Inactive PC hijacked

D

DietCoke

Posts: 15   +0
Clean and updated system is freezing at least once per session.
  • Files, websites, and games have all been appearing, disapearing, and edited maliciously.
  • Logs show that my PC was booted up from a complete shutdown after I went to sleep.
    • (the computer was stored securely in a locked room with me while I was sleeping.)

Please and thank you
 

Attachments

  • Addition.txt
    34.3 KB · Views: 84
  • FRST.txt
    35.6 KB · Views: 84
________________

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05-2022
Ran by u_u (administrator) on ONOSENDAI-CBRSP (Dell Inc. G3 3779) (27-05-2022 13:41:17)
Running from C:\Users\u_u\Desktop
Loaded Profiles: u_u
Platform: Microsoft Windows 10 Home Version 21H2 19044.1706 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxEM.exe
(explorer.exe ->) (MPC-HC Team) [File not signed] C:\Program Files\MPC-HC\mpc-hc64.exe
(Henry++) [File not signed] C:\Program Files\simplewall\simplewall.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <9>
(OpenVPN) [File not signed] C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe <4>
(services.exe ->) () [File not signed] C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe
(services.exe ->) () [File not signed] C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bdcdb885805fcea4\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_183917c66152901d\lib\SocketHeciServer.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7f98f584c61c8c61\RtkAudUService64.exe <2>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbwe\Time.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7f98f584c61c8c61\RtkAudUService64.exe [3379808 2021-11-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSvc64.exe [1237696 2021-01-07] (Waves Inc -> Waves Audio Ltd.)
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\Run: [f.lux] => "C:\Users\u_u\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow (No File)
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No File)
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\Run: [org.openvpn.client] => C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe [110833152 2022-03-17] (OpenVPN) [File not signed]
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\Run: [simplewall] => C:\Program Files\simplewall\simplewall.exe [759808 2022-05-26] (Henry++) [File not signed]
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\Run: [DriverFix] => C:\Program Files (x86)\DriverFix\DriverFix.exe [25313536 2021-12-20] (Blueroad Technologies Limited -> DriverFix)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{E5931AF4-2A8F-48A5-AFC8-460348F480E8}] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E71CC50-5C63-4195-958E-6D60800859DE} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {314220F0-65DB-4987-9065-AA0E59D44AB4} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {508AA229-E874-4B30-99A2-45D13554B517} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_183917c66152901d\lib\IntelPTTEKRecertification.exe [818000 2022-01-27] (Intel Corporation -> Intel(R) Corporation)
Task: {5D0C47F9-A61A-4076-BF36-490A416205B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {608BC349-D8BE-4EA7-A39B-13608E624458} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {64BE1ED1-B60B-4108-B460-98F6685FDE55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {762931E8-3BC5-4831-8C43-DA23546CB3A0} - System32\Tasks\Day - Light Theme => reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v AppsUseLightTheme /t REG_DWORD /d 1 /f
Task: {888F51FB-F9ED-412D-8C08-7AA5D6693478} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {AAAD0E5D-4A5E-4C91-8AD2-D8C1E3C4B952} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302168 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {B8666F54-A41F-47EF-960A-C717396D7D26} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {CFBCC150-CA55-4072-BBA5-6911C275C352} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DE7ED75B-0B2F-49FF-89D5-74D6EC75658F} - System32\Tasks\Night - Dark Theme => reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v AppsUseLightTheme /t REG_DWORD /d 0 /f
Task: {E84C6E5A-D640-470E-B162-C3DE20590E00} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F63331B8-035C-4FE9-92DC-F831FBFDE9BC} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3984044E-E410-4F7A-B63A-19665E03E7EC}: [NameServer] 10.0.4.0 10.0.4.1
Tcpip\..\Interfaces\{9114B9FC-328F-4271-8471-39B388D03ADF}: [NameServer] 10.0.4.0 10.0.4.1
Tcpip\..\Interfaces\{97AFF65E-3C0E-459F-A29E-FE6DA65FD08D}: [NameServer] 10.0.4.0 10.0.4.1
Tcpip\..\Interfaces\{a45ab5cf-383e-48f2-beb8-0aecd28bc289}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{a45ab5cf-383e-48f2-beb8-0aecd28bc289}: [DhcpNameServer] 10.128.128.128
Tcpip\..\Interfaces\{dabf3fd4-5368-4c8c-9c93-16418154a5c7}: [NameServer] 8.8.8.8,8.8.4.4,172.18.11.1
Tcpip\..\Interfaces\{f128b0e7-5259-47e3-a70f-e7608a2d8f99}: [NameServer] 1.1.1.1,1.0.0.1
DnsPolicyConfig: [OpenVPNDNSRouting-0] => GenericDNSServers=8.8.8.8;8.8.4.4;172.18.11.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\u_u\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-26]

