Inactive Windows .DLL Files & Drivers overwritten

[BBrown2022]

Hi, I've tried a lot of things but am unsure of how to fix this one. All my farbar scans come up with nothing flagged but what happened on my initial PC was I was being put into shells where the malware used my own graphics card against me. It then behind the scenes installed malicious drivers for all of my drivers. Re-writed alot if not all of my .DLL files even the windows 10 native files and essential services. The MD5 hashes are even considered legit when they are in fact malicious files. It infects silently and uploads/downloads from a cloud or something similar by using WIN 10 permission escalation eventually encrypting the files. I have tried BIOS flash, USB flash, etc. With no luck, somehow the malware just keeps coming back even after formatting drives with AOIMEI Partition Assistant 2022. It changed all the registry keys, etc etc. It changed a whole bunch of things. I will send the logs I have here now. I have disabled administrator / defaultuser0 / Default Account / WDAUtilityAccount and left my own profile alive. I changed permissions on folders that trustedinstaller had control of to try and limit the escalating privileges and even tried using icacls $env:windir\system32\config\*.* /inheritance:e command in prompt with no luck. All of the drivers that the malware installed are greyed out on the uninstallation/disable parts. The malware uses windows media player to read binary files like an artificial intelligence. It also reads all other kinds of files using windows media player and other things. It manages to take over and "update" legitimate services with malicious code. It uses the search function to do its thing. The craziest thing is being put in a shell by the graphics card where it looks like I'm on a normal desktop but I'm not. It ends up locking partition tables in its more advanced later phases rendering them unusable. The firmware BCD settings were changed or modified and a whole bunch more. Somehow the firmware modifications through the motherboard are keeping persistence. I will post my logs in the next comment. Not sure if anyone can help. I feel like it will be a million years before this one gets solved lol.

 

[BBrown2022]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2022
Ran by blain (administrator) on DESKTOP-AJSM8JS (29-07-2022 04:38:14)
Running from C:\Users\blain\OneDrive\Desktop
Loaded Profiles: blain
Platform: Microsoft Windows 10 Home Version 1909 18363.418 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7ac81bdb2c36ac80\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.16.1.254
Tcpip\..\Interfaces\{3fe8a9e9-3541-47c0-bf57-546eb6a67447}: [DhcpNameServer] 172.16.1.254

Edge:
=======
Edge Profile: C:\Users\blain\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7ac81bdb2c36ac80\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7ac81bdb2c36ac80\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-29 05:37 - 2022-07-29 04:01 - 000000000 ____D C:\WINDOWS\Panther
2022-07-29 05:37 - 2022-07-29 04:01 - 000000000 ____D C:\Windows.old
2022-07-29 05:36 - 2022-07-29 05:36 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\0409
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\Setup
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\OCR
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\DigitalLocker
2022-07-29 05:36 - 2022-07-29 05:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-07-29 05:35 - 2019-10-06 21:00 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2022-07-29 05:35 - 2019-10-06 21:00 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2022-07-29 05:34 - 2022-07-29 05:37 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\system32\Com
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\IME
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\Help
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\Program Files\Windows Defender
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\Program Files\Common Files\System
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-07-29 05:34 - 2022-07-29 05:36 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 __SHD C:\Program Files\Windows Sidebar
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 __RSD C:\WINDOWS\Media
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 __RHD C:\Users\Public\Libraries
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ___SD C:\WINDOWS\system32\Nui
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\Web
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\WaaS
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\Vss
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\tracing
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\TextInput
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\TAPI
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SystemApps
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\winevt
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\ti-et
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\ta-in
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\si-lk
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\ras
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\PointOfService

 

[BBrown2022]

