Solved Unknown spyware/ Monitoring/ Hijacking of my devices

L

LucSom01

Posts: 10   +0
Hello,

I've been having an issue where I've been targeted by cybercriminals. My laptop PC and android phones are being monitored somehow. I have run many antivirus programs (including MWB, avast, norton etc.), scanned for rootkits, used firewalls and factory reset all my devices but the issue always comes back. I noticed some strange activity in wire shark and avast firewall, but I couldn't make sense of it. I'm not sure how this is happening. I need some help to secure my devices for good.

From what I've found out, the hackers have been able to record my screen, and track my keys my PC and phones. Even when I used programs like screen wings and key scrambler. It even continues when my phones are on airplane mode.

My android phones run version 9.0 and 12.0 each and keep getting reinfected. I recently did a clean reset of my PC, and it seems like information is still being leaked.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2022
Ran by henry (administrator) on LUCIUS (Acer Nitro AN515-54) (30-11-2022 22:56:59)
Running from C:\Users\henry\OneDrive\Desktop\KS
Loaded Profiles: henry
Platform: Microsoft Windows 11 Pro Version 22H2 22621.819 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> ) C:\Program Files\Tablet\Wacom\Wacom_UpdateUtil.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.765.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.62\msedgewebview2.exe <6>
(drivers\RivetNetworks\Killer\xTendUtilityService.exe ->) (Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_92cf9d9d84f1d3db\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_92cf9d9d84f1d3db\igfxEM.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <19>
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (IDRIX SARL -> IDRIX) C:\Windows\System32\VeraCrypt.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_92cf9d9d84f1d3db\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7d6ad0397c5dc3fd\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7d6ad0397c5dc3fd\IntelCpHeciSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.22.10.9\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.22.10.9\nsWscSvc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvacegpu.inf_amd64_d6e443c3f366fc32\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_d5839c9d7c0bda64\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.214.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.765.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_d5839c9d7c0bda64\WavesSvc64.exe
Failed to access process -> explorer.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1093872 2020-04-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_d5839c9d7c0bda64\WavesSvc64.exe [1464728 2019-01-31] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [215960 2022-11-20] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.62\Installer\setup.exe [3361704 2022-11-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1327980298-1667911545-2908986163-1001\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1327980298-1667911545-2908986163-1001\...\Run: [MicrosoftEdgeAutoLaunch_8BEF3EDBB44C2FCC8EE84BAAF23F5A0B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3892168 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1327980298-1667911545-2908986163-1001\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5990184 2022-11-21] (IDRIX SARL -> IDRIX)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {3784E3A5-6086-40CE-9351-3CFF59368873} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.22.10.9\SymErr.exe [379024 2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {3FA37D13-BC77-4B5D-98EA-B522EF1323FD} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4737760 2022-11-20] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 015a49e1-98d5-4974-8b1e-0b35c2d55724
Task: {4DFE6487-C588-4A8F-930F-BFDCF1D02C16} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-11-20] (Avast Software s.r.o. -> Avast Software)
Task: {5B724F30-1460-4A59-8318-7F4F3E1F716F} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.22.10.9\SymErr.exe [379024 2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {7447AB48-1300-495A-9F4A-DE899456CC2F} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6803168 2022-08-30] (Avast Software s.r.o. -> Avast Software)
Task: {750FC8AB-2620-44B2-9A44-90A4176D82F7} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [6803168 2022-09-06] (Avast Software s.r.o. -> Avast Software)
Task: {7D5F18C4-B98E-4014-935A-4B3F27E6A753} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4951448 2022-11-20] (Avast Software s.r.o. -> AVAST Software)
Task: {8B4D2F85-F4DD-4D59-B155-C3D21517C715} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4737760 2022-11-20] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 6896f9b7-ddd5-4f55-bf02-e8b4f9c557dc
Task: {93621ECF-BB05-486C-9E18-5750C9FEFF52} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.22.10.9\WSCStub.exe [646520 2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {98016C6A-A480-43F8-9969-C366EB4CCF74} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1213144 2022-11-20] (Avast Software s.r.o. -> AVAST Software)
Task: {A8B89B19-4109-4311-8FFA-44B5DD81ABDB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {BB071673-49EE-49DE-BFD8-0795B69945BE} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.22.10.9\SymErr.exe [379024 2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {CF30FEF4-4559-4983-850B-23E479883CF6} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => C:\WINDOWS\system32\SecureBootEncodeUEFI.exe [94208 2022-11-23] (Microsoft Windows -> )
Task: {DAEBA109-268C-453A-9E85-190A95D7A707} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4690136 2022-11-20] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid fa942ffe-64ea-4561-884a-b7b2265112d6
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {EBA21398-E860-483F-89AD-7E933391CCF2} - System32\Tasks\KpRm-quarantines\KpRm-quarantines-20221128221656 => C:\KPRM\tasks-quarantines\kprm-quarantines.exe [2860776 2022-11-28] (kernel-panik -> kernel-panik) [File not signed]
Task: {F3F750EC-DB2C-4167-AA56-7E61CB57DCA7} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6694224 2022-09-29] (Avast Software s.r.o. -> Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.94.176.20 208.94.176.18
Tcpip\..\Interfaces\{686E1526-5487-4579-9D5C-7D997F0C562C}: [NameServer] 10.255.0.0
Tcpip\..\Interfaces\{c6487a7b-0363-4979-8fe0-d6abf4e16211}: [DhcpNameServer] 208.94.176.20 208.94.176.18

