learninmypc
Posts: 9,676 +724
In regards to this thread https://www.techspot.com/community/topics/please-verify-your-email-address.276305/ I'm doubting it, but want to be sure. Scans follow.
Solved Have I been hacked?
- Thread starter learninmypc
- Start date
learninmypc
Posts: 9,676 +724
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by CYBER (24-07-2022 11:09:06)
Running from C:\Users\nutsa\OneDrive\Desktop
Microsoft Windows 11 Home Version 21H2 22000.832 (X64) (2022-06-21 00:23:40)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3951519236-3290055131-3229015962-500 - Administrator - Disabled)
CYBER (S-1-5-21-3951519236-3290055131-3229015962-1001 - Administrator - Enabled) => C:\Users\nutsa
DefaultAccount (S-1-5-21-3951519236-3290055131-3229015962-503 - Limited - Disabled)
Guest (S-1-5-21-3951519236-3290055131-3229015962-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3951519236-3290055131-3229015962-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Google Earth Pro (HKLM\...\{DE181B35-ACEF-4DB0-86D9-731D5767ABB1}) (Version: 7.3.4.8642 - Google)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.71 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.0.1 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9071.1 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1232 - SUPERAntiSpyware.com)
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-12] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-06-23] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-06-20 18:04 - 2022-06-20 18:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3951519236-3290055131-3229015962-1001\Control Panel\Desktop\\Wallpaper -> E:\EAGLE.png
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1FCDB92A-D40A-4A6C-8BDB-8C3AA1707D8E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EE1129D3-8A1A-4314-97EB-BA5BFCBABCC0}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22168.200.1405.7434_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71D995F3-D791-433E-A6FF-3A0AF8EBC1A7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22168.200.1405.7434_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FA34B8D7-A594-4EA2-BD32-D24C0CBCD417}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8D123F46-D4E4-4088-88A3-E27A076DA3C8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{308F7E57-4A42-4912-B27A-9D49C8A2E014}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63A0091A-450D-4F1A-9C7C-131810DB59B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CAF509CB-1919-4571-87A0-24C21880829A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ED629A2C-424D-424A-87D5-305213DB05E9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:57.13 GB) (Free:29.96 GB) (52%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/22/2022 05:16:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (07/22/2022 05:16:39 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (06/23/2022 06:19:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2022.31060.3004.0, time stamp: 0x629aa056
Faulting module name: twinapi.appcore.dll, version: 10.0.22000.593, time stamp: 0xa5a9468c
Exception code: 0xc000027b
Fault offset: 0x000000000010a594
Faulting process id: 0x11f8
Faulting application start time: 0x01d886f2db5bfb42
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2022.31060.3004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
Report Id: 6acb0f6c-4c7e-4f07-92da-c1c1acf386ea
Faulting package full name: Microsoft.Windows.Photos_2022.31060.3004.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (06/20/2022 05:25:21 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.
Error: (06/20/2022 05:24:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=1b750385-9fe2-49a8-ab55-149d0546395b;NotificationInterval=1440;Trigger=TimerEvent
Error: (06/20/2022 05:24:03 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=1b750385-9fe2-49a8-ab55-149d0546395b
Error: (06/20/2022 05:24:03 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7
Error: (06/20/2022 05:24:01 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=1b750385-9fe2-49a8-ab55-149d0546395b
System errors:
=============
Error: (07/20/2022 12:31:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (07/20/2022 12:29:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (07/20/2022 12:27:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (07/20/2022 12:26:21 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
Error: (07/19/2022 06:48:26 AM) (Source: Netwtw08) (EventID: 5010) (User: )
Description: Intel(R) Wireless-AC 9560 160MHz : The network adapter has returned an invalid value to the driver.
5010 - Driver DBG_ASSERT - instead of BSOD
Error: (07/19/2022 06:48:26 AM) (Source: Netwtw08) (EventID: 5002) (User: )
Description: Intel(R) Wireless-AC 9560 160MHz : Has determined that the network adapter is not functioning properly.
