Note: I added the MalwareBytes FRST fixlist.txt run output after the Addition.txt
---------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by strugglebus (10-09-2022 05:54:08)
Running from C:\Users\strugglebus\Desktop
Microsoft Windows 10 Home N Version 21H2 19044.1949 (X64) (2022-06-03 03:41:15)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2032487-556787044-367228669-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2032487-556787044-367228669-503 - Limited - Disabled)
Guest (S-1-5-21-2032487-556787044-367228669-501 - Limited - Disabled)
strugglebus (S-1-5-21-2032487-556787044-367228669-1001 - Administrator - Enabled) => C:\Users\strugglebus
WDAGUtilityAccount (S-1-5-21-2032487-556787044-367228669-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
AlecaFrame (HKU\S-1-5-21-2032487-556787044-367228669-1001\...\Overwolf_afmcagbpgggkpdkokjhjkllpegnadmkignlonpjm) (Version: 2.0.30 - Overwolf app)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.87 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.4 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{0fd12917-eb35-466f-b411-02c45a8a505d}) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) Hidden
AutoHotkey 1.1.34.03 (HKLM\...\AutoHotkey) (Version: 1.1.34.03 - Lexikos)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.64.43202 - Electronic Arts)
Chatterino7 version 7.3.5 (HKU\S-1-5-21-2032487-556787044-367228669-1001\...\{F5FE6614-04D4-4D32-8600-0ABA0AC113A4}_is1) (Version: 7.3.5 - 7TV)
Discord (HKU\S-1-5-21-2032487-556787044-367228669-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.639.1 - Dropbox, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{FAC47927-1A6A-4C6E-AD7D-E9756794A4BC}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.3 - )
Everything 1.4.1.1017 (x64) (HKLM\...\Everything) (Version: 1.4.1.1017 - voidtools)
Git (HKLM\...\Git_is1) (Version: 2.36.1 - The Git Development Community)
Glary Utilities 5.190 (HKLM-x32\...\Glary Utilities 5) (Version: 5.190.0.219 - Glarysoft Ltd)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
K-Lite Codec Pack 17.0.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.0.0 - KLCP)
LatencyMon 7.20 (HKLM\...\LatencyMon_is1) (Version: 7.20 - Resplendence Software Projects Sp.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 7.3.4.2 (HKLM\...\{C9090ED0-F3EE-4FF2-A3E1-0F2598FC7107}) (Version: 7.3.4.2 - The Document Foundation)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: - Logitech)
Malwarebytes version 4.5.14.210 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.14.210 - Malwarebytes)
Medal (HKU\S-1-5-21-2032487-556787044-367228669-1001\...\Medal) (Version: 4.1666.0 - Medal B.V.)
Microsoft .NET Host - 6.0.8 (x64) (HKLM\...\{6950FA03-8B88-4675-B685-FB21CA1762CC}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.8 (x64) (HKLM\...\{3C3CA326-3F1D-43B7-B0AD-CBC06B2DED5A}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.8 (x64) (HKLM\...\{7CEA3ABF-FE24-42AF-ADE6-B4A3EE346743}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-US) (HKLM-x32\...\{66D57636-BD4B-402F-9E7D-5E89C28C8136}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2032487-556787044-367228669-1001\...\Teams) (Version: 1.5.00.17656 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.8 (x64) (HKLM\...\{EB3983F9-3D60-456D-A11A-C1366C79AD3E}) (Version: 48.35.45540 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.8 (x64) (HKLM-x32\...\{ca35acb3-b442-44fb-924c-4448120bf689}) (Version: 6.0.8.31518 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 104.0.2 (x64 en-US)) (Version: 104.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 101.0 - Mozilla)
Node.js (HKLM\...\{4ACCDAEB-B4CB-4AAC-AFE6-AC3517234257}) (Version: 16.15.1 - Node.js Foundation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.4 - Notepad++ Team)
NVIDIA Graphics Driver 512.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.59 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.115.51547 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.204.0.1 - Overwolf Ltd.)
PowerToys (Preview) (HKLM\...\{9110B562-D4E7-45E7-BA08-9D9B6746BED0}) (Version: 0.61.1 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{65d1bc7a-8b73-4352-b61e-5c72c806594e}) (Version: 0.61.1 - Microsoft Corporation)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 10.4.7.22 - Bitsum)
Python 3.10.5 (64-bit) (HKU\S-1-5-21-2032487-556787044-367228669-1001\...\{e15803b8-d809-47f3-8818-73f0d155cf58}) (Version: 3.10.5150.0 - Python Software Foundation)
Python 3.10.5 Add to Path (64-bit) (HKLM\...\{514A924A-361B-4BF4-8FD0-1A431CE7C56E}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Core Interpreter (64-bit) (HKLM\...\{496B2CAE-CF79-440A-82F1-7587559ABA00}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Development Libraries (64-bit) (HKLM\...\{7B0F6EAD-C8A1-4496-8492-801EDE1A6323}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Documentation (64-bit) (HKLM\...\{3BC23B98-3D25-4A74-98FD-A1BE957A1340}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Executables (64-bit) (HKLM\...\{0FE1250F-6DD6-4948-B211-741B7CDBB335}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 pip Bootstrap (64-bit) (HKLM\...\{C3B084B6-D193-4633-BBB4-E890AAB946A2}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Standard Library (64-bit) (HKLM\...\{67F90672-C696-4DBB-8F33-95CCCFA21DCE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Tcl/Tk Support (64-bit) (HKLM\...\{7F7E3C5D-2A37-4F1D-8E8C-3BB073D36BFE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Test Suite (64-bit) (HKLM\...\{269FCA5D-D0CF-43B2-B656-24DF6DAA0D4E}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Utility Scripts (64-bit) (HKLM\...\{BBD9CCC0-981B-4976-91EC-4C1E637BCF85}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{25196DA8-29BD-4383-B7B5-B36C3BAF43F3}) (Version: 3.10.7826.0 - Python Software Foundation)
r2modman 3.1.29 (HKU\S-1-5-21-2032487-556787044-367228669-1001\...\ac231ef6-6414-5f8d-b36f-3b57705721dd) (Version: 3.1.29 - ebkr)
Revo Uninstaller 2.3.9 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.9 - VS Revo Group, Ltd.)