FireFox:
========
FF DefaultProfile: 7r5mrruy.default
FF DefaultProfile: pmp9jzdz.default
FF DefaultProfile: 61yb32m0.default
FF ProfilePath: C:\Users\u_u\AppData\Roaming\Mozilla\Firefox\Profiles\7r5mrruy.default [2022-04-29]
FF ProfilePath: C:\Users\u_u\AppData\Roaming\Mozilla\Firefox\Profiles\fxdq2oi4.default-release [2022-05-27]
FF Homepage: Mozilla\Firefox\Profiles\fxdq2oi4.default-release -> about:blank
FF Extension: (Cookie AutoDelete) - C:\Users\u_u\AppData\Roaming\Mozilla\Firefox\Profiles\fxdq2oi4.default-release\Extensions\CookieAutoDelete@kennydo.com.xpi [2022-04-29]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\u_u\AppData\Roaming\Mozilla\Firefox\Profiles\fxdq2oi4.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-04-29]
FF ProfilePath: C:\Users\u_u\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pmp9jzdz.default [2022-05-25]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\pmp9jzdz.default -> hxxp://goduckgo.com/
FF Extension: (Dark Moon) - C:\Users\u_u\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pmp9jzdz.default\Extensions\darkmoon@lootyhoof-pm.xpi [2022-05-25] [Legacy] [not signed]
FF Extension: (DarkPitch) - C:\Users\u_u\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pmp9jzdz.default\Extensions\{4b13c0da-55d5-44ce-b98e-98e62085837f}.xpi [2022-05-25] [Legacy] [not signed]
FF ProfilePath: C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\61yb32m0.default [2021-10-15]
FF ProfilePath: C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\7fjhbu00.dev-edition-default-1648831677965 [2022-05-25]
FF Extension: (uBlock Origin) - C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\7fjhbu00.dev-edition-default-1648831677965\Extensions\uBlock0@raymondhill.net.xpi [2022-04-01]
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 agent_ovpnconnect; C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe [3196928 2022-03-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8914856 2021-07-17] (BattlEye Innovations e.K. -> )
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [315008 2021-08-23] (Dell Inc -> Dell Inc.)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{BCD82BD1-F236-4152-ADC5-061E1A97C4B3} [21312 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520 2022-02-01] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-25] (Malwarebytes Inc. -> Malwarebytes)
R2 ovpnhelper_service; C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe [3021824 2022-03-17] () [File not signed]
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7099632 2021-07-17] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WMIRegistrationService; C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2022-01-27] (Intel Corporation -> Intel Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [7591624 2021-07-17] (PUBG CORPORATION -> PUBG Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmig.inf_amd64_fd5032f7e49f5212\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdmig.inf_amd64_fd5032f7e49f5212\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Techporch Incorporated -> Dell Computer Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2021-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2021-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239560 2022-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKslb8cf7dd0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{60349329-490E-4FB3-8687-FB89B48240B5}\MpKslDrv.sys [137464 2022-05-27] (Microsoft Windows -> Microsoft Corporation)
R3 PtpFilterDriver; C:\WINDOWS\System32\drivers\PtpFilterDriver.sys [51840 2016-12-26] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspSanity; C:\WINDOWS\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2020-11-03] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap_ovpnconnect; C:\WINDOWS\System32\drivers\tap_ovpnconnect.sys [40128 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-29] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2729456 2021-07-24] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S3 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-26 14:34 - 2022-05-27 13:41 - 000019452 _____ C:\Users\u_u\Desktop\FRST.txt
2022-05-26 14:29 - 2022-05-27 13:41 - 000000000 ____D C:\FRST
2022-05-26 14:06 - 2022-05-26 14:06 - 000000000 ____D C:\WINDOWS\Panther
2022-05-26 10:31 - 2022-05-26 13:41 - 000000000 ____D C:\Users\u_u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\simplewall
2022-05-26 10:31 - 2022-05-26 10:31 - 000011799 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-05-26 10:30 - 2022-05-26 10:30 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-05-26 10:30 - 2022-05-26 10:30 - 000093696 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-05-26 10:02 - 2022-05-26 10:02 - 000000000 ____D C:\Users\u_u\AppData\Roaming\Neos Eureka S.r.l
2022-05-26 10:00 - 2022-05-26 10:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2022-05-26 10:00 - 2022-05-26 10:00 - 000000000 ____D C:\Program Files (x86)\Dell
2022-05-26 09:54 - 2022-05-26 09:54 - 000000000 ____D C:\Users\u_u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2022-05-26 09:48 - 2022-05-26 17:07 - 000000000 ____D C:\Users\u_u\AppData\Roaming\tixati
2022-05-25 20:34 - 2022-05-25 20:34 - 000000000 ____D C:\Users\u_u\AppData\Local\Apps\2.0
2022-05-25 17:25 - 2022-05-26 09:15 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-05-25 17:25 - 2022-05-25 17:25 - 000000000 _____ C:\WINDOWS\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2022-05-25 15:02 - 2022-05-25 15:02 - 000002059 _____ C:\Users\u_u\AppData\Roaming\Microsoft\Windows\Start Menu\SumatraPDF.lnk
2022-05-25 14:55 - 2022-05-25 14:57 - 000000000 ____D C:\Users\u_u\AppData\Roaming\obs-studio
2022-05-25 14:37 - 2022-05-25 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanityCheck
2022-05-25 14:37 - 2022-05-25 14:37 - 000000000 ____D C:\Program Files\SanityCheck
2022-05-25 14:36 - 2022-05-25 14:36 - 000003112 _____ C:\WINDOWS\TEMP6.html
2022-05-25 14:36 - 2022-05-25 14:36 - 000001293 _____ C:\WINDOWS\TEMP1.html
2022-05-25 14:33 - 2022-05-25 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2022-05-25 14:33 - 2022-05-25 15:26 - 000000000 ____D C:\Program Files\CPUID
2022-05-25 13:38 - 2022-05-25 13:38 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2022-05-25 13:24 - 2022-05-26 14:29 - 002367488 _____ (Farbar) C:\Users\u_u\Desktop\FRST64.exe
2022-05-25 12:31 - 2022-05-25 12:30 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-05-24 15:48 - 2022-05-24 15:48 - 000001015 _____ C:\Users\u_u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\explorer.lnk
2022-05-23 10:18 - 2022-05-23 10:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect
2022-05-23 10:07 - 2022-05-25 17:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-05-17 14:11 - 2022-05-17 14:20 - 000000000 ____D C:\Users\u_u\AppData\Roaming\Firestorm_x64
2022-05-17 14:11 - 2022-05-17 14:11 - 000001007 _____ C:\Users\Public\Desktop\Firestorm.lnk
2022-05-17 14:11 - 2022-05-17 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Releasex64
2022-05-17 14:10 - 2022-05-17 14:11 - 000000000 ____D C:\Program Files\Firestorm-Releasex64
2022-05-10 11:23 - 2022-05-25 20:38 - 000001496 _____ C:\Users\u_u\Desktop\HEARTLOVEPOWERTEMPLE.lnk
2022-05-05 10:25 - 2022-05-05 10:25 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6B41612E.sys
2022-05-05 10:21 - 2022-05-25 12:31 - 000239560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-04-30 11:31 - 2022-02-20 23:33 - 001163096 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2022-04-29 17:20 - 2022-05-26 09:54 - 000000000 ____D C:\Program Files\tixati
2022-04-29 13:51 - 2022-04-21 08:59 - 001905928 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-04-29 13:51 - 2022-04-21 08:59 - 001905928 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-04-29 13:51 - 2022-04-21 08:59 - 001478408 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-04-29 13:51 - 2022-04-21 08:59 - 001478408 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-04-29 13:51 - 2022-04-21 08:59 - 001467968 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-04-29 13:51 - 2022-04-21 08:59 - 001432328 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-04-29 13:51 - 2022-04-21 08:59 - 001432328 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-04-29 13:51 - 2022-04-21 08:59 - 001209408 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-04-29 13:51 - 2022-04-21 08:59 - 001145592 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-04-29 13:51 - 2022-04-21 08:59 - 001145592 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-04-29 13:51 - 2022-04-21 08:55 - 000725592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-04-29 13:51 - 2022-04-21 08:50 - 005729880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-04-29 13:50 - 2022-04-21 08:56 - 000586456 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-04-29 13:50 - 2022-04-21 08:56 - 000461400 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-04-29 13:50 - 2022-04-21 08:55 - 001530456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-04-29 13:50 - 2022-04-21 08:55 - 001177288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-04-29 13:50 - 2022-04-21 08:54 - 000712408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-04-29 13:50 - 2022-04-21 08:53 - 002120904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-04-29 13:50 - 2022-04-21 08:53 - 001603160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-04-29 13:50 - 2022-04-21 08:53 - 000730336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-04-29 13:50 - 2022-04-21 08:53 - 000581856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-04-29 13:50 - 2022-04-21 08:52 - 006963912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-04-29 13:50 - 2022-04-21 08:52 - 000457928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-04-29 13:50 - 2022-04-21 08:51 - 006226632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-04-29 13:50 - 2022-04-21 08:51 - 005100744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-04-29 13:50 - 2022-04-21 08:51 - 002932960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-04-29 13:50 - 2022-04-21 08:49 - 000852048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-04-29 13:50 - 2022-04-21 08:47 - 006465192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-04-29 13:50 - 2022-04-20 19:16 - 000089337 _____ C:\WINDOWS\system32\nvinfo.pb
2022-04-29 11:05 - 2022-04-21 08:47 - 007618608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-04-29 11:02 - 2022-04-29 11:02 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-04-29 11:02 - 2022-04-29 11:02 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-04-29 11:02 - 2022-04-29 11:02 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-04-29 11:02 - 2022-04-29 11:02 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-04-29 11:02 - 2022-04-29 11:02 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-04-29 11:02 - 2022-04-29 11:02 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-04-29 11:02 - 2022-04-29 11:02 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-27 13:35 - 2021-08-08 15:29 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-05-27 13:35 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2022-05-27 13:34 - 2021-01-30 06:02 - 000000000 ____D C:\Users\u_u\AppData\LocalLow\Mozilla
2022-05-27 13:29 - 2022-02-16 11:30 - 000000000 ____D C:\Users\u_u\AppData\Roaming\OpenVPN Connect
2022-05-27 13:29 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-05-27 13:27 - 2021-08-08 15:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-05-27 13:27 - 2021-02-20 21:57 - 000000000 ___HD C:\Intel
2022-05-27 13:27 - 2021-01-29 20:31 - 000000000 __SHD C:\Users\u_u\IntelGraphicsProfiles
2022-05-27 13:27 - 2021-01-29 20:12 - 000008192 ___SH C:\DumpStack.log.tmp
2022-05-27 13:27 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-05-26 20:40 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-05-26 20:03 - 2021-02-23 11:29 - 000000000 ____D C:\Users\u_u\AppData\Roaming\vlc
2022-05-26 18:44 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-05-26 13:47 - 2021-02-12 04:44 - 000000000 ___RD C:\Users\u_u\Desktop\Desk
2022-05-26 13:39 - 2021-03-20 10:48 - 000000000 ____D C:\Program Files (x86)\Steam
2022-05-26 10:38 - 2021-08-08 15:20 - 000760056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-05-26 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Registration
2022-05-26 10:32 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-05-26 10:07 - 2021-02-20 22:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-05-26 10:06 - 2021-02-20 22:41 - 145501456 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-05-26 10:00 - 2018-05-15 22:56 - 000000000 ____D C:\ProgramData\dell
2022-05-26 09:27 - 2021-02-20 22:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-05-25 21:51 - 2021-06-19 12:05 - 000001180 _____ C:\Users\u_u\Desktop\Katawa Shoujo.lnk
2022-05-25 21:51 - 2021-02-01 02:06 - 000001464 _____ C:\Users\u_u\Desktop\Sound Settings.lnk
2022-05-25 20:34 - 2021-08-08 15:11 - 000000000 ____D C:\Users\u_u
2022-05-25 20:28 - 2021-03-21 18:09 - 000000000 ____D C:\Users\u_u\Documents\Larian Studios
2022-05-25 20:27 - 2021-08-04 13:29 - 000000000 ____D C:\Users\u_u\Documents\Mangas
2022-05-25 18:21 - 2019-12-07 02:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-05-25 17:25 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-05-25 15:20 - 2021-09-18 14:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2022-05-25 15:18 - 2021-02-18 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-05-25 15:14 - 2021-02-21 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2022-05-25 15:14 - 2021-02-21 20:12 - 000000000 ____D C:\Program Files\MPC-HC
2022-05-25 14:57 - 2021-03-03 14:29 - 000000000 ____D C:\Program Files\Pale Moon
2022-05-25 14:53 - 2021-08-04 13:09 - 000001936 _____ C:\Users\Public\Desktop\HakuNeko Desktop.lnk
2022-05-25 14:52 - 2021-08-04 13:14 - 000000000 ____D C:\Users\u_u\AppData\Roaming\hakuneko-desktop
2022-05-25 14:52 - 2021-08-04 13:09 - 000000000 ____D C:\Program Files\HakuNeko Desktop
2022-05-25 14:29 - 2018-05-15 22:44 - 000000000 ____D C:\ProgramData\Package Cache
2022-05-25 12:31 - 2021-06-17 09:51 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-25 12:30 - 2021-06-17 09:51 - 000103888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-05-25 12:30 - 2021-06-17 09:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-25 12:30 - 2021-06-17 09:51 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-25 11:31 - 2021-08-08 15:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-05-24 10:27 - 2021-02-20 17:30 - 000000000 ____D C:\Program Files\7-Zip
2022-05-23 10:18 - 2022-02-16 11:30 - 000000000 ____D C:\Program Files\OpenVPN Connect