5002 - uCode SW error (SysAssert, NMI)
Error: (07/19/2022 06:48:25 AM) (Source: Netwtw08) (EventID: 5005) (User: )
Description: Intel(R) Wireless-AC 9560 160MHz : Has encountered an internal error and has failed.
5005 - Driver internal error
Error: (07/19/2022 06:48:25 AM) (Source: Netwtw08) (EventID: 5005) (User: )
Description: Intel(R) Wireless-AC 9560 160MHz : Has encountered an internal error and has failed.
5005 - Driver internal error
Windows Defender:
================
Date: 2022-07-24 10:51:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-20 15:06:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-19 15:06:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-18 15:53:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-17 15:08:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
==================== Memory info ===========================
BIOS: Insyde Corp. V1.03 05/02/2018
Motherboard: GLK Sapporo_GL_S
Processor: Intel(R) Celeron(R) N4000 CPU @ 1.10GHz
Percentage of memory in use: 61%
Total physical RAM: 3902.67 MB
Available physical RAM: 1486.67 MB
Total Virtual: 5054.67 MB
Available Virtual: 2516.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:57.13 GB) (Free:29.96 GB) (Model: SanDisk DF4064) NTFS
\\?\Volume{fb32abdb-788a-4398-806f-84621fed7ff7}\ () (Fixed) (Total:1 GB) (Free:0.45 GB) NTFS
\\?\Volume{9d4c5976-bbbd-44b7-8780-da49b35a8b54}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 801238EA)
Partition: GPT.
==================== End of Addition.txt =======================
Ran by CYBER (24-07-2022 11:09:06)
Running from C:\Users\nutsa\OneDrive\Desktop
Microsoft Windows 11 Home Version 21H2 22000.832 (X64) (2022-06-21 00:23:40)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3951519236-3290055131-3229015962-500 - Administrator - Disabled)
CYBER (S-1-5-21-3951519236-3290055131-3229015962-1001 - Administrator - Enabled) => C:\Users\nutsa
DefaultAccount (S-1-5-21-3951519236-3290055131-3229015962-503 - Limited - Disabled)
Guest (S-1-5-21-3951519236-3290055131-3229015962-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3951519236-3290055131-3229015962-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Google Earth Pro (HKLM\...\{DE181B35-ACEF-4DB0-86D9-731D5767ABB1}) (Version: 7.3.4.8642 - Google)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.71 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.0.1 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9071.1 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1232 - SUPERAntiSpyware.com)
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-12] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-06-23] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-06-20 18:04 - 2022-06-20 18:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3951519236-3290055131-3229015962-1001\Control Panel\Desktop\\Wallpaper -> E:\EAGLE.png
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1FCDB92A-D40A-4A6C-8BDB-8C3AA1707D8E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EE1129D3-8A1A-4314-97EB-BA5BFCBABCC0}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22168.200.1405.7434_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71D995F3-D791-433E-A6FF-3A0AF8EBC1A7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22168.200.1405.7434_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FA34B8D7-A594-4EA2-BD32-D24C0CBCD417}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8D123F46-D4E4-4088-88A3-E27A076DA3C8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{308F7E57-4A42-4912-B27A-9D49C8A2E014}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63A0091A-450D-4F1A-9C7C-131810DB59B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CAF509CB-1919-4571-87A0-24C21880829A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ED629A2C-424D-424A-87D5-305213DB05E9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:57.13 GB) (Free:29.96 GB) (52%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/22/2022 05:16:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (07/22/2022 05:16:39 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (06/23/2022 06:19:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2022.31060.3004.0, time stamp: 0x629aa056
Faulting module name: twinapi.appcore.dll, version: 10.0.22000.593, time stamp: 0xa5a9468c
Exception code: 0xc000027b
Fault offset: 0x000000000010a594
Faulting process id: 0x11f8
Faulting application start time: 0x01d886f2db5bfb42
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2022.31060.3004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
Report Id: 6acb0f6c-4c7e-4f07-92da-c1c1acf386ea
Faulting package full name: Microsoft.Windows.Photos_2022.31060.3004.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (06/20/2022 05:25:21 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.
