Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93116 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijacked accounts

Started by ba_jets , Apr 10 2025 04:15 PM
False log ins Payments on site that I neve

  • Please log in to reply
1 reply to this topic

#1 ba_jets

ba_jets

    New Member

  • New Member
  • Pip
  • 4 posts
  • Interests:Fantasy sports, politics, family

Posted 10 April 2025 - 04:15 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2025

Ran by bart2 (administrator) on ARTADI-DESKTOP (Hewlett-Packard HP ProDesk 600 G1 TWR) (10-04-2025 10:27:50)
Running from C:\Users\bart2\Downloads\FRST64 (1).exe
Loaded Profiles: bart2
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\BetOnline\GameClient.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\BetOnline\GameClient.exe ->) () [File not signed] C:\Program Files (x86)\BetOnline\GameBrowser64\GameBrowser.exe <5>
(C:\Program Files (x86)\Driver Support One\DSOneWeb.exe ->) (Driver Support -> Asurvio LP) C:\Program Files (x86)\Driver Support One\DSOneWebWD.exe
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe <5>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> GeoComply Solutions Inc.) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(explorer.exe ->) (Lunar Software Inc. -> Winning Poker Network, Inc.) C:\ACR Poker\ACRPoker.exe <9>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25022.57.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <31>
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(services.exe ->) (GeoComply Solutions Inc. -> GeoComply Solutions Inc.) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> GeoComply Solutions Inc.) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> GeoComply Solutions Inc.) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> GeoComply Solutions Inc.) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> GeoComply Solutions Inc.) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> ) C:\Windows\System32\OpenSSH\sshd.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2502.2.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2513.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Driver Support -> Solve iQ) C:\Program Files (x86)\Driver Support One\DSOneWeb.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9240512 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1492928 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [10752424 2025-01-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.54\Installer\setup.exe [7716392 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5012264 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\Run: [com.messenger] => C:\Users\bart2\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (No File)
HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\Run: [MicrosoftEdgeAutoLaunch_EF21C153D9F0942689A79B1E643B1959] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4418088 2025-04-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\MountPoints2: {5be79155-7447-11ec-881f-806e6f6e6963} - "E:\Setup.exe" 
HKU\S-1-5-21-2708210131-3929859599-577565344-1005\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5012264 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\135.0.7049.84\Installer\chrmstp.exe [2025-04-08] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {D59EC827-1D8C-4DD5-92CE-9567CD043803} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-19] (Adobe Inc. -> Adobe Inc.)
Task: {9489F281-BA36-4DED-B114-470FF69BD808} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [10752424 2025-01-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {5BDD776B-86F2-4A1A-AE63-D68501761237} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [11065256 2025-01-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {2F3AD80A-5527-420F-A61C-279E1E81A53C} - System32\Tasks\Driver Support One Agent => C:\Program Files (x86)\Driver Support One\DSOneWeb.exe [164352 2024-05-06] (Driver Support -> Solve iQ) <==== ATTENTION
Task: {FA80B6BA-71B1-4277-AECA-3C7F28E3A69A} - System32\Tasks\GeoComply Service Check => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd [1663 2025-04-07] () [File not signed] -> 
Task: {109A6E82-27D4-415B-9DE8-AE8430B2305F} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Update\GeoComplyUpdate.exe [6262976 2024-07-04] (GeoComply Solutions Inc. -> GeoComply)
Task: {112AE81F-73F2-4A3A-AED7-FD1D327A2DCD} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem136.0.7079.0{413751AE-896E-49EE-A958-83E8ED1002A6} => C:\Program Files (x86)\Google\GoogleUpdater\136.0.7079.0\updater.exe [7017568 2025-03-20] (Google LLC -> Google LLC)
Task: {5D9827EE-898B-4861-9559-CDD12751C190} - System32\Tasks\McUpdaterModuleTask => C:\Program Files (x86)\McAfee Security Scan\4.1.515\McUpdaterModule.exe  (No File)
Task: {FBF9CC3F-42E4-4936-BC99-4E501CC5D190} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2708210131-3929859599-577565344-1003 => C:\Users\bart2\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-09-17] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {2AA559CD-C53E-49E6-9024-122AF64599AE} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2561C14-9C38-4A77-AA9C-C035F65CFD2F} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {361E01FF-5E74-47A1-A79B-8F7C3C6749D1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29106392 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC30B6D8-1DF3-48BC-A25D-ADCCB735FCEF} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\opushutil.exe [59600 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7F16CD8-6F4B-4611-A6C8-032C0B7F67F3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29106392 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {2CA6F596-0AD6-45C5-8926-653EEEC186D8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A7B53DF-892C-49CE-B60C-1A33056C08B6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {1246A9E4-927D-4D95-A83D-3D7160522C19} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6FB675C0-FDF3-43F8-A9EA-B7B05630D997} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4F003427-13E6-434E-AFB0-FBA13FF9D978} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4E4E5CB9-F1B3-4F07-A309-D9EBB23B7AFF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7070DE0D-22BB-4D87-9A58-623395792929} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8CA927E-6D5F-4B95-A0DB-E203AB7E5D7C} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2708210131-3929859599-577565344-1003 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1BCEF23-4E54-464D-824F-634DF19DEC9B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2708210131-3929859599-577565344-1005 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {137A4788-325E-4A65-948B-B21C7356B13E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2708210131-3929859599-577565344-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  /reporting (No File) <==== ATTENTION
Task: {8E9A7D36-ACEB-4C85-95A2-D5494E2C26C4} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2708210131-3929859599-577565344-1003 => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\OneDriveLauncher.exe [673600 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {7ACCC5AD-E957-4490-A464-00334F5B5803} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2708210131-3929859599-577565344-1005 => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\OneDriveLauncher.exe [673600 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {A392E08E-12F5-425D-977A-BF06F7397F3A} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2708210131-3929859599-577565344-1003 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\Windows\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {91495AF6-230E-4907-B21F-C66CD61ECE36} - System32\Tasks\SecurityScannerScheduler => C:\Program Files (x86)\McAfee Security Scan\4.1.515\SSScheduler.exe  (No File)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{ed34fed8-0652-46f9-86e8-72b7c47cab5c}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-10]
Edge Notifications: Default -> hxxps://nypost.com; hxxps://www.facebook.com; hxxps://www.nfl.com
Edge HomePage: Default -> hxxp://www.google.com/
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2025-03-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (DuckDuckGo) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2025-04-08]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (HTTPS Everywhere) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fchjpkplmbeeeaaogdbhjbgbknjobohb [2022-08-27]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Google Docs Offline) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-26]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Amazon Assistant) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2023-03-29]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (WOT: Website Security & Safety Checker) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iiclaphjclecagpkkaacljnpcppnoibi [2025-03-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Edge relevant text changes) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2024-11-02]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Microsoft Outlook) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kkpalkknhlklpbflpcpkepmmbnmfailf [2022-08-27]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
 
FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default [2025-04-10]
CHR Notifications: Default -> hxxps://10.signupconfirmed.com; hxxps://20.signupconfirmed.com; hxxps://21.signupconfirmed.com; hxxps://29.signupconfirmed.com; hxxps://app.gameblazers.com; hxxps://app.prizepicks.com; hxxps://athlonsports.com; hxxps://benefits.holidayrelief.com; hxxps://brainable.com; hxxps://bucswire.usatoday.com; hxxps://coltswire.usatoday.com; hxxps://constative.com; hxxps://cordcuttersnews.com; hxxps://dailysportsreporter.com; hxxps://decider.com; hxxps://doctortian.com; hxxps://draftwire.usatoday.com; hxxps://engine.mybookie.ag; hxxps://excellenttown.com; hxxps://fansided.com; hxxps://felid.imogreth.cfd; hxxps://financebuzz.com; hxxps://jetsxfactor.com; hxxps://lawandcrime.com; hxxps://mail.google.com; hxxps://mission-statement.com; hxxps://ninernoise.com; hxxps://nypost.com; hxxps://outlook.live.com; hxxps://overoptimistic.lat; hxxps://pagesix.com; hxxps://people.com; hxxps://pokerfreerollpasswords.com; hxxps://repairit.wondershare.com; hxxps://sportsnaut.com; hxxps://thehill.com; hxxps://touchdownwire.usatoday.com; hxxps://twitter.com; hxxps://uidhealth.com; hxxps://vgnpoker.os.tc; hxxps://web.whatsapp.com; hxxps://www.abc10.com; hxxps://www.alternet.org; hxxps://www.americascardroom.eu; hxxps://www.arcamax.com; hxxps://www.bestreviews.guide; hxxps://www.betonline.ag; hxxps://www.cabletv.com; hxxps://www.democratchatcity.com; hxxps://www.draftkings.com; hxxps://www.facebook.com; hxxps://www.familyandpets.com; hxxps://www.fantasyalarm.com; hxxps://www.fastbackgroundcheck.com; hxxps://www.hardreset.info; hxxps://www.intelius.com; hxxps://www.kcra.com; hxxps://www.kiplinger.com; hxxps://www.koat.com; hxxps://www.messenger.com; hxxps://www.msnbc.com; hxxps://www.netflix.com; hxxps://www.newsweek.com; hxxps://www.newyorkjets.com; hxxps://www.nfl.com; hxxps://www.nydailynews.com; hxxps://www.paramountplus.com; hxxps://www.phonearena.com; hxxps://www.pinchme.com; hxxps://www.pulsz.com; hxxps://www.pulszbingo.com; hxxps://www.quora.com; hxxps://www.ranker.com; hxxps://www.rawstory.com; hxxps://www.reddit.com; hxxps://www.redstagcasino.eu; hxxps://www.replaypoker.com; hxxps://www.rotoballer.com; hxxps://www.si.com; hxxps://www.smithsonianmag.com; hxxps://www.speedcube.us; hxxps://www.sportingnews.com; hxxps://www.sportsbetting.ag; hxxps://www.sportskeeda.com; hxxps://www.sportsline.com; hxxps://www.thedailybeast.com; hxxps://www.thrivefantasy.com; hxxps://www.trueclassictees.com; hxxps://www.usatoday.com; hxxps://www.usphonebook.com; hxxps://www.wgrz.com; hxxps://www.wildcasino.ag; hxxps://www.windowscentral.com; hxxps://www.wps.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US91088G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Online) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlielhlgedcjnbkilihjhoheammcbgm [2025-04-06]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (WOT: Website Security & Safety Checker) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2025-03-27]hxxp://clients2.google.com/service/update2/crx
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2025-03-07]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-04-07]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (FantasyPros: Win your Fantasy League) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2025-03-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Google Docs Offline) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (APK Downloader) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\glngapejbnmnicniccdcemghaoaopdji [2024-03-13]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Coinbase Wallet extension) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2025-04-09]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-04-09]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Asterisk of Shame) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\khdhcpjgmmboblpbfnkfcbcpeocmeabb [2022-08-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Google Play) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2022-08-27]hxxp://clients2.google.com/service/update2/crx