2022-05-23 10:07 - 2021-02-20 22:22 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-05-18 21:48 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-05-10 10:08 - 2018-05-15 22:47 - 000000000 ____D C:\ProgramData\NVIDIA
2022-05-10 09:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-05-10 08:47 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-05-10 08:47 - 2018-05-15 22:44 - 000000000 ____D C:\Program Files\Dell
2022-05-09 14:29 - 2021-04-23 23:02 - 000000000 ____D C:\Users\u_u\AppData\Roaming\RenPy
2022-04-30 11:33 - 2021-12-20 20:23 - 000000000 ____D C:\Users\u_u\AppData\Roaming\DriverFix
2022-04-30 11:31 - 2021-03-18 03:40 - 000000000 ____D C:\Program Files (x86)\Realtek
2022-04-29 13:31 - 2022-03-08 20:16 - 000003840 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2022-04-29 13:06 - 2022-02-23 18:37 - 000000000 ____D C:\ProgramData\Intel Package Cache {58E22E6B-0E58-4E93-AF9A-036556EB66F5}
2022-04-29 13:06 - 2021-09-01 13:44 - 000000000 ____D C:\ProgramData\Intel Package Cache {d8170687-85fa-4716-bafd-087205d0db72}
2022-04-29 13:06 - 2021-09-01 13:44 - 000000000 ____D C:\ProgramData\Intel Package Cache {9f9c9e51-d42f-4462-a27a-7d419da18045}
2022-04-29 13:06 - 2021-09-01 13:44 - 000000000 ____D C:\ProgramData\Intel Package Cache {29d6077f-6adb-42de-abac-1c60aeb0e237}
2022-04-29 13:06 - 2021-02-24 20:01 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
2022-04-29 12:49 - 2021-02-20 22:42 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-04-29 12:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-04-29 12:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-04-29 12:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-04-29 12:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-04-29 12:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-04-29 12:34 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\servicing
2022-04-29 11:06 - 2022-03-04 19:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-04-29 11:02 - 2021-08-08 15:23 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-04-29 10:26 - 2021-02-20 22:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-05-2022
Ran by u_u (27-05-2022 13:42:52)
Running from C:\Users\u_u\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1706 (X64) (2021-08-08 22:27:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2736231629-3607526208-3142971229-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2736231629-3607526208-3142971229-503 - Limited - Disabled)
Guest (S-1-5-21-2736231629-3607526208-3142971229-501 - Limited - Disabled)
u_u (S-1-5-21-2736231629-3607526208-3142971229-1001 - Administrator - Enabled) => C:\Users\u_u
WDAGUtilityAccount (S-1-5-21-2736231629-3607526208-3142971229-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
FW: COMODO Firewall (Disabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.07 (x64) (HKLM-x32\...\7-Zip) (Version: 21.07 - Igor Pavlov)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
CPUID CPU-Z 2.01 (HKLM-x32\...\CPUID CPU-Z_is1) (Version: 2.01 - CPUID, Inc.)
CPUID HWMonitor 1.46 (HKLM-x32\...\CPUID HWMonitor_is1) (Version: 1.46 - CPUID, Inc.)
Dell Power Manager Service (HKLM-x32\...\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}) (Version: 3.10.0 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{08E7C8D5-F2B5-4F09-B0EA-F28913BEFDB0}) (Version: 5.5.1.16143 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2a8bafd6-22ae-4d0e-87a4-686b2a4a2ab0}) (Version: 5.5.1.16143 - Dell Inc.)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.0.0 - Dell Inc.)
Documentation Manager (HKLM-x32\...\{E6D708BA-9130-4926-AA3E-AEBB5DE1E60B}) (Version: 22.110.1.1 - Intel Corporation) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
DriverFix 4.2021.1.29 (HKLM-x32\...\DriverFix_is1) (Version: - DriverFix, Inc)
DSC/AA Factory Installer (HKLM-x32\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 2.0.6875.402 - PC-Doctor, Inc.) Hidden
Dynamic Application Loader Host Interface Service (HKLM-x32\...\{9DE7A0A5-C13D-4FDD-B78B-53C744C82F1A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
f.lux (HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\Flux) (Version: - f.lux Software LLC)
Firestorm-Releasex64 (HKLM-x32\...\Firestorm-Releasex64) (Version: 6.5.3.65658 - The Phoenix Firestorm Project, Inc.)
GIMP 2.8.22 (HKLM-x32\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
HakuNeko Desktop (HKLM-x32\...\HakuNeko Desktop_is1) (Version: 6.1.7 - Ronny Wegener <wegener.ronny@gmail.com>)
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}) (Version: 10.1.1.7 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10500.5526 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{c49f9463-8ca3-4422-82b0-c06c7a9640ed}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Icls (HKLM-x32\...\{AE33809B-734E-4A79-BBDC-0DDE03950065}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) LMS (HKLM-x32\...\{4479B4B8-D77B-474A-ABC5-1E5A4356F7DE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel(R) Management Engine Driver (HKLM-x32\...\{F0A3D842-E346-45C5-9546-90FEFD477F6E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4944 - Intel Corporation)
Intel(R) Serial IO (HKLM-x32\...\{06534C2E-CDD8-440B-A370-13E2E1C45FDC}) (Version: 30.100.2020.7 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM-x32\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2020.7 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{69bc85f1-55f9-44f2-b5df-3840fe07854c}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00002110-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.110.2.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{0164812d-0965-4e5d-8ebd-6e2b5d181d4a}) (Version: 20.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM-x32\...\{F70E0149-0BD0-4933-ADD0-1DC74D8F513B}) (Version: 20.40.0.1365 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{094650cc-6461-47bb-96c0-4ec910a08b94}) (Version: 22.110.1.1 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{bbc40478-54e7-4914-965f-de8043a2ed0e}) (Version: 22.100.0.3 - Intel Corporation) Hidden
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - )
LatencyMon 7.00 (HKLM-x32\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
M64Py 0.2.5 (HKLM-x32\...\M64Py_is1) (Version: - )
Malwarebytes version 4.5.9.198 (HKLM-x32\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Mozilla Firefox (x64 en-US) (HKLM-x32\...\Mozilla Firefox 100.0.2 (x64 en-US)) (Version: 100.0.2 - Mozilla)
MPC-HC 1.9.21.2 (6167a9d8c) Nightly (64-bit) (HKLM-x32\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.9.21.2 - MPC-HC Team)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
OpenHashTab version v3.0.1 (HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\{C0EEE3CD-665D-4E4E-B3BC-ADCD0FE73C0F}_is1) (Version: v3.0.1 - namazso)
OpenVPN Connect (HKLM-x32\...\{45C65CE3-C105-4C48-B334-3E22FDCF4AD0}) (Version: 3.3.6 - OpenVPN Technologies)
OptaneDowngradeGuard (HKLM-x32\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Pale Moon 31.0.0 (x64 en-US) (HKLM-x32\...\Pale Moon 31.0.0 (x64 en-US)) (Version: 31.0.0 - Moonchild Productions)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.56.119.2022 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9167.1 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM-x32\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SanityCheck 3.52 (HKLM-x32\...\SanityCheck_is1) (Version: 3.52 - Resplendence Software Projects Sp.)
simplewall (HKLM-x32\...\simplewall) (Version: 3.6.3 - Henry++)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.2 - Krzysztof Kowalczyk)
SumatraPDF (HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\SumatraPDF) (Version: 3.4.1 - Krzysztof Kowalczyk)
Thunderbolt™ Software (HKLM-x32\...\{30F0067F-DD79-431B-BA5F-6CB4897785A5}) (Version: 17.4.79.510 - Intel Corporation)
Tixati (HKLM-x32\...\tixati) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 38.2 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM-x32\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM-x32\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM-x32\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.10.10.0_x64__htrsf667h5kn2 [2021-12-10] (Dell Inc)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-27] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2021-02-20] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\u_u\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{23b5bdd4-7669-42b8-9cdc-beebc8a5baa9}\InprocServer32 -> C:\Users\u_u\AppData\Local\Programs\OpenHashTab\OpenHashTab.dll (namazso) [File not signed]
CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\u_u\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\u_u\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-13] (Intel Corporation -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-13] (Intel Corporation -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdmig.inf_amd64_fd5032f7e49f5212\nvshext.dll [2022-04-21] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-02-21 20:12 - 2022-04-15 08:00 - 000376832 _____ () [File not signed] C:\Program Files\MPC-HC\LAVFilters64\libbluray.dll
2022-03-17 11:44 - 2022-03-17 11:44 - 002772480 _____ () [File not signed] C:\Program Files\OpenVPN Connect\ffmpeg.dll
2022-03-17 11:44 - 2022-03-17 11:44 - 000379904 _____ () [File not signed] C:\Program Files\OpenVPN Connect\libegl.dll
2022-03-17 11:44 - 2022-03-17 11:44 - 007863296 _____ () [File not signed] C:\Program Files\OpenVPN Connect\libglesv2.dll
2022-03-17 11:44 - 2022-03-17 11:44 - 000147456 _____ () [File not signed] C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\keytar.node
2022-03-17 11:44 - 2022-03-17 11:44 - 005680640 _____ () [File not signed] C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\napi.node
2022-03-17 11:44 - 2022-03-17 11:44 - 000690688 _____ () [File not signed] C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\pkcs11.node
2021-02-21 20:12 - 2022-04-15 08:00 - 000302592 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Program Files\MPC-HC\LAVFilters64\LAVAudio.ax
2021-02-21 20:12 - 2022-04-15 08:00 - 000650240 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Program Files\MPC-HC\LAVFilters64\LAVSplitter.ax
2022-05-25 15:14 - 2022-04-15 08:00 - 014077052 _____ (FFmpeg Project) [File not signed] C:\Program Files\MPC-HC\LAVFilters64\avcodec-lav-59.dll
2022-05-25 15:14 - 2022-04-15 08:00 - 005105276 _____ (FFmpeg Project) [File not signed] C:\Program Files\MPC-HC\LAVFilters64\avformat-lav-59.dll
2022-05-25 15:14 - 2022-04-15 08:00 - 000679548 _____ (FFmpeg Project) [File not signed] C:\Program Files\MPC-HC\LAVFilters64\avutil-lav-57.dll
2022-05-25 15:14 - 2022-04-15 08:00 - 000123516 _____ (FFmpeg Project) [File not signed] C:\Program Files\MPC-HC\LAVFilters64\swresample-lav-4.dll
2021-02-21 20:12 - 2020-06-21 17:28 - 000180224 _____ (Idol Software) [File not signed] C:\Program Files\MPC-HC\CrashReporter\crashrpt.dll
2022-05-23 20:22 - 2021-12-26 07:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 06:46 - 2022-04-29 12:43 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\Control Panel\Desktop\\Wallpaper -> c:\users\u_u\desktop\nhk2.png
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "SetupRST_ModeSwitch.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Cloudflare WARP.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "DriverFix"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C39451E5-BF06-495B-B6A8-7A010BC23181}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{7E65A558-7E1E-4532-B790-E3FC82FC25EB}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [{697B02FF-722E-4046-8482-41FCD8AD346D}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3AA8D29B-2DB8-42F4-99C1-D27D4ADF8C2B}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5FAE41FC-1D87-45EA-937E-4C0CEEF96C3A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{03778120-0621-4125-871F-9FEAFA5918B5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F9C83DC4-B496-4076-95D7-8CD7A8E8BF69}] => (Allow) D:\Steam\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{D75ECBD0-DF3E-4927-8372-4C647BEAFEC2}] => (Allow) D:\Steam\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{5567452E-50E8-413D-A947-85371C4D0090}] => (Allow) G:\SteamLibrary\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS) [File not signed]
FirewallRules: [{0A8CA457-0874-4D8E-8F19-709612AA8E4C}] => (Allow) G:\SteamLibrary\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS) [File not signed]
FirewallRules: [{433FBC26-7FA7-439E-AF59-8F7C155943BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{526433EE-DD3C-49FE-AF6A-848D36A34456}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{D636D84D-8263-46A8-BF6A-FF8CE5C80DE5}] => (Allow) E:\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{1F7BD2B8-EE03-4DFC-8E6D-AB8880E932EB}] => (Allow) E:\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{8257AA13-916A-465B-93E2-5E7C96690244}] => (Allow) G:\SteamLibrary\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{DD5BA207-8BAB-4CAD-82FE-1F6411C69A5F}] => (Allow) G:\SteamLibrary\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [TCP Query User{A4A310AD-3615-4F70-8C42-9DF515ED2EB6}D:\steam\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steam\steamapps\common\baldurs gate 3\bin\bg3.exe (Larian Studios Games Ltd. -> )
FirewallRules: [UDP Query User{4662EAA5-7C45-43DB-9F57-031FD3A70A4E}D:\steam\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steam\steamapps\common\baldurs gate 3\bin\bg3.exe (Larian Studios Games Ltd. -> )
FirewallRules: [{39CDB7E0-B6BE-425E-A478-15519E43A6D7}] => (Allow) G:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{5B53F427-A748-41E8-8254-74891EA211B1}] => (Allow) G:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{E29C02A3-B7FF-40E0-953B-5B1A1CE57CC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hypnagogia Boundless Dreams\Hypnagogia Boundless Dreams.exe () [File not signed]
FirewallRules: [{E202A2EF-9CBD-4B07-A30D-2978754F523F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hypnagogia Boundless Dreams\Hypnagogia Boundless Dreams.exe () [File not signed]
FirewallRules: [{890D7A02-3EBC-4CC9-9DFA-39C8F8B16380}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halo The Master Chief Collection\mcclauncher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{C9ACF3FA-9B83-4A3F-8AD8-F268230CA56F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halo The Master Chief Collection\mcclauncher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{B0CA183C-00BA-4574-A224-30B4539EEB45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halo The Master Chief Collection\mcc\binaries\win64\MCC-Win64-Shipping.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)
FirewallRules: [{F6FB2F54-36F0-46B7-AB49-4D4323E8F6E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halo The Master Chief Collection\mcc\binaries\win64\MCC-Win64-Shipping.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)