SanityCheck 3.52 (HKLM\...\SanityCheck_is1) (Version: 3.52 - Resplendence Software Projects Sp.)
Signal 5.56.0 (HKU\S-1-5-21-2032487-556787044-367228669-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 5.56.0 - Signal Messenger, LLC)
Spotify (HKU\S-1-5-21-2032487-556787044-367228669-1001\...\Spotify) (Version: 1.1.93.896.g3ae3b4f3 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlink (HKLM\...\Streamlink) (Version: 4.1.0-2 - Streamlink)
Streamlink Twitch GUI (HKLM-x32\...\streamlink-twitch-gui) (Version: v2.1.0 - Sebastian Meyer)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 132.1.10679 - Ubisoft)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 4.3.4.0 - Manuel Hoefs (Zottel))
VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Viscera Cleanup Detail: alpha v0.25
(HKLM\...\UDK-403a7741-1aa8-46eb-8bf1-26e89a3ee116) (Version: - RuneStorm
)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.5.13 - Black Tree Gaming Ltd.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhoCrashed 7.01 (HKLM\...\WhoCrashed_is1) (Version: 7.01 - Resplendence Software Projects Sp.)
WhySoSlow 1.61 (HKLM\...\WhySoSlowHome_is1) (Version: - Resplendence Software Projects Sp.)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom(64bit) (HKLM\...\{04571A7D-3702-4E44-B05E-8916DA1E8D09}) (Version: 5.11.6602 - Zoom)
Zotero (HKLM-x32\...\Zotero 6.0.13 (x86 en-US)) (Version: 6.0.13 - Corporation for Digital Scholarship)
Packages:
=========
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.2.0.0_x86__1sdd7yawvg6ne [2022-06-19] (File-New-Project) [Startup Task]
HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.51122.0_x64__8wekyb3d8bbwe [2022-06-05] (Microsoft Corporation)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa [2022-06-20] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-06-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-06-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-30] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-06-04] (NVIDIA Corp.)
PDF Merger & Splitter -> C:\Program Files\WindowsApps\AnywaySoftInc.PDFMergerSplitter_2.0.1.0_x64__0qkrc2qacwvfm [2022-06-18] (AnywaySoft, Inc.) [MS Ad]
PowerPlanSwitcher -> C:\Program Files\WindowsApps\28671Petrroll.PowerPlanSwitcher_0.4.4.0_x86__ge82akyxbc7z4 [2022-06-03] (Petrroll) [Startup Task]
WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_4.528.1755.0_x64__8wekyb3d8bbwe [2022-06-17] (Microsoft Corporation)
WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_4.528.1755.0_x86__8wekyb3d8bbwe [2022-06-17] (Microsoft Corporation)
WindowsAppRuntime.Singleton -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.Singleton_3.469.1654.0_x64__8wekyb3d8bbwe [2022-06-04] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2032487-556787044-367228669-1001_Classes\CLSID\{07665729-6243-4746-95b7-79579308d1b2}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.PdfPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2032487-556787044-367228669-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\strugglebus\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22147.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2032487-556787044-367228669-1001_Classes\CLSID\{45769bcc-e8fd-42d0-947e-02beef77a1f5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2032487-556787044-367228669-1001_Classes\CLSID\{afbd5a44-2520-4ae0-9224-6cfce8fe4400}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2032487-556787044-367228669-1001_Classes\CLSID\{ddee2b8a-6807-48a6-bb20-2338174ff779}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2032487-556787044-367228669-1001_Classes\CLSID\{eb1fdd5b-8f70-4b5a-b230-998a2dc19303}\localserver32 -> C:\Program Files\Streamlink Twitch GUI\bin\win64\snoretoast.exe (K Desktop Environment e.V. -> )
CustomCLSID: HKU\S-1-5-21-2032487-556787044-367228669-1001_Classes\CLSID\{ec52dea8-7c9f-4130-a77b-1737d0418507}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-07-15] (Notepad++ -> )
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2022-06-13] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2022-06-13] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2022-08-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2022-06-13] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-10] (Malwarebytes Inc. -> Malwarebytes)
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => C:\Program Files\OldNewExplorer\OldNewExplorer64.dll -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-05-22 14:57 - 2022-05-22 14:57 - 000613376 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2016-07-30 17:42 - 2016-07-30 17:42 - 002772692 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2017-04-02 13:01 - 2017-04-02 13:01 - 001748992 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll
2022-06-04 01:46 - 2021-12-26 10:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-06-06 00:12 - 2022-06-06 00:12 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2022-06-06 00:12 - 2022-06-06 00:12 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2022-06-06 00:12 - 2022-06-06 00:12 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2022-08-12 12:28 - 2022-06-06 00:12 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2022-08-12 12:28 - 2022-06-06 00:12 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2022-08-12 12:28 - 2022-06-06 00:12 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2022-08-12 12:28 - 2022-06-06 00:12 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2022-08-12 12:28 - 2022-06-06 00:12 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2022-08-12 12:28 - 2022-06-06 00:12 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62509244.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62509244.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2032487-556787044-367228669-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-2032487-556787044-367228669-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-2032487-556787044-367228669-1001\Software\Classes\.cmd: => <==== ATTENTION
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 05:14 - 2022-09-10 05:01 - 000000852 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python310\Scripts\;C:\Python310\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\;C:\Program Files\nodejs\;C:\ProgramData\chocolatey\bin;C:\Program Files\Git\cmd
HKU\S-1-5-21-2032487-556787044-367228669-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\strugglebus\AppData\Roaming\IrfanView\IrfanView_Wallpaper.png
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2032487-556787044-367228669-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2032487-556787044-367228669-1001\...\StartupApproved\Run: => "BakkesMod"
HKU\S-1-5-21-2032487-556787044-367228669-1001\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-2032487-556787044-367228669-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_8AAF2752449653DFFE2678CDFBDD2E44"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{06DC4355-50DF-4C40-94E8-3738A6F1AC1E}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F0D4150E-C7FB-4233-B18E-47F2D2960AA9}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{ACA87A0C-B75E-4E15-A9B0-AFA4B066002F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F7FE94D5-AB07-4827-AAE3-7B80A4BE7F13}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
==================== Restore Points =========================
05-09-2022 14:10:16 Scheduled Checkpoint
09-09-2022 17:54:13 Windows Modules Installer
10-09-2022 02:48:19 Removed Windows SDK AddOn
==================== Faulty Device Manager Devices ============
Name: Nahimic mirroring device
Description: Nahimic mirroring device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Nahimic
Service: Nahimic_Mirroring
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
Name: Intel® Wireless-AC 9260 160MHz
Description: Intel® Wireless-AC 9260 160MHz
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw08
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (09/10/2022 05:46:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (09/10/2022 05:46:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d8549338-0cd5-4a6c-bfe0-f4bf9510fcf2}
Error: (09/10/2022 05:46:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d8549338-0cd5-4a6c-bfe0-f4bf9510fcf2}
Error: (09/10/2022 05:37:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (09/10/2022 05:37:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {8e549394-e69a-4a0f-bb0f-98e76ef08115}
Error: (09/10/2022 05:37:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {8e549394-e69a-4a0f-bb0f-98e76ef08115}
Error: (09/10/2022 05:36:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (09/10/2022 05:36:03 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {8e549394-e69a-4a0f-bb0f-98e76ef08115}
System errors:
=============
Error: (09/10/2022 05:01:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The LGHUB Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (09/10/2022 05:01:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GUBootService service terminated unexpectedly. It has done this 1 time(s).
Error: (09/10/2022 05:01:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
Error: (09/10/2022 05:01:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Everything service terminated unexpectedly. It has done this 1 time(s).
Error: (09/10/2022 05:01:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Process Lasso Core (Process Governor) service terminated unexpectedly. It has done this 1 time(s).