CHR Extension: (Free Spell Checker for Google Chrome™) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgdcokhgjdpghmhdkbolccfcfdbklpo [2022-08-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Capital One Shopping: Save Now) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2025-04-02]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Chrome Web Store Payments) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2023-05-02]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\bart2\AppData\Local\Google\Chrome\User Data\System Profile [2022-09-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-2708210131-3929859599-577565344-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-19] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106952 2015-12-18] (Andrea Electronics -> Andrea Electronics Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13860056 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe [8311248 2025-04-07] (GeoComply Solutions Inc. -> GeoComply Solutions Inc.)
R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe [8356304 2025-04-07] (GeoComply Solutions Inc. -> GeoComply Solutions Inc.)
R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe [8331728 2025-04-07] (GeoComply Solutions Inc. -> GeoComply Solutions Inc.)
R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe [8153552 2025-04-07] (GeoComply Solutions Inc. -> GeoComply Solutions Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncHelper.exe [3535680 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9484384 2025-03-23] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2024-12-29] (Malwarebytes Inc. -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [943216 2025-04-03] (McAfee, LLC -> McAfee, LLC)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.046.0310.0005\OneDriveUpdaterService.exe [3882816 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe [8281552 2025-04-07] (GeoComply Solutions Inc. -> GeoComply Solutions Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2025-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\4.1.515\McCHSvc.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cpuz153; C:\Windows\temp\cpuz153\cpuz153_x64.sys [36864 2024-11-25] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R3 cpuz158; C:\Windows\temp\cpuz158\cpuz158_x64.sys [44592 2025-04-09] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [120416 2023-09-07] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R1 JitDriver; C:\Windows\system32\drivers\JitDriver.sys [48160 2024-12-02] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [231504 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2025-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [213088 2023-09-07] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20016 2025-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [605576 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-04-10 10:27 - 2025-04-10 10:28 - 000031497 _____ C:\Users\bart2\Downloads\FRST.txt
2025-04-10 10:26 - 2025-04-10 10:26 - 000001038 _____ C:\Users\bart2\OneDrive\Desktop\FRST64 (1) - Shortcut.lnk
2025-04-10 10:22 - 2025-04-10 10:22 - 002404864 _____ (Farbar) C:\Users\bart2\Downloads\FRST64 (1).exe
2025-04-09 04:58 - 2025-04-09 04:58 - 000000000 ____D C:\inetpub
2025-04-08 13:56 - 2025-04-09 05:00 - 000000000 ___HD C:\$WinREAgent
2025-03-24 09:25 - 2025-03-24 09:25 - 000000000 ___RD C:\Users\bart2\OneDrive\Documents\New folder
2025-03-23 18:18 - 2025-03-23 18:18 - 000000224 _____ C:\Users\bart2\OneDrive\Desktop\AF1QipOJlu87h7AsZzInPPfseRSWKQiE7wvSurLXZ8sp.url
2025-03-16 16:57 - 2025-03-16 16:57 - 000002683 _____ C:\Users\bart2\OneDrive\Desktop\mcluck.com.lnk
2025-03-13 14:52 - 2025-03-13 14:52 - 000000000 ____D C:\Users\bart2\AppData\Local\cache
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-04-10 10:28 - 2024-01-29 14:38 - 000000000 ____D C:\FRST
2025-04-10 10:20 - 2023-05-08 23:11 - 000000000 ____D C:\Users\bart2\AppData\Local\Malwarebytes
2025-04-10 10:20 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-04-10 07:28 - 2021-11-25 13:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-04-10 06:07 - 2023-08-10 14:17 - 000000000 ____D C:\Program Files (x86)\Driver Support One
2025-04-10 05:34 - 2024-04-04 19:19 - 000000000 ____D C:\Users\bart2\AppData\LocalLow\GB
2025-04-10 03:53 - 2022-08-27 19:33 - 000000000 ____D C:\Windows\SystemTemp
2025-04-10 03:03 - 2021-11-25 13:34 - 000000000 ____D C:\Windows\system32\Drivers\wd
2025-04-09 12:00 - 2022-10-08 16:27 - 000000000 ____D C:\Users\bart2\AppData\Local\CrashDumps
2025-04-09 10:01 - 2022-08-28 18:48 - 000000000 ____D C:\Users\bart2\AppData\Roaming\Loading
2025-04-09 09:33 - 2024-04-04 19:07 - 000000000 ____D C:\Program Files (x86)\BetOnline
2025-04-09 05:39 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-04-09 05:39 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\AppReadiness