Edge:
=======
Edge Profile: C:\Users\henry\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-30]
Edge NewTab: Default -> Not-active:"chrome-extension://okplngpklcjmpdemleibnhidjihcobef/homePageRedirect.html"
Edge Extension: (Norton Safe Web) - C:\Users\henry\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2022-11-22]
Edge Extension: (Norton Safe Search) - C:\Users\henry\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikkagnliefbhcdgnnhfidhhbocdhkdeb [2022-11-22]
Edge Extension: (Norton Password Manager) - C:\Users\henry\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2022-11-22]
Edge Extension: (Norton Home Page) - C:\Users\henry\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okplngpklcjmpdemleibnhidjihcobef [2022-11-22]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8552856 2022-11-20] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [596888 2022-11-20] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2029976 2022-11-20] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [596888 2022-11-20] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2022-11-20] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [15464160 2022-11-20] (Avast Software s.r.o. -> AVAST Software)
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7692000 2022-11-20] (Avast Software s.r.o. -> AVAST Software)
R3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-11-23] (Microsoft Windows -> Microsoft Corporation)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2616424 2019-06-17] (Rivet Networks LLC -> Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8879024 2022-11-20] (Malwarebytes Inc. -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.22.10.9\NortonSecurity.exe [344888 2022-11-07] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.22.10.9\nsWscSvc.exe [1059176 2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9332952 2022-11-20] (Avast Software s.r.o. -> AVAST Software)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [249344 2022-11-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-11-23] (Microsoft Windows -> Microsoft Corporation)
R2 VeraCryptSystemFavorites; C:\Windows\system32\VeraCrypt.exe [5990184 2022-11-21] (IDRIX SARL -> IDRIX)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-20] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-20] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137544 2022-11-23] (Microsoft Windows -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72808 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72816 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvacegpu.inf_amd64_d6e443c3f366fc32\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvacegpu.inf_amd64_d6e443c3f366fc32\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [31896 2021-08-09] (Acer Incorporated -> Acer Incorporated)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31376 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229720 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391264 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-11-20] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39648 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [268480 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [555520 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105760 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80384 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852000 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [688336 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [210632 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318464 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [65944 2022-11-20] (Avast Software s.r.o. -> Avast Software)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-11-23] (Microsoft Windows -> Microsoft Corporation)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.22.10.9\Definitions\BASHDefs\20221130.011\BHDrvx64.sys [1705040 2022-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\16160A0.009\ccSetx64.sys [198280 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527864 2022-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2022-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.22.10.9\Definitions\IPSDefs\20221130.061\IDSvia64.sys [1526776 2022-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [162432 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-11-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193992 2022-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-11-30] (Malwarebytes Inc. -> Malwarebytes)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\16160A0.009\nsvst.sys [57120 2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\16160A0.009\SRTSP64.SYS [956048 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\16160A0.009\SRTSPX64.SYS [52872 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\16160A0.009\SYMEFASI64.SYS [2092696 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\16160A0.009\SymELAM.sys [36016 2022-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100344 2022-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.22.10.9\SymPlatform\SymEvnt.sys [722400 2022-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\16160A0.009\Ironx64.SYS [306824 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\16160A0.009\symnets.sys [490656 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [817672 2022-11-21] (Microsoft Windows Hardware Compatibility Publisher -> IDRIX)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [137304 2022-11-18] (WDKTestCert dant,133088663242323546 -> Wacom Co. Ltd.)
S3 wacomrouterfilter; C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [31288 2022-11-18] (WDKTestCert dant,133093294545578878 -> Wacom Co. Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49616 2022-11-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [469288 2022-11-20] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-20] (Microsoft Windows -> Microsoft Corporation)
R1 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\16160A0.009\wpCtrlDrv.sys [1016792 2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-11-23] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-30 22:06 - 2022-11-30 22:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2022-11-30 19:51 - 2022-11-30 19:51 - 000193992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-11-30 19:51 - 2022-11-30 19:51 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-11-30 19:51 - 2022-11-30 19:51 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-11-29 22:17 - 2022-01-07 13:36 - 004955248 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw10.sys
2022-11-29 22:17 - 2022-01-07 13:05 - 045101144 _____ C:\WINDOWS\system32\Drivers\Netwfw10.dat
2022-11-28 22:17 - 2022-11-28 22:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\KpRm-quarantines
2022-11-28 22:16 - 2022-11-28 22:17 - 000000000 ____D C:\KPRM
2022-11-28 22:05 - 2022-11-28 22:05 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-11-27 23:10 - 2022-11-27 23:10 - 000000000 ____D C:\Users\henry\AppData\Local\IsolatedStorage
2022-11-27 17:51 - 2022-11-27 17:51 - 000000000 ____D C:\Users\henry\AppData\Roaming\WinRAR
2022-11-27 17:51 - 2022-11-27 17:51 - 000000000 ____D C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-11-27 17:51 - 2022-11-27 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-11-27 17:51 - 2022-11-27 17:51 - 000000000 ____D C:\Program Files\WinRAR
2022-11-27 17:36 - 2022-11-27 17:36 - 000002105 _____ C:\Users\Public\Desktop\ZBrush 2022.0.5.lnk
2022-11-27 17:33 - 2022-11-27 17:33 - 000002097 _____ C:\Users\Public\Desktop\ZBrush 2022.lnk
2022-11-27 17:33 - 2022-11-27 17:33 - 000000000 ____D C:\Users\Public\Pixologic
2022-11-27 17:33 - 2022-11-27 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic
2022-11-27 17:32 - 2022-11-27 17:32 - 000000000 ____D C:\Program Files\Pixologic
2022-11-27 16:28 - 2022-11-27 16:28 - 000000000 ____D C:\Users\henry\AppData\Roaming\WPersistent
2022-11-27 13:27 - 2022-11-30 19:51 - 000000000 ____D C:\Users\henry\AppData\Roaming\WTablet
2022-11-27 12:55 - 2022-11-27 12:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2022-11-27 12:55 - 2022-11-27 12:55 - 000000000 ____D C:\Program Files\Tablet
2022-11-27 12:55 - 2022-11-18 11:51 - 000137304 _____ (Wacom Co. Ltd.) C:\WINDOWS\system32\Drivers\wachidrouter.sys
2022-11-27 12:55 - 2022-11-18 11:51 - 000031288 _____ (Wacom Co. Ltd.) C:\WINDOWS\system32\Drivers\wacomrouterfilter.sys
2022-11-27 12:55 - 2022-11-18 11:50 - 002561984 _____ (Wacom Co. Ltd.) C:\WINDOWS\system32\Wacom_Tablet.dll
2022-11-27 12:55 - 2022-11-18 11:50 - 002554816 _____ (Wacom Co. Ltd.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2022-11-27 12:55 - 2022-11-18 11:50 - 002405312 _____ (Wacom Co. Ltd.) C:\WINDOWS\system32\WacomMT.dll
2022-11-27 12:55 - 2022-11-18 11:50 - 002377664 _____ (Wacom Co. Ltd.) C:\WINDOWS\system32\Wintab32.dll
2022-11-27 12:55 - 2022-11-18 11:50 - 002100672 _____ (Wacom Co. Ltd.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2022-11-27 12:55 - 2022-11-18 11:50 - 002093504 _____ (Wacom Co. Ltd.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2022-11-27 12:55 - 2022-11-18 11:50 - 001940928 _____ (Wacom Co. Ltd.) C:\WINDOWS\SysWOW64\WacomMT.dll
2022-11-27 12:55 - 2022-11-18 11:50 - 001909696 _____ (Wacom Co. Ltd.) C:\WINDOWS\SysWOW64\Wintab32.dll
2022-11-25 20:43 - 2022-11-25 20:43 - 000000000 ____D C:\WINDOWS\system32\N360_BACKUP
2022-11-25 20:38 - 2022-11-25 20:38 - 000001756 _____ C:\Users\henry\OneDrive\Documents\Where are my files.lnk
2022-11-24 23:59 - 2022-11-30 22:57 - 000000000 ____D C:\FRST
2022-11-24 23:23 - 2022-11-24 23:23 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2022-11-24 23:21 - 2022-11-24 23:21 - 000000000 ___RD C:\Users\henry\OneDrive\Documents\Microsoft.SecHealthUI_8wekyb3d8bbwe!SecHealthUI
2022-11-24 22:54 - 2022-01-07 13:36 - 001622088 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter08.dll
2022-11-24 00:31 - 2022-11-24 00:31 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-11-24 00:05 - 2022-11-24 00:05 - 000000000 ____D C:\Users\henry\AppData\LocalLow\BitTorrent.WebView2
2022-11-24 00:04 - 2022-11-27 12:55 - 000000000 ____D C:\ProgramData\Package Cache
2022-11-24 00:03 - 2022-11-24 00:03 - 000000000 ____D C:\Users\henry\AppData\Local\Adaware
2022-11-24 00:01 - 2022-11-24 00:01 - 000001351 _____ C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bittorrent_installer.lnk
2022-11-23 22:16 - 2022-11-25 20:19 - 000000000 ____D C:\Users\henry\OneDrive\Documents\N HC
2022-11-23 21:03 - 2022-11-30 19:58 - 000850308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-23 21:01 - 2022-11-30 19:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2022-11-23 21:01 - 2022-11-30 19:54 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-11-23 21:01 - 2022-11-30 19:51 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2022-11-23 21:01 - 2022-11-30 19:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-23 21:01 - 2022-11-28 22:06 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1327980298-1667911545-2908986163-1001
2022-11-23 21:01 - 2022-11-28 22:06 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1327980298-1667911545-2908986163-1001
2022-11-23 21:01 - 2022-11-23 21:01 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2022-11-23 21:01 - 2022-11-23 21:01 - 000011433 _____ C:\WINDOWS\diagerr.xml
2022-11-23 21:01 - 2022-11-23 21:01 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-23 21:01 - 2022-11-23 21:01 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-11-23 21:01 - 2022-11-23 21:01 - 000002612 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2022-11-23 21:01 - 2022-11-23 21:01 - 000000020 ___SH C:\Users\henry\ntuser.ini
2022-11-23 21:01 - 2022-11-23 21:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-11-23 20:59 - 2022-11-20 23:19 - 000273816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-11-23 20:56 - 2022-11-29 23:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-23 20:56 - 2022-11-23 21:01 - 000000000 ____D C:\Windows.old
2022-11-23 20:56 - 2022-11-23 20:56 - 000293656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-23 20:56 - 2022-11-23 20:56 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2022-11-23 20:54 - 2022-11-20 22:56 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-11-23 20:46 - 2022-11-23 21:01 - 000000000 ____D C:\Users\henry
2022-11-23 20:46 - 2022-11-23 20:56 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-11-23 20:46 - 2022-05-07 01:19 - 000001281 _____ C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-11-23 20:46 - 2022-05-07 01:19 - 000000407 _____ C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-11-23 20:45 - 2022-11-23 20:46 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-11-23 20:45 - 2022-11-23 20:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\RivetNetworks
2022-11-23 20:41 - 2022-11-23 20:41 - 000105312 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2022-11-23 20:40 - 2022-11-23 20:40 - 002088728 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-11-23 20:40 - 2022-11-23 20:40 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-11-23 20:40 - 2022-11-23 20:40 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-11-23 20:40 - 2022-11-23 20:40 - 000180224 _____ C:\WINDOWS\system32\stordiag.exe
2022-11-23 20:40 - 2022-11-23 20:40 - 000157008 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2022-11-23 20:40 - 2022-11-23 20:40 - 000133120 _____ C:\WINDOWS\SysWOW64\stordiag.exe
2022-11-23 20:40 - 2022-11-23 20:40 - 000094208 _____ C:\WINDOWS\system32\SecureBootEncodeUEFI.exe
2022-11-23 20:40 - 2022-11-23 20:40 - 000055144 _____ C:\WINDOWS\system32\SFAPE.dll
2022-11-23 20:40 - 2022-11-23 20:40 - 000016519 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-23 20:39 - 2022-11-23 20:39 - 002575632 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-11-23 20:39 - 2022-11-23 20:39 - 000296448 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-11-23 20:39 - 2022-11-23 20:39 - 000192512 _____ C:\WINDOWS\system32\CloudExperienceHostRedirection.dll
2022-11-23 20:39 - 2022-11-23 20:39 - 000098304 _____ C:\WINDOWS\system32\dplcsp.dll
2022-11-23 20:39 - 2022-11-23 20:39 - 000062832 _____ C:\WINDOWS\system32\AppInstallerBackgroundUpdate.exe
2022-11-23 20:39 - 2022-11-23 20:39 - 000046888 _____ C:\WINDOWS\system32\wow64base.dll
2022-11-23 20:38 - 2022-11-23 20:38 - 000327680 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-11-23 20:37 - 2022-11-23 20:37 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-11-23 20:37 - 2022-11-23 20:37 - 000000000 ____D C:\Program Files\MSBuild