Error: (09/10/2022 04:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (09/10/2022 04:49:16 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\strugglebus\AppData\Local\Temp\ehdrv.sys
Error: (09/10/2022 04:49:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Windows Defender:
================
Date: 2022-09-09 12:22:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-09-07 04:14:54
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:MacOS/Jailbreak.T!MTB&threatid=2147793722&enterprise=0
Name: Exploit:MacOS/Jailbreak.T!MTB
Severity: Severe
Category: Exploit
Path: file:_C:\Users\strugglebus\Downloads\iPhone bleep\1.6.4-12.2-12.5.ipa
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\strugglebus\Downloads\MSERT.exe
Security intelligence Version: AV: 1.373.1681.0, AS: 1.373.1681.0, NIS: 1.373.1681.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
Date: 2022-09-07 04:13:51
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:iPhoneOS/Vortex.A!MTB&threatid=2147751430&enterprise=0
Name: Exploit:iPhoneOS/Vortex.A!MTB
Severity: Severe
Category: Exploit
Path: file:_C:\Users\strugglebus\Apple\MobileSync\Backup\78598163bc6cdaef2dce4c15c8b797b54f313bcd\b5\b5c1f7e4f95668b2436898ce74b9dba02f326d14
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\strugglebus\Downloads\MSERT.exe
Security intelligence Version: AV: 1.373.1681.0, AS: 1.373.1681.0, NIS: 1.373.1681.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
Date: 2022-09-07 02:47:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2022-09-07 02:47:19
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:iPhoneOS/Vortex.H!MTB&threatid=2147759847&enterprise=0
Name: Exploit:iPhoneOS/Vortex.H!MTB
Severity: Severe
Category: Exploit
Path: containerfile:_C:\Users\strugglebus\Apple\MobileSync\Backup\78598163bc6cdaef2dce4c15c8b797b54f313bcd\2b\2b9e71d194d2206c340ad9904de2567121a88a4a; containerfile:_C:\Users\strugglebus\Apple\MobileSync\Backup\78598163bc6cdaef2dce4c15c8b797b54f313bcd\2d\2dea0ceba6cbe2f76f05de6f77cc80696ed388a5; containerfile:_C:\Users\strugglebus\Apple\MobileSync\Backup\78598163bc6cdaef2dce4c15c8b797b54f313bcd\70\70f58c262d9971eeb7a3b9b543b5da71656bac49; file:_C:\Users\strugglebus\Apple\MobileSync\Backup\78598163bc6cdaef2dce4c15c8b797b54f313bcd\2b\2b9e71d194d2206c340ad9904de2567121a88a4a->Payload/Undecimus.app/binpack64-256.tar.lzma->(LZMA)->usr/bin/inject->(MachO-UniBin-0000); file:_C:\Users\strugglebus\Apple\MobileSync\Backup\78598163bc6cdaef2dce4c15c8b797b54f313bcd\2b\2b9e71d194d2206c340ad9904de2567121a88a4a->Payload/Undecimus.app/binpack64-256.tar.lzma->(LZMA)->usr/bin/inject->(MachO-UniBin-0001); file:_C:\Users\strugglebus\Apple\MobileSync\Backup\78598163bc6cdaef2dce4c15c8b797b54f313bcd\2d\2dea0ceba6cbe2f76f05de6f77cc80696ed388a5->Payload/Undecimus.app/binpac
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.373.1681.0, AS: 1.373.1681.0, NIS: 1.373.1681.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
Event[0]:
Date: 2022-09-07 03:02:16
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.
Date: 2022-09-07 03:01:44
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.
Date: 2022-09-07 03:01:34
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.
CodeIntegrity:
===============
Date: 2022-09-10 05:53:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends International, LLC. 1.F7 01/19/2022
Motherboard: Micro-Star International Co., Ltd. B450 GAMING PRO CARBON AC (MS-7B85)
Processor: AMD Ryzen 7 3700X 8-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 32693.58 MB
Available physical RAM: 23249.72 MB
Total Virtual: 49077.58 MB
Available Virtual: 37179.22 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:953.26 GB) (Free:428.87 GB) (Model: INTEL SSDPEKNW010T8) NTFS
Drive d: () (Fixed) (Total:0.5 GB) (Free:0.5 GB) (Model: WDC WD10EZEX-08WN4A0) FAT32
Drive m: (MyPrecious) (Fixed) (Total:1863 GB) (Free:1499.69 GB) (Model: WDC WD20EZBX-00AYRA0) NTFS
Drive x: (Xtra) (Fixed) (Total:238.47 GB) (Free:112.36 GB) NTFS
\\?\Volume{10c3b0c5-f3bb-42f8-8434-e1dd7db31f36}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{0c3dcf66-e19a-4ee6-8305-8244b69644c6}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 03115622)
Partition: GPT.
==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 2151E241)
Partition 1: (Active) - (Size=512 MB) - (Type=EF)
Partition 2: (Not Active) - (Size=931 GB) - (Type=05)
==========================================================
Disk: 3 (Size: 953.9 GB) (Disk ID: 0C44C888)
Partition: GPT.
==================== End of Addition.txt =======================
.
.
.
--------------------------------------------------------
.
.
.
.
mbst-fix-results.txt from the MalwareBytes Support Tool run I referenced above
-----------------------------------------
MBST Fix Results Log Version: 1.8.7.918
Date/Time Log Created: 2022-09-10 03:57:36.346
User Account Type: Admin
Operating System: Windows 10 Version 2009 x64
2022-09-10 03:57:36.541 Repair 1: WMI
2022-09-10 03:57:36.541 =========================
2022-09-10 03:57:36.541 Starting WMI repair process
2022-09-10 03:57:36.542 Attempting to stop service
2022-09-10 03:57:36.542 Failed to stop winmgmt service. Error: A stop control has been sent to a service that other running services are dependent on.(error=1051)
2022-09-10 03:57:36.542 Windows 2003 or lower. Skipping scan of C:\Windows\system32\wbem\WMIsvc.dll
2022-09-10 03:57:36.542 Resetting service configuration
2022-09-10 03:57:36.543 Restoring default registry settings
2022-09-10 03:57:36.801 Failed to restore the default service hive file. ERROR: Element not found.(error=1168)
2022-09-10 03:57:36.953 Deleting C:\Windows\system32\wbem\Repository
2022-09-10 03:57:36.974 Registering DLL files in C:\Windows\system32
2022-09-10 03:57:46.763 Registering WMI executables
2022-09-10 03:59:53.067 Deleting C:\Windows\SysWOW64\wbem\Repository
2022-09-10 03:59:53.087 Registering DLL files in C:\Windows\SysWOW64
2022-09-10 04:00:02.005 Registering WMI executables
2022-09-10 04:02:08.364 Attempting to start winmgmt service
2022-09-10 04:02:08.364 Service is already running
2022-09-10 04:02:08.364 winmgmt service is running.