Error: (06/20/2022 05:24:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=1b750385-9fe2-49a8-ab55-149d0546395b;NotificationInterval=1440;Trigger=TimerEvent
Error: (06/20/2022 05:24:03 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=1b750385-9fe2-49a8-ab55-149d0546395b
Error: (06/20/2022 05:24:03 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7
Error: (06/20/2022 05:24:01 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=1b750385-9fe2-49a8-ab55-149d0546395b
System errors:
=============
Error: (07/20/2022 12:31:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (07/20/2022 12:29:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (07/20/2022 12:27:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (07/20/2022 12:26:21 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
Error: (07/19/2022 06:48:26 AM) (Source: Netwtw08) (EventID: 5010) (User: )
Description: Intel(R) Wireless-AC 9560 160MHz : The network adapter has returned an invalid value to the driver.
5010 - Driver DBG_ASSERT - instead of BSOD
Error: (07/19/2022 06:48:26 AM) (Source: Netwtw08) (EventID: 5002) (User: )
Description: Intel(R) Wireless-AC 9560 160MHz : Has determined that the network adapter is not functioning properly.
5002 - uCode SW error (SysAssert, NMI)
Error: (07/19/2022 06:48:25 AM) (Source: Netwtw08) (EventID: 5005) (User: )
Description: Intel(R) Wireless-AC 9560 160MHz : Has encountered an internal error and has failed.
5005 - Driver internal error
Error: (07/19/2022 06:48:25 AM) (Source: Netwtw08) (EventID: 5005) (User: )
Description: Intel(R) Wireless-AC 9560 160MHz : Has encountered an internal error and has failed.
5005 - Driver internal error
Windows Defender:
================
Date: 2022-07-24 10:51:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-20 15:06:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-19 15:06:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-18 15:53:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-17 15:08:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
==================== Memory info ===========================
BIOS: Insyde Corp. V1.03 05/02/2018
Motherboard: GLK Sapporo_GL_S
Processor: Intel(R) Celeron(R) N4000 CPU @ 1.10GHz
Percentage of memory in use: 61%
Total physical RAM: 3902.67 MB
Available physical RAM: 1486.67 MB
Total Virtual: 5054.67 MB
Available Virtual: 2516.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:57.13 GB) (Free:29.96 GB) (Model: SanDisk DF4064) NTFS
\\?\Volume{fb32abdb-788a-4398-806f-84621fed7ff7}\ () (Fixed) (Total:1 GB) (Free:0.45 GB) NTFS
\\?\Volume{9d4c5976-bbbd-44b7-8780-da49b35a8b54}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 801238EA)
Partition: GPT.
==================== End of Addition.txt =======================
learninmypc
Posts: 9,676 +724
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-07-2022
Ran by CYBER (administrator) on CYBER (Acer Swift SF114-32) (24-07-2022 11:07:23)
Running from C:\Users\nutsa\OneDrive\Desktop
Loaded Profiles: CYBER
Platform: Microsoft Windows 11 Home Version 21H2 22000.832 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(explorer.exe ->) (Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9b07ffc7fa5e6661\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9b07ffc7fa5e6661\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.549981c3f5f10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19572528 2020-12-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2020-12-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3951519236-3290055131-3229015962-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [10994528 2022-06-21] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-3951519236-3290055131-3229015962-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [176128 2022-05-10] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-20] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {255C8F46-0BB6-4BBE-84CF-F4E4B56D1F4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {26212E8D-8D48-4242-BCE1-3D7BDB39F1AE} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [217088 2022-07-24] (Microsoft Windows -> Microsoft Corporation)
Task: {26E78909-AE46-4F93-A08B-E9F4EB992175} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {32E9B141-0B3C-4425-B21A-105401FCE2BA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {58E50062-9086-4457-882D-889C65D31084} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [217088 2022-07-24] (Microsoft Windows -> Microsoft Corporation)
Task: {5CBD3320-13E5-468E-BC93-57981D2CA12B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3951519236-3290055131-3229015962-1001UA => C:\Users\nutsa\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (No File)