2022-11-23 20:37 - 2022-11-23 20:37 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-11-23 20:37 - 2022-11-23 20:37 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-11-23 20:36 - 2022-11-23 20:36 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2022-11-23 20:36 - 2022-11-23 20:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-11-23 20:36 - 2022-11-23 20:36 - 000000000 ____D C:\WINDOWS\addins
2022-11-23 20:29 - 2022-11-23 20:29 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-11-23 20:24 - 2022-11-21 00:00 - 000817672 _____ (IDRIX) C:\WINDOWS\system32\Drivers\veracrypt.sys
2022-11-23 20:07 - 2022-11-23 21:01 - 000000000 ___DC C:\WINDOWS\Panther
2022-11-22 22:12 - 2022-11-23 21:46 - 000000000 ____D C:\Users\henry\AppData\LocalLow\Norton
2022-11-22 22:08 - 2022-11-22 22:08 - 000000000 ____D C:\Program Files\Common Files\AV
2022-11-22 22:03 - 2022-11-22 22:03 - 000000000 ____D C:\Users\henry\AppData\Local\Norton
2022-11-22 21:45 - 2022-11-23 20:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2022-11-22 21:45 - 2022-11-22 21:45 - 000100344 _____ (Broadcom) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2022-11-22 21:45 - 2022-11-22 21:45 - 000011311 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2022-11-22 21:45 - 2022-11-22 21:45 - 000002297 _____ C:\Users\Public\Desktop\Norton Security.lnk
2022-11-22 21:45 - 2022-11-22 21:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2022-11-22 21:45 - 2022-11-22 21:45 - 000000000 ____D C:\Program Files\Norton Security
2022-11-22 21:45 - 2022-11-22 21:45 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2022-11-22 21:41 - 2022-11-22 21:41 - 000000000 ____D C:\ProgramData\NortonInstaller
2022-11-22 21:41 - 2022-11-22 21:41 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2022-11-22 21:40 - 2022-11-22 22:14 - 000000000 ____D C:\ProgramData\Norton
2022-11-22 21:40 - 2022-11-22 21:40 - 000000000 ____D C:\Users\Public\Downloads\Norton
2022-11-21 21:33 - 2022-11-27 23:52 - 000000516 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2022-11-21 00:44 - 2022-11-21 00:00 - 005990184 _____ (IDRIX) C:\WINDOWS\system32\VeraCrypt.exe
2022-11-21 00:40 - 2022-11-21 00:44 - 000000000 ____D C:\ProgramData\VeraCrypt
2022-11-21 00:40 - 2022-11-21 00:40 - 002040945 _____ C:\Users\henry\OneDrive\Documents\VeraCrypt Rescue Disk.zip
2022-11-21 00:36 - 2022-11-21 01:15 - 000000000 ____D C:\Users\henry\AppData\Roaming\VeraCrypt
2022-11-21 00:06 - 2022-11-24 20:48 - 000000000 ____D C:\Users\henry\OneDrive\Documents\EVD
2022-11-21 00:00 - 2022-11-23 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2022-11-21 00:00 - 2022-11-21 00:00 - 000000888 _____ C:\Users\Public\Desktop\VeraCrypt.lnk
2022-11-21 00:00 - 2022-11-21 00:00 - 000000000 ____D C:\Program Files\VeraCrypt
2022-11-20 23:21 - 2022-11-23 20:59 - 000002078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast One.lnk
2022-11-20 23:21 - 2022-11-23 20:59 - 000002066 _____ C:\Users\Public\Desktop\Avast One.lnk
2022-11-20 23:21 - 2022-11-20 23:21 - 000000000 ____D C:\Users\henry\AppData\Roaming\Avast Software
2022-11-20 23:21 - 2022-11-20 23:21 - 000000000 ____D C:\Users\henry\AppData\Local\Avast Software
2022-11-20 23:20 - 2022-11-20 23:20 - 000065944 _____ (Avast Software) C:\WINDOWS\system32\Drivers\aswVpnRdr.sys
2022-11-20 23:20 - 2022-11-20 23:19 - 000038624 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2022-11-20 23:19 - 2022-11-20 23:20 - 000000000 ____D C:\Program Files\Avast Software
2022-11-20 23:19 - 2022-11-20 23:19 - 000852000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000688336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000555520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000391264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000318464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000297832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000268480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000229720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000210632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000105760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000095960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000080384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000039648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000031376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000025576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2022-11-20 23:19 - 2022-11-20 23:19 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2022-11-20 23:10 - 2022-11-23 20:56 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2022-11-20 23:10 - 2022-11-20 23:10 - 000000000 ____D C:\Users\henry\AppData\Local\PeerDistRepub
2022-11-20 23:00 - 2022-11-20 23:00 - 000000000 ____D C:\Users\henry\AppData\Local\CEF
2022-11-20 22:58 - 2022-11-30 19:51 - 000000000 ____D C:\ProgramData\Avast Software
2022-11-20 22:57 - 2022-11-20 22:57 - 000000000 ____D C:\Users\henry\AppData\Local\mbam
2022-11-20 22:56 - 2022-11-20 22:56 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-11-20 22:56 - 2022-11-20 22:56 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-11-20 22:56 - 2022-11-20 22:56 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-11-20 22:55 - 2022-11-20 22:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-11-20 22:55 - 2022-11-20 22:55 - 000000000 ____D C:\Program Files\Malwarebytes
2022-11-20 22:06 - 2022-11-20 22:06 - 000000000 ___HD C:\$WinREAgent
2022-11-20 21:13 - 2022-11-20 21:13 - 000000000 _SHDL C:\Documents and Settings
2022-11-20 21:11 - 2022-11-30 20:00 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-20 21:11 - 2022-11-20 21:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-11-20 21:11 - 2022-11-20 19:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-20 21:10 - 2022-11-30 19:51 - 000012288 ___SH C:\DumpStack.log.tmp
2022-11-20 19:45 - 2022-11-24 22:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-11-20 19:43 - 2022-11-20 19:43 - 000000000 ____D C:\ProgramData\RivetNetworks
2022-11-20 19:42 - 2022-11-20 19:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-11-20 19:41 - 2022-11-20 19:41 - 000000000 ____D C:\Users\henry\AppData\Local\Comms
2022-11-20 19:36 - 2022-11-20 19:36 - 000000000 ____D C:\Users\henry\AppData\Local\OneDrive
2022-11-20 19:26 - 2022-11-28 22:06 - 000002383 _____ C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-11-20 19:26 - 2022-11-25 20:32 - 000000000 ___RD C:\Users\henry\OneDrive
2022-11-20 19:26 - 2022-11-20 19:26 - 000000000 ___HD C:\OneDriveTemp
2022-11-20 19:26 - 2022-11-20 19:26 - 000000000 ____D C:\Users\henry\AppData\Local\VirtualStore
2022-11-20 19:25 - 2022-11-20 23:12 - 000000000 ____D C:\Users\henry\AppData\Local\PlaceholderTileLogoFolder
2022-11-20 19:24 - 2022-11-30 19:51 - 000000000 __SHD C:\Users\henry\IntelGraphicsProfiles
2022-11-20 19:24 - 2022-11-27 17:51 - 000000000 ____D C:\Users\henry\AppData\Local\Packages
2022-11-20 19:24 - 2022-11-24 23:43 - 000000000 ____D C:\Users\henry\AppData\Local\D3DSCache
2022-11-20 19:24 - 2022-11-23 21:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-11-20 19:24 - 2022-11-20 19:50 - 000000000 ____D C:\Users\henry\AppData\Local\ConnectedDevicesPlatform
2022-11-20 19:24 - 2022-11-20 19:25 - 000000000 ____D C:\Users\henry\AppData\Local\Intel
2022-11-20 19:24 - 2022-11-20 19:24 - 000000000 ____D C:\Users\henry\AppData\Roaming\Adobe
2022-11-20 19:24 - 2022-11-20 19:24 - 000000000 ____D C:\Users\henry\AppData\Local\Publishers
2022-11-20 19:01 - 2020-04-09 05:27 - 001145680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCOM64.dll
2022-11-20 19:01 - 2020-04-09 05:27 - 001093872 _____ (Realtek Semiconductor) C:\WINDOWS\system32\RtkAudUService64.exe
2022-11-20 19:01 - 2020-04-09 05:27 - 000844896 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64U.dll
2022-11-20 19:01 - 2020-04-09 05:27 - 000468776 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2022-11-20 19:01 - 2020-04-09 05:27 - 000224280 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2022-11-20 19:00 - 2022-11-27 17:51 - 000000000 ____D C:\ProgramData\Packages
2022-11-20 19:00 - 2022-11-23 20:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-11-20 19:00 - 2022-11-22 23:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-11-20 19:00 - 2022-11-20 19:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-11-20 19:00 - 2020-07-23 05:02 - 001780944 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-11-20 19:00 - 2020-07-23 05:02 - 001780944 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-11-20 19:00 - 2020-07-23 05:02 - 001371344 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-11-20 19:00 - 2020-07-23 05:02 - 001371344 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-11-20 19:00 - 2020-07-23 05:02 - 001086672 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-11-20 19:00 - 2020-07-23 05:02 - 001086672 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-11-20 19:00 - 2020-07-23 05:02 - 000946384 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-11-20 19:00 - 2020-07-23 05:02 - 000946384 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-11-20 19:00 - 2020-07-23 05:01 - 000674024 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-11-20 19:00 - 2020-07-23 05:01 - 000541920 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 006652824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 005883288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 003901680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 002367728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 002076560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 001569680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 001486736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 001146256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 001017744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 000816360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 000812432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 000670608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 000655592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 000581856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-11-20 19:00 - 2020-07-23 05:00 - 000555920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2022-11-20 19:00 - 2020-07-23 05:00 - 000444824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-11-20 19:00 - 2020-07-23 04:59 - 005500144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-11-20 19:00 - 2020-07-23 04:59 - 000849648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-11-20 19:00 - 2020-07-23 04:58 - 005399808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-11-20 19:00 - 2020-07-23 04:58 - 004716168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-11-20 19:00 - 2020-07-23 04:41 - 000078796 _____ C:\WINDOWS\system32\nvinfo.pb
2022-11-20 18:58 - 2022-11-20 18:58 - 000000000 ____D C:\ProgramData\Intel
2022-11-20 18:58 - 2022-11-20 18:58 - 000000000 ____D C:\Intel
2022-11-20 18:58 - 2022-11-20 18:58 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2022-11-20 18:57 - 2019-07-03 08:26 - 003169808 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_h265ve_64.dll
2022-11-20 18:57 - 2019-07-03 08:26 - 003162192 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_vp9ve_64.dll
2022-11-20 18:57 - 2019-07-03 08:26 - 003148824 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_h264ve_64.dll
2022-11-20 18:57 - 2019-07-03 08:26 - 002576344 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_h265ve_32.dll
2022-11-20 18:57 - 2019-07-03 08:26 - 002571872 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_vp9ve_32.dll
2022-11-20 18:57 - 2019-07-03 08:25 - 021060248 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2022-11-20 18:57 - 2019-07-03 08:25 - 019968376 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2022-11-20 18:57 - 2019-07-03 08:25 - 002951904 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_encrypt_64.dll
2022-11-20 18:57 - 2019-07-03 08:25 - 002563184 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_h264ve_32.dll
2022-11-20 18:57 - 2019-07-03 08:25 - 002410648 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_encrypt_32.dll
2022-11-20 18:57 - 2019-07-03 08:25 - 000212264 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2022-11-20 18:57 - 2019-07-03 08:25 - 000183944 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2022-11-20 18:57 - 2019-07-03 08:24 - 025074704 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2022-11-20 18:57 - 2019-07-03 08:24 - 011912208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2022-11-20 18:57 - 2019-07-03 08:24 - 002992152 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_mjpgvd_64.dll
2022-11-20 18:57 - 2019-07-03 08:24 - 002434064 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_mjpgvd_32.dll
2022-11-20 18:57 - 2019-07-03 08:24 - 000183320 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2022-11-20 18:57 - 2019-07-03 08:24 - 000148496 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2022-11-20 18:57 - 2019-07-03 08:24 - 000147480 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2022-11-20 18:57 - 2019-07-03 08:24 - 000121360 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2022-11-20 18:57 - 2019-07-03 08:24 - 000108560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2022-11-20 18:57 - 2019-07-03 08:06 - 001376256 _____ C:\WINDOWS\system32\c_64.cpa
2022-11-20 18:57 - 2019-07-03 08:06 - 001361159 _____ C:\WINDOWS\SysWOW64\c_32.cpa
2022-11-20 18:57 - 2019-07-03 08:06 - 000071497 _____ C:\WINDOWS\SysWOW64\h265e_32.vp
2022-11-20 18:57 - 2019-07-03 08:06 - 000071144 _____ C:\WINDOWS\SysWOW64\vp9e_32.vp
2022-11-20 18:57 - 2019-07-03 08:06 - 000069953 _____ C:\WINDOWS\SysWOW64\he_32.vp
2022-11-20 18:57 - 2019-07-03 08:06 - 000065201 _____ C:\WINDOWS\SysWOW64\mj_32.vp
2022-11-20 18:57 - 2019-07-03 08:06 - 000057143 _____ C:\WINDOWS\SysWOW64\dev_32.vp
2022-11-20 18:57 - 2019-07-03 08:06 - 000056359 _____ C:\WINDOWS\system32\dev_64.vp
2022-11-20 18:57 - 2019-07-03 08:06 - 000014005 _____ C:\WINDOWS\system32\h265e_64.vp
2022-11-20 18:57 - 2019-07-03 08:06 - 000013856 _____ C:\WINDOWS\system32\vp9e_64.vp
2022-11-20 18:57 - 2019-07-03 08:06 - 000013417 _____ C:\WINDOWS\system32\he_64.vp
2022-11-20 18:57 - 2019-07-03 08:06 - 000013185 _____ C:\WINDOWS\system32\mj_64.vp
2022-11-20 18:57 - 2019-07-03 08:06 - 000001125 _____ C:\WINDOWS\SysWOW64\cpa_32.vp
2022-11-20 18:57 - 2019-07-03 08:06 - 000001125 _____ C:\WINDOWS\system32\cpa_64.vp
2022-11-20 18:56 - 2020-04-09 05:25 - 007322920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2022-11-20 18:56 - 2020-04-09 05:15 - 039241077 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2022-11-20 18:13 - 2022-11-20 18:13 - 000000000 ____D C:\WINDOWS\CSC

