Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    German authorities identify REvil and GangCrab ransomware bosses

Featured Deal: Protect up to 9 devices from ads and tracking for just $16 in this AdGuard deal

Latest Buyer's Guide:     Best VPNs in 2025

Generic User Avatar

Malicious malware removal help please

Started by damsel-in-distress , Jan 08 2025 11:06 AM

  • This topic is locked This topic is locked
18 replies to this topic

#1 damsel-in-distress

damsel-in-distress

  • Avatar image
  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:02:58 AM

Posted 08 January 2025 - 11:06 AM

Hello, this is the malware analysis of the malware i have on my device (Malware analysis #Pa$Sw0rD__5676-0peɴ_Set-Uᴘ@(1).zip Malicious activity | ANY.RUN - Malware Sandbox Online), The malware has escalated from being just spyware to having full system control of my device, it edits windows files and has admin privileges on my laptop that i can't deleted the files the malware dropped. I have a lot of processes running that shouldn't be running. Mind you i tried completely formatting my disk and reinstalling windows but the malware infected an uefi partition, it made a part of my disk an uefi partition so every time i boot it installs again. I have no data on the device and don't care about data i just want the device free of malware. I hope someone helps me please. I don't know what else I should provide. I also forgot to mention that most antiviruses don't detect the bad files. I will attach the FRST Scan result. I also forgot to mention that it also hacked my onedrive and outlook account. Attached File  FRST_08-01-2025 17.49.06.txt   33.84KB   3 downloadsAttached File  Addition_08-01-2025 17.50.18.txt   11KB   3 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-01-2025
Ran by judyz (administrator) on DESKTOP-FPEVD0P (HP HP ProBook 450 G7) (08-01-2025 17:44:24)
Running from C:\Users\judyz\Downloads\FRST64.exe
Loaded Profiles: judyz
Platform: Microsoft Windows 11 Pro Version 24H2 26100.2605 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(cmd.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\diskpart.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxEM.exe
(DriverStore\FileRepository\seapo64.inf_amd64_deaeb20891c6fa3a\SECOMN64.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sonitude, Inc.) C:\Windows\System32\DriverStore\FileRepository\seapo64.inf_amd64_deaeb20891c6fa3a\SECOCL64.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <43>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_401fde8782680631\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d132a4045a2a0202\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d132a4045a2a0202\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sonitude, Inc.) C:\Windows\System32\DriverStore\FileRepository\seapo64.inf_amd64_deaeb20891c6fa3a\SECOMN64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvbl.inf_amd64_bb28b4bb5c7c0290\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a42d9de41f05fa49\RtkAudUService64.exe <3>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.26100.1.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\judyz\AppData\Local\Microsoft\OneDrive\24.226.1110.0004\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\fodhelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.26100.2592_none_a51f478d77516870\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a42d9de41f05fa49\RtkAudUService64.exe [2119512 2024-07-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-1365236912-114835092-1529061894-1001\...\Run: [MicrosoftEdgeAutoLaunch_AC82F772BE81CB975221A975A9FEF1AD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060608 2024-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1365236912-114835092-1529061894-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\judyz\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [83426848 2025-01-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1365236912-114835092-1529061894-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\judyz\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5343DC93-5DCA-45D0-8FA3-C012CDAB0147} - System32\Tasks\Microsoft\Windows\Sense\InstallSenseClient => C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Task\SenseTask.exe [98304 2025-01-08] (Microsoft Windows -> )
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 163.121.128.134 163.121.128.135 192.168.1.1
Tcpip\..\Interfaces\{3705c35b-d448-4324-a7d1-6835f8319c1a}: [DhcpNameServer] 163.121.128.134 163.121.128.135 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-08]
Edge Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2025-01-08]
Edge Extension: (McAfee® WebAdvisor) - C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2025-01-08]
Edge Extension: (Google Docs Offline) - C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-08]
Edge Extension: (Edge relevant text changes) - C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-01-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FMAPOService; C:\Windows\System32\FMService64.exe [550320 2022-09-12] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_581d7e91d349facc\AS\IAS\IntelAudioService.exe [402464 2022-10-20] (Intel Corporation -> Intel)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvbl.inf_amd64_bb28b4bb5c7c0290\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-08-19] (NVIDIA Corporation -> NVIDIA Corporation)
R2 SECOMNService; C:\Windows\System32\DriverStore\FileRepository\seapo64.inf_amd64_deaeb20891c6fa3a\SECOMN64.exe [1087496 2024-07-08] (Microsoft Windows Hardware Compatibility Publisher -> Sonitude, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2025-01-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WbfPolicyService110; C:\Windows\System32\WbfPolicyService110.exe [715704 2022-07-29] (Synaptics Incorporated -> Synaptics Incorporated.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3174840 2024-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [133592 2024-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHTPCRDR; C:\Windows\System32\drivers\bhtpcrdr.sys [201424 2019-09-23] (BayHub Technology Inc. -> BayHubTech/O2Micro)
R3 MpKsl647577b8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D22FB5F2-1B2D-4169-9746-F884D6AA378B}\MpKslDrv.sys [263560 2025-01-08] (Microsoft Windows -> Microsoft Corporation)
R3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [55856 2024-04-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [594304 2024-04-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [105856 2024-04-01] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_c1ac61211c357751\WiManH\WiManH.sys [182952 2024-03-22] (Intel Corporation -> Intel Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)
S3 MpKslb0e527fb; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-01-08 21:26 - 2025-01-08 17:09 - 000000438 _____ C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-01-08 21:25 - 2025-01-08 21:25 - 000000000 _SHDL C:\Documents and Settings
2025-01-08 21:25 - 2025-01-08 17:28 - 000000000 ____D C:\Users\defaultuser0
2025-01-08 21:25 - 2025-01-08 17:28 - 000000000 ____D C:\ProgramData\Packages
2025-01-08 21:25 - 2025-01-08 17:08 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2025-01-08 21:23 - 2025-01-08 21:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2025-01-08 21:23 - 2025-01-08 21:23 - 000000000 ____D C:\Windows\system32\Drivers\wd
2025-01-08 21:23 - 2025-01-08 21:23 - 000000000 ____D C:\Windows\system32\config\BFS
2025-01-08 21:23 - 2025-01-08 17:40 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-01-08 21:23 - 2025-01-08 17:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-01-08 21:23 - 2025-01-08 11:30 - 000003612 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{CD7AA879-9B65-4940-86B8-0A5596561108}
2025-01-08 21:23 - 2025-01-08 11:30 - 000003488 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{FBC05091-951E-43AB-B9C0-F469254B34F9}
2025-01-08 21:22 - 2025-01-08 21:24 - 000000000 ____D C:\Windows\Panther
2025-01-08 21:22 - 2025-01-08 21:23 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-01-08 21:22 - 2025-01-08 21:22 - 000000000 ____D C:\Windows\ServiceProfiles
2025-01-08 21:22 - 2025-01-08 17:15 - 000012288 ___SH C:\DumpStack.log.tmp
2025-01-08 21:22 - 2025-01-08 17:08 - 000296880 _____ C:\Windows\system32\FNTCACHE.DAT
2025-01-08 17:45 - 2025-01-08 17:45 - 000000000 ____D C:\Users\judyz\AppData\Local\Comms
2025-01-08 17:44 - 2025-01-08 17:45 - 000011325 _____ C:\Users\judyz\Downloads\FRST.txt
2025-01-08 17:44 - 2025-01-08 17:45 - 000000000 ____D C:\FRST
2025-01-08 17:43 - 2025-01-08 17:43 - 002403840 _____ (Farbar) C:\Users\judyz\Downloads\FRST64.exe
2025-01-08 17:43 - 2025-01-08 17:43 - 000000000 ____D C:\Windows\Firmware
2025-01-08 17:43 - 2024-03-12 17:02 - 005208232 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw10.sys
2025-01-08 17:43 - 2024-03-12 17:02 - 001472168 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter10.dll
2025-01-08 17:32 - 2025-01-08 17:32 - 000000000 ____D C:\Users\judyz\AppData\Local\OneDrive
2025-01-08 17:29 - 2025-01-08 17:29 - 000000000 ____D C:\Users\judyz\AppData\Roaming\Microsoft\MMC
2025-01-08 17:16 - 2025-01-08 17:16 - 000000000 ____D C:\Users\judyz\OneDrive\Documents\Zoom
2025-01-08 17:16 - 2025-01-08 17:16 - 000000000 ____D C:\Users\judyz\OneDrive\Documents\Summer 2024
2025-01-08 17:16 - 2025-01-08 17:16 - 000000000 ____D C:\Users\judyz\OneDrive\Documents\Sprints
2025-01-08 17:16 - 2025-01-08 17:16 - 000000000 ____D C:\Users\judyz\OneDrive\Documents\Obsidian Vault
2025-01-08 17:16 - 2025-01-08 17:16 - 000000000 ____D C:\Users\judyz\OneDrive\Documents\My Games
2025-01-08 17:16 - 2025-01-08 17:16 - 000000000 ____D C:\Users\judyz\OneDrive\Documents\CV