2025-04-09 05:06 - 2021-11-25 13:44 - 000840602 _____ C:\Windows\system32\PerfStringBackup.INI
2025-04-09 05:06 - 2019-12-07 02:13 - 000000000 ____D C:\Windows\INF
2025-04-09 05:01 - 2024-12-15 22:22 - 000000883 _____ C:\Windows\system32\watchlog.txt
2025-04-09 05:01 - 2023-07-25 12:35 - 000000000 ____D C:\Users\bart2\AppData\Roaming\Messenger
2025-04-09 05:00 - 2022-08-27 13:40 - 000000000 ___RD C:\Users\bart2\OneDrive
2025-04-09 05:00 - 2022-08-27 13:39 - 000000000 __SHD C:\Users\bart2\IntelGraphicsProfiles
2025-04-09 05:00 - 2022-08-27 13:20 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2025-04-09 04:59 - 2024-02-09 15:52 - 000239568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2025-04-09 04:59 - 2021-11-25 13:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-04-09 04:59 - 2021-11-25 13:33 - 000439944 _____ C:\Windows\system32\FNTCACHE.DAT
2025-04-09 04:59 - 2021-11-25 13:33 - 000008192 ___SH C:\DumpStack.log.tmp
2025-04-09 04:59 - 2021-10-06 06:57 - 000000000 ____D C:\ProgramData\ssh
2025-04-09 04:59 - 2019-12-07 02:03 - 000786432 _____ C:\Windows\system32\config\BBI
2025-04-09 04:58 - 2024-07-10 19:52 - 000000000 ____D C:\Windows\system32\compatrel
2025-04-09 04:58 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-04-09 04:58 - 2019-12-07 02:51 - 000000000 ____D C:\Windows\system32\OpenSSH
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\PrintDialog
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SystemResources
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\oobe
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\Dism
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ShellExperiences
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ShellComponents
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-04-09 04:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\bcastdvr
2025-04-08 13:58 - 2023-10-11 01:01 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2025-04-08 13:58 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\CbsTemp
2025-04-08 13:53 - 2022-08-27 14:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-04-08 11:59 - 2021-11-25 13:37 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-04-07 14:26 - 2023-01-10 18:13 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-04-07 05:56 - 2023-04-02 15:39 - 000003212 _____ C:\Windows\system32\Tasks\GeoComply Service Check
2025-04-06 14:54 - 2024-06-03 11:24 - 000000000 ____D C:\Users\bart2\AppData\Roaming\Telegram Desktop
2025-04-05 15:05 - 2021-11-25 13:34 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-04-05 15:05 - 2021-11-25 13:34 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-04-05 05:05 - 2021-11-25 13:34 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-04 17:30 - 2021-11-25 13:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2025-04-04 11:43 - 2025-02-06 10:30 - 000003546 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-2708210131-3929859599-577565344-1005
2025-04-04 11:43 - 2025-02-06 10:30 - 000003546 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-2708210131-3929859599-577565344-1003
2025-04-04 11:43 - 2023-01-10 18:14 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2708210131-3929859599-577565344-1005
2025-04-04 11:43 - 2023-01-10 18:14 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-04-04 11:43 - 2023-01-10 18:14 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-04-04 11:43 - 2022-08-27 13:41 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2708210131-3929859599-577565344-1003
2025-04-01 17:59 - 2022-08-27 13:33 - 000000000 ____D C:\Users\bart2
2025-04-01 02:35 - 2024-07-01 13:05 - 000000000 ____D C:\ACR Poker
2025-03-23 05:35 - 2023-10-07 04:43 - 000000000 ____D C:\Program Files\RUXIM
2025-03-19 21:55 - 2024-05-02 16:44 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2025-03-19 21:54 - 2024-05-02 16:44 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-03-16 20:04 - 2023-03-14 11:44 - 000000000 ____D C:\Users\bart2\AppData\Roaming\Microsoft\Word
2025-03-16 16:57 - 2024-05-07 00:58 - 000000000 ____D C:\Users\bart2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2025-03-16 08:06 - 2022-08-27 13:41 - 000000000 ____D C:\Users\bart2\AppData\Local\PlaceholderTileLogoFolder
2025-03-16 08:06 - 2022-08-27 13:39 - 000000000 ____D C:\Users\bart2\AppData\Local\Packages
2025-03-14 02:22 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\servicing
 