Task: {7BD5C9C3-A5E9-454B-AFE0-859E6BFB7C67} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {8B3C47E0-A02B-4214-8FBB-F6B1B25699AE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8D6CA196-9F37-4E8D-8B30-5320A6267FE8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3951519236-3290055131-3229015962-1001Core => C:\Users\nutsa\AppData\Local\Google\Update\GoogleUpdate.exe /c (No File)
Task: {9E094E16-9083-46BF-8F9B-41ECCBF3D9B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BA91D9BD-53A7-497B-846A-89F5F8CFE19A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2022-06-20] (Google LLC -> Google LLC)
Task: {D72A1A95-6989-4255-801F-2ADE7B34FC01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2022-06-20] (Google LLC -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1a453473-ab08-4f60-aa87-d2de20019bbd}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Edge:
=======
Edge Profile: C:\Users\nutsa\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-14]
FireFox:
========
FF DefaultProfile: wt8spyzs.default
FF ProfilePath: C:\Users\nutsa\AppData\Roaming\Mozilla\Firefox\Profiles\wt8spyzs.default [2022-06-20]
FF ProfilePath: C:\Users\nutsa\AppData\Roaming\Mozilla\Firefox\Profiles\1omi4txb.default-release-1657635647205 [2022-07-22]
FF Homepage: Mozilla\Firefox\Profiles\1omi4txb.default-release-1657635647205 -> www.kiro7.com
FF Notifications: Mozilla\Firefox\Profiles\1omi4txb.default-release-1657635647205 -> hxxps://www.instagram.com
FF Extension: (uBlock Origin) - C:\Users\nutsa\AppData\Roaming\Mozilla\Firefox\Profiles\1omi4txb.default-release-1657635647205\Extensions\uBlock0@raymondhill.net.xpi [2022-07-12]
FF Extension: (Colour-Spectrum) - C:\Users\nutsa\AppData\Roaming\Mozilla\Firefox\Profiles\1omi4txb.default-release-1657635647205\Extensions\{03cbb341-1206-45d2-8011-8152310ce478}.xpi [2022-07-12]
Chrome:
=======
CHR Profile: C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default [2022-07-24]
CHR Notifications: Default -> hxxps://mail.yahoo.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.kiro7.com/
CHR StartupUrls: Default -> "hxxps://www.kiro7.com/"
CHR Extension: (Earth and Moon) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\afmfhbdfjlfminjglfhcgcblgicnfcka [2022-06-20]
CHR Extension: (WOT Website Security & Privacy Protection) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2022-06-20]
CHR Extension: (uBlock Origin) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-19]
CHR Extension: (Video DownloadHelper) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-20]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\System32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [31896 2021-08-08] (Acer Incorporated -> Acer Incorporated)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [507904 2022-05-10] (Microsoft Corporation) [File not signed]
S3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-24 11:07 - 2022-07-24 11:07 - 000000000 ____D C:\FRST
2022-07-24 10:41 - 2022-07-24 10:41 - 000327680 _____ C:\WINDOWS\system32\pnpdiag.dll
2022-07-24 10:41 - 2022-07-24 10:41 - 000069632 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-07-24 10:41 - 2022-07-24 10:41 - 000041472 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-07-24 10:41 - 2022-07-24 10:41 - 000015022 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-24 10:40 - 2022-07-24 10:40 - 000335872 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-24 10:35 - 2022-07-24 10:35 - 000000000 ___HD C:\$WinREAgent
2022-07-21 18:51 - 2022-07-24 10:52 - 078643200 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-07-12 10:42 - 2022-07-12 10:42 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-12 10:42 - 2022-07-12 10:42 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-12 07:20 - 2022-07-12 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-12 07:20 - 2022-07-12 07:20 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-12 07:20 - 2022-07-12 07:20 - 000000997 _____ C:\Users\Public\Desktop\Firefox.lnk
2022-07-12 07:20 - 2022-07-12 07:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-12 07:20 - 2022-07-12 07:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-06 07:17 - 2022-07-21 18:51 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-06-29 08:33 - 2022-06-29 08:33 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6157577C.sys
2022-06-29 08:33 - 2022-06-29 08:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-06-29 08:32 - 2022-06-29 09:52 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2022-06-29 08:32 - 2022-06-29 08:32 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2022-06-28 07:46 - 2022-06-28 07:46 - 000000000 ____D C:\ProgramData\Sophos