2025-01-08 17:16 - 2025-01-08 17:16 - 000000000 ____D C:\Users\judyz\OneDrive\Documents\Custom Office Templates
2025-01-08 17:16 - 2025-01-08 17:16 - 000000000 ____D C:\Users\judyz\OneDrive\Documents\Certifictaes
2025-01-08 17:16 - 2025-01-02 13:51 - 000019772 _____ C:\Users\judyz\OneDrive\Desktop\Removed Apps.html
2025-01-08 17:16 - 2025-01-01 20:56 - 000016707 _____ C:\Users\judyz\OneDrive\Documents\Brave Passwords.csv
2025-01-08 17:16 - 2024-10-04 20:52 - 000010277 _____ C:\Users\judyz\OneDrive\Documents\Judy Waleed 20225052 .xlsx
2025-01-08 17:16 - 2024-07-13 14:40 - 000000740 _____ C:\Users\judyz\OneDrive\Documents\Downloads - Shortcut.lnk
2025-01-08 17:16 - 2024-07-12 13:55 - 000055147 _____ C:\Users\judyz\OneDrive\Documents\Judy-Zeada.pdf
2025-01-08 17:16 - 2022-12-11 22:34 - 000000177 ____R C:\Users\judyz\OneDrive\Documents\CS.url
2025-01-08 17:16 - 2022-12-02 19:03 - 003810811 _____ C:\Users\judyz\OneDrive\Documents\TRW pres (1).pptx
2025-01-08 17:16 - 2022-11-26 19:36 - 003812274 _____ C:\Users\judyz\OneDrive\Documents\TRW pres.pptx
2025-01-08 17:16 - 2022-11-05 14:53 - 000000177 ____R C:\Users\judyz\OneDrive\Documents\Electronics.url
2025-01-08 17:16 - 2022-11-02 05:42 - 000000177 ____R C:\Users\judyz\OneDrive\Documents\Uni Google Drive Links.url
2025-01-08 17:16 - 2022-07-17 14:06 - 000011078 _____ C:\Users\judyz\OneDrive\Documents\Group 1 word guide 1.xlsx
2025-01-08 17:16 - 2022-03-10 15:05 - 000008129 _____ C:\Users\judyz\OneDrive\Documents\Book (1).xlsx
2025-01-08 17:16 - 2021-10-16 21:22 - 000000177 ____R C:\Users\judyz\OneDrive\Documents\University.url
2025-01-08 17:16 - 2021-07-07 04:17 - 000008047 _____ C:\Users\judyz\OneDrive\Documents\Book.xlsx
2025-01-08 17:16 - 2021-07-07 04:00 - 000005862 _____ C:\Users\judyz\OneDrive\Documents\Book 1.xlsx
2025-01-08 17:16 - 2021-07-04 13:38 - 000000177 ____R C:\Users\judyz\OneDrive\Documents\ict.url
2025-01-08 17:16 - 2021-01-26 23:25 - 000000177 ____R C:\Users\judyz\OneDrive\Documents\Mathematics.url
2025-01-08 17:16 - 2021-01-26 23:23 - 000000177 ____R C:\Users\judyz\OneDrive\Documents\Biology.url
2025-01-08 17:16 - 2021-01-26 23:23 - 000000177 ____R C:\Users\judyz\OneDrive\Documents\Accounting.url
2025-01-08 17:16 - 2021-01-26 23:19 - 000000177 ____R C:\Users\judyz\OneDrive\Documents\Judy's Notebook.url
2025-01-08 17:15 - 2025-01-08 17:15 - 000000000 ___HD C:\OneDriveTemp
2025-01-08 17:14 - 2025-01-08 17:16 - 000000000 ___RD C:\Users\judyz\OneDrive
2025-01-08 17:14 - 2025-01-08 17:15 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1365236912-114835092-1529061894-1001
2025-01-08 17:14 - 2025-01-08 17:15 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1365236912-114835092-1529061894-1001
2025-01-08 17:14 - 2025-01-08 17:15 - 000002379 _____ C:\Users\judyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-01-08 17:14 - 2025-01-08 17:14 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2025-01-08 17:13 - 2025-01-08 17:47 - 000000000 ____D C:\Users\judyz\AppData\Local\PlaceholderTileLogoFolder
2025-01-08 17:13 - 2025-01-08 17:13 - 000000000 ____D C:\Users\judyz\AppData\Local\Publishers
2025-01-08 17:12 - 2025-01-08 17:47 - 000000000 ____D C:\Users\judyz\AppData\Local\Packages
2025-01-08 17:12 - 2025-01-08 17:38 - 000000000 ____D C:\Users\judyz\AppData\Local\D3DSCache
2025-01-08 17:12 - 2025-01-08 17:13 - 000000000 __RHD C:\Users\Public\AccountPictures
2025-01-08 17:12 - 2025-01-08 17:12 - 000000000 __SHD C:\Users\judyz\IntelGraphicsProfiles
2025-01-08 17:12 - 2025-01-08 17:12 - 000000000 ___SD C:\Users\judyz\AppData\Roaming\Microsoft\Crypto
2025-01-08 17:12 - 2025-01-08 17:12 - 000000000 ____D C:\Users\judyz\AppData\Roaming\Microsoft\Vault
2025-01-08 17:12 - 2025-01-08 17:12 - 000000000 ____D C:\Users\judyz\AppData\Roaming\Microsoft\Network
2025-01-08 17:12 - 2025-01-08 17:12 - 000000000 ____D C:\Users\judyz\AppData\Roaming\Adobe
2025-01-08 17:12 - 2025-01-08 17:12 - 000000000 ____D C:\Users\judyz\AppData\LocalLow\NVIDIA
2025-01-08 17:12 - 2025-01-08 17:12 - 000000000 ____D C:\Users\judyz\AppData\LocalLow\Intel
2025-01-08 17:12 - 2025-01-08 17:12 - 000000000 ____D C:\Users\judyz\AppData\Local\VirtualStore
2025-01-08 17:12 - 2025-01-08 17:12 - 000000000 ____D C:\Users\judyz\AppData\Local\SoundResearch
2025-01-08 17:12 - 2025-01-08 17:12 - 000000000 ____D C:\Users\judyz\AppData\Local\ConnectedDevicesPlatform
2025-01-08 17:11 - 2025-01-08 17:33 - 000000000 ____D C:\Users\judyz\AppData\Roaming\Microsoft\Spelling
2025-01-08 17:11 - 2025-01-08 17:16 - 000000000 ____D C:\Users\judyz
2025-01-08 17:11 - 2025-01-08 17:12 - 000000000 ____D C:\Users\judyz\AppData\Roaming\Microsoft\Windows
2025-01-08 17:11 - 2025-01-08 17:11 - 000000020 ___SH C:\Users\judyz\ntuser.ini
2025-01-08 17:11 - 2025-01-08 17:11 - 000000000 ___SD C:\Users\judyz\AppData\Roaming\Microsoft\SystemCertificates
2025-01-08 17:11 - 2025-01-08 17:11 - 000000000 ___SD C:\Users\judyz\AppData\Roaming\Microsoft\Protect
2025-01-08 17:11 - 2025-01-08 17:11 - 000000000 ___SD C:\Users\judyz\AppData\Roaming\Microsoft\Credentials
2025-01-08 17:07 - 2025-01-08 17:09 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2025-01-08 17:01 - 2025-01-08 17:01 - 000000591 _____ C:\Windows\system32\regtest.txt
2025-01-08 17:00 - 2024-07-29 13:16 - 006228824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2025-01-08 16:56 - 2025-01-08 17:43 - 000000000 ____D C:\Windows\CbsTemp
2025-01-08 16:54 - 2025-01-08 16:54 - 000027132 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-01-08 16:54 - 2025-01-08 16:54 - 000027132 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2025-01-08 16:54 - 2025-01-08 16:54 - 000000998 _____ C:\Windows\system32\DeviceFeatureDDF.json
2025-01-08 16:51 - 2025-01-08 17:08 - 000000000 ____D C:\ProgramData\Intel
2025-01-08 16:51 - 2025-01-08 17:08 - 000000000 ____D C:\Intel
2025-01-08 16:51 - 2025-01-08 16:51 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2025-01-08 16:50 - 2022-06-16 04:01 - 000966376 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2025-01-08 16:50 - 2022-06-16 04:01 - 000725072 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2025-01-08 16:50 - 2022-06-16 04:01 - 000528768 _____ (Intel) C:\Windows\system32\libvpl.dll
2025-01-08 16:50 - 2022-06-16 04:01 - 000468880 _____ (Intel) C:\Windows\SysWOW64\libvpl.dll
2025-01-08 16:50 - 2022-06-16 04:00 - 000609016 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2025-01-08 16:50 - 2022-06-16 04:00 - 000468008 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2025-01-08 15:32 - 2025-01-08 17:12 - 000000000 ____D C:\ProgramData\NVIDIA
2025-01-08 15:32 - 2025-01-08 15:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2025-01-08 15:31 - 2025-01-08 15:31 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2025-01-08 15:31 - 2024-08-19 11:12 - 002031464 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2025-01-08 15:31 - 2024-08-19 11:12 - 002031464 _____ C:\Windows\system32\vulkaninfo.exe
2025-01-08 15:31 - 2024-08-19 11:12 - 001578752 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-01-08 15:31 - 2024-08-19 11:12 - 001578752 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2025-01-08 15:31 - 2024-08-19 11:12 - 001445120 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2025-01-08 15:31 - 2024-08-19 11:12 - 001295232 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2025-01-08 15:31 - 2024-08-19 11:12 - 000477840 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2025-01-08 15:31 - 2024-08-19 11:12 - 000374392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2025-01-08 15:31 - 2024-08-19 11:09 - 001068688 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2025-01-08 15:31 - 2024-08-19 11:09 - 000670344 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2025-01-08 15:31 - 2024-08-19 11:09 - 000506016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2025-01-08 15:31 - 2024-08-19 11:08 - 002180728 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2025-01-08 15:31 - 2024-08-19 11:08 - 001631368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2025-01-08 15:31 - 2024-08-19 11:08 - 001549320 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2025-01-08 15:31 - 2024-08-19 11:08 - 001204856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2025-01-08 15:31 - 2024-08-19 11:08 - 000847992 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2025-01-08 15:31 - 2024-08-19 11:07 - 016119432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2025-01-08 15:31 - 2024-08-19 11:07 - 013009064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2025-01-08 15:31 - 2024-08-19 11:07 - 006914696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2025-01-08 15:31 - 2024-08-19 11:07 - 005914248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2025-01-08 15:31 - 2024-08-19 11:07 - 005867680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2025-01-08 15:31 - 2024-08-19 11:07 - 003788936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2025-01-08 15:31 - 2024-08-19 11:07 - 000460936 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2025-01-08 15:31 - 2024-08-19 11:06 - 007061976 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2025-01-08 15:31 - 2024-08-19 11:06 - 006142728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2025-01-08 15:31 - 2024-08-19 11:06 - 000853528 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2025-01-08 15:31 - 2024-08-19 10:33 - 000123973 _____ C:\Windows\system32\nvinfo.pb
2025-01-08 11:40 - 2019-12-30 07:46 - 002626704 _____ (Sunplus Innovation Technology Inc.) C:\Windows\system32\SPITDevMft64.dll
2025-01-08 11:38 - 2025-01-08 17:16 - 000791266 _____ C:\Windows\system32\PerfStringBackup.INI
2025-01-08 11:29 - 2025-01-08 11:29 - 000000000 ____D C:\Windows\CSC