2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\my-mm
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\Macromed
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\Keywords
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\IME
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\icsxml
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\ias
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\DriverState
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\downlevel
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\am-et
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\System
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SKB
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\security
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\schemas
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\SchCache
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\Resources
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\rescache
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\Registration
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\Provisioning
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\PLA
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\Performance
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\ModemLogs
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\L2Schemas
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\InputMethod
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\IdentityCRL
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\Globalization
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\DiagTrack
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\Cursors
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\Containers
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\Branding
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\addins
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\ProgramData\USOShared
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\Program Files\Windows Security
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\Program Files\Windows Portable Devices
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\Program Files\Windows NT
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\Program Files\Common Files\Services
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\Program Files (x86)\Windows NT
2022-07-29 05:34 - 2022-07-29 05:34 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2022-07-29 05:34 - 2022-07-29 05:33 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2022-07-29 05:34 - 2022-07-29 05:33 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2022-07-29 05:34 - 2022-07-29 05:33 - 000018903 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2022-07-29 05:34 - 2022-07-29 05:33 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2022-07-29 05:34 - 2022-07-29 05:33 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2022-07-29 05:34 - 2022-07-29 05:33 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2022-07-29 05:34 - 2022-07-29 05:33 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2022-07-29 05:34 - 2022-07-29 05:33 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2022-07-29 05:34 - 2022-07-29 05:33 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2022-07-29 05:34 - 2022-07-29 05:33 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2022-07-29 05:34 - 2022-07-29 05:33 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2022-07-29 05:34 - 2022-07-29 05:33 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2022-07-29 05:34 - 2022-07-29 05:33 - 000000219 _____ C:\WINDOWS\system.ini
2022-07-29 05:34 - 2022-07-29 05:33 - 000000092 _____ C:\WINDOWS\win.ini
2022-07-29 05:34 - 2022-07-29 04:59 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-29 05:34 - 2022-07-29 04:59 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-29 05:34 - 2022-07-29 04:59 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2022-07-29 05:34 - 2022-07-29 04:59 - 000000000 ____D C:\WINDOWS\appcompat
2022-07-29 05:34 - 2022-07-29 04:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-29 05:34 - 2022-07-29 04:21 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-29 05:34 - 2022-07-29 04:20 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-29 05:34 - 2022-07-29 04:02 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-07-29 05:34 - 2022-07-29 04:02 - 000000000 ____D C:\ProgramData\USOPrivate
2022-07-29 05:34 - 2022-07-29 04:01 - 000000000 ___RD C:\Program Files (x86)
2022-07-29 05:34 - 2022-07-29 04:01 - 000000000 ____D C:\WINDOWS\system32\spool
2022-07-29 05:34 - 2022-07-29 04:01 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-07-29 05:34 - 2022-07-29 04:01 - 000000000 ____D C:\WINDOWS\ServiceState
2022-07-29 05:33 - 2022-07-29 04:36 - 000000000 ____D C:\WINDOWS\INF
2022-07-29 05:31 - 2022-07-29 04:18 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-29 05:30 - 2022-07-29 05:36 - 000000000 ____D C:\WINDOWS\servicing
2022-07-29 05:30 - 2022-07-29 05:34 - 000000000 ____D C:\WINDOWS\system32\SMI
2022-07-29 05:30 - 2022-07-29 05:00 - 011534336 _____ C:\WINDOWS\system32\config\SYSTEM
2022-07-29 05:30 - 2022-07-29 05:00 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-07-29 05:30 - 2022-07-29 05:00 - 000262144 _____ C:\WINDOWS\system32\config\DEFAULT
2022-07-29 05:30 - 2022-07-29 05:00 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2022-07-29 05:30 - 2022-07-29 05:00 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2022-07-29 05:30 - 2022-07-29 04:59 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-07-29 05:30 - 2022-07-29 04:25 - 067108864 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-07-29 05:29 - 2022-07-29 05:58 - 000000000 ___HD C:\$SysReset
2022-07-29 05:00 - 2022-07-29 05:00 - 000000000 _SHDL C:\Users\Default User
2022-07-29 05:00 - 2022-07-29 05:00 - 000000000 _SHDL C:\Users\All Users
2022-07-29 05:00 - 2022-07-29 05:00 - 000000000 _SHDL C:\Documents and Settings
2022-07-29 04:59 - 2022-07-29 04:59 - 000258688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-29 04:59 - 2022-07-29 04:59 - 000000000 ____D C:\WINDOWS\system32\lxss
