Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Google Chrome to let Isolated Web App access sensitive USB devices

Featured Deal: Block malvertising with $60 off AdGuard ad blocker

Latest Buyer's Guide:    Best web browsers with built in VPN: Boost online privacy

Generic User Avatar

Win64:Efiguard-B and Win64:Efiguard-A trojan removal

Started by Kylehasajob , Jun 28 2024 05:55 AM

  • Please log in to reply
7 replies to this topic

#1 Kylehasajob

Kylehasajob

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:07:56 AM

Posted 28 June 2024 - 05:55 AM

Hello,

 

I am having a problem that i can't quarantine or remove the trojan that seems to be leaking information to hackers. This issue is persisting me for atleast a year now. Last time that i tried to remove these trojans, it destroyed my motherboard. I really need help removing these trojans. Thank you! 

 

-Kyle


BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,110 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted 28 June 2024 - 07:58 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for 64 bit systems and note where the file is saved (Desktop, Downloads, etc.) <<< Important
  • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
  • Right click on the icon and select Run as administrator
  • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Addition.txt

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#3 Kylehasajob

Kylehasajob
  • Topic Starter

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:07:56 AM

Posted 28 June 2024 - 11:31 AM

Hi, Gary.

 

I am now sending you the two documents.

 

1.FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.06.2024
Ran by Legion (administrator) on JONAS (LENOVO 82B5) (28-06-2024 19:24:51)
Running from C:\Users\Legion\Downloads\FRST64.exe
Loaded Profiles: Legion & Johnson
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3737 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <6>
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe ->) (Discord Inc. -> Discord Inc.) C:\Users\Legion\AppData\Local\Discord\app-1.0.9152\Discord.exe <6>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe <6>
(C:\Users\Legion\AppData\Local\Programs\Opera GX\opera.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <3>
(C:\Users\Legion\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Legion\AppData\Local\Programs\Opera GX\109.0.5097.142\opera_crashreporter.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\Legion\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(cmd.exe ->) (Softdeluxe) [File not signed] C:\Users\Legion\AppData\Local\Softdeluxe\Free Download Manager\wenativehost.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe ->) (Dolby Laboratories, Inc. -> ) C:\ProgramData\Dolby\DAX3\RADARHOST\DSRHost.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\FnHotkeyUtility.exe
(DriverStore\FileRepository͙763.inf_amd64_cbe903b159d3b969\B359805\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͙763.inf_amd64_cbe903b159d3b969\B359805\atieclxx.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <27>
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe <3>
(Opera Norway AS -> Opera Software) C:\Users\Legion\AppData\Local\Programs\Opera GX\opera.exe <20>
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͙763.inf_amd64_cbe903b159d3b969\B359805\atiesrxx.exe
(services.exe ->) (AnyDesk Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe <2>
(services.exe ->) (Fortect LTD -> Fortect Ltd.) C:\Program Files\Fortect\bin\MainDaemon.exe
(services.exe ->) (Fortect LTD -> Fortect LTD.) C:\Program Files\Fortect\MainService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_9a2c79b60d6607c6\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Shanghai Microvirt Software Technology Co., Ltd. -> ) C:\Program Files\Microvirt\MEmu\MemuService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Legion\AppData\Local\Microsoft\OneDrive\24.116.0609.0005\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082672 2020-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [423832 2024-06-04] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3022640 2023-11-28] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [Fortect] => C:\Program Files\Fortect\bin\FortectTray.exe [463312 2024-05-20] (Fortect LTD -> Fortect Ltd.)