==================== Files in the root of some directories ========
 
2023-04-02 15:40 - 2023-04-02 15:40 - 000000064 _____ () C:\Users\bart2\AppData\Roaming\changzhi_leidian.data
2024-05-02 21:12 - 2024-05-02 21:12 - 000000205 _____ () C:\Users\bart2\AppData\Local\oobelibMkey.log
2022-08-27 16:50 - 2024-07-12 16:31 - 000007598 _____ () C:\Users\bart2\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2025

Ran by bart2 (10-04-2025 10:30:05)
Running from C:\Users\bart2\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) (2022-08-27 20:20:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2708210131-3929859599-577565344-500 - Administrator - Disabled)
bart2 (S-1-5-21-2708210131-3929859599-577565344-1003 - Administrator - Enabled) => C:\Users\bart2
DefaultAccount (S-1-5-21-2708210131-3929859599-577565344-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-2708210131-3929859599-577565344-1005 - Limited - Enabled) => C:\Users\DevToolsUser
Guest (S-1-5-21-2708210131-3929859599-577565344-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2708210131-3929859599-577565344-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4uKey for Android (HKLM-x32\...\{4uKeyforAndroid}_is1) (Version: 2.11.3.8 - TENORSHARE(HONGKONG)LIMITED)
ACR Poker version 1.21.61 (HKLM-x32\...\{1A17EB4E-3E9C-4611-B8B5-31C0A00A1F69}_is1) (Version: 1.21.61 - Winning Poker Network, Inc.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 25.001.20435 - Adobe)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.6.0.79 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Best of Slots II (HKLM-x32\...\Best of Slots II) (Version: - )
BetOnline (HKLM-x32\...\BetOnline 0) (Version: - )
Driver Support One (HKLM-x32\...\DSOneWeb) (Version: 2.7.8846.36704 - Driver Support) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 135.0.7049.84 - Google LLC)
Malwarebytes version 5.2.8.173 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.8.173 - Malwarebytes)
Masque IGT Slots Little Green Men (HKLM-x32\...\{A54F806B-A2E1-4794-A7FE-365167EC67CB}) (Version: 1.0.3 - Masque Publishing)
Messenger (HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 215.6.643112060 - Facebook, Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18623.20156 - Microsoft Corporation)
Microsoft 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.18623.20156 - Microsoft Corporation)
Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.18623.20156 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 135.0.3179.54 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.046.0310.0005 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\4336df8a13b91f17) (Version: 17.1.987.16 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 (HKLM-x32\...\{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 (HKLM-x32\...\{1E6FC929-567E-4D22-9206-C5B83F0A21B9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.1.0.3 - GeoComply)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8328 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.4 - VS Revo Group, Ltd.)
Stellar Repair for Outlook (HKLM\...\Stellar Repair for Outlook_is1) (Version: 12.1.0.0 - Stellar Information Technology Pvt. Ltd.)
Telegram Desktop (HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.13.1 - Telegram FZ-LLC)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.1019 - McAfee, LLC)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00004) (HKLM\...\BE156A27AFEAEA39D6A7C9D25CFA8DAFAF91756B) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.)
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Chrome apps:
============
mcluck.com (HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\90d889df7246a2859951923ce5f18d61) (Version: 1.0 - Google\Chrome)
pulszbingo.com (HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\c5b98a8a42dada976bd9d0bc144ec052) (Version: 1.0 - Google\Chrome)
Word Wipe (HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\c0e343992de31b02aa75f2b52c66ada3) (Version: 1.0 - Google\Chrome)
WordHoot! (HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\8d5eb54bcc6d5835707a8b78fe100243) (Version: 1.0 - Google\Chrome)