2022-06-28 07:45 - 2022-06-28 07:45 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2022-06-28 07:45 - 2022-06-28 07:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2022-06-28 07:45 - 2022-06-28 07:45 - 000000000 ____D C:\Program Files (x86)\Sophos
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-24 11:07 - 2022-06-20 18:02 - 000000000 ____D C:\WINDOWS\INF
2022-07-24 10:57 - 2022-06-20 17:27 - 000848772 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-24 10:55 - 2022-06-20 18:00 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-24 10:54 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-07-24 10:54 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-24 10:54 - 2022-06-20 18:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-24 10:53 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\ServiceState
2022-07-24 10:53 - 2022-06-20 17:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-24 10:53 - 2022-06-20 17:18 - 000292920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-24 10:52 - 2022-06-20 17:56 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-24 10:52 - 2022-06-20 17:18 - 000012288 ___SH C:\DumpStack.log.tmp
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\Provisioning
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-24 10:48 - 2022-06-20 17:58 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-24 10:40 - 2022-06-20 17:21 - 003102720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-24 10:33 - 2022-06-20 18:04 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-24 10:33 - 2022-06-20 17:19 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-24 10:30 - 2022-06-20 17:53 - 000000000 ____D C:\Users\nutsa\AppData\LocalLow\Mozilla
2022-07-22 16:11 - 2022-06-20 17:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-22 01:51 - 2022-06-20 18:30 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-21 18:02 - 2022-06-20 17:41 - 000000000 ____D C:\Users\nutsa\AppData\Local\D3DSCache
2022-07-20 17:25 - 2022-06-20 17:19 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-20 17:25 - 2022-06-20 17:19 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-20 12:29 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-07-20 10:41 - 2022-06-20 18:00 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-20 10:41 - 2022-06-20 18:00 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-13 11:32 - 2022-06-20 17:40 - 000000000 ____D C:\Users\nutsa\AppData\Local\ConnectedDevicesPlatform
2022-07-12 10:47 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-12 10:30 - 2022-06-20 17:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-12 10:27 - 2022-06-20 17:44 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-28 07:36 - 2022-06-20 17:40 - 000000000 ____D C:\Users\nutsa\AppData\Local\Packages
2022-06-24 14:25 - 2022-06-20 17:41 - 000000000 ____D C:\ProgramData\Packages
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Ran by CYBER (administrator) on CYBER (Acer Swift SF114-32) (24-07-2022 11:07:23)
Running from C:\Users\nutsa\OneDrive\Desktop
Loaded Profiles: CYBER
Platform: Microsoft Windows 11 Home Version 21H2 22000.832 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(explorer.exe ->) (Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9b07ffc7fa5e6661\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9b07ffc7fa5e6661\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.549981c3f5f10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19572528 2020-12-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2020-12-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3951519236-3290055131-3229015962-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [10994528 2022-06-21] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-3951519236-3290055131-3229015962-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [176128 2022-05-10] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-20] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {255C8F46-0BB6-4BBE-84CF-F4E4B56D1F4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {26212E8D-8D48-4242-BCE1-3D7BDB39F1AE} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [217088 2022-07-24] (Microsoft Windows -> Microsoft Corporation)
Task: {26E78909-AE46-4F93-A08B-E9F4EB992175} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {32E9B141-0B3C-4425-B21A-105401FCE2BA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {58E50062-9086-4457-882D-889C65D31084} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [217088 2022-07-24] (Microsoft Windows -> Microsoft Corporation)