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-30 22:32 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-11-30 21:51 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-30 19:58 - 2022-05-07 01:22 - 000000000 ____D C:\WINDOWS\INF
2022-11-30 01:20 - 2022-05-07 01:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-27 23:21 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-27 23:20 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-11-27 17:51 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-27 17:33 - 2022-05-07 01:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-11-26 20:35 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-11-24 22:49 - 2022-05-07 01:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-24 21:09 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\appcompat
2022-11-23 21:18 - 2022-05-07 01:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-11-23 21:02 - 2022-05-07 01:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-23 21:01 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-23 21:01 - 2022-05-07 01:24 - 000000000 ____D C:\Program Files\Windows Defender
2022-11-23 21:01 - 2022-05-07 01:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-11-23 20:59 - 2022-05-07 01:24 - 000000000 __RHD C:\Users\Public\Libraries
2022-11-23 20:59 - 2022-05-07 01:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-11-23 20:56 - 2022-05-07 01:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-11-23 20:56 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-11-23 20:56 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\spool
2022-11-23 20:56 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ServiceState
2022-11-23 20:56 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-11-23 20:56 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-11-23 20:48 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2022-11-23 20:45 - 2022-05-07 01:28 - 000000000 ____D C:\WINDOWS\Setup
2022-11-23 20:44 - 2022-05-07 03:39 - 000000000 ___SD C:\WINDOWS\system32\AppV
2022-11-23 20:44 - 2022-05-07 03:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\UUS
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\setup
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\Provisioning
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\Globalization
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-23 20:44 - 2022-05-07 01:24 - 000000000 ____D C:\Program Files\Common Files\System
2022-11-23 20:42 - 2022-05-07 01:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-11-23 20:42 - 2022-05-07 01:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2022-11-23 20:42 - 2022-05-07 01:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-11-23 20:42 - 2022-05-07 01:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2022
Ran by henry (30-11-2022 23:00:36)
Running from C:\Users\henry\OneDrive\Desktop\KS
Microsoft Windows 11 Pro Version 22H2 22621.819 (X64) (2022-11-24 01:01:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1327980298-1667911545-2908986163-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1327980298-1667911545-2908986163-503 - Limited - Disabled)
Guest (S-1-5-21-1327980298-1667911545-2908986163-501 - Limited - Disabled)
henry (S-1-5-21-1327980298-1667911545-2908986163-1001 - Administrator - Enabled) => C:\Users\henry
WDAGUtilityAccount (S-1-5-21-1327980298-1667911545-2908986163-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast One (HKLM\...\Avast Antivirus) (Version: 22.11.6041 - Avast Software)
Malwarebytes version 4.5.17.221 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.17.221 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1327980298-1667911545-2908986163-1001\...\OneDriveSetup.exe) (Version: 22.227.1030.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A40EC9FA-6D3F-4B66-B254-D9B42634931F}) (Version: 5.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Norton 360 (HKLM-x32\...\NGC) (Version: 22.22.10.9 - NortonLifeLock Inc)
NVIDIA Graphics Driver 451.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 451.67 - NVIDIA Corporation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.25.9 - IDRIX)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.4.0-11 - Wacom Technology Corp.)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
ZBrush 2022.0.5 Updater (HKLM\...\ZBrush 2022 2022) (Version: 2022.0.5 - Pixologic)