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-01-08 21:25 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2025-01-08 21:23 - 2024-04-01 09:21 - 000032768 _____ C:\Windows\system32\config\ELAM
2025-01-08 21:21 - 2024-04-01 09:26 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2025-01-08 17:47 - 2024-04-01 09:24 - 000000000 ____D C:\Windows\INF
2025-01-08 17:45 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-01-08 17:45 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\AppReadiness
2025-01-08 17:44 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecurityHealth
2025-01-08 17:43 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\appcompat
2025-01-08 17:42 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemTemp
2025-01-08 17:38 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-08 17:27 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-01-08 17:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2025-01-08 17:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ServiceState
2025-01-08 17:08 - 2024-04-01 09:21 - 000524288 _____ C:\Windows\system32\config\BBI
2025-01-08 17:07 - 2024-04-01 10:03 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ___SD C:\Windows\system32\UNP
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\UUS
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemResources
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\WinMetadata
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\ShellExperiences
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\Sgrm
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\setup
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\oobe
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\migwiz
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\Dism
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\appraiser
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellExperiences
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellComponents
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\Provisioning
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\bcastdvr
2025-01-08 17:07 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-01-08 11:29 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\spool
2025-01-08 11:29 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\AppLocker

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{496b2c5e-cdf5-11ef-a4cd-f3c4e7e94054}
{496b2c5f-cdf5-11ef-a4cd-f3c4e7e94054}
{496b2c60-cdf5-11ef-a4cd-f3c4e7e94054}
{496b2c61-cdf5-11ef-a4cd-f3c4e7e94054}
{496b2c5c-cdf5-11ef-a4cd-f3c4e7e94054}
{496b2c5d-cdf5-11ef-a4cd-f3c4e7e94054}
{496b2c64-cdf5-11ef-a4cd-f3c4e7e94054}
timeout 0

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {496b2c65-cdf5-11ef-a4cd-f3c4e7e94054}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Firmware Application (101fffff)
-------------------------------
identifier {496b2c5c-cdf5-11ef-a4cd-f3c4e7e94054}
description Wi-Fi IPV4 Network

Firmware Application (101fffff)
-------------------------------
identifier {496b2c5d-cdf5-11ef-a4cd-f3c4e7e94054}
description Wi-Fi IPV6 Network

Firmware Application (101fffff)
-------------------------------
identifier {496b2c5e-cdf5-11ef-a4cd-f3c4e7e94054}
description IPV4 Network - Realtek PCIe GBE Family Controller

Firmware Application (101fffff)
-------------------------------
identifier {496b2c5f-cdf5-11ef-a4cd-f3c4e7e94054}
description IPV6 Network - Realtek PCIe GBE Family Controller

Firmware Application (101fffff)
-------------------------------
identifier {496b2c60-cdf5-11ef-a4cd-f3c4e7e94054}
description USB NETWORK BOOT:

Firmware Application (101fffff)
-------------------------------
identifier {496b2c61-cdf5-11ef-a4cd-f3c4e7e94054}
description USB NETWORK BOOT:

Firmware Application (101fffff)
-------------------------------
identifier {496b2c62-cdf5-11ef-a4cd-f3c4e7e94054}
path EFI\Microsoft\Boot\bootmgfw.efi
description EFI\Microsoft\Boot\bootmgfw.efi