==================== Restore Points =========================

25-05-2022 21:54:54 Windows Modules Installer
26-05-2022 09:36:32 O&O ShutUp10++
26-05-2022 10:00:07 Installed Dell Update.
26-05-2022 10:07:27 Windows Modules Installer
26-05-2022 10:26:51 Windows Modules Installer
26-05-2022 10:27:43 Windows Modules Installer
26-05-2022 14:04:16 May 26th 2022 (fresh, updated, and clean backup)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/27/2022 01:34:35 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (05/27/2022 01:34:35 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/26/2022 11:49:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program bg3.exe version 4.1.152.4131 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2034

Start Time: 01d8713135a0d165

Termination Time: 9

Application Path: D:\Steam\steamapps\common\Baldurs Gate 3\bin\bg3.exe

Report Id: bda48d91-7eca-4c50-8f49-a5b3f80cbf8f

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (05/26/2022 11:09:06 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (05/26/2022 11:08:53 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (05/26/2022 10:37:47 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (05/26/2022 10:37:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (05/26/2022 10:37:47 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.


System errors:
=============
Error: (05/27/2022 01:28:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/27/2022 01:28:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/27/2022 01:27:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the Dnscache service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/26/2022 08:19:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/26/2022 08:19:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/26/2022 08:19:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/26/2022 08:19:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/26/2022 01:56:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Windows Defender:
================
Date: 2022-05-26 10:26:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2022-05-24 17:25:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2022-05-26 09:51:12
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.457.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2022-05-26 09:18:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.457.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2022-05-25 16:59:21
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.457.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2022-05-25 14:17:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.457.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2022-05-25 14:06:02
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.363.1148.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===============
Date: 2022-05-27 13:42:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.21.0 04/14/2022
Motherboard: Dell Inc. 0KXXWY
Processor: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz
Percentage of memory in use: 30%
Total physical RAM: 16211.6 MB
Available physical RAM: 11227.5 MB
Total Virtual: 18643.6 MB
Available Virtual: 12331.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.34 GB) (Free:196.17 GB) (Model: NVMe ADATA SX6000PNP) NTFS
Drive d: (MyData01) (Fixed) (Total:199.65 GB) (Free:48.73 GB) (Model: ST1000LM035-1RK172) NTFS
Drive e: (MyData02) (Fixed) (Total:238.42 GB) (Free:150.91 GB) (Model: ST1000LM035-1RK172) NTFS
Drive f: (MyData03) (Fixed) (Total:240.37 GB) (Free:239.23 GB) (Model: ST1000LM035-1RK172) NTFS
Drive g: (MyData04) (Fixed) (Total:241.43 GB) (Free:148.88 GB) (Model: ST1000LM035-1RK172) NTFS
Drive y: (10GigsExtra) (Fixed) (Total:11.4 GB) (Free:11.27 GB) (Model: ST1000LM035-1RK172) NTFS

\\?\Volume{0e4be202-5ee6-433f-9eaa-05b5072fe51b}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.45 GB) NTFS
\\?\Volume{8295fa55-1f5a-4bc7-897d-bde19411a8a7}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D85BA26C)

Partition: GPT.

==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 46CDB94D)

Partition: GPT.

==================== End of Addition.txt =======================
 
I don't see much there.

redtarget.gif

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.

redtarget.gif

Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

redtarget.gif

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Program : RogueKiller Anti-Malware
Version : 15.5.1.0
x64 : Yes
Program Date : May 13 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19044) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : u_u
User is Admin : Yes
Date : 2022/05/27 21:43:40
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 242
Found items : 1
Total scanned : 97850
Signatures Version : 20220523_120904
Truesight Driver : Yes
Updates Count : 3
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
[+] scan_what : 1
[+] vendors : PUM.Policies
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 0
[+] status : 3
[+] status_str : Replaced (2)
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/27/22
Scan Time: 2:47 PM
Log File: 9a89f4f0-de06-11ec-b3a8-54bf640e0294.json

-Software Information-
Version: 4.5.9.198
Components Version: 1.0.1676
Update Package Version: 1.0.55490
License: Free

-System Information-
OS: Windows 10 (Build 19044.1706)
CPU: x64
File System: NTFS
User: OnoSendai-CBRSPC-VII\u_u

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 279212
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-03-15.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-27-2022
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 19
# Awaiting reboot:3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reviversoft.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\Software\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellCommand|PowerManager Folder C:\Program Files\DELL\COMMANDPOWERMANAGER
Deleted Preinstalled.DellCommand|PowerManager Folder C:\ProgramData\DELL\COMMANDPOWERMANAGER
Deleted Preinstalled.DellCommand|PowerManager Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATE
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATE
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\UPDATE
Needs Reboot Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Cleaning failed C:\ProgramData\DELL\UPDATESERVICE

*************************

AdwCleaner[S00].txt - [3213 octets] - [27/05/2022 14:53:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-03-15.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-27-2022
# Duration: 00:00:04
# OS: Windows 10 Home
# Scanned: 32030
# Detected: 19


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.ReviverSoft HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reviversoft.com
PUP.Optional.ReviverSoft HKLM\Software\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}
PUP.Optional.ReviverSoft HKLM\Software\Wow6432Node\\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellCommand|PowerManager Folder C:\Program Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager Folder C:\ProgramData\DELL\COMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\UPDATE



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
Since running the scans my computer froze, though differently than it usually does. My internet trafic monitor via OpenVPN showed a larger than normal ammount of data being sent (about as much as it recieved) while my data from YouTube and Techspot.com were stopped. Upon switching Wi-Fi (but not resetting my VPN) my open tabs on Techspot required me to log in again. I was also getting PR_END_OF_FILE_ERROR errors from FireFox when I tried to view any page.