Packages:
=========
APK 安装程序 -> C:\Program Files\WindowsApps\18184wherewhere.AndroidAppInstaller_0.1.26.0_x64__4v4sx105x6y4r [2025-03-08] (wherewhere)
Legacy Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.LegacyPhotosMediaEngineAdd-on_2022.2206.0.0_x64__8wekyb3d8bbwe [2025-03-04] (Microsoft Corporation)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2503.28001.0_x64__8wekyb3d8bbwe [2025-04-06] (Microsoft Corporation) [Startup Task]
Microsoft Photos Legacy -> C:\Program Files\WindowsApps\Microsoft.PhotosLegacy_2024.11090.26001.0_x64__8wekyb3d8bbwe [2025-03-04] (Microsoft Corporation)
OfficePushNotificationsUtility -> C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16 [2025-04-05] ()
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-04-23] (Microsoft Corporation)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2513.4.0_x64__cv1g1gvanyjgm [2025-04-09] (WhatsApp Inc.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2708210131-3929859599-577565344-1003_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2708210131-3929859599-577565344-1003_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.046.0310.0005\FileSyncShell64.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-05] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kldeobpjmljfjbelboglielmgckajceg\mcluck.com.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kldeobpjmljfjbelboglielmgckajceg
ShortcutWithArgument: C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kkmflnleefjemeaodibjnfiienlkcgjp\pulszbingo.com.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kkmflnleefjemeaodibjnfiienlkcgjp
ShortcutWithArgument: C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kceoabbanpbblgelkhgpgefgfpmolgko\WordHoot!.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kceoabbanpbblgelkhgpgefgfpmolgko
ShortcutWithArgument: C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_dpckobbjijomfmhdbdfbohjkemhloefm\Word Wipe.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=dpckobbjijomfmhdbdfbohjkemhloefm
ShortcutWithArgument: C:\Users\bart2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\mcluck.com.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kldeobpjmljfjbelboglielmgckajceg
ShortcutWithArgument: C:\Users\bart2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\pulszbingo.com.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kkmflnleefjemeaodibjnfiienlkcgjp
ShortcutWithArgument: C:\Users\bart2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Word Wipe.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=dpckobbjijomfmhdbdfbohjkemhloefm
ShortcutWithArgument: C:\Users\bart2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WordHoot!.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kceoabbanpbblgelkhgpgefgfpmolgko
ShortcutWithArgument: C:\Users\bart2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WordHoot!.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kceoabbanpbblgelkhgpgefgfpmolgko