Packages:
=========
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.2.8.0_neutral__yxz26nhyzhsrt [2022-11-23] (Microsoft Corp.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.42.5.0_x64__6rarf9sa4v8jt [2022-11-20] (Disney)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-11-22] (Microsoft Studios) [MS Ad]
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.5.0_x64__8wekyb3d8bbwe [2022-11-23] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.30391.0_x64__8wekyb3d8bbwe [2022-11-23] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-11-23] (Microsoft Corporation)
Norton Security -> C:\Program Files\Norton Security\Engine\22.22.10.9 [2022-11-30] (0)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-11-23] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2022-11-20] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.198.691.0_x86__zpdnekdrzrea0 [2022-11-20] (Spotify AB) [Startup Task]
Waves MaxxAudio For Acer -> C:\Program Files\WindowsApps\WavesAudio.20761030F5EAC_1.0.67.0_x64__fh4rh281wavaa [2022-11-20] (Waves Audio)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-11-23] (Microsoft Windows)
WinRAR -> C:\Program Files\WinRAR [2022-11-27] (0)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.10.9\buShell.dll [2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.10.9\buShell.dll [2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.10.9\buShell.dll [2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-11-20] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.10.9\buShell.dll [2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.10.9\buShell.dll [2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.10.9\buShell.dll [2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-11-20] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-11-20] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.10.9\buShell.dll [2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.10.9\NavShExt.dll [2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.10.9\NavShExt.dll [2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-11-20] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-20] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvacegpu.inf_amd64_d6e443c3f366fc32\nvshext.dll [2020-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-11-20] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.10.9\buShell.dll [2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-20] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.10.9\NavShExt.dll [2022-11-07] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 08:08 - 2021-06-05 08:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2022-11-21 21:33 - 2022-11-27 23:52 - 000000516 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
530