2022-09-10 04:02:08.364 Running WMI reset commands
2022-09-10 04:02:20.206 Registering MOF files in C:\Windows\system32\wbem
2022-09-10 04:02:39.146 Registering MLF files in C:\Windows\system32\wbem
2022-09-10 04:02:39.146 Registering MOF files in C:\Windows\SysWOW64\wbem
2022-09-10 04:02:48.048 Registering MLF files in C:\Windows\SysWOW64\wbem
2022-09-10 04:02:48.048 Repair 2: BFE
2022-09-10 04:02:48.048 =========================
2022-09-10 04:02:48.048 Starting BFE repair process.
2022-09-10 04:02:48.048 Unable to open service BFE. Error: Access is denied.(error=5)
2022-09-10 04:02:48.048 Stopping BFE service.
2022-09-10 04:02:48.048 Resetting service configuration.
2022-09-10 04:02:48.048 Restoring default registry settings
2022-09-10 04:02:48.304 Failed to restore the default service hive file. ERROR: Element not found.(error=1168)
2022-09-10 04:02:48.314 Windows 2003 or lower. Skipping scan of C:\Windows\system32\bfe.dll
2022-09-10 04:02:48.314 Attempting to start BFE service
2022-09-10 04:02:48.314 BFE service is running.
2022-09-10 04:02:48.314 Repair 3: RpcSs
2022-09-10 04:02:48.314 =========================
2022-09-10 04:02:48.315 Restoring RpcSs.
2022-09-10 04:02:48.315 Unable to open service RpcSs. Error: Access is denied.(error=5)
2022-09-10 04:02:48.315 Stopping RpcSs service.
2022-09-10 04:02:48.315 Resetting service configuration.
2022-09-10 04:02:48.315 Restoring default registry settings
2022-09-10 04:02:48.496 Failed to restore the default service hive file. ERROR: Element not found.(error=1168)
2022-09-10 04:02:48.505 Windows 2003 or lower. Skipping scan of C:\Windows\System32\rpcss.dll
2022-09-10 04:02:48.505 Attempting to start RpcSs service
2022-09-10 04:02:48.506 RpcSs service is running.
2022-09-10 04:02:48.506 Repair 4: Firewall
2022-09-10 04:02:48.506 =========================
2022-09-10 04:02:48.506 Starting Firewall repair process.
2022-09-10 04:02:48.506 Unable to open service mpssvc. Error: Access is denied.(error=5)
2022-09-10 04:02:48.506 Stopping Windows Firewall service.
2022-09-10 04:02:48.506 Resetting service configuration for Windows Firewall service.
2022-09-10 04:02:48.506 Restoring default registry settings
2022-09-10 04:02:48.688 Failed to restore the default service hive file. ERROR: Element not found.(error=1168)
2022-09-10 04:02:48.697 Unable to open service mpsdrv. Error: Access is denied.(error=5)
2022-09-10 04:02:48.697 Stopping Windows Firewall Authorization driver.
2022-09-10 04:02:48.697 Stopping Internet Connection Sharing service.
2022-09-10 04:02:48.697 Resetting configuration for Internet Connection Sharing service.
2022-09-10 04:02:48.700 Restoring default registry settings
2022-09-10 04:02:48.883 Failed to restore the default service hive file. ERROR: Element not found.(error=1168)
2022-09-10 04:02:48.892 Windows 2003 or lower. Skipping scan of C:\Windows\system32\mpssvc.dll
2022-09-10 04:02:48.892 Windows 2003 or lower. Skipping scan of C:\Windows\system32\ipnathlp.dll
2022-09-10 04:02:48.892 Attempting to start mpssvc service
2022-09-10 04:02:48.892 Attempting to start mpsdrv service
2022-09-10 04:02:48.892 Attempting to start sharedaccess service
2022-09-10 04:02:48.903 Attempted to start service successfully
2022-09-10 04:02:48.903 Attempting to start mpssvc service
2022-09-10 04:02:48.903 mpssvc service is running.
-----------------------------------------------------------------------
Also might as well - Firefox has these listed on the about:third-party page.