==================== Loaded Modules (Whitelisted) =============

2024-07-01 13:05 - 2023-10-13 06:21 - 002574336 _____ () [File not signed] C:\ACR Poker\ffmpeg.dll
2024-07-01 13:05 - 2023-10-13 06:21 - 000379392 _____ () [File not signed] C:\ACR Poker\libegl.dll
2024-07-01 13:05 - 2023-10-13 06:21 - 006585344 _____ () [File not signed] C:\ACR Poker\libglesv2.dll
2024-07-01 13:05 - 2023-10-13 06:21 - 004512256 _____ () [File not signed] C:\ACR Poker\vk_swiftshader.dll
2024-04-04 19:07 - 2024-04-04 19:07 - 200904704 _____ () [File not signed] C:\Program Files (x86)\BetOnline\GameBrowser64\libcef.dll
2024-04-04 19:07 - 2024-04-04 19:07 - 000474112 _____ () [File not signed] C:\Program Files (x86)\BetOnline\GameBrowser64\libegl.dll
2024-04-04 19:07 - 2024-04-04 19:07 - 007465984 _____ () [File not signed] C:\Program Files (x86)\BetOnline\GameBrowser64\libglesv2.dll
2024-04-04 19:07 - 2025-02-27 13:54 - 000023040 _____ () [File not signed] C:\Program Files (x86)\BetOnline\glu2d3d8.dll
2024-04-04 19:07 - 2025-02-27 13:54 - 000194560 _____ () [File not signed] C:\Program Files (x86)\BetOnline\opengl2d3d8.dll
2024-04-04 19:07 - 2024-10-09 15:56 - 000640000 _____ () [File not signed] C:\Program Files (x86)\BetOnline\SQLite.dll
2024-04-04 19:07 - 2024-10-09 15:56 - 000083456 _____ () [File not signed] C:\Program Files (x86)\BetOnline\TinyXML2.dll
2024-04-04 19:07 - 2024-04-04 19:07 - 000413696 _____ (Creative Labs) [File not signed] C:\Program Files (x86)\BetOnline\wrap_oal.dll
2021-11-25 13:49 - 2021-11-25 13:49 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2021-11-25 13:49 - 2021-11-25 13:49 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2024-04-04 19:07 - 2024-04-04 19:07 - 000110592 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) [File not signed] C:\Program Files (x86)\BetOnline\OpenAL32.dll
2024-05-06 05:45 - 2024-05-06 05:45 - 001547776 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Driver Support One\SQLite.Interop.dll
2024-04-04 19:07 - 2024-04-04 19:07 - 001444352 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\BetOnline\GameBrowser64\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\bart2\Downloads\IgnitionCasino (1).exe:MBAM.Zone.Identifier [172]
AlternateDataStreams: C:\Users\bart2\Downloads\revosetup.exe:MBAM.Zone.Identifier [141]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 02:14 - 2024-05-02 16:54 - 000000853 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.1    mssplus.mcafee.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2708210131-3929859599-577565344-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\bart2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2708210131-3929859599-577565344-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Intel® Ethernet Connection I217-LM -> e1d65x64.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6382fb7b-7e25-4ad6-89ac-c4dcaa5c202c}] => (Allow) C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe => No File
FirewallRules: [{D02C0038-D702-4B58-BF61-97E59924117F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{7B7F1130-7936-4F5C-A251-A53035886345}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{22E7267F-2798-43D2-B0BA-E8C43AA8EF92}] => (Allow) C:\Users\bart2\Downloads\4ukeyforandroid-bing.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.)
FirewallRules: [{9B575000-9557-40C3-9FD4-74C8595F2B67}] => (Allow) C:\Users\bart2\Downloads\4ukeyforandroid-bing.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.)
FirewallRules: [{EC3AA942-B85B-4C84-A483-3181BD0477E1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71765305-6BD5-4429-B612-208148297AC7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\134.0.3124.93\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7156D859-32DE-476C-BCBF-688A402B0B6F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C6A9C9C9-B176-4AD5-A9DA-D2B4A3C94914}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61B261AE-7E93-47A4-B8C6-6302EBD1253A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AC5A9BE4-1CF1-45C0-BD77-7FD685CA554F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3E398F4-6709-47A3-9134-34DE063D5F67}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4A32D4CA-90C4-4B4D-B5BC-AA3727F69647}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

08-04-2025 11:54:15 Windows Modules Installer
08-04-2025 11:55:42 Windows Modules Installer

==================== Faulty Device Manager Devices ============
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/09/2025 12:00:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MbamBgNativeMsg.exe, version: 4.1.0.179, time stamp: 0x668d8ed3
Faulting module name: MbamBgNativeMsg.exe, version: 4.1.0.179, time stamp: 0x668d8ed3
Exception code: 0xc0000409
Fault offset: 0x0000000000183045
Faulting process id: 0x357c
Faulting application start time: 0x01dba947159e0dbc
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MbamBgNativeMsg.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MbamBgNativeMsg.exe
Report Id: 0dfeb2fb-8def-41da-b8cf-e7d7a53ea49a
Faulting package full name:
Faulting package-relative application ID:

Error: (04/07/2025 03:20:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MbamBgNativeMsg.exe, version: 4.1.0.179, time stamp: 0x668d8ed3
Faulting module name: MbamBgNativeMsg.exe, version: 4.1.0.179, time stamp: 0x668d8ed3
Exception code: 0xc0000409
Fault offset: 0x0000000000183045
Faulting process id: 0x2db0
Faulting application start time: 0x01dba8040b6a4ead
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MbamBgNativeMsg.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MbamBgNativeMsg.exe
Report Id: bb2f2c63-0a13-4cb4-844d-2671615d2320
Faulting package full name:
Faulting package-relative application ID:

Error: (04/06/2025 03:43:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on New Volume (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/06/2025 12:52:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.5555, time stamp: 0x07a44811
Faulting module name: SearchApp.exe, version: 10.0.19041.5555, time stamp: 0x07a44811
Exception code: 0xc000027b
Fault offset: 0x000000000019fb32
Faulting process id: 0x6a8c
Faulting application start time: 0x01dba72d7905b150
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 73a691c8-b5d3-4b57-b9e3-c474ad9e6c90
Faulting package full name: Microsoft.Windows.Search_1.14.17.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI

Error: (04/06/2025 12:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MbamBgNativeMsg.exe, version: 4.1.0.179, time stamp: 0x668d8ed3
Faulting module name: MbamBgNativeMsg.exe, version: 4.1.0.179, time stamp: 0x668d8ed3
Exception code: 0xc0000409
Fault offset: 0x0000000000183045
Faulting process id: 0x5b24
Faulting application start time: 0x01dba6a9798b4fe1
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MbamBgNativeMsg.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MbamBgNativeMsg.exe
Report Id: d0a8c97e-558e-478e-a9ae-5bb078439609
Faulting package full name:
Faulting package-relative application ID:

Error: (04/05/2025 09:06:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MbamBgNativeMsg.exe, version: 4.1.0.179, time stamp: 0x668d8ed3
Faulting module name: MbamBgNativeMsg.exe, version: 4.1.0.179, time stamp: 0x668d8ed3
Exception code: 0xc0000409
Fault offset: 0x0000000000183045
Faulting process id: 0x3004
Faulting application start time: 0x01dba679b4f484aa
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MbamBgNativeMsg.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MbamBgNativeMsg.exe
Report Id: b9b0ca02-c8b5-4def-8852-e86b542ce80f
Faulting package full name:
Faulting package-relative application ID:

Error: (04/05/2025 03:23:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MbamBgNativeMsg.exe, version: 4.1.0.179, time stamp: 0x668d8ed3
Faulting module name: MbamBgNativeMsg.exe, version: 4.1.0.179, time stamp: 0x668d8ed3
Exception code: 0xc0000409
Fault offset: 0x0000000000183045
Faulting process id: 0x3bf4
Faulting application start time: 0x01dba3f399d76740
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MbamBgNativeMsg.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MbamBgNativeMsg.exe
Report Id: 1f67d57f-17c8-4a4d-805e-879f8b70c1c2
Faulting package full name:
Faulting package-relative application ID:

Error: (04/04/2025 05:30:18 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ARTADI-DESKTOP)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.


System errors:
=============
Error: (04/10/2025 05:04:34 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Secure Boot is not enabled on this machine.). For more information, please see https://go.microsoft...?linkid=2169931

Error: (04/09/2025 05:04:34 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Secure Boot is not enabled on this machine.). For more information, please see https://go.microsoft...?linkid=2169931

Error: (04/09/2025 05:04:34 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Secure Boot is not enabled on this machine.). For more information, please see https://go.microsoft...?linkid=2169931

Error: (04/09/2025 05:01:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Guard Runtime Monitor Broker service terminated with the following error:
%%3489660935

Error: (04/09/2025 04:59:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The OpenSSH SSH Server service terminated unexpectedly. It has done this 1 time(s).

Error: (04/08/2025 01:58:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2025-04 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5057589).

Error: (04/08/2025 11:53:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2025-04 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5057589).

Error: (04/08/2025 02:31:37 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Secure Boot is not enabled on this machine.). For more information, please see https://go.microsoft...?linkid=2169931


Windows Defender:
================
Date: 2025-04-08 15:12:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-06 15:43:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-05 15:30:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-04 14:59:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-03 15:40:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2024-10-09 01:14:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.419.415.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24080.9
Error code: 0x80070050
Error description: The file exists.

CodeIntegrity:
===============
Date: 2025-01-28 03:49:02
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.

Date: 2025-01-28 03:49:01
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2025-01-18 07:59:45
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.

Date: 2025-01-18 07:48:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi32.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Hewlett-Packard L01 v02.70 10/04/2016
Motherboard: Hewlett-Packard 18E7
Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 51%
Total physical RAM: 16274.3 MB
Available physical RAM: 7958.38 MB
Total Virtual: 18706.3 MB
Available Virtual: 8075.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.36 GB) (Free:77.32 GB) (Model: INTEL SSDSC2BF180A5L) NTFS
Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1862.8 GB) (Model: Hitachi HUA722020ALA331) NTFS
Drive e: (IGTSLOTSLGM) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS

\\?\Volume{2700494b-16d9-4311-a0fa-76e8c2310e52}\ () (Fixed) (Total:0.19 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 167.7 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 2A239D93)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


    Advertisements

Register to Remove

#2 ba_jets

ba_jets

    New Member

  • New Member
  • Pip
  • 4 posts
  • Interests:Fantasy sports, politics, family

Posted 14 April 2025 - 02:07 PM

This is the link to my post titled "Hijacked Accounts" It has been more than three days since my original post and I would like a response to tell me where to go next. https://forums.whatt...132603&p=892766


Edited by ba_jets, 14 April 2025 - 02:07 PM.

Related Topics

Back to Meet and Greet · Next Unread Topic →

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

  1. What the Tech
  2. What the Tech Community
  3. Meet and Greet
  4. Privacy Policy
  5. Terms of Use ·