Firmware Application (101fffff)
-------------------------------
identifier {496b2c64-cdf5-11ef-a4cd-f3c4e7e94054}
description SanDisk Cruzer Blade 03025628051721142823

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.efi
description Windows 11
locale en-US
inherit {bootloadersettings}
recoverysequence {496b2c67-cdf5-11ef-a4cd-f3c4e7e94054}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {496b2c65-cdf5-11ef-a4cd-f3c4e7e94054}
nx OptIn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {496b2c67-cdf5-11ef-a4cd-f3c4e7e94054}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{496b2c68-cdf5-11ef-a4cd-f3c4e7e94054}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{496b2c68-cdf5-11ef-a4cd-f3c4e7e94054}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {496b2c65-cdf5-11ef-a4cd-f3c4e7e94054}
device partition=C:
path \Windows\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {496b2c67-cdf5-11ef-a4cd-f3c4e7e94054}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
custom:21000026 partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by judyz (08-01-2025 17:49:06)
Running from C:\Users\judyz\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.2605 (X64) (2025-01-08 19:25:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1365236912-114835092-1529061894-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1365236912-114835092-1529061894-503 - Limited - Disabled)
Guest (S-1-5-21-1365236912-114835092-1529061894-501 - Limited - Disabled)
judyz (S-1-5-21-1365236912-114835092-1529061894-1001 - Administrator - Enabled) => C:\Users\judyz
WDAGUtilityAccount (S-1-5-21-1365236912-114835092-1529061894-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1365236912-114835092-1529061894-1001\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
NVIDIA Graphics Driver 556.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.12 - NVIDIA Corporation)

Packages:
=========
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2025-01-08] (NVIDIA Corp.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.3190.0_x64__8wekyb3d8bbwe [2025-01-08] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvbl.inf_amd64_bb28b4bb5c7c0290\nvshext.dll [2024-08-19] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2024-04-01 09:26 - 2024-04-01 09:24 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1365236912-114835092-1529061894-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\DesktopSpotlight\Assets\Images\image_2.jpg
DNS Servers: 163.121.128.134 - 163.121.128.135
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rtcx21x64.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Wi-Fi: Intel® Wi-Fi 6 AX201 160MHz -> Netwtw10.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{515355E1-FAEE-439D-8B5B-6A7B7BC278E0}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{139E9CAB-6FD1-43CD-979A-E2A9A509E443}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45CE6E2A-F025-4EB4-B771-55281F25264C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

08-01-2025 11:30:16 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/08/2025 11:29:46 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

Error: (01/08/2025 09:25:48 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\WIN-35VJ22MDFU8$ via https://NTC-KeyId-23f4e22ad3be374a449772954aa283aed752572e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (01/08/2025 09:25:47 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://NTC-KeyId-23f4e22ad3be374a449772954aa283aed752572e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (01/08/2025 09:25:47 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\WIN-35VJ22MDFU8$ via https://NTC-KeyId-23f4e22ad3be374a449772954aa283aed752572e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(31ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (01/08/2025 09:23:37 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for \MINWINPC$ via https://NTC-KeyId-23f4e22ad3be374a449772954aa283aed752572e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (01/08/2025 09:23:37 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://NTC-KeyId-23f4e22ad3be374a449772954aa283aed752572e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)


System errors:
=============
Error: (01/08/2025 05:42:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Intel Corporation - System - 30.100.2020.7.

Error: (01/08/2025 05:39:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x80073d02 = The package could not be installed because resources it modifies are currently in use.): 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience.

Error: (01/08/2025 05:39:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240016: 9NBLGGH4RV3K-Microsoft.VCLibs.140.00.UWPDesktop.

Error: (01/08/2025 05:39:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240016: 9NBLGGH3FRZM-Microsoft.VCLibs.140.00.

Error: (01/08/2025 05:10:43 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Secure Boot is not enabled on this machine.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (01/08/2025 05:07:18 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/08/2025 05:07:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/08/2025 05:07:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


CodeIntegrity:
===============
Date: 2025-01-08 17:19:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d132a4045a2a0202\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: HP S71 Ver. 01.22.01 08/23/2024
Motherboard: HP 86A0
Processor: Intel® Core™ i7-10510U CPU @ 1.80GHz
Percentage of memory in use: 80%
Total physical RAM: 8038.01 MB
Available physical RAM: 1591.34 MB
Total Virtual: 9958.01 MB
Available Virtual: 2558.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:953.13 GB) (Free:904.35 GB) (Model: NVMe PC SN730 NVMe WD) NTFS

\\?\Volume{b7f5c6a0-62ae-4b7b-9603-578a1d71fee9}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Edited by Oh My!, 08 January 2025 - 11:12 AM.

BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:05:58 PM

Posted 08 January 2025 - 11:10 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#3 damsel-in-distress

damsel-in-distress
  • Topic Starter

  • Avatar image
  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:02:58 AM

Posted 08 January 2025 - 11:12 AM

Thank you, Gary. I will be waiting for your instructions.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:05:58 PM

Posted 08 January 2025 - 11:18 AM

You are quite welcome. It will be a couple of hours before I am able to reply.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:05:58 PM

Posted 08 January 2025 - 01:31 PM

Thank you for your patience.

There is no evidence of malicious software on your system. Why do you think you have a uefi partition infection?

Do you have a copy of the #Pa$Sw0rD__5676-0peɴ_Set-Uᴘ@(1).zip file you could upload here?

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Evidence of uefi infection
  • File upload?
  • Fixlog

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#6 damsel-in-distress

damsel-in-distress
  • Topic Starter

  • Avatar image
  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:02:58 AM

Posted 08 January 2025 - 02:08 PM

Unfortunately, deleting the file was the first thing I did so I don't have it. As for evidence that an uefi partition is infected is that eset security detected it (i currently don't have the log file since I formatted everything), and that when updating the bios, I found that a BitLocker encryption is turned on (not by me), and there is a partition (EFI System partition:100MB) I think is infected. And I know that there isn't any malicious software detected but this malware has certificates for every service or software, and it drops a lot of files that run in the background.  Also, put in mind that I formatted the disk a couple of times so most if not all of these folders and files were dropped by malware. 

and here is the fix log

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by judyz (08-01-2025 20:36:58) Run:1
Running from C:\Users\judyz\Downloads
Loaded Profiles: judyz
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= sfc /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.26100.1150
 
Image Version: 10.0.26100.2605
 
No component store corruption detected.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 20:39:47 ==== 
 
Also to add that I tried the sfc command in the windows setup cmd and it showed that it was corrupted but once I enter the infected windows nothing is corrupted. Also, I have to warn you that most antimalware doesn't detect anything, but a few antimalware can detect small parts of the infection. I was really hoping for a clean install but, I updated the bios and booted in the windows media creation and when in there I looked at the files and there was a drive called X that had a volume called boot and it was full of the malware files. I try formatting the disk and I don't get the results needed even when format is supposedly successful. Also I would like to add that in the windows setup I tried deleted all the files on drive x using cmd, most of the files got deleted but some were write protected and my access was denied, so I tried to continue the setup as usual but because I deleted the files the installation crashed ( I know 100% that these files are dropped by the malware). 

Edited by damsel-in-distress, 08 January 2025 - 02:25 PM.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:05:58 PM

Posted 08 January 2025 - 03:02 PM

There are known false positive detections of the UEFI partition by antivirus programs. I have had several instances of that.

The X: drive refers to the boot media drive. That is the drive created by the Media Creation Tool. The files you believe are malware are required files needed to install Windows. By removing the files you broke the installation media.

There are no indications your computer is compromised and the malware you believe you see is not malware.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#8 damsel-in-distress

damsel-in-distress
  • Topic Starter

  • Avatar image
  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:02:58 AM

Posted 08 January 2025 - 03:14 PM

My device is heavily infected. I am not believing in malware that doesn't exist. I had this malware since 20 December. At first, I was getting hacked in my social media accounts and when I started removing files the malware started talking control of my laptop as in taking my admin rights. I can start the scans that showed parts of malware again and send them to you but I am 100% infected and heavily infected. btw I am currently studying computer science and cybersecurity so I understand some stuff. If you can't believe the device is infected, I understand because so far what I've given you is evidence that is is no malware. BUT I AM INFECTED. If you wish to proceed helping me, I will run the usual scans that detected parts of the malware or if you want me to proceed with a specific instructions please provide them. and if you don't wish to proceed is there a way to find a different advisor?