All the dll files listed come up as hits on filescan.io / VirusTotal
[
{
"name": "mbae64.dll",
"fileVersion": "1.13.4.494",
"typeFlags": 1,
"signedBy": "Malwarebytes Inc.",
"applicationName": "Malwarebytes version 4.5.14.210",
"applicationPublisher": "Malwarebytes",
"events": [
{
"processType": "browser",
"processID": 15416,
"threadID": 15808,
"loadStatus": 0,
"loadDurationMS": 34.3672
},
{
"processType": "rdd",
"processID": 18516,
"threadID": 18520,
"loadStatus": 0,
"loadDurationMS": 66.7712
},
{
"processType": "tab",
"processID": 2132,
"threadID": 15980,
"loadStatus": 0,
"loadDurationMS": 39.6155
},
{
"processType": "tab",
"processID": 2648,
"threadID": 1928,
"loadStatus": 0,
"loadDurationMS": 39.4813
},
{
"processType": "tab",
"processID": 8340,
"threadID": 15432,
"loadStatus": 0,
"loadDurationMS": 46.291
},
{
"processType": "tab",
"processID": 13480,
"threadID": 2456,
"loadStatus": 0,
"loadDurationMS": 43.5446
},
{
"processType": "tab",
"processID": 14480,
"threadID": 21880,
"loadStatus": 0,
"loadDurationMS": 48.4105
},
{
"processType": "tab",
"processID": 15448,
"threadID": 14872,
"loadStatus": 0,
"loadDurationMS": 48.4608
},
{
"processType": "tab",
"processID": 15456,
"threadID": 17708,
"loadStatus": 0,
"loadDurationMS": 44.9107
},
{
"processType": "tab",
"processID": 15540,
"threadID": 20112,
"loadStatus": 0,
"loadDurationMS": 42.3047
},
{
"processType": "tab",
"processID": 15588,
"threadID": 1632,
"loadStatus": 0,
"loadDurationMS": 41.681
},
{
"processType": "tab",
"processID": 15960,
"threadID": 20624,
"loadStatus": 0,
"loadDurationMS": 42.604
},
{
"processType": "tab",
"processID": 16496,
"threadID": 16500,
"loadStatus": 0,
"loadDurationMS": 38.8784
},
{
"processType": "tab",
"processID": 16848,
"threadID": 16852,
"loadStatus": 0,
"loadDurationMS": 39.3072
},
{
"processType": "tab",
"processID": 17176,
"threadID": 17180,
"loadStatus": 0,
"loadDurationMS": 41.9682
},
{
"processType": "tab",
"processID": 17240,
"threadID": 20176,
"loadStatus": 0,
"loadDurationMS": 47.155
},
{
"processType": "tab",
"processID": 17244,
"threadID": 2328,
"loadStatus": 0,
"loadDurationMS": 44.3588
},
{
"processType": "tab",
"processID": 18480,
"threadID": 18484,
"loadStatus": 0,
"loadDurationMS": 62.1747
},
{
"processType": "tab",
"processID": 19260,
"threadID": 19264,
"loadStatus": 0,
"loadDurationMS": 48.3654
},
{
"processType": "tab",
"processID": 19452,
"threadID": 20096,
"loadStatus": 0,
"loadDurationMS": 48.1039
},
{
"processType": "tab",
"processID": 19568,
"threadID": 18820,
"loadStatus": 0,
"loadDurationMS": 51.9894
},
{
"processType": "tab",
"processID": 19572,
"threadID": 19576,
"loadStatus": 0,
"loadDurationMS": 67.355
},
{
"processType": "tab",
"processID": 19952,
"threadID": 19956,
"loadStatus": 0,
"loadDurationMS": 40.0499
},
{
"processType": "tab",
"processID": 20728,
"threadID": 20724,
"loadStatus": 0,
"loadDurationMS": 45.3631
},
{
"processType": "tab",
"processID": 20964,
"threadID": 8808,
"loadStatus": 0,
"loadDurationMS": 43.3305
},
{
"processType": "tab",
"processID": 22092,
"threadID": 17096,
"loadStatus": 0,
"loadDurationMS": 43.7956
},
{
"processType": "tab",
"processID": 22404,
"threadID": 17188,
"loadStatus": 0,
"loadDurationMS": 49.2021
}
]
},
{
"name": "nvwgf2umx_cfg.dll",
"fileVersion": "30.0.15.1259",
"typeFlags": 1,
"signedBy": "NVIDIA Corporation-PE-Prod-Sha1",
"events": [
{
"processType": "rdd",
"processID": 18516,
"threadID": 18520,
"loadStatus": 0,
"loadDurationMS": 5.5931
}
]
},
{
"name": "nvldumdx.dll",
"fileVersion": "30.0.15.1259",
"typeFlags": 1,
"signedBy": "NVIDIA Corporation-PE-Prod-Sha1",
"events": [
{
"processType": "rdd",
"processID": 18516,
"threadID": 18520,
"loadStatus": 0,
"loadDurationMS": 1.8997
}
]
}
]
Edited by strugglebus_central, 10 September 2022 - 05:52 AM.
FAQs
How do I check for malware on Windows 10? ›
- Select Start > Settings > Update & Security > Windows Security and then Virus & threat protection. Open Windows Security settings.
- Under Current threats, select Quick scan (or in early versions of Windows 10, under Threat history, select Scan now).
- Step 1: Make sure Google Play Protect is turned on. Open the Google Play Store app . ...
- Step 2: Check for Android device & security updates. Get the latest Android updates available for you. ...
- Step 3: Remove untrusted apps. ...
- Step 4: Do a Security Checkup.
Open your Windows Security settings. Select Virus & threat protection > Scan options. Select Windows Defender Offline scan, and then select Scan now.
