run\Fixlog.txt deleted
[OK] C:\Users\atobe\Desktop\Malware Reports\2nd run\FRST.txt deleted
[OK] C:\FRST deleted

## Malwarebytes (log)
[OK] C:\Users\atobe\Desktop\Malware Reports\Malwarebytes.txt deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Restore Point Created by FRST created at 12/07/2023 09:59:31 deleted
~ [OK] RP named Revo Uninstaller's restore point - FL Studio 20 created at 12/07/2023 13:53:04 deleted
~ [OK] RP named Revo Uninstaller's restore point - FL Studio ASIO created at 12/07/2023 13:56:24 deleted
~ [OK] RP named Restore Point Created by FRST created at 12/07/2023 17:23:06 deleted
~ [OK] RP named Restore Point Created by FRST created at 12/07/2023 17:43:39 deleted
~ [OK] RP named Revo Uninstaller's restore point - Malwarebytes version 4.6.6.294 created at 12/07/2023 17:53:54 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 12/08/2023 03:41:06

-- KPRM finished in 124.30s --
 
Status
Not open for further replies.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top