Task: {5CBD3320-13E5-468E-BC93-57981D2CA12B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3951519236-3290055131-3229015962-1001UA => C:\Users\nutsa\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (No File)
Task: {7BD5C9C3-A5E9-454B-AFE0-859E6BFB7C67} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {8B3C47E0-A02B-4214-8FBB-F6B1B25699AE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8D6CA196-9F37-4E8D-8B30-5320A6267FE8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3951519236-3290055131-3229015962-1001Core => C:\Users\nutsa\AppData\Local\Google\Update\GoogleUpdate.exe /c (No File)
Task: {9E094E16-9083-46BF-8F9B-41ECCBF3D9B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BA91D9BD-53A7-497B-846A-89F5F8CFE19A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2022-06-20] (Google LLC -> Google LLC)
Task: {D72A1A95-6989-4255-801F-2ADE7B34FC01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2022-06-20] (Google LLC -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1a453473-ab08-4f60-aa87-d2de20019bbd}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Edge:
=======
Edge Profile: C:\Users\nutsa\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-14]
FireFox:
========
FF DefaultProfile: wt8spyzs.default
FF ProfilePath: C:\Users\nutsa\AppData\Roaming\Mozilla\Firefox\Profiles\wt8spyzs.default [2022-06-20]
FF ProfilePath: C:\Users\nutsa\AppData\Roaming\Mozilla\Firefox\Profiles\1omi4txb.default-release-1657635647205 [2022-07-22]
FF Homepage: Mozilla\Firefox\Profiles\1omi4txb.default-release-1657635647205 -> www.kiro7.com
FF Notifications: Mozilla\Firefox\Profiles\1omi4txb.default-release-1657635647205 -> hxxps://www.instagram.com
FF Extension: (uBlock Origin) - C:\Users\nutsa\AppData\Roaming\Mozilla\Firefox\Profiles\1omi4txb.default-release-1657635647205\Extensions\uBlock0@raymondhill.net.xpi [2022-07-12]
FF Extension: (Colour-Spectrum) - C:\Users\nutsa\AppData\Roaming\Mozilla\Firefox\Profiles\1omi4txb.default-release-1657635647205\Extensions\{03cbb341-1206-45d2-8011-8152310ce478}.xpi [2022-07-12]
Chrome:
=======
CHR Profile: C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default [2022-07-24]
CHR Notifications: Default -> hxxps://mail.yahoo.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.kiro7.com/
CHR StartupUrls: Default -> "hxxps://www.kiro7.com/"
CHR Extension: (Earth and Moon) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\afmfhbdfjlfminjglfhcgcblgicnfcka [2022-06-20]
CHR Extension: (WOT Website Security & Privacy Protection) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2022-06-20]
CHR Extension: (uBlock Origin) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-19]
CHR Extension: (Video DownloadHelper) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nutsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-20]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\System32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [31896 2021-08-08] (Acer Incorporated -> Acer Incorporated)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [507904 2022-05-10] (Microsoft Corporation) [File not signed]
S3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-24 11:07 - 2022-07-24 11:07 - 000000000 ____D C:\FRST
2022-07-24 10:41 - 2022-07-24 10:41 - 000327680 _____ C:\WINDOWS\system32\pnpdiag.dll
2022-07-24 10:41 - 2022-07-24 10:41 - 000069632 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-07-24 10:41 - 2022-07-24 10:41 - 000041472 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-07-24 10:41 - 2022-07-24 10:41 - 000015022 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-24 10:40 - 2022-07-24 10:40 - 000335872 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-24 10:35 - 2022-07-24 10:35 - 000000000 ___HD C:\$WinREAgent
2022-07-21 18:51 - 2022-07-24 10:52 - 078643200 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-07-12 10:42 - 2022-07-12 10:42 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-12 10:42 - 2022-07-12 10:42 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-12 07:20 - 2022-07-12 07:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-12 07:20 - 2022-07-12 07:20 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-12 07:20 - 2022-07-12 07:20 - 000000997 _____ C:\Users\Public\Desktop\Firefox.lnk
2022-07-12 07:20 - 2022-07-12 07:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-12 07:20 - 2022-07-12 07:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-06 07:17 - 2022-07-21 18:51 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-06-29 08:33 - 2022-06-29 08:33 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6157577C.sys