I ran another AdwCleaner scan and three more results appeared.

Since 'Dell Update Application' was removed with the AdwCleaner scan I downloaded just the installer from the Dell website for later.

I haven't been saving files from the internet or running new programs today.
______

# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-03-15.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-27-2022
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 3
# Awaiting reboot:3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Needs Reboot Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Cleaning failed C:\ProgramData\DELL\UPDATESERVICE

*************************

AdwCleaner[S00].txt - [3213 octets] - [27/05/2022 14:53:39]
AdwCleaner[C00].txt - [3698 octets] - [27/05/2022 14:54:56]
AdwCleaner[S01].txt - [1761 octets] - [27/05/2022 17:32:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
Adblock Plus broke, resetting to non-blocking settings and allowing YouTube ads until I reinstalled the FireFox add-on.

Occasionally running Windows Defender, MalwareBytes, RogueKiller, and AdwCleaner scans throughout the day.

Nothing new appearing in the scans so far.
 
Actually, I don't see anything malicious there, so if you're still having same issues I suggest new topic in Windows forum.
 
I wasn't aware that there is a "Windows Forum"
________________
A few programs/plug-ins I had noticed which were uninstalled but still appear on logs

HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\Run: [f.lux] => "C:\Users\u_u\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow (No File)
flux

FF ProfilePath: C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\61yb32m0.default [2021-10-15]
FF ProfilePath: C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\7fjhbu00.dev-edition-default-1648831677965 [2022-05-25]
LibreWolf

FF Extension: (uBlock Origin) - C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\7fjhbu00.dev-edition-default-1648831677965\Extensions\uBlock0@raymondhill.net.xpi [2022-04-01]
uBlock Origin (LibreWolf)


All other user accounts on my PC are not and have not been used by me and do not appear to be

why is hxxp://webcompanion.com listed as a trusted host along side localhost?

IE trusted site: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\webcompanion.com -> hxxp://webcompanion.com

HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "Web Companion"

"Web Companion" doesn't sound familar but is listed more than once.


This was flagged by AdwCleaner

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

DNS Sever should be 1.1.1.1 not 8.8.8.8. or 8.8.4.4. unless it what is used as OpenVPN's own DNS

HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "Discord"

I don't use Discord and my PC has been cleanned as well as I can with local tools since then.

Error: (05/27/2022 01:27:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the Dnscache service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

This seems to be an issue that repeats itself


25-05-2022 21:54:54 Windows Modules Installer
26-05-2022 09:36:32 O&O ShutUp10++
26-05-2022 10:00:07 Installed Dell Update.
26-05-2022 10:07:27 Windows Modules Installer
26-05-2022 10:26:51 Windows Modules Installer
26-05-2022 10:27:43 Windows Modules Installer
26-05-2022 14:04:16 May 26th 2022 (fresh, updated, and clean backup)

I was under the impression I had deleted all restore points prior to creating the last in the list.

Are there any cleaning tools that would help remove these old orphaned system files?

I feel like I've exaused all obvious options.
I've even done a Windows Reset before and the problems still persist.
 
We can remove most of those leftovers with FRST...
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2022 01
Ran by u_u (administrator) on ONOSENDAI-CBRSP (Dell Inc. G3 3779) (01-06-2022 09:23:20)
Running from C:\Users\u_u\Desktop
Loaded Profiles: u_u
Platform: Microsoft Windows 10 Home Version 21H2 19044.1706 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCopyAccelerator.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxEM.exe
(Henry++) [File not signed] C:\Program Files\simplewall\simplewall.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <9>
(OpenVPN) [File not signed] C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe <4>
(services.exe ->) () [File not signed] C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe
(services.exe ->) () [File not signed] C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bdcdb885805fcea4\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_183917c66152901d\lib\SocketHeciServer.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7f98f584c61c8c61\RtkAudUService64.exe <2>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <3>
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbwe\Time.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7f98f584c61c8c61\RtkAudUService64.exe [3379808 2021-11-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\WavesSvc64.exe [1237696 2021-01-07] (Waves Inc -> Waves Audio Ltd.)
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\Run: [org.openvpn.client] => C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe [110833152 2022-03-17] (OpenVPN) [File not signed]
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\Run: [simplewall] => C:\Program Files\simplewall\simplewall.exe [759808 2022-05-26] (Henry++) [File not signed]
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\Run: [DriverFix] => C:\Program Files (x86)\DriverFix\DriverFix.exe [25313536 2021-12-20] (Blueroad Technologies Limited -> DriverFix)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E71CC50-5C63-4195-958E-6D60800859DE} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {508AA229-E874-4B30-99A2-45D13554B517} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_183917c66152901d\lib\IntelPTTEKRecertification.exe [818000 2022-01-27] (Intel Corporation -> Intel(R) Corporation)
Task: {5D0C47F9-A61A-4076-BF36-490A416205B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64BE1ED1-B60B-4108-B460-98F6685FDE55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {762931E8-3BC5-4831-8C43-DA23546CB3A0} - System32\Tasks\Day - Light Theme => reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v AppsUseLightTheme /t REG_DWORD /d 1 /f
Task: {888F51FB-F9ED-412D-8C08-7AA5D6693478} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {8949CEC1-1E9B-446E-BA78-41CA90EA7B2E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Users\u_u\Desktop\MSERT.exe [124876232 2022-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {AAAD0E5D-4A5E-4C91-8AD2-D8C1E3C4B952} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302168 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {B6C54DBA-AFA5-4647-994B-42549CED25D5} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B8666F54-A41F-47EF-960A-C717396D7D26} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {C895FC98-408A-43A0-9DD0-4CF977B6A232} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Update => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CFBCC150-CA55-4072-BBA5-6911C275C352} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DE7ED75B-0B2F-49FF-89D5-74D6EC75658F} - System32\Tasks\Night - Dark Theme => reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v AppsUseLightTheme /t REG_DWORD /d 0 /f
Task: {E84C6E5A-D640-470E-B162-C3DE20590E00} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F63331B8-035C-4FE9-92DC-F831FBFDE9BC} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 2018-12-25] (Intel(R) Client Connectivity Division SW -> Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3984044E-E410-4F7A-B63A-19665E03E7EC}: [NameServer] 10.0.4.0 10.0.4.1
Tcpip\..\Interfaces\{9114B9FC-328F-4271-8471-39B388D03ADF}: [NameServer] 10.0.4.0 10.0.4.1
Tcpip\..\Interfaces\{97AFF65E-3C0E-459F-A29E-FE6DA65FD08D}: [NameServer] 10.0.4.0 10.0.4.1
Tcpip\..\Interfaces\{a45ab5cf-383e-48f2-beb8-0aecd28bc289}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{a45ab5cf-383e-48f2-beb8-0aecd28bc289}: [DhcpNameServer] 10.128.128.128
Tcpip\..\Interfaces\{dabf3fd4-5368-4c8c-9c93-16418154a5c7}: [NameServer] 8.8.8.8,8.8.4.4,172.18.13.1
Tcpip\..\Interfaces\{f128b0e7-5259-47e3-a70f-e7608a2d8f99}: [NameServer] 1.1.1.1,1.0.0.1
DnsPolicyConfig: [OpenVPNDNSRouting-0] => GenericDNSServers=8.8.8.8;8.8.4.4;172.18.13.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\u_u\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-26]