2022-07-29 04:59 - 2022-07-29 04:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-07-29 04:59 - 2022-07-29 04:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-07-29 04:59 - 2022-07-29 04:59 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-07-29 04:59 - 2022-07-29 04:29 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-29 04:59 - 2022-07-29 04:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-29 04:59 - 2022-07-29 04:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-29 04:59 - 2022-07-29 04:01 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-07-29 04:37 - 2022-07-29 04:38 - 000000000 ____D C:\FRST
2022-07-29 04:36 - 2022-07-29 04:36 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-07-29 04:25 - 2022-07-29 04:25 - 1102746767 _____ C:\WINDOWS\MEMORY.DMP
2022-07-29 04:25 - 2022-07-29 04:25 - 000819692 _____ C:\WINDOWS\Minidump\072922-7109-01.dmp
2022-07-29 04:16 - 2022-07-29 04:16 - 000000000 ____D C:\Users\blain\AppData\Local\ElevatedDiagnostics
2022-07-29 04:15 - 2022-07-29 04:15 - 000000000 ____D C:\Users\blain\AppData\Local\D3DSCache
2022-07-29 04:06 - 2022-07-29 04:06 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-29 04:06 - 2022-07-29 04:06 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4171114523-1282824719-2710994402-1001
2022-07-29 04:06 - 2022-07-29 04:06 - 000000000 ___HD C:\OneDriveTemp
2022-07-29 04:05 - 2022-07-29 04:26 - 000000000 ___RD C:\Users\blain\OneDrive
2022-07-29 04:05 - 2022-07-29 04:06 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4171114523-1282824719-2710994402-1001
2022-07-29 04:05 - 2022-07-29 04:05 - 000000000 ____D C:\Users\blain\AppData\Local\Comms
2022-07-29 04:05 - 2022-07-29 04:05 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-07-29 04:04 - 2022-07-29 04:04 - 000000000 ____D C:\Users\blain\AppData\Local\NVIDIA
2022-07-29 04:03 - 2022-07-29 04:25 - 000000000 ____D C:\Users\blain\AppData\Local\ConnectedDevicesPlatform
2022-07-29 04:03 - 2022-07-29 04:20 - 000000000 ____D C:\Users\blain\AppData\Local\Packages
2022-07-29 04:03 - 2022-07-29 04:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-07-29 04:03 - 2022-07-29 04:03 - 000000000 ___RD C:\Users\blain\3D Objects
2022-07-29 04:03 - 2022-07-29 04:03 - 000000000 ____D C:\Users\blain\AppData\Roaming\Adobe
2022-07-29 04:03 - 2022-07-29 04:03 - 000000000 ____D C:\Users\blain\AppData\Local\VirtualStore
2022-07-29 04:03 - 2022-07-29 04:03 - 000000000 ____D C:\Users\blain\AppData\Local\Publishers
2022-07-29 04:02 - 2022-07-29 04:25 - 000000000 ____D C:\Users\blain
2022-07-29 04:02 - 2022-07-29 04:20 - 000000000 ____D C:\ProgramData\Packages
2022-07-29 04:02 - 2022-07-29 04:06 - 000002367 _____ C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-29 04:02 - 2022-07-29 04:02 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-29 04:02 - 2022-07-29 04:02 - 000002259 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-29 04:02 - 2022-07-29 04:02 - 000002259 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2022-07-29 04:02 - 2022-07-29 04:02 - 000000020 ___SH C:\Users\blain\ntuser.ini
2022-07-29 04:01 - 2022-07-29 04:25 - 000000000 ____D C:\WINDOWS\minidump
2022-07-29 04:01 - 2022-07-29 04:01 - 000003482 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-29 04:01 - 2022-07-29 04:01 - 000003358 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-28 20:01 - 2022-04-27 13:15 - 001859736 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-07-28 20:01 - 2022-04-27 13:15 - 001859736 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-07-28 20:01 - 2022-04-27 13:15 - 001477328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-07-28 20:01 - 2022-04-27 13:15 - 001439896 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-07-28 20:01 - 2022-04-27 13:15 - 001439896 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-07-28 20:01 - 2022-04-27 13:15 - 001216072 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-07-28 20:01 - 2022-04-27 13:15 - 001098896 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-07-28 20:01 - 2022-04-27 13:15 - 001098896 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-07-28 20:01 - 2022-04-27 13:15 - 000952976 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-07-28 20:01 - 2022-04-27 13:15 - 000952976 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-07-28 20:01 - 2022-04-27 13:12 - 000717896 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-07-28 20:01 - 2022-04-27 13:12 - 000647376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-07-28 20:01 - 2022-04-27 13:12 - 000577608 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-07-28 20:01 - 2022-04-27 13:11 - 002113104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-07-28 20:01 - 2022-04-27 13:11 - 001595608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-07-28 20:01 - 2022-04-27 13:11 - 001521728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-07-28 20:01 - 2022-04-27 13:11 - 001171512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-07-28 20:01 - 2022-04-27 13:11 - 000919232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-07-28 20:01 - 2022-04-27 13:11 - 000750296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-07-28 20:01 - 2022-04-27 13:11 - 000708808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-07-28 20:01 - 2022-04-27 13:11 - 000677432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2022-07-28 20:01 - 2022-04-27 13:11 - 000565848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2022-07-28 20:01 - 2022-04-27 13:10 - 008854736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-07-28 20:01 - 2022-04-27 13:10 - 007919688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-07-28 20:01 - 2022-04-27 13:10 - 005675592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-07-28 20:01 - 2022-04-27 13:10 - 004989136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-07-28 20:01 - 2022-04-27 13:10 - 002927688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-07-28 20:01 - 2022-04-27 13:10 - 000449232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-07-28 20:01 - 2022-04-27 13:09 - 000852048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-07-28 20:01 - 2022-04-27 13:08 - 007280872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-07-28 20:01 - 2022-04-27 13:08 - 006216928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-07-28 20:01 - 2022-04-27 02:18 - 000083251 _____ C:\WINDOWS\system32\nvinfo.pb
2022-07-28 19:53 - 2020-10-07 13:33 - 000230720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2022-07-28 19:53 - 2020-10-07 13:33 - 000047232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll

 

[BBrown2022]

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
timeout 0

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {d5ec6f93-0f32-11ed-98e1-87c91386214c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {25e01a1f-0ef0-11ed-bf49-db96893dd4fe}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{25e01a20-0ef0-11ed-bf49-db96893dd4fe}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride PushButtonReset
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{25e01a20-0ef0-11ed-bf49-db96893dd4fe}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {25e01a1f-0ef0-11ed-bf49-db96893dd4fe}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {d5ec6f93-0f32-11ed-98e1-87c91386214c}
nx OptIn
bootmenupolicy Standard

Resume from Hibernate
---------------------
identifier {d5ec6f93-0f32-11ed-98e1-87c91386214c}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {25e01a1f-0ef0-11ed-bf49-db96893dd4fe}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {25e01a20-0ef0-11ed-bf49-db96893dd4fe}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi

==================== End of FRST.txt ========================

 

[BBrown2022]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2022
Ran by blain (29-07-2022 04:40:31)
Running from C:\Users\blain\OneDrive\Desktop
Microsoft Windows 10 Home Version 1909 18363.418 (X64) (2022-07-29 10:01:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4171114523-1282824719-2710994402-500 - Administrator - Disabled)
blain (S-1-5-21-4171114523-1282824719-2710994402-1001 - Administrator - Enabled) => C:\Users\blain
DefaultAccount (S-1-5-21-4171114523-1282824719-2710994402-503 - Limited - Disabled)
Guest (S-1-5-21-4171114523-1282824719-2710994402-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4171114523-1282824719-2710994402-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.77 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4171114523-1282824719-2710994402-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)

Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2022-07-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2022-07-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_x86__8wekyb3d8bbwe [2022-07-29] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2022-07-29] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.152.0_x64__kzf8qxf38zg5c [2022-07-29] (Skype)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7ac81bdb2c36ac80\nvshext.dll [2022-04-27] (Nvidia Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-07-29 05:34 - 2022-07-29 05:33 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4171114523-1282824719-2710994402-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\blain\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\breathtaking-scenery-landscape-view-m4-2560x1700.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:222.94 GB) (Free:189.08 GB) (85%)

==================== Faulty Device Manager Devices ============

Name: Intel(R) 82579V Gigabit Network Connection
Description: Intel(R) 82579V Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: e1i65x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/29/2022 04:29:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NVDisplay.Container.exe, version: 1.37.3103.4323, time stamp: 0x621dbda6
Faulting module name: NVDisplay.Container.exe, version: 1.37.3103.4323, time stamp: 0x621dbda6
Exception code: 0xc0000409
Fault offset: 0x0000000000070c55
Faulting process id: 0x16dc
Faulting application start time: 0x01d8a3360b3e9ad7
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7ac81bdb2c36ac80\Display.NvContainer\NVDisplay.Container.exe
Faulting module path: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7ac81bdb2c36ac80\Display.NvContainer\NVDisplay.Container.exe
Report Id: 5e7dac45-164d-42b0-beeb-84527a75d1b6
Faulting package full name:
Faulting package-relative application ID:

Error: (07/29/2022 04:16:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NVDisplay.Container.exe, version: 1.37.3103.4323, time stamp: 0x621dbda6
Faulting module name: NVDisplay.Container.exe, version: 1.37.3103.4323, time stamp: 0x621dbda6
Exception code: 0xc0000409
Fault offset: 0x0000000000070c55
Faulting process id: 0x1718
Faulting application start time: 0x01d8a334395a7708
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7ac81bdb2c36ac80\Display.NvContainer\NVDisplay.Container.exe
Faulting module path: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7ac81bdb2c36ac80\Display.NvContainer\NVDisplay.Container.exe
Report Id: f5e600c1-8ad6-4d94-8b46-39abb8444c43
Faulting package full name:
Faulting package-relative application ID:

Error: (07/29/2022 04:03:56 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Explorer (4844,R,98) TILEREPOSITORYS-1-5-21-4171114523-1282824719-2710994402-1001: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\blain\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/29/2022 04:03:02 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

Error: (07/29/2022 04:02:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Explorer (5572,R,98) TILEREPOSITORYS-1-5-21-4171114523-1282824719-2710994402-1000: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\defaultuser0\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (07/29/2022 04:37:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 69 time(s).

Error: (07/29/2022 04:37:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the drive specified.

Error: (07/29/2022 04:37:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 68 time(s).

Error: (07/29/2022 04:37:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the drive specified.

Error: (07/29/2022 04:37:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 67 time(s).

Error: (07/29/2022 04:37:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the drive specified.

Error: (07/29/2022 04:37:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 66 time(s).

Error: (07/29/2022 04:37:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the drive specified.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 2104 08/13/2013
Motherboard: ASUSTeK COMPUTER INC. SABERTOOTH Z77
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 10%
Total physical RAM: 24520.57 MB
Available physical RAM: 21938.61 MB
Total Virtual: 28488.57 MB
Available Virtual: 25307.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.94 GB) (Free:189.08 GB) (Model: KINGSTON SH103S3240G) NTFS

\\?\Volume{39f35400-3fdf-493b-aabd-3cb0a3ec46af}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{b441c46e-777b-43c0-9151-49809cd0dbdf}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 19A56CB1)

Partition: GPT.

==================== End of Addition.txt =======================

 

[BBrown2022]

Users shortcut scan result (x64) Version: 27-07-2022
Ran by blain (29-07-2022 04:41:05)
Running from C:\Users\blain\OneDrive\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\WINDOWS\system32\quickassist.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\WINDOWS\system32\psr.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\Links\Desktop.lnk -> C:\Users\blain\OneDrive\Desktop ()
Shortcut: C:\Users\blain\Links\Downloads.lnk -> C:\Users\blain\Downloads ()
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\blain\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\blain\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\blain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\blain\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\blain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\blain\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\Users\blain\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

==================== End of Shortcut.txt =============================

 

[Broni]

First of all, it's highly unlikely, that after all those steps you took, including formatting your drive, any malware should be present.
My basic question would be, what are the actual performance-wise issues with your computer? How, so called by you "malware", is affecting your computer?

 

[BBrown2022]

First of all, it's highly unlikely, that after all those steps you took, including formatting your drive, any malware should be present.
My basic question would be, what are the actual performance-wise issues with your computer? How, so called by you "malware", is affecting your computer?

It changed out all of my drivers to malicious copies. If I let the malware do what it wants to do it eventually encrypts all my files. I've already lost them all. Now, everytime I try and flash the BIOS and flash a fresh OS I get a version of windows that is persistent with the malware that over - time eventually encrypts all my data and has access to my passwords, personal and business. It takes time on a fresh install for the escalation of privileges for the malware to begin locking me out of my things but works extremely fast and works under the radar so to speak doing things in the background. Leaving my system compromised and unable to be used. It also locks my drives and renders them unusable. Also, my mouse will not move properly, it glitches all over the place making it extremely difficult to do anything.

I don't know wether it's malware or ransomware or an exploit. I am not really sure how to classify it other than it's taking my system and data away from me.

 

[Broni]

OK, I understand that you were possibly attacked by some ransomware, but is anything suspicious happening right now?