Is Windows Defender as good as antivirus? ›While it used to be terrible, over the past few years, Microsoft has really turned it around and Defender is now one of the best antivirus software solutions, free or paid, at detecting, blocking and neutralizing malware.
How do I manually remove malware Windows 10? ›How to Remove Any Malware from Windows 10? - YouTube
Does Windows 10 reset remove malware? ›Running a factory reset, also referred to as a Windows Reset or reformat and reinstall, will destroy all data stored on the computer's hard drive and all but the most complex viruses with it. Viruses can't damage the computer itself and factory resets clear out where viruses hide.
How do I wipe my computer clean of viruses? ›- Step 1: Download and install a virus scanner. ...
- Step 2: Disconnect from internet. ...
- Step 3: Reboot your computer into safe mode. ...
- Step 4: Delete any temporary files. ...
- Step 5: Run a virus scan. ...
- Step 6: Delete or quarantine the virus.
Some computer viruses and other unwanted software reinstall themselves after the viruses and spyware are detected and removed. Fortunately, by updating the computer and by using malicious software removal tools, you can help permanently remove unwanted software.
Is Microsoft Defender enough? ›For a pre-installed free service, Microsoft Defender does an adequate job of securing your Windows PC. However, there are multiple free antivirus software for Windows that provides better protection than Microsoft Defender.
Can Windows Defender remove Trojan? ›First introduced with Windows XP, Microsoft Defender is a free antimalware tool to protect Windows users from viruses, malware, and other spyware. You can use it to help detect and remove the Trojan from your Windows 10 system.
How do I remove a virus from Windows 10 without antivirus? ›
Stop the virus on your device without Antivirus
To do that, press Ctrl + Alt + Delete and open the task manager. Then, go to 'Processes' and check for any unfamiliar programs running. To confirm if it is a virus, search online. If confirmed, highlight it and press 'End Process' to stop it.
Microsoft Defender Antivirus is a built-in malware scanner for Microsoft Windows 10. As part of the Windows Security suite, it will search for any files or programs on your computer that can cause harm to it. Defender looks for software threats like viruses and other malware across email, apps, the cloud, and the web.
How do you do a deep virus Scan? ›- Download and run the Microsoft Windows Malicious Software Removal Tool. ...
- Update your antivirus/antimalware software installed on your computer. ...
- Run a complete virus scan on your entire computer.
Spoiler alert: McAfee is the best choice. Although it's not free like Microsoft Defender, McAfee ensures you get what you pay for, providing all-around protection from online threats to save you money in the longer term. Keep reading to find out how I tested both providers to select the ultimate antivirus solution.
Is Windows Defender as good as McAfee? ›Bottom Line: McAfee provides an excellent anti-malware engine with lots of internet security extras that Windows Defender doesn't have. The Smart Firewall, Wi-Fi scanner, VPN, and anti-phishing protections are all significantly better than Microsoft's built-in tools.
Do I need another antivirus if I have Windows Defender? ›Windows Defender scans a user's email, internet browser, cloud, and apps for the above cyberthreats. However, Windows Defender lacks endpoint protection and response, as well as automated investigation and remediation, so more antivirus software is necessary.
Why does my computer keep saying I have a virus? ›Fake pop-ups have malicious intentions, and you should avoid clicking them at any cost. You may receive a fake virus alert claiming that your device has been infected and you need to install antivirus software.
Is my computer infected with malware? ›You can also head to Settings > Update & Security > Windows Security > Open Windows Security on Windows 10, or Settings > Privacy and Security > Windows Security > Open Windows Security on Windows 11. To perform an anti-malware scan, click “Virus & threat protection.” Click “Quick Scan” to scan your system for malware.
Does deleting an infected file remove the virus? ›Deleting an infected file removes both the virus and the infected file from your computer. Unless the virus has already infected other files on your computer, deleting an infected file is the most effective way of removing the virus and ensuring that it does not spread to other files.
Does factory reset remove Trojans? ›Is a Factory Reset Helpful in Removing Viruses? You can get rid of pretty much all viruses and other malware by doing a factory reset. By returning the OS to its original state, the factory reset option unwittingly removes any infected programs or files on your device.
Will a factory reset remove spyware? ›
A factory reset will delete everything on your phone, including the spyware. Make sure you have a backup of your phone before you do this to prevent losing your photos, apps, and other data. You'll need to restore your phone to a backup from before you started experiencing the spyware issues.
Does a factory reset delete everything? ›A factory data reset erases your data from the phone. While data stored in your Google Account can be restored, all apps and their data will be uninstalled. To be ready to restore your data, make sure that it's in your Google Account. Learn how to back up your data.
Does factory reset remove ransomware? ›If a ransomware attack only targeted certain file types, such as Office files, a reset would eradicate those infected files and your machine would recover in a clean state.
Will resetting PC remove hackers? ›So yeah, maybe resetting the computer would stop it, but it will have to be a simple virus. The only way to get rid of a hacker completely is to delete all drivers, and files that are installed into different peripherals, USB, wireless, network, bluetooth, drive, and everything that could possibly be rooted into.