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1327980298-1667911545-2908986163-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\henry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.255.0.0 - 208.94.176.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1327980298-1667911545-2908986163-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1327980298-1667911545-2908986163-1001\...\StartupApproved\Run: => "VeraCrypt"
HKU\S-1-5-21-1327980298-1667911545-2908986163-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8B53DA4E-34C2-424D-8283-0CE76D8C712E}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{15D615D0-8551-436A-9650-A4D96E8899B4}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{1A6B544F-D6CD-4A58-983F-98B25FF34C7A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.198.691.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6E729EAB-0E63-4353-A59D-72F2165EAED7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.198.691.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ED791397-202E-433F-B281-5E7BE3BB10B8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.198.691.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1A2F1A66-B4A2-4EF2-A447-F96FAE74B9A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.198.691.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D19C8476-D39A-4E8A-98EC-E65C69ED0D0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.198.691.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3019420F-0927-496A-8336-2D12C1481AEA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.198.691.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6CDB87C-C5CF-47EC-8E11-7DEF2BDB14A2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.198.691.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B12EEA42-2CD2-43AE-9DD8-5879B650F118}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.198.691.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{272B15EA-462E-427B-B515-C6960936D0F4}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D900A6B1-13CE-4B93-9F59-9F98AFD23038}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E94D06F6-AFED-416B-9EB5-A0D51ACB5860}] => (Allow) C:\Users\henry\AppData\Local\Temp\bittorrent\bittorrent.exe => No File
FirewallRules: [{3432493B-99DE-43FA-9F31-C38891BC0689}] => (Allow) C:\Users\henry\AppData\Local\Temp\bittorrent\bittorrent.exe => No File
FirewallRules: [{BD49A010-4E71-49F1-B2CA-1393A4E6EB07}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