FireFox:
========
FF DefaultProfile: 7r5mrruy.default
FF DefaultProfile: pmp9jzdz.default
FF DefaultProfile: 61yb32m0.default
FF ProfilePath: C:\Users\u_u\AppData\Roaming\Mozilla\Firefox\Profiles\7r5mrruy.default [2022-05-28]
FF ProfilePath: C:\Users\u_u\AppData\Roaming\Mozilla\Firefox\Profiles\fxdq2oi4.default-release [2022-06-01]
FF Homepage: Mozilla\Firefox\Profiles\fxdq2oi4.default-release -> about:blank
FF Extension: (Cookie AutoDelete) - C:\Users\u_u\AppData\Roaming\Mozilla\Firefox\Profiles\fxdq2oi4.default-release\Extensions\CookieAutoDelete@kennydo.com.xpi [2022-04-29]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\u_u\AppData\Roaming\Mozilla\Firefox\Profiles\fxdq2oi4.default-release\Extensions\firefox@ghostery.com.xpi [2022-05-28]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\u_u\AppData\Roaming\Mozilla\Firefox\Profiles\fxdq2oi4.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-05-31]
FF ProfilePath: C:\Users\u_u\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pmp9jzdz.default [2022-05-25]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\pmp9jzdz.default -> hxxp://goduckgo.com/
FF Extension: (Dark Moon) - C:\Users\u_u\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pmp9jzdz.default\Extensions\darkmoon@lootyhoof-pm.xpi [2022-05-25] [Legacy] [not signed]
FF Extension: (DarkPitch) - C:\Users\u_u\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pmp9jzdz.default\Extensions\{4b13c0da-55d5-44ce-b98e-98e62085837f}.xpi [2022-05-25] [Legacy] [not signed]
FF ProfilePath: C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\61yb32m0.default [2021-10-15]
FF ProfilePath: C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\7fjhbu00.dev-edition-default-1648831677965 [2022-05-25]
FF Extension: (uBlock Origin) - C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\7fjhbu00.dev-edition-default-1648831677965\Extensions\uBlock0@raymondhill.net.xpi [2022-04-01]
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 agent_ovpnconnect; C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe [3196928 2022-03-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8914856 2021-07-17] (BattlEye Innovations e.K. -> )
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{BCD82BD1-F236-4152-ADC5-061E1A97C4B3} [21312 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520 2022-02-01] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-25] (Malwarebytes Inc. -> Malwarebytes)
R2 ovpnhelper_service; C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe [3021824 2022-03-17] () [File not signed]
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14509608 2022-05-13] (ADLICE -> )
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7099632 2021-07-17] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WMIRegistrationService; C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2022-01-27] (Intel Corporation -> Intel Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [7591624 2021-07-17] (PUBG CORPORATION -> PUBG Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmig.inf_amd64_fd5032f7e49f5212\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdmig.inf_amd64_fd5032f7e49f5212\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Techporch Incorporated -> Dell Computer Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2021-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2021-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239560 2022-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl79dee4d2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{60349329-490E-4FB3-8687-FB89B48240B5}\MpKslDrv.sys [137464 2022-06-01] (Microsoft Windows -> Microsoft Corporation)
R3 PtpFilterDriver; C:\WINDOWS\System32\drivers\PtpFilterDriver.sys [51840 2016-12-26] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspSanity; C:\WINDOWS\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2020-11-03] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap_ovpnconnect; C:\WINDOWS\System32\drivers\tap_ovpnconnect.sys [40128 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-29] (Microsoft Windows -> Microsoft Corporation)
S3 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-01 09:23 - 2022-06-01 09:23 - 000018850 _____ C:\Users\u_u\Desktop\FRST.txt
2022-06-01 09:22 - 2022-06-01 09:22 - 000000000 ____D C:\Users\u_u\Desktop\FRST-OlderVersion
2022-05-31 12:26 - 2022-05-31 12:26 - 000000733 _____ C:\Users\u_u\Desktop\malwarebytes reply.txt
2022-05-31 11:08 - 2022-05-31 11:08 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3552850C.sys
2022-05-31 11:07 - 2022-05-31 11:49 - 000000000 ____D C:\Users\u_u\Desktop\mbar
2022-05-31 11:07 - 2022-05-31 11:49 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2022-05-31 11:07 - 2022-05-31 11:07 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2022-05-31 11:05 - 2022-05-31 11:05 - 014178840 _____ (Malwarebytes Corp.) C:\Users\u_u\Desktop\mbar-1.10.3.1001.exe
2022-05-28 15:23 - 2022-05-28 15:23 - 000028672 _____ C:\exportBCDfile
2022-05-28 15:18 - 2022-05-28 15:23 - 000182332 _____ C:\Users\u_u\Desktop\Fixlog.txt
2022-05-28 14:16 - 2022-06-01 09:22 - 000000000 ____D C:\Users\u_u\Desktop\older logs
2022-05-28 14:16 - 2022-05-28 14:16 - 000001233 _____ C:\Users\u_u\Desktop\WalwareBytesReport.txt
2022-05-28 13:47 - 2022-05-28 13:47 - 000000000 ____D C:\Users\u_u\Desktop\MajorGeeks ver
2022-05-27 15:00 - 2022-05-27 15:01 - 091306032 _____ (Dell Inc.) C:\Users\u_u\Desktop\Dell-Update-Application_RFCGH_WIN_4.0.0_A00.EXE
2022-05-27 14:52 - 2022-05-27 14:54 - 000000000 ____D C:\AdwCleaner
2022-05-27 14:47 - 2022-05-27 14:47 - 002546400 _____ (Malwarebytes) C:\Users\u_u\Desktop\MBSetup.exe
2022-05-27 14:35 - 2022-05-27 17:27 - 000000000 ____D C:\ProgramData\RogueKiller
2022-05-27 14:35 - 2022-05-27 14:35 - 000000859 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2022-05-27 14:35 - 2022-05-27 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-05-27 14:35 - 2022-05-27 14:35 - 000000000 ____D C:\Program Files\RogueKiller
2022-05-27 14:31 - 2022-05-27 14:31 - 000000000 ____D C:\Users\u_u\Desktop\ToolsLib ver
2022-05-27 14:30 - 2022-05-27 14:48 - 000000000 ____D C:\Users\u_u\Desktop\Malwarebytes ver
2022-05-27 14:30 - 2022-05-27 14:30 - 008551608 _____ (Malwarebytes) C:\Users\u_u\Desktop\AdwCleaner.exe
2022-05-27 14:23 - 2022-05-27 14:24 - 000000000 ____D C:\Users\u_u\Desktop\geekstogo (non-https) ver
2022-05-27 14:22 - 2022-05-28 13:57 - 000000000 ____D C:\Users\u_u\Desktop\techspot ver
2022-05-27 14:21 - 2022-05-28 13:47 - 000000000 ____D C:\Users\u_u\Desktop\bleepingcomputer ver
2022-05-27 14:21 - 2022-05-27 14:21 - 043537760 _____ (Adlice Software ) C:\Users\u_u\Desktop\RogueKiller_setup.exe
2022-05-27 14:20 - 2022-05-27 14:21 - 000000000 ____D C:\Users\u_u\Desktop\adlice ver
2022-05-26 14:29 - 2022-06-01 09:23 - 000000000 ____D C:\FRST
2022-05-26 14:06 - 2022-05-26 14:06 - 000000000 ____D C:\WINDOWS\Panther
2022-05-26 10:31 - 2022-05-26 13:41 - 000000000 ____D C:\Users\u_u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\simplewall
2022-05-26 10:31 - 2022-05-26 10:31 - 000011799 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-05-26 10:30 - 2022-05-26 10:30 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-05-26 10:30 - 2022-05-26 10:30 - 000093696 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-05-26 10:02 - 2022-05-26 10:02 - 000000000 ____D C:\Users\u_u\AppData\Roaming\Neos Eureka S.r.l
2022-05-26 10:00 - 2022-05-27 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2022-05-26 10:00 - 2022-05-27 14:54 - 000000000 ____D C:\Program Files (x86)\Dell
2022-05-26 09:54 - 2022-05-26 09:54 - 000000000 ____D C:\Users\u_u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2022-05-26 09:48 - 2022-05-26 17:07 - 000000000 ____D C:\Users\u_u\AppData\Roaming\tixati
2022-05-25 20:34 - 2022-05-25 20:34 - 000000000 ____D C:\Users\u_u\AppData\Local\Apps\2.0
2022-05-25 17:25 - 2022-05-26 09:15 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-05-25 17:25 - 2022-05-25 17:25 - 000000000 _____ C:\WINDOWS\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2022-05-25 15:02 - 2022-05-25 15:02 - 000002059 _____ C:\Users\u_u\AppData\Roaming\Microsoft\Windows\Start Menu\SumatraPDF.lnk
2022-05-25 14:55 - 2022-05-28 17:53 - 000000000 ____D C:\Users\u_u\AppData\Roaming\obs-studio
2022-05-25 14:37 - 2022-05-25 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanityCheck
2022-05-25 14:37 - 2022-05-25 14:37 - 000000000 ____D C:\Program Files\SanityCheck
2022-05-25 14:36 - 2022-05-25 14:36 - 000003112 _____ C:\WINDOWS\TEMP6.html
2022-05-25 14:36 - 2022-05-25 14:36 - 000001293 _____ C:\WINDOWS\TEMP1.html
2022-05-25 14:33 - 2022-05-25 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2022-05-25 14:33 - 2022-05-25 15:26 - 000000000 ____D C:\Program Files\CPUID
2022-05-25 13:38 - 2022-05-25 13:38 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2022-05-25 13:24 - 2022-06-01 09:22 - 002367488 _____ (Farbar) C:\Users\u_u\Desktop\FRST64.exe
2022-05-25 12:31 - 2022-05-25 12:30 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-05-24 15:48 - 2022-05-24 15:48 - 000001015 _____ C:\Users\u_u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\explorer.lnk
2022-05-23 10:18 - 2022-05-23 10:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect
2022-05-23 10:07 - 2022-05-28 15:26 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-05-17 14:11 - 2022-05-17 14:20 - 000000000 ____D C:\Users\u_u\AppData\Roaming\Firestorm_x64
2022-05-17 14:11 - 2022-05-17 14:11 - 000001007 _____ C:\Users\Public\Desktop\Firestorm.lnk
2022-05-17 14:11 - 2022-05-17 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Releasex64
2022-05-17 14:10 - 2022-05-17 14:11 - 000000000 ____D C:\Program Files\Firestorm-Releasex64
2022-05-10 11:23 - 2022-05-25 20:38 - 000001496 _____ C:\Users\u_u\Desktop\HEARTLOVEPOWERTEMPLE.lnk
2022-05-05 10:25 - 2022-05-05 10:25 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6B41612E.sys
2022-05-05 10:21 - 2022-05-25 12:31 - 000239560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-01 09:22 - 2021-08-08 15:29 - 000777858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-06-01 09:22 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2022-06-01 09:21 - 2021-02-12 04:44 - 000000000 ___RD C:\Users\u_u\Desktop\Desk
2022-06-01 09:18 - 2022-02-16 11:30 - 000000000 ____D C:\Users\u_u\AppData\Roaming\OpenVPN Connect
2022-06-01 09:16 - 2021-01-30 06:02 - 000000000 ____D C:\Users\u_u\AppData\LocalLow\Mozilla
2022-06-01 09:16 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-06-01 09:13 - 2021-08-08 15:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-06-01 09:13 - 2021-02-20 21:57 - 000000000 ___HD C:\Intel
2022-06-01 09:13 - 2021-01-29 20:31 - 000000000 __SHD C:\Users\u_u\IntelGraphicsProfiles
2022-06-01 09:13 - 2021-01-29 20:12 - 000008192 ___SH C:\DumpStack.log.tmp
2022-06-01 09:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-05-31 19:35 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-05-31 19:19 - 2021-02-23 11:29 - 000000000 ____D C:\Users\u_u\AppData\Roaming\vlc
2022-05-28 17:51 - 2021-08-08 15:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-05-28 15:23 - 2021-02-06 23:28 - 000000000 ____D C:\Users\u_u\AppData\LocalLow\Temp
2022-05-28 15:22 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-05-27 16:24 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Registration
2022-05-27 14:54 - 2018-05-15 22:56 - 000000000 ____D C:\ProgramData\dell
2022-05-27 14:54 - 2018-05-15 22:44 - 000000000 ____D C:\Program Files\Dell
2022-05-26 18:44 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-05-26 13:39 - 2021-03-20 10:48 - 000000000 ____D C:\Program Files (x86)\Steam
2022-05-26 10:38 - 2021-08-08 15:20 - 000760056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-05-26 10:37 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-05-26 10:07 - 2021-02-20 22:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-05-26 10:06 - 2021-02-20 22:41 - 145501456 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-05-26 09:54 - 2022-04-29 17:20 - 000000000 ____D C:\Program Files\tixati
2022-05-26 09:27 - 2021-02-20 22:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-05-25 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-05-25 21:51 - 2021-06-19 12:05 - 000001180 _____ C:\Users\u_u\Desktop\Katawa Shoujo.lnk
2022-05-25 21:51 - 2021-02-01 02:06 - 000001464 _____ C:\Users\u_u\Desktop\Sound Settings.lnk
2022-05-25 20:34 - 2021-08-08 15:11 - 000000000 ____D C:\Users\u_u
2022-05-25 20:28 - 2021-03-21 18:09 - 000000000 ____D C:\Users\u_u\Documents\Larian Studios
2022-05-25 20:27 - 2021-08-04 13:29 - 000000000 ____D C:\Users\u_u\Documents\Mangas
2022-05-25 18:21 - 2019-12-07 02:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-05-25 17:25 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-05-25 15:20 - 2021-09-18 14:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2022-05-25 15:18 - 2021-02-18 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-05-25 15:14 - 2021-02-21 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2022-05-25 15:14 - 2021-02-21 20:12 - 000000000 ____D C:\Program Files\MPC-HC
2022-05-25 14:57 - 2021-03-03 14:29 - 000000000 ____D C:\Program Files\Pale Moon
2022-05-25 14:53 - 2021-08-04 13:09 - 000001936 _____ C:\Users\Public\Desktop\HakuNeko Desktop.lnk
2022-05-25 14:52 - 2021-08-04 13:14 - 000000000 ____D C:\Users\u_u\AppData\Roaming\hakuneko-desktop
2022-05-25 14:52 - 2021-08-04 13:09 - 000000000 ____D C:\Program Files\HakuNeko Desktop
2022-05-25 14:29 - 2018-05-15 22:44 - 000000000 ____D C:\ProgramData\Package Cache
2022-05-25 12:31 - 2021-06-17 09:51 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-25 12:30 - 2021-06-17 09:51 - 000103888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-05-25 12:30 - 2021-06-17 09:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-25 12:30 - 2021-06-17 09:51 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-24 10:27 - 2021-02-20 17:30 - 000000000 ____D C:\Program Files\7-Zip
2022-05-23 10:18 - 2022-02-16 11:30 - 000000000 ____D C:\Program Files\OpenVPN Connect
2022-05-23 10:07 - 2021-02-20 22:22 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-05-18 21:48 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-05-10 10:08 - 2018-05-15 22:47 - 000000000 ____D C:\ProgramData\NVIDIA
2022-05-10 09:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-05-10 08:47 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-05-09 14:29 - 2021-04-23 23:02 - 000000000 ____D C:\Users\u_u\AppData\Roaming\RenPy