Does factory reset remove Windows? ›If you want to recycle your PC, give it away, or start over with it, you can reset it completely. This removes everything and reinstalls Windows. Note: If you upgraded your PC from Windows 8 to Windows 8.1 and your PC has a Windows 8 recovery partition, resetting your PC will restore Windows 8.
How much does it cost to clean a computer from viruses? ›The cost to remove an infection is greatly going to depend on the infection(s) and the damage that has been done. The average removal will cost between $60 and $120 (When the work is done in my office).
Can resetting PC remove virus? ›In most cases, a factory reset will remove viruses. But how exactly do some manage to survive it? Wherever your backup data is stored, make sure you scan it for malware before moving any of it back to your device. The recovery partition is part of the hard drive where your device's factory settings are stored.
Can malware destroy your computer? ›In short, malware can wreak havoc on a computer and its network. Hackers use it to steal passwords, delete files and render computers inoperable. A malware infection can cause many problems that affect daily operation and the long-term security of your company.
Does Windows 10 have malware protection? ›Microsoft Defender Antivirus is a built-in malware scanner for Microsoft Windows 10. As part of the Windows Security suite, it will search for any files or programs on your computer that can cause harm to it. Defender looks for software threats like viruses and other malware across email, apps, the cloud, and the web.
Does Windows Defender scan for malware? ›Microsoft's Defender is pretty good at detecting malware files, blocking exploits and network-based attacks, and flagging phishing sites. It even includes simple PC performance and health reports as well as parental controls with content filtering, usage limitations, and location tracking.
How can I remove malware from my computer without antivirus? ›
w to remove virus from laptop without antivirus
Open Control Panel > click Windows Defender Firewall > Turn Windows Defender Firewall on. Step 2: Use the 'Virus & Threat Protection' feature to remove the virus. It is an in-built Windows feature that will easily enable you to remove viruses.
- Type "cmd" into the Windows search bar.
- Right-click Command prompt.
- Click Run as administrator.
- Click Yes.
- Type "cd ' and press Enter.
- Type "attrib –r –a –s –h *. *" and press Enter.
- Look for the virus in the list of files.
- Type "del " and press Enter.
Windows Defender vs McAfee: Malware Protection
All antivirus software was tested in three aspects during the evaluations: protection, performance, and usability. Windows Defender has a 6-star rating out of 6 for its outstanding performance. McAfee also gets a 6-star score in the aspect of malware protection.
- TotalAV Antivirus.
- Norton Antivirus.
- McAfee Free Antivirus.
- LifeLock.
- Avast Free Antivirus.
- Bitdefender Antivirus Free Edition.
- AVG AntiVirus FREE.
- Sophos Home.
- Your web browser or desktop is locked with a message about how to pay to unlock your system and/or your file directories contain a "ransom note" file that is usually a . txt file.
- All of your files have a new file extension appended to the filenames.
Running a factory reset, also referred to as a Windows Reset or reformat and reinstall, will destroy all data stored on the computer's hard drive and all but the most complex viruses with it. Viruses can't damage the computer itself and factory resets clear out where viruses hide.
Can Windows Defender remove Trojans? ›Windows Defender comes packed with the Windows 10 update and offers top-notch antimalware protection to keep your device and data safe. Although, Windows Defender is not capable of handling all kinds of viruses, malware, trojan, and other security threats.
Is Windows Defender better than Malwarebytes? ›Malwarebytes Premium is better than Windows Defender (also known as Microsoft Defender). Along with Malwarebytes, Defender offers real-time protection and on-demand scans. However, Malwarebytes also offers behavioral detection to pick up on new malware. That said, Windows Defender is better than Malwarebytes Free.
Does factory reset remove virus? ›On an Android device, a factory reset will generally remove a virus. The Android operating system uses an app on its recovery partition during a hard reset to restore factory settings. Malicious apps on mobile devices are less prevalent than desktop systems where antivirus software is crucial.
Can a computer with a virus be fixed? ›Some computer viruses and other unwanted software reinstall themselves after the viruses and spyware are detected and removed. Fortunately, by updating the computer and by using malicious software removal tools, you can help permanently remove unwanted software.
How do I manually remove a virus from my computer? ›
- Step 1: Download and install a virus scanner. ...
- Step 2: Disconnect from internet. ...
- Step 3: Reboot your computer into safe mode. ...
- Step 4: Delete any temporary files. ...
- Step 5: Run a virus scan. ...
- Step 6: Delete or quarantine the virus.
- Type cmd in the search bar, right-click "Command Prompt" and choose "Run as an administrator".
- Type F: and press "Enter".
- Type attrib -s -h -r /s /d *.
- Type dir and hit "Enter".
- For your information, a virus name may contain words like "autorun" and with ". inf" as the extension.
- Open Command Prompt, type cleanmgr, and hit Enter.
- In the Drive Selection window, select the drive you want to clean up and click OK.
- Next, in the Disk Cleanup window, select all the files you want to delete and click OK.
- Finally, click on Delete Files to confirm the action.
- Open Start.
- Search for PowerShell, right-click the top result, and select the Run as administrator option.
- Type the following command to see the Microsoft Defender Antivirus status and press Enter: Get-MpComputerStatus.