28-11-2022 22:17:00 KpRm

==================== Faulty Device Manager Devices ============

Name: Intel(R) Wireless Bluetooth(R)
Description: Intel(R) Wireless Bluetooth(R)
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HD User Facing
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel(R) Wi-Fi 6 AX200 160MHz
Description: Intel(R) Wi-Fi 6 AX200 160MHz
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw10
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
==================== Event log errors: ========================

Application errors:
==================
Error: (11/30/2022 10:32:09 PM) (Source: Application Error) (EventID: 1000) (User: LUCIUS)
Description: Faulting application name: Explorer.EXE, version: 10.0.22621.755, time stamp: 0xbcd85d13
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.22621.819, time stamp: 0x156a1cdc
Exception code: 0xc000027b
Fault offset: 0x00000000004e6f1c
Faulting process id: 0x0x1f40
Faulting application start time: 0x0x1d90516ac4577b6
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: aa09c351-e595-490a-b18a-bf8bc543d30e
Faulting package full name:
Faulting package-relative application ID:

Error: (11/30/2022 07:55:50 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={015B2F04-0460-4D4E-84E3-3AFD91511A08}: The user SYSTEM dialed a connection named NortonSecureVpn which has failed. The error code returned on failure is 868.

Error: (11/30/2022 07:55:16 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={02F6C2DE-990E-4565-A004-F4B27CA630A4}: The user SYSTEM dialed a connection named NortonSecureVpn which has failed. The error code returned on failure is 868.