#9 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:05:58 PM

Posted 08 January 2025 - 03:23 PM

If you have concrete evidence you are welcome to provide it. Thus far there has been no evidence.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#10 damsel-in-distress

damsel-in-distress
  • Topic Starter

  • Avatar image
  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:02:58 AM

Posted 08 January 2025 - 04:31 PM

These are two scan logs. One from Hitman pro and one from superAntiSpyware. They both detected adware tracking cooking. I am still running a few more tests but what do I do with the detections, should I delete them or ignore them ? 

Hitman Pro:

HitmanPro 3.8.36.332
www.hitmanpro.com
 
   Computer name . . . . : DESKTOP-FPEVD0P
   Windows . . . . . . . : 10.0.0.26100.X64/8
   User name . . . . . . : DESKTOP-FPEVD0P\judyz
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2025-01-08 22:26:49
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 21s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Close Browser . . . . : Yes
   Close Remember  . . . : Yes
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 14
 
   Objects scanned . . . : 1,537,842
   Files scanned . . . . : 21,636
   Remnants scanned  . . : 276,987 files / 1,239,219 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\judyz\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      Size . . . . . . . : 5,006,880 bytes
      Age  . . . . . . . : 0.2 days (2025-01-08 17:14:16)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 9D61E99B64B6C322236618AA21B4E9E645C06CD2132C53154D0D65327FADE545
      Product  . . . . . : Microsoft OneDrive
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Microsoft OneDrive
      Version  . . . . . : 24.226.1110.0004
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\Windows\explorer.exe
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Running processes  : 11824
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Uses the Windows Registry to run each time the user logs on.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKU\S-1-5-21-1365236912-114835092-1529061894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneDrive
      References
         C:\Users\judyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      Network Ports
         192.168.1.77:49706 20.199.120.85:443
 
 
Cookies _____________________________________________________________________
 
   C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:adnxs.com
   C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:casalemedia.com
   C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:contextweb.com
   C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:crwdcntrl.net
   C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:doubleclick.net
   C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:pubmatic.com
   C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:rubiconproject.com
   C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:scorecardresearch.com
   C:\Users\judyz\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:taboola.com
 
 
 
SuperAntiSpyware:
SUPERAntiSpyware Scan Log
 
Generated 01/08/2025 at 11:25 PM
 
Application Version : 10.0.1270
Database Version : 18518
 
Scan type       : Complete Scan
Total Scan Time : 00:22:57
 
Operating System Information
Windows 10 Professional 64-bit (Build 10.00.26100)
UAC On - Limited User
 
Memory items scanned      : 1511
Memory items detected   : 0
Registry items scanned    : 52145
Registry items detected : 0
File items scanned        : 67942
File items detected     : 52
 
Adware.Tracking Cookie
.3lift.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.3lift.com\tluidp [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.3lift.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.3lift.com\tluidp [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.adnxs.com\uids [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.adnxs.com\uuid2 [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.adnxs.com\XANDR_PANID [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.adnxs.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.adnxs.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.adnxs.com\XANDR_PANID [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.adnxs.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.adnxs.com\XANDR_PANID [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.adnxs.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.casalemedia.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.casalemedia.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.casalemedia.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.company-target.com\tuuid [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.company-target.com\tuuid_lu [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.contextweb.com\VP [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.contextweb.com\pb_rtb_ev_part [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.crwdcntrl.net\_cc_dc [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.crwdcntrl.net\_cc_id [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.doubleclick.net\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.doubleclick.net\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.doubleclick.net\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.doubleclick.net\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.eloqua.com\ELOQUA [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.eloqua.com\ELQSTATUS [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.innovid.com\uuid [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.pippio.com\did [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.pippio.com\didts [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.pippio.com\nnls [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.pippio.com\pxrc [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.pubmatic.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.rubiconproject.com\audit_p [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.rubiconproject.com\khaos_p [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.rubiconproject.com\audit_p [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.rubiconproject.com\khaos_p [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.rubiconproject.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.rubiconproject.com\audit_p [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.rubiconproject.com\khaos_p [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.rubiconproject.com\audit_p [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.rubiconproject.com\khaos_p [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.scorecardresearch.com\UID [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.scorecardresearch.com\XID [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.scorecardresearch.com\XID [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.scorecardresearch.com\XID [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.taboola.com\receive-cookie-deprecation [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
.taboola.com\t_pt_gid [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
cdn.firstimpression.io\OAID [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
io.narrative.io\io.narrative.guid.v2 [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
www.mcafee.com\adformfrpid [ C:\USERS\JUDYZ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\NETWORK\COOKIES ]
 
============
 End of Log 
============
 

#11 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:05:58 PM

Posted 08 January 2025 - 08:14 PM

C:Users\judyz\AppData\Local\Microsoft\OneDrive\OneDrive.exe

Those entries are not malicious but rather routine entries found on all computer systems. You can delete everything except for the above file which is not malicious.

 

I can start the scans that showed parts of malware again and send them to you

This would be helpful since the 2 reports you posted are not showing the evidence you are referring to.


Edited by Oh My!, 09 January 2025 - 10:03 AM.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#12 damsel-in-distress

damsel-in-distress
  • Topic Starter

  • Avatar image
  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:02:58 AM

Posted 10 January 2025 - 04:09 PM

Hello, as I said this malware is undetectable. I am now on ubuntu and this is the result of ubuntu security check 

Device Security Report
======================

Report details
  Date generated:                                  2025-01-10 23:05:13
  fwupd version:                                   1.9.27

System details
  Hardware model:                                  HP HP ProBook 450 G7
  Processor:                                       Intel® Core™ i7-10510U CPU @ 1.80GHz
  OS:                                              Ubuntu 24.04.1 LTS
  Security level:                                  HSI:1! (v1.9.27)

HSI-1 Tests
  Firmware BIOS Region:                            Pass (Locked)
  UEFI Bootservice Variables:                      Pass (Locked)
  MEI Key Manifest:                                Pass (Valid)
  Intel Management Engine Version:                 Pass (Valid)
  Firmware Write Protection Lock:                  Pass (Enabled)
  Platform Debugging:                              Pass (Not Enabled)
  BIOS Firmware Updates:                           Pass (Enabled)
  Intel Management Engine Manufacturing Mode:      Pass (Locked)
  UEFI Secure Boot:                              ! Fail (Not Enabled)
  Firmware Write Protection:                       Pass (Not Enabled)
  TPM Platform Configuration:                      Pass (Valid)
  Intel Management Engine Override:                Pass (Locked)
  TPM v2.0:                                        Pass (Found)

HSI-2 Tests
  Platform Debugging:                              Pass (Locked)
  Intel BootGuard ACM Protected:                 ! Fail (Not Valid)
  IOMMU Protection:                                Pass (Enabled)
  Intel BootGuard Fuse:                            Pass (Valid)
  Intel GDS Mitigation:                            Pass (Enabled)
  Intel BootGuard Verified Boot:                 ! Fail (Not Valid)
  TPM Reconstruction:                              Pass (Valid)
  Intel BootGuard:                                 Pass (Enabled)

HSI-3 Tests
  Suspend To RAM:                                ! Fail (Enabled)
  Intel BootGuard Error Policy:                  ! Fail (Not Valid)
  Pre-boot DMA Protection:                       ! Fail (Not Enabled)
  Control-flow Enforcement Technology:           ! Fail (Not Supported)
  Suspend To Idle:                               ! Fail (Not Enabled)

HSI-4 Tests
  Encrypted RAM:                                 ! Fail (Not Supported)
  Supervisor Mode Access Prevention:               Pass (Enabled)

Runtime Tests
  Firmware Updater Verification:                   Pass (Not Tainted)
  Linux Swap:                                    ! Fail (Not Encrypted)
  Linux Kernel Verification:                     ! Fail (Tainted)
  Linux Kernel Lockdown:                         ! Fail (Not Enabled)

Host security events

For information on the contents of this report, see https://fwupd.github.io/hsi.html


#13 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,343 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:05:58 PM

Posted 10 January 2025 - 08:19 PM

Greetings.