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-05-2022 01
Ran by u_u (01-06-2022 09:24:07)
Running from C:\Users\u_u\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1706 (X64) (2021-08-08 22:27:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2736231629-3607526208-3142971229-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2736231629-3607526208-3142971229-503 - Limited - Disabled)
Guest (S-1-5-21-2736231629-3607526208-3142971229-501 - Limited - Disabled)
u_u (S-1-5-21-2736231629-3607526208-3142971229-1001 - Administrator - Enabled) => C:\Users\u_u
WDAGUtilityAccount (S-1-5-21-2736231629-3607526208-3142971229-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
CPUID CPU-Z 2.01 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.01 - CPUID, Inc.)
CPUID HWMonitor 1.46 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.46 - CPUID, Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{08E7C8D5-F2B5-4F09-B0EA-F28913BEFDB0}) (Version: 5.5.1.16143 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2a8bafd6-22ae-4d0e-87a4-686b2a4a2ab0}) (Version: 5.5.1.16143 - Dell Inc.)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.0.0 - Dell Inc.)
Documentation Manager (HKLM\...\{E6D708BA-9130-4926-AA3E-AEBB5DE1E60B}) (Version: 22.110.1.1 - Intel Corporation) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
DriverFix 4.2021.1.29 (HKLM\...\DriverFix_is1) (Version: - DriverFix, Inc)
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 2.0.6875.402 - PC-Doctor, Inc.) Hidden
Dynamic Application Loader Host Interface Service (HKLM\...\{9DE7A0A5-C13D-4FDD-B78B-53C744C82F1A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
f.lux (HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\Flux) (Version: - f.lux Software LLC)
Firestorm-Releasex64 (HKLM\...\Firestorm-Releasex64) (Version: 6.5.3.65658 - The Phoenix Firestorm Project, Inc.)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
HakuNeko Desktop (HKLM\...\HakuNeko Desktop_is1) (Version: 6.1.7 - Ronny Wegener <wegener.ronny@gmail.com>)
Intel(R) Chipset Device Software (HKLM\...\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}) (Version: 10.1.1.7 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10500.5526 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{c49f9463-8ca3-4422-82b0-c06c7a9640ed}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Icls (HKLM\...\{AE33809B-734E-4A79-BBDC-0DDE03950065}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) LMS (HKLM\...\{4479B4B8-D77B-474A-ABC5-1E5A4356F7DE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel(R) Management Engine Driver (HKLM\...\{F0A3D842-E346-45C5-9546-90FEFD477F6E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4944 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{06534C2E-CDD8-440B-A370-13E2E1C45FDC}) (Version: 30.100.2020.7 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2020.7 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{69bc85f1-55f9-44f2-b5df-3840fe07854c}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00002110-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.110.2.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{0164812d-0965-4e5d-8ebd-6e2b5d181d4a}) (Version: 20.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{F70E0149-0BD0-4933-ADD0-1DC74D8F513B}) (Version: 20.40.0.1365 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{094650cc-6461-47bb-96c0-4ec910a08b94}) (Version: 22.110.1.1 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{bbc40478-54e7-4914-965f-de8043a2ed0e}) (Version: 22.100.0.3 - Intel Corporation) Hidden
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - )
LatencyMon 7.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
M64Py 0.2.5 (HKLM-x32\...\M64Py_is1) (Version: - )
Malwarebytes version 4.5.9.198 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 100.0.2 (x64 en-US)) (Version: 100.0.2 - Mozilla)
MPC-HC 1.9.21.2 (6167a9d8c) Nightly (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.9.21.2 - MPC-HC Team)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
OpenHashTab version v3.0.1 (HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\{C0EEE3CD-665D-4E4E-B3BC-ADCD0FE73C0F}_is1) (Version: v3.0.1 - namazso)
OpenVPN Connect (HKLM\...\{45C65CE3-C105-4C48-B334-3E22FDCF4AD0}) (Version: 3.3.6 - OpenVPN Technologies)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Pale Moon 31.0.0 (x64 en-US) (HKLM\...\Pale Moon 31.0.0 (x64 en-US)) (Version: 31.0.0 - Moonchild Productions)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.56.119.2022 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9167.1 - Realtek Semiconductor Corp.)
RogueKiller version 15.5.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.5.1.0 - Adlice Software)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SanityCheck 3.52 (HKLM\...\SanityCheck_is1) (Version: 3.52 - Resplendence Software Projects Sp.)
simplewall (HKLM\...\simplewall) (Version: 3.6.3 - Henry++)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.2 - Krzysztof Kowalczyk)
SumatraPDF (HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\SumatraPDF) (Version: 3.4.1 - Krzysztof Kowalczyk)
Thunderbolt™ Software (HKLM-x32\...\{30F0067F-DD79-431B-BA5F-6CB4897785A5}) (Version: 17.4.79.510 - Intel Corporation)
Tixati (HKLM-x32\...\tixati) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 38.2 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.10.10.0_x64__htrsf667h5kn2 [2021-12-10] (Dell Inc)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-27] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2021-02-20] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\u_u\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{23b5bdd4-7669-42b8-9cdc-beebc8a5baa9}\InprocServer32 -> C:\Users\u_u\AppData\Local\Programs\OpenHashTab\OpenHashTab.dll (namazso) [File not signed]
CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\u_u\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\u_u\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_444d52e511fbcc11\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-13] (Intel Corporation -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-13] (Intel Corporation -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdmig.inf_amd64_fd5032f7e49f5212\nvshext.dll [2022-04-21] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-03-17 11:44 - 2022-03-17 11:44 - 002772480 _____ () [File not signed] C:\Program Files\OpenVPN Connect\ffmpeg.dll
2022-03-17 11:44 - 2022-03-17 11:44 - 000379904 _____ () [File not signed] C:\Program Files\OpenVPN Connect\libegl.dll
2022-03-17 11:44 - 2022-03-17 11:44 - 007863296 _____ () [File not signed] C:\Program Files\OpenVPN Connect\libglesv2.dll
2022-03-17 11:44 - 2022-03-17 11:44 - 000147456 _____ () [File not signed] C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\keytar.node
2022-03-17 11:44 - 2022-03-17 11:44 - 005680640 _____ () [File not signed] C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\napi.node
2022-03-17 11:44 - 2022-03-17 11:44 - 000690688 _____ () [File not signed] C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\pkcs11.node
2022-05-23 20:22 - 2021-12-26 07:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-02-20 22:44 - 2021-01-31 13:53 - 000909312 _____ (namazso) [File not signed] C:\Users\u_u\AppData\Local\Programs\OpenHashTab\OpenHashTab.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 06:46 - 2022-05-28 15:18 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\Control Panel\Desktop\\Wallpaper -> c:\users\u_u\desktop\nhk2.png
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "SetupRST_ModeSwitch.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Cloudflare WARP.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "DriverFix"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