2022-06-29 08:33 - 2022-06-29 08:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-06-29 08:32 - 2022-06-29 09:52 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2022-06-29 08:32 - 2022-06-29 08:32 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2022-06-28 07:46 - 2022-06-28 07:46 - 000000000 ____D C:\ProgramData\Sophos
2022-06-28 07:45 - 2022-06-28 07:45 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2022-06-28 07:45 - 2022-06-28 07:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2022-06-28 07:45 - 2022-06-28 07:45 - 000000000 ____D C:\Program Files (x86)\Sophos
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-24 11:07 - 2022-06-20 18:02 - 000000000 ____D C:\WINDOWS\INF
2022-07-24 10:57 - 2022-06-20 17:27 - 000848772 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-24 10:55 - 2022-06-20 18:00 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-24 10:54 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-07-24 10:54 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-24 10:54 - 2022-06-20 18:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-24 10:53 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\ServiceState
2022-07-24 10:53 - 2022-06-20 17:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-24 10:53 - 2022-06-20 17:18 - 000292920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-24 10:52 - 2022-06-20 17:56 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-24 10:52 - 2022-06-20 17:18 - 000012288 ___SH C:\DumpStack.log.tmp
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\Provisioning
2022-07-24 10:51 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-24 10:48 - 2022-06-20 17:58 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-24 10:40 - 2022-06-20 17:21 - 003102720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-24 10:33 - 2022-06-20 18:04 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-24 10:33 - 2022-06-20 17:19 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-24 10:30 - 2022-06-20 17:53 - 000000000 ____D C:\Users\nutsa\AppData\LocalLow\Mozilla
2022-07-22 16:11 - 2022-06-20 17:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-22 01:51 - 2022-06-20 18:30 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-21 18:02 - 2022-06-20 17:41 - 000000000 ____D C:\Users\nutsa\AppData\Local\D3DSCache
2022-07-20 17:25 - 2022-06-20 17:19 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-20 17:25 - 2022-06-20 17:19 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-20 12:29 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-07-20 10:41 - 2022-06-20 18:00 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-20 10:41 - 2022-06-20 18:00 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-13 11:32 - 2022-06-20 17:40 - 000000000 ____D C:\Users\nutsa\AppData\Local\ConnectedDevicesPlatform
2022-07-12 10:47 - 2022-06-20 18:04 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-12 10:30 - 2022-06-20 17:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-12 10:27 - 2022-06-20 17:44 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-28 07:36 - 2022-06-20 17:40 - 000000000 ____D C:\Users\nutsa\AppData\Local\Packages
2022-06-24 14:25 - 2022-06-20 17:41 - 000000000 ____D C:\ProgramData\Packages
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Broni
Posts: 56,041 +516
I don't see anything suspicious in your logs.
Regarding the message you received...the link in it is legit.
According to Twitter:
"If your Twitter account is locked or limited to certain account features, it may be compromised or in violation of the Twitter Rules or Terms of Service."
If you didn't violate any Twitter rules then maybe someone tried to hack your Twitter account and they won't to verify who is who.
I'd assume it'd be safe to follow steps from the message.
Regarding the message you received...the link in it is legit.
According to Twitter:
"If your Twitter account is locked or limited to certain account features, it may be compromised or in violation of the Twitter Rules or Terms of Service."
If you didn't violate any Twitter rules then maybe someone tried to hack your Twitter account and they won't to verify who is who.
I'd assume it'd be safe to follow steps from the message.
learninmypc
Posts: 9,676 +724
Ok & thanks. I did contact twitter, gave them the info they asked for, just wanted to make sure by you I was good, Thanks
Broni
Posts: 56,041 +516
Similar threads
Latest posts
-
Pioneer's latest Blu-ray drive caters to disc diehards- scavengerspc replied
-
New charging algorithm could double life of li-ion batteries- Endymio replied
-
10 Things We Hate About Nvidia- amstech replied
-
Sony's Ghost of Tsushima brings familiar PlayStation features to PC- WhiteLeaff replied