Error: (11/30/2022 07:54:55 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={988D71C5-20D2-48AD-8A29-57F77271D43D}: The user SYSTEM dialed a connection named NortonSecureVpn which has failed. The error code returned on failure is 868.

Error: (11/30/2022 07:54:30 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={5161D131-E25F-4CF6-BF23-62ACDD25E161}: The user SYSTEM dialed a connection named NortonSecureVpn which has failed. The error code returned on failure is 868.

Error: (11/30/2022 07:54:21 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={9139C556-7FAA-44A8-B88A-FAE63EC351D8}: The user SYSTEM dialed a connection named NortonSecureVpn which has failed. The error code returned on failure is 868.

Error: (11/30/2022 12:35:54 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={20DD4CED-6386-4AF2-80D9-40D264DB48E2}: The user SYSTEM dialed a connection named NortonSecureVpn which has failed. The error code returned on failure is 868.

Error: (11/29/2022 07:26:15 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D328CDEF-B739-4C9F-8C8C-BE939D645364}: The user SYSTEM dialed a connection named NortonSecureVpn which has failed. The error code returned on failure is 868.


System errors:
=============
Error: (11/28/2022 10:02:49 PM) (Source: DCOM) (EventID: 10010) (User: LUCIUS)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (11/27/2022 11:12:33 PM) (Source: DCOM) (EventID: 10010) (User: LUCIUS)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (11/27/2022 11:08:56 PM) (Source: DCOM) (EventID: 10010) (User: LUCIUS)
Description: The server MicrosoftWindows.Client.CBS_1000.22636.1000.0_x64__cw5n1h2txyewy!FESearchUI#{A1620B10-D4C9-4016-B3D9-BD96E52A0701} did not register with DCOM within the required timeout.

Error: (11/27/2022 01:29:11 PM) (Source: DCOM) (EventID: 10010) (User: LUCIUS)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (11/26/2022 12:14:07 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Avast Antivirus service did not shut down properly after receiving a preshutdown control.

Error: (11/24/2022 11:23:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error:
The system cannot find the file specified.

Error: (11/24/2022 11:21:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/24/2022 11:21:26 PM) (Source: DCOM) (EventID: 10010) (User: LUCIUS)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.


CodeIntegrity:
===============
Date: 2022-11-30 23:01:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.31 06/29/2020
Motherboard: CFL Octavia_CFS
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 43%
Total physical RAM: 16221.05 MB
Available physical RAM: 9132.05 MB
Total Virtual: 19165.05 MB
Available Virtual: 10608.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.77 GB) (Free:173.51 GB) (Model: NVMe HFM256GDJTNG-831) NTFS

\\?\Volume{1da15a3c-6b96-4d2a-85d9-0b2d511adccf}\ () (Fixed) (Total:0.59 GB) (Free:0.08 GB) NTFS
\\?\Volume{5f25be50-49d8-4cd6-a14c-c0806e0f7a85}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 405E3447)

Partition: GPT.

==================== End of Addition.txt =======================
 
Hello, Broni, nice to meet you. Like I said, I'm being targeted by some people, and they let me know that they are spying on me somehow. Could you help me please?
 
Well, this has been going on for a while. Mostly verbally, (A bunch of people trying to cyber harass me) It first started with mentions of "phishing", then my passwords to some of my personal accounts, like google were being mentioned. (Which were admittedly weak at the time). After that, it's just gotten worse, they've been speaking about everything from the websites I visit to things I save on my desktop, convos etc. Since then, I've been using strong passwords, 2FA, security keys, paid antivirus encryption etc. but I haven't been able to clean my devices yet.
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Thank you, sorry for the late reply:

Program : RogueKiller Anti-Malware
Version : 15.6.3.0
x64 : Yes
Program Date : Nov 15 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 11 (10.0.22621) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : henry
User is Admin : Yes
Date : 2022/12/04 01:24:57
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 226
Found items : 2
Total scanned : 48365
Signatures Version : 20221128_091401
Truesight Driver : Yes
Updates Count : 0
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3432493B-99DE-43FA-9F31-C38891BC0689} -- [%localappdata%\Temp\bittorrent\bittorrent.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3432493B-99DE-43FA-9F31-C38891BC0689}
[+] value : [%localappdata%\Temp\bittorrent\bittorrent.exe]
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 0
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E94D06F6-AFED-416B-9EB5-A0D51ACB5860} -- [%localappdata%\Temp\bittorrent\bittorrent.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E94D06F6-AFED-416B-9EB5-A0D51ACB5860}
[+] value : [%localappdata%\Temp\bittorrent\bittorrent.exe]
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/4/22
Scan Time: 4:48 PM
Log File: fee95aea-7414-11ed-8025-089798b51873.json

-Software Information-
Version: 4.5.18.226
Components Version: 1.0.1823
Update Package Version: 1.0.63050
License: Trial

-System Information-
OS: Windows 11 (Build 22621.819)
CPU: x64
File System: NTFS
User: Lucius\henry

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 461131
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 hr, 37 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-04-2022
# Duration: 00:00:05
# OS: Windows 11 (Build 22621.819)
# Scanned: 32086
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1419 octets] - [04/12/2022 23:33:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-05-2022
# Duration: 00:00:01
# OS: Windows 11 (Build 22621.819)
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1419 octets] - [04/12/2022 23:33:21]
AdwCleaner[S01].txt - [1480 octets] - [04/12/2022 23:37:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
That's disappointing. It's hard to move forward without knowing how I'm being monitored in the first place. I appreciate you taking the time though. Do you have any more possible suggestions I could try?
 
That's all, I can do here, check if your computer is clean.
Possibly, you're reading more, than it really is in this situation.
 
  • Like
Reactions: LucSom01
Thank you so much for the assistance. I appreciate you taking the time out to look at my stuff regardless
 
You must log in or register to reply here.

Similar threads

S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
798
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back