25-05-2022 21:54:54 Windows Modules Installer
26-05-2022 09:36:32 O&O ShutUp10++
26-05-2022 10:00:07 Installed Dell Update.
26-05-2022 10:07:27 Windows Modules Installer
26-05-2022 10:26:51 Windows Modules Installer
26-05-2022 10:27:43 Windows Modules Installer
26-05-2022 14:04:16 May 26th 2022 (fresh, updated, and clean backup)
27-05-2022 14:54:24 AdwCleaner_BeforeCleaning_27/05/2022_14:54:23
27-05-2022 17:33:18 AdwCleaner_BeforeCleaning_27/05/2022_17:33:13

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/28/2022 05:49:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on MyData03 (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/28/2022 05:48:30 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on MyData02 (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/28/2022 05:46:39 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on MyData01 (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/28/2022 05:01:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on MyData01 (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/28/2022 04:50:09 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on MyData01 (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/28/2022 03:19:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (05/28/2022 03:18:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9418f913-b4fc-41f9-a874-b7700878c462}

Error: (05/28/2022 01:20:40 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007


System errors:
=============
Error: (06/01/2022 09:18:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (06/01/2022 09:18:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (06/01/2022 09:16:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (06/01/2022 09:16:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (06/01/2022 09:16:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (06/01/2022 09:16:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/31/2022 07:33:12 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (05/31/2022 07:33:10 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


Windows Defender:
================
Date: 2022-05-26 10:26:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2022-05-24 17:25:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2022-05-31 18:23:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.567.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2022-05-31 18:23:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.567.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2022-05-31 18:23:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.567.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2022-05-31 18:22:45
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.567.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2022-05-31 18:22:45
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.567.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2022-06-01 09:14:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.21.0 04/14/2022
Motherboard: Dell Inc. 0KXXWY
Processor: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz
Percentage of memory in use: 28%
Total physical RAM: 16211.6 MB
Available physical RAM: 11620.63 MB
Total Virtual: 18643.6 MB
Available Virtual: 12754.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.34 GB) (Free:192.37 GB) (Model: NVMe ADATA SX6000PNP) NTFS
Drive d: (MyData01) (Fixed) (Total:199.65 GB) (Free:48.71 GB) (Model: ST1000LM035-1RK172) NTFS
Drive e: (MyData02) (Fixed) (Total:238.42 GB) (Free:150.89 GB) (Model: ST1000LM035-1RK172) NTFS
Drive f: (MyData03) (Fixed) (Total:240.37 GB) (Free:239.21 GB) (Model: ST1000LM035-1RK172) NTFS
Drive g: (MyData04) (Fixed) (Total:241.43 GB) (Free:148.79 GB) (Model: ST1000LM035-1RK172) NTFS
Drive y: (10GigsExtra) (Fixed) (Total:11.4 GB) (Free:11.27 GB) (Model: ST1000LM035-1RK172) NTFS

\\?\Volume{0e4be202-5ee6-433f-9eaa-05b5072fe51b}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.45 GB) NTFS
\\?\Volume{8295fa55-1f5a-4bc7-897d-bde19411a8a7}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D85BA26C)

Partition: GPT.

==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 46CDB94D)

Partition: GPT.

==================== End of Addition.txt =======================
 
It shows 4 approved apps to run at startup but if I check 'Startup' under Settings I don't see any programs listed.
 
Now I see they are just registry keys, though they should probably be removed.
The number of DNS ips is strange becuase only 1.1.1.1. (& 1.0.0.1) my default DNS and maybe the 8.8.8.8. (& 8.8.4.4.) for my OpenDNS service.
 
I still see "f.lux" in your list of installed programs, so if you don't need it you should uninstall it.

Then...

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.7 KB · Views: 83
F.lux has no uninstaller and in my poking around I haven't found anything.. it isn't in appdata either.

Thanks for your help so far, it's becoming more and more even more aparent I need that Dell drivers recovery disk to format back to factory settings.

Drivers taken off the Dell site aren't cutting it. This isn't an infection that shows back up after bad computing habbits, it's something that's found its way in and no 'soft reset' will take care of it.

There used to be a way on the Dell site to order a recovery disk, you'd just have to pay if your waranty had ended but this service has seemingly vanished.

I've even called the toll-free number and all they did was try to upsell me on premium recovery software.
:dizzy: ouch!
________________________________

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-05-2022 01
Ran by u_u (01-06-2022 16:35:00) Run:2
Running from C:\Users\u_u\Desktop
Loaded Profiles: u_u
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF ProfilePath: C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\61yb32m0.default [2021-10-15]
FF ProfilePath: C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\7fjhbu00.dev-edition-default-1648831677965 [2022-05-25]
FF Extension: (uBlock Origin) - C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\7fjhbu00.dev-edition-default-1648831677965\Extensions\uBlock0@raymondhill.net.xpi [2022-04-01]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
S3 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]
CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\u_u\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\u_u\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\u_u\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\...\StartupApproved\Run: => "Discord"

*****************

C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\61yb32m0.default => moved successfully
C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\61yb32m0.default => path removed successfully
C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\7fjhbu00.dev-edition-default-1648831677965 => moved successfully
C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\7fjhbu00.dev-edition-default-1648831677965 => path removed successfully
"C:\Users\u_u\AppData\Roaming\LibreWolf\Profiles\7fjhbu00.dev-edition-default-1648831677965\Extensions\uBlock0@raymondhill.net.xpi" => not found
HKLM\System\CurrentControlSet\Services\uhssvc => removed successfully
uhssvc => service removed successfully
HKLM\System\CurrentControlSet\Services\semav6msr64 => removed successfully
semav6msr64 => service removed successfully
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-2736231629-3607526208-3142971229-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
"HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Discord" => removed successfully
"HKU\S-1-5-21-2736231629-3607526208-3142971229-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Discord" => not found

==== End of Fixlog 16:35:01 ====
 
That's pretty much I can help you here with.
There is no malware present, we cleaned up as much as my tools allowed.
If you still need more help I suggest new topic in Windows forum here.
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Ethical hackers show how to open millions of hotel keycard locks
Replies
16
Views
275
waclark
W
Bob O'Donnell
Intel is refining its computing vision and where it sees the PC going
Replies
6
Views
280
human7
H
midian182
The Callisto Protocol gets Steam bombed over its poor PC performance
2 3
Replies
60
Views
3K
Avro Arrow
Avro Arrow

Latest posts

Back