I am not familiar with that report. Since you ran the Ubuntu Security Check I am assuming you are sufficiently versed in determining what the results actually mean. My cursory research not only indicated the results are common on many computers, what I read indicates these are related to hardware capabilities and settings. Nowhere did I find any indication those results are evidence of the existence of malware.
 

btw I am currently studying computer science and cybersecurity so I understand some stuff.

If you have concrete evidence you are welcome to provide it.

Being a current student in cybersecurity, I assume you have utilized your resources and basic researching skills to justify your assertion that what you are offering up as concrete evidence of hidden malware is actually so. I would hope the mere existence of the word Fail would not be the inadequate threshold you are relying upon to continue to assert your certainty.

If you have research/reference information that what you posted is confirmed evidence of malware I would appreciate you sharing that.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#14 damsel-in-distress

damsel-in-distress
  • Topic Starter

  • Avatar image
  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:02:58 AM

Posted 11 January 2025 - 05:57 PM

Here is a log that confirms the existence of the malware and I do believe that it's a bootkit 
 
==============================
Log File of Smadav 2015 Rev. 10.0
==============================
 
Scanning Results :
=> Time & Date : 01:51:37, on 01-12-2025
=> Finishing Time : 9 seconds
=> Folder Scanned :0
=> File Scanned : 0
=> File Detected : 1
=> File Cleaned : 0
=> File Skipped : 0
=> Value Scanned : 1402
=> Value Detected: 32
=> Value Fixed: 0
=> Path Scanned: 0
=> Path Hidden: 0
=> Path Unhidden: 0
 
==============================
Before Scanning
==============================
Suspected Paths :
=> Maybe Virus(Level 6) as  : 6 Process
   -C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> Unknown(Level 3) as  : 4 Process
   -C:\Program Files\Avast Software\Avast\AvastUI.exe
=> Unknown(Level 3) as  : 7 Process
   -C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> Fine(Level 2) as  : 2 Process
   -C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\efwd.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\wlanext.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\aswEngSrv.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\afwServ.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\CxSvc\CxUtilSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\CxSvc\CxAudioSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SysWOW64\XtuService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82419944dda69b12\esif_uf.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\eOppFrame.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\CONEXANT\Flow\Flow.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\BrowserPrivacyAndSecurity.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\eguiProxy.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\Muse.MuseHub_2.0.30.1516_x64__rb9pth70m6nz6\Muse.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24112.22.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\backgroundTaskHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Users\hp\Downloads\SophosInstall.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Users\hp\AppData\Local\Temp\SophosSetup-257213308\Setup.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Sophos\CloudInstaller\SophosInstall_Stage2.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Users\hp\AppData\Local\Microsoft\OneDrive\OneDrive.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
=> Fine(Level 1) as  : 1 Startup
   -c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
=> Fine(Level 1) as  : 1 Startup
   -c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
 
Running Processes :
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\winlogon.exe
=> N/A
=> C:\Windows\System32\LsaIso.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\fontdrvhost.exe
=> C:\Windows\System32\fontdrvhost.exe
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dwm.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\ESET\ESET Security\efwd.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\SynTPEnhService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> N/A
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
=> C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
=> C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\audiodg.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\NgcIso.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\wlanext.exe
=> C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
=> C:\Windows\System32\spoolsv.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\wbem\WmiPrvSE.exe
=> C:\Windows\System32\wbem\unsecapp.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\aswEngSrv.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dasHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\afwServ.exe
=> C:\Windows\CxSvc\CxUtilSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
=> C:\Windows\CxSvc\CxAudioSvc.exe
=> C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\fpCSEvtSvc.exe
=> C:\Windows\System32\ibtsiva.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
=> C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\valWBFPolicyService.exe
=> C:\Windows\SysWOW64\XtuService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82419944dda69b12\esif_uf.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\AggregatorHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\SearchIndexer.exe
=> C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
=> C:\Windows\System32\sihost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\taskhostw.exe
=> C:\Windows\System32\MicTray64.exe
=> C:\Windows\System32\SynTPEnh.exe
=> C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
=> C:\Program Files (x86)\SMADAV\SMΔRTP.exe
=> C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
=> C:\Windows\System32\ShellHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\explorer.exe
=> C:\Program Files\ESET\ESET Security\eOppFrame.exe
=> C:\Windows\System32\SynTPHelper.exe
=> C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
=> C:\Windows\System32\rundll32.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
=> C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
=> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dllhost.exe
=> C:\Windows\System32\ctfmon.exe
=> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
=> C:\Program Files\CONEXANT\Flow\Flow.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\smartscreen.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Windows\System32\cmd.exe
=> C:\Windows\System32\conhost.exe
=> C:\Program Files\ESET\ESET Security\BrowserPrivacyAndSecurity.exe
=> C:\Windows\System32\SecurityHealthSystray.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\ESET\ESET Security\eguiProxy.exe
=> C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
=> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\WindowsApps\Muse.MuseHub_2.0.30.1516_x64__rb9pth70m6nz6\Muse.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24112.22.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Windows\System32\backgroundTaskHost.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Windows\System32\cmd.exe
=> C:\Windows\System32\conhost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Users\hp\Downloads\SophosInstall.exe
=> C:\Users\hp\AppData\Local\Temp\SophosSetup-257213308\Setup.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files (x86)\Sophos\CloudInstaller\SophosInstall_Stage2.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files (x86)\SMADAV\SMΔRTP.exe
 
==============================
After Scanning
==============================
Suspected Paths :
=> Maybe Virus(Level 6) as  : 6 Process
   -C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> Unknown(Level 3) as  : 4 Process
   -C:\Program Files\Avast Software\Avast\AvastUI.exe
=> Unknown(Level 3) as  : 7 Process
   -C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> Fine(Level 2) as  : 2 Process
   -C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\efwd.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\wlanext.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\aswEngSrv.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\afwServ.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\CxSvc\CxUtilSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\CxSvc\CxAudioSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SysWOW64\XtuService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82419944dda69b12\esif_uf.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\eOppFrame.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\CONEXANT\Flow\Flow.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\BrowserPrivacyAndSecurity.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\eguiProxy.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\Muse.MuseHub_2.0.30.1516_x64__rb9pth70m6nz6\Muse.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24112.22.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\backgroundTaskHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Users\hp\Downloads\SophosInstall.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Users\hp\AppData\Local\Temp\SophosSetup-257213308\Setup.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Sophos\CloudInstaller\SophosInstall_Stage2.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Users\hp\AppData\Local\Microsoft\OneDrive\OneDrive.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
=> Fine(Level 1) as  : 1 Startup
   -c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
=> Fine(Level 1) as  : 1 Startup
   -c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
 