HKLM-x32\...\Run: [Sophos Connect] => C:\Program Files (x86)\Sophos\Connect\GUI\scgui.exe [2417504 2022-11-09] (Sophos Ltd -> Sophos)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [7811960 2024-03-25] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [MicrosoftEdgeAutoLaunch_4EAA8FB2F3B9A75B07E38904574735CD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3883560 2024-06-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [Opera GX Stable] => C:\Users\Legion\AppData\Local\Programs\Opera GX\launcher.exe [2273696 2024-06-18] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37550568 2024-06-25] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\Legion\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [Discord] => C:\Users\Legion\AppData\Local\Discord\Update.exe [1526552 2024-06-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4407656 2024-06-20] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [5760912 2024-01-30] (VOICEMOD, INC. SUCURSAL EN ESPAÑA -> Voicemod)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [com.messenger] => C:\Users\Legion\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (No File)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [LenovoVantage] => C:\ProgramData\Lenovo\Vantage\Addins\LenovoCompanionAppAddin\1.0.0.39\LenovoVantage.exe [25496 2024-03-08] (Lenovo -> Lenovo)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [LenovoVantageToolbar] => C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe [85416 2024-02-18] (Lenovo -> Lenovo)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [NoxMultiPlayer] => C:\Program Files (x86)\Nox\bin\MultiPlayerManager.exe [3928552 2024-06-25] (Nox Limited -> )
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [Medal] => C:\Users\Legion\AppData\Local\Medal\update.exe [2049384 2024-06-13] (Ferox Games B.V. -> )
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Legion\AppData\Local\Microsoft\Teams\Update.exe [2593856 2024-06-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3696553442-1637611387-1488000935-1027\...\Run: [MicrosoftEdgeAutoLaunch_EC5869D3DD5C8CA6AAC545F8B556E3BA] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3883560 2024-06-20] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe [2024-06-27] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\Installer\chrmstp.exe [2024-06-26] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2024-02-07]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {7222359E-9927-4EE7-94BD-D79D81462BF8} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4979096 2024-04-04] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\A (the data entry has 70 more characters).
Task: {CCAE607C-BFB8-40FC-92AC-DEDF06AA21A1} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [7786904 2024-03-14] (Avast Software s.r.o. -> Avast Software)
Task: {BE7AB802-6078-4C98-AD37-FBFA5AD24ED7} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4979096 2024-04-04] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --log (the data entry has 99 more characters).
Task: {34E675B5-8242-4696-B1F7-9A79E186D7FE} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [7786904 2024-03-14] (Avast Software s.r.o. -> Avast Software)
Task: {9135D306-6789-4981-8BEB-3ECB21E19D52} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5079448 2024-06-04] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {44E55707-D286-4D89-BEA2-CD9BB5493E70} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4903320 2024-06-27] (Avast Software s.r.o. -> Gen Digital Inc.) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramDat (the data entry has 80 more characters).
Task: {1501FB6A-3F69-4C9B-8E5C-6A1FC0F59FAD} - System32\Tasks\Avast Software\Avast SecureLine VPN Emergency Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1441176 2024-06-27] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {A982DF52-3288-4AC0-AB9C-77332CD63569} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [8002968 2024-06-24] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {38123DD6-E611-4402-8BBB-7B7F289E7707} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-12-29] (Avast Software s.r.o. -> Avast Software)
Task: {B2F9AF5C-A998-42F0-863D-5BAB2D64C3BD} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{B5665788-09DC-4419-B7FF-B5E9928321D6} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-05-13] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {BAD551E8-5A3B-43D0-AC08-DE8A75D284C0} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{097980BF-D6FC-47C4-B935-20E986B19358} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-05-13] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {6040D0ED-D5C4-4EDD-93E7-DA5C69CE7A3E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{03BD8C33-CE9B-43CE-803B-8E991E5A424F} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {F6B007BF-0F4F-4B90-BD50-D9EF1F645D9F} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {F86FE3ED-7AE0-4FDA-9D8C-690A5B08DD27} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {1EB99A3B-5065-4207-AF5D-0388C4CA845F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {64CCE998-C221-4415-8673-B7517B0CC35C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\004fdf8d-7892-4060-b63e-1a2292a9bde1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {BE1503B1-500C-46F5-BF61-2D841B0705F9} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\216fc3e9-e32d-4b5a-8e4c-adf0c5b7d3a8 