Running Processes :
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\winlogon.exe
=> N/A
=> C:\Windows\System32\LsaIso.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\fontdrvhost.exe
=> C:\Windows\System32\fontdrvhost.exe
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dwm.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\ESET\ESET Security\efwd.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\SynTPEnhService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> N/A
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
=> C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
=> C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\audiodg.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\NgcIso.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\wlanext.exe
=> C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
=> C:\Windows\System32\spoolsv.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\wbem\WmiPrvSE.exe
=> C:\Windows\System32\wbem\unsecapp.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\aswEngSrv.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dasHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\afwServ.exe
=> C:\Windows\CxSvc\CxUtilSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
=> C:\Windows\CxSvc\CxAudioSvc.exe
=> C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\fpCSEvtSvc.exe
=> C:\Windows\System32\ibtsiva.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
=> C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\valWBFPolicyService.exe
=> C:\Windows\SysWOW64\XtuService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82419944dda69b12\esif_uf.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\AggregatorHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\SearchIndexer.exe
=> C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
=> C:\Windows\System32\sihost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\taskhostw.exe
=> C:\Windows\System32\MicTray64.exe
=> C:\Windows\System32\SynTPEnh.exe
=> C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
=> C:\Program Files (x86)\SMADAV\SMΔRTP.exe
=> C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
=> C:\Windows\System32\ShellHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\explorer.exe
=> C:\Program Files\ESET\ESET Security\eOppFrame.exe
=> C:\Windows\System32\SynTPHelper.exe
=> C:\Windows\System32\rundll32.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
=> C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
=> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dllhost.exe
=> C:\Windows\System32\ctfmon.exe
=> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
=> C:\Program Files\CONEXANT\Flow\Flow.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\smartscreen.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Windows\System32\cmd.exe
=> C:\Windows\System32\conhost.exe
=> C:\Program Files\ESET\ESET Security\BrowserPrivacyAndSecurity.exe
=> C:\Windows\System32\SecurityHealthSystray.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\ESET\ESET Security\eguiProxy.exe
=> C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
=> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\WindowsApps\Muse.MuseHub_2.0.30.1516_x64__rb9pth70m6nz6\Muse.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24112.22.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Windows\System32\backgroundTaskHost.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Windows\System32\cmd.exe
=> C:\Windows\System32\conhost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Users\hp\Downloads\SophosInstall.exe
=> C:\Users\hp\AppData\Local\Temp\SophosSetup-257213308\Setup.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files (x86)\Sophos\CloudInstaller\SophosInstall_Stage2.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files (x86)\SMADAV\SMΔRTP.exe
=> C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
 
Detected Virus :
=> Houdini.Shortcut
   -Infected File
   -C:\Users\Public\Desktop\ESET Safe Banking & Browsing.lnk
 
Infected Registry Values :
=> Userinit
   -HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
   -Different String Value
=> (Default)
   -HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
   -Different String Value
=> LocalizedString
   -HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
   -Different String Value
=> (Default)
   -HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}
   -Forbidden String Value
=> (Default)
   -HKEY_CLASSES_ROOT\txtfile
   -Lost Key
=> FriendlyTypeName
   -HKEY_CLASSES_ROOT\txtfile
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\txtfile\shell\Open\Command
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\txtfile\shell\print\command
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\txtfile\DefaultIcon
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\inffile
   -Lost Key
=> NeverShowExt
   -HKEY_CLASSES_ROOT\inffile
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\inffile\shell\Open\Command
   -Lost Key
=> FriendlyTypeName
   -HKEY_CLASSES_ROOT\inffile
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\inffile\DefaultIcon
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\inffile\shell\install
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\inffile\shell\install\command
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\inffile\shell\print\command
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\inifile
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\inifile\shell\Open\Command
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\inifile\DefaultIcon
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\inifile\shell\print\command
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\rtffile
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\rtffile\shell\Open\Command
   -Lost Key
=> FriendlyTypeName
   -HKEY_CLASSES_ROOT\rtffile
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\rtffile\DefaultIcon
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\rtffile\shell\print\command
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\jpegfile\shell\Open\Command
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\giffile\shell\Open\Command
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\pngfile\shell\Open\Command
   -Lost Key
=> (Default)
   -HKEY_CLASSES_ROOT\wmffile\shell\Open\Command
   -Lost Key
=> DefaultValue
   -HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor
   -Different DWORD Value
=> ValueName
   -HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor
   -Different String Value

#15 damsel-in-distress

damsel-in-distress
  • Topic Starter

  • Avatar image
  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:02:58 AM

Posted 11 January 2025 - 07:41 PM

another log ==============================

Log File of Smadav 2015 Rev. 10.0
==============================
 
Scanning Results :
=> Time & Date : 03:34:57, on 01-12-2025
=> Finishing Time : 1 hour,30 minutes,41 seconds
=> Folder Scanned :80958
=> File Scanned : 405731
=> File Detected : 3
=> File Cleaned : 0
=> File Skipped : 0
=> Value Scanned : 1429
=> Value Detected: 12
=> Value Fixed: 0
=> Path Scanned: 0
=> Path Hidden: 0
=> Path Unhidden: 0
 
==============================
Before Scanning
==============================
Suspected Paths :
=> Maybe Virus(Level 6) as  : 6 Process
   -C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> Unknown(Level 3) as  : 4 Process
   -C:\Program Files\Avast Software\Avast\AvastUI.exe
=> Unknown(Level 3) as  : 7 Process
   -C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> Fine(Level 2) as  : 2 Process
   -C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> Fine(Level 2) as  : 3 Process
   -C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
=> Fine(Level 2) as  : 2 Process
   -C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe
=> Fine(Level 2) as  : 2 Process, 1 Startup
   -C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe
=> Fine(Level 2) as  : 2 Process
   -C:\Program Files\Sophos\Home Clean\SophosHomeClean.exe
=> Fine(Level 2) as  : 2 Process
   -C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\efwd.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\wlanext.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\aswEngSrv.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\afwServ.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\CxSvc\CxUtilSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\CxSvc\CxAudioSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SysWOW64\XtuService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82419944dda69b12\esif_uf.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\eOppFrame.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\CONEXANT\Flow\Flow.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\BrowserPrivacyAndSecurity.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\eguiProxy.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\Muse.MuseHub_2.0.30.1516_x64__rb9pth70m6nz6\Muse.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24112.22.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\backgroundTaskHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2410.21.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Sophos\Health\SophosHealth.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNetFilter.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\ImmersiveControlPanel\SystemSettings.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.1.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SophosUpdate.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\msinfo32.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.24.25200.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Users\hp\AppData\Local\Microsoft\OneDrive\OneDrive.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
=> Fine(Level 1) as  : 1 Startup
   -c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
=> Fine(Level 1) as  : 1 Startup
   -c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
 
Running Processes :
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\winlogon.exe
=> N/A
=> C:\Windows\System32\LsaIso.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\fontdrvhost.exe
=> C:\Windows\System32\fontdrvhost.exe
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dwm.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\ESET\ESET Security\efwd.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\SynTPEnhService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> N/A
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
=> C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
=> C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\NgcIso.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\wlanext.exe
=> C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
=> C:\Windows\System32\spoolsv.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\wbem\WmiPrvSE.exe
=> C:\Windows\System32\wbem\unsecapp.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\aswEngSrv.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dasHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\afwServ.exe
=> C:\Windows\CxSvc\CxUtilSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
=> C:\Windows\CxSvc\CxAudioSvc.exe
=> C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\fpCSEvtSvc.exe
=> C:\Windows\System32\ibtsiva.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
=> C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\valWBFPolicyService.exe
=> C:\Windows\SysWOW64\XtuService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82419944dda69b12\esif_uf.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\AggregatorHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\SearchIndexer.exe
=> C:\Windows\System32\sihost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\taskhostw.exe
=> C:\Windows\System32\MicTray64.exe
=> C:\Windows\System32\SynTPEnh.exe
=> C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
=> C:\Program Files (x86)\SMADAV\SMΔRTP.exe
=> C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\explorer.exe
=> C:\Program Files\ESET\ESET Security\eOppFrame.exe
=> C:\Windows\System32\SynTPHelper.exe
=> C:\Windows\System32\rundll32.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
=> C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
=> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dllhost.exe
=> C:\Windows\System32\ctfmon.exe
=> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
=> C:\Program Files\CONEXANT\Flow\Flow.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\smartscreen.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Windows\System32\cmd.exe
=> C:\Windows\System32\conhost.exe
=> C:\Program Files\ESET\ESET Security\BrowserPrivacyAndSecurity.exe
=> C:\Windows\System32\SecurityHealthSystray.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\ESET\ESET Security\eguiProxy.exe
=> C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
=> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\WindowsApps\Muse.MuseHub_2.0.30.1516_x64__rb9pth70m6nz6\Muse.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24112.22.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Windows\System32\backgroundTaskHost.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe
=> C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Windows\System32\cmd.exe
=> C:\Windows\System32\conhost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files (x86)\SMADAV\SMΔRTP.exe
=> C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
=> C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
=> C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2410.21.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
=> C:\Windows\System32\dllhost.exe
=> C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> N/A
=> C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
=> C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
=> C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
=> C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe
=> C:\Program Files (x86)\Sophos\Health\SophosHealth.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe
=> C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe
=> C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Google\Chrome\Application\chrome.exe
=> C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNetFilter.exe
=> C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\oobe\UserOOBEBroker.exe
=> C:\Windows\ImmersiveControlPanel\SystemSettings.exe
=> C:\Windows\System32\ApplicationFrameHost.exe
=> C:\Windows\System32\ShellHost.exe
=> C:\Program Files\Sophos\Home Clean\SophosHomeClean.exe
=> C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Sophos\Home Clean\SophosHomeClean.exe
=> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
=> C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.1.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\audiodg.exe
=> C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SophosUpdate.exe
=> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
=> C:\Windows\System32\msinfo32.exe
=> C:\Windows\System32\wbem\WmiPrvSE.exe
=> C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.24.25200.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
=> C:\Windows\servicing\TrustedInstaller.exe
 
==============================
After Scanning
==============================
Suspected Paths :
=> Unknown(Level 3) as  : 4 Process
   -C:\Program Files\Avast Software\Avast\AvastUI.exe
=> Unknown(Level 3) as  : 7 Process
   -C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> Fine(Level 2) as  : 2 Process
   -C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> Fine(Level 2) as  : 2 Process
   -C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
=> Fine(Level 2) as  : 2 Process
   -C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe
=> Fine(Level 2) as  : 2 Process
   -C:\Users\hp\Downloads\RogueKiller_setup.exe
=> Fine(Level 2) as  : 1 Process
   -C:\Users\hp\AppData\Local\Temp\is-28HEB.tmp\RogueKiller_setup.tmp
=> Fine(Level 2) as  : 1 Process
   -C:\Users\hp\AppData\Local\Temp\is-IP596.tmp\RogueKiller_setup.tmp
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\efwd.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\wlanext.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\aswEngSrv.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Avast Software\Avast\afwServ.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\CxSvc\CxUtilSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\CxSvc\CxAudioSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SysWOW64\XtuService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82419944dda69b12\esif_uf.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\eOppFrame.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\CONEXANT\Flow\Flow.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\ESET\ESET Security\eguiProxy.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\Muse.MuseHub_2.0.30.1516_x64__rb9pth70m6nz6\Muse.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24112.22.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Sophos\Health\SophosHealth.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNetFilter.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\ImmersiveControlPanel\SystemSettings.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.1.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Sophos\Endpoint Defense\SophosScanCoordinator.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\RogueKiller\RogueKillerSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\RogueKiller\RogueKiller64.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Users\hp\AppData\Local\Microsoft\OneDrive\OneDrive.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
=> Fine(Level 1) as  : 1 Startup
   -c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
=> Fine(Level 1) as  : 1 Startup
   -c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
 
Running Processes :
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\winlogon.exe
=> N/A
=> C:\Windows\System32\LsaIso.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\fontdrvhost.exe
=> C:\Windows\System32\fontdrvhost.exe
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dwm.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\ESET\ESET Security\efwd.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\SynTPEnhService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> N/A
=> C:\Windows\System32\WUDFHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
=> C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
=> C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\NgcIso.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\wlanext.exe
=> C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
=> C:\Windows\System32\spoolsv.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\wbem\WmiPrvSE.exe
=> C:\Windows\System32\wbem\unsecapp.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\aswEngSrv.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dasHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\afwServ.exe
=> C:\Windows\CxSvc\CxUtilSvc.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
=> C:\Windows\CxSvc\CxAudioSvc.exe
=> C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\fpCSEvtSvc.exe
=> C:\Windows\System32\ibtsiva.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
=> C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\valWBFPolicyService.exe
=> C:\Windows\SysWOW64\XtuService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82419944dda69b12\esif_uf.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\AggregatorHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\SearchIndexer.exe
=> C:\Windows\System32\sihost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\taskhostw.exe
=> C:\Windows\System32\MicTray64.exe
=> C:\Windows\System32\SynTPEnh.exe
=> C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
=> C:\Program Files (x86)\SMADAV\SMΔRTP.exe
=> C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\explorer.exe
=> C:\Program Files\ESET\ESET Security\eOppFrame.exe
=> C:\Windows\System32\SynTPHelper.exe
=> C:\Windows\System32\rundll32.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
=> C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
=> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\dllhost.exe
=> C:\Windows\System32\ctfmon.exe
=> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
=> C:\Program Files\CONEXANT\Flow\Flow.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\SecurityHealthSystray.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\ESET\ESET Security\eguiProxy.exe
=> C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
=> C:\Program Files\WindowsApps\Muse.MuseHub_2.0.30.1516_x64__rb9pth70m6nz6\Muse.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24112.22.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Program Files\Avast Software\Avast\AvastUI.exe
=> C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe
=> C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
=> C:\Program Files (x86)\SMADAV\SMΔRTP.exe
=> C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
=> C:\Windows\System32\dllhost.exe
=> C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
=> N/A
=> C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
=> C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
=> C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
=> C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe
=> C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe
=> C:\Program Files (x86)\Sophos\Health\SophosHealth.exe
=> C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe
=> C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe
=> C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
=> C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNetFilter.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\oobe\UserOOBEBroker.exe
=> C:\Windows\ImmersiveControlPanel\SystemSettings.exe
=> C:\Windows\System32\ApplicationFrameHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.1.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Sophos\Endpoint Defense\SophosScanCoordinator.exe
=> C:\Windows\System32\Taskmgr.exe
=> C:\Users\hp\Downloads\RogueKiller_setup.exe
=> C:\Users\hp\AppData\Local\Temp\is-IP596.tmp\RogueKiller_setup.tmp
=> C:\Users\hp\Downloads\RogueKiller_setup.exe
=> C:\Users\hp\AppData\Local\Temp\is-28HEB.tmp\RogueKiller_setup.tmp
=> C:\Program Files\RogueKiller\RogueKillerSvc.exe
=> C:\Program Files\RogueKiller\RogueKiller64.exe
=> C:\Windows\System32\dllhost.exe
=> C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
=> C:\Windows\System32\RuntimeBroker.exe
=> C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe
=> C:\Windows\System32\ShellHost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\wbem\WmiApSrv.exe
=> C:\Windows\System32\svchost.exe
 
Detected Virus :
=> Trash.A
   -Infected File
   -C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
=> Houdini.Shortcut
   -Infected File
   -C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\ESET Safe Banking & Browsing.lnk
=> Houdini.Shortcut
   -Infected File
   -C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\ESET Safe Banking & Browsing.lnk
 
Infected Registry Values :
=> (Default)
   -HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
   -Different String Value
=> LocalizedString
   -HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
   -Different String Value
=> (Default)
   -HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}
   -Forbidden String Value
=> (Default)
   -HKEY_CLASSES_ROOT\txtfile\shell\Open\Command
   -Different String Value
=> (Default)
   -HKEY_CLASSES_ROOT\txtfile\shell\print\command
   -Different String Value
=> (Default)
   -HKEY_CLASSES_ROOT\txtfile\DefaultIcon
   -Different String Value
=> (Default)
   -HKEY_CLASSES_ROOT\inffile\shell\Open\Command
   -Different String Value
=> (Default)
   -HKEY_CLASSES_ROOT\inffile\DefaultIcon
   -Different String Value
=> (Default)
   -HKEY_CLASSES_ROOT\inffile\shell\install\command
   -Different String Value
=> (Default)
   -HKEY_CLASSES_ROOT\inffile\shell\print\command
   -Different String Value
=> (Default)
   -HKEY_CLASSES_ROOT\inifile\shell\Open\Command
   -Different String Value
=> (Default)
   -HKEY_CLASSES_ROOT\inifile\shell\print\command
   -Different String Value

Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·