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {CDE30EB3-9234-4599-9957-97B2DB4BB4CE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3a2627a4-6882-46d5-9577-693adaa5d7ed => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {DD0BB37B-2AF1-4B43-A1D6-9BCFC30A1336} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\48cede06-c8b5-4205-baba-6b6df1904c4e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {3C3A886A-4A41-4D1B-ACFE-D31020B62FE0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4925024c-d4b9-4547-8298-991d7bb3adc0 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {1763FC62-5456-43B2-B667-2D2EFEF30F5F} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3696553442-1637611387-1488000935-1001 => C:\Users\Legion\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [88584 2024-05-17] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {54F8FAF6-7E1B-425F-A166-FFC4330624C7} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {84F1F525-6CD5-4404-B424-4C09933FF8F7} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {92376CD1-ABAC-4151-BEA1-6F3574B078BE} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {D91B82FB-B221-494E-8FD1-B8A926210471} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {C2E16729-6A53-47A7-B387-A2D53D2B18C2} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {51424479-CF3C-4B60-A6CF-4C7EAF25FD9A} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {85199525-055F-44C2-9BC7-1E9BE3119639} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {F75FFF83-348F-4B02-9CAB-AF53BBABCAE8} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {521FB866-A86C-4DC7-BDEC-B21CDC38B111} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {C8E9AE10-8D96-4330-B432-A2E0E06D6D07} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {E3890E28-3266-4491-8F68-269821564F9F} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {7964B6FE-5D14-43F2-B37F-FA641F0F03DA} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {37E747B6-C310-4A2A-AEDB-AB85A3710E80} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\uninstall.exe [365024 2024-03-03] (Lenovo -> Lenovo)
Task: {CDD54357-85CA-42B1-A4FD-554C48702A4F} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3696553442-1637611387-1488000935-1001 => C:\Users\Legion\AppData\Local\Programs\Messenger\MessengerHelper.exe [2185976 2024-05-30] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {5B87FA66-4E93-44A3-8740-954E8280C295} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\WINDOWS\system32\rundll32.exe [73728 2024-04-24] (Microsoft Windows -> Microsoft Corporation) -> %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {FC6DE0F4-A256-4BAA-A3E0-4F49C2B1E115} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {E49C7428-9FA1-4E93-A941-61F685E815BD} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804312 2023-04-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {A54D5317-9763-477B-8F7D-B39CACD55FE1} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1704378116 => C:\Users\Legion\AppData\Local\Programs\Opera GX\launcher.exe [2273696 2024-06-18] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Legion\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {5EF9294F-42F4-437C-B02B-4D4CBBB381CA} - System32\Tasks\Opera GX scheduled Autoupdate 1703866663 => C:\Users\Legion\AppData\Local\Programs\Opera GX\launcher.exe [2273696 2024-06-18] (Opera Norway AS -> Opera Software)
Task: {4D46B5B0-ED32-40A4-891A-13166DF180A9} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1900320 2022-09-16] (Lenovo -> )
Task: {1645D737-2C80-4826-95C4-71C9CE174AFA} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1900320 2022-09-16] (Lenovo -> )
Task: {6F9C7EE5-8BEA-4EBF-B329-27E8823996D6} - System32\Tasks\WindowsSetup => C:\Windows\System32\oobe\Setup.exe [333296 2024-05-30] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 5.20.0.10 5.20.0.11
Tcpip\..\Interfaces\{05f99be9-c8ce-4a29-91e7-29cab5e10a53}: [DhcpNameServer] 5.20.0.10 5.20.0.11
Tcpip\..\Interfaces\{05f99be9-c8ce-4a29-91e7-29cab5e10a53}: [DhcpDomain] Dlink
Tcpip\..\Interfaces\{267f7131-5e38-457e-b611-c466646681db}: [NameServer] 10.0.10.1,212.59.1.1
Tcpip\..\Interfaces\{323d64a8-a273-4967-b795-d2431306c535}: [DhcpNameServer] 5.20.0.10 5.20.0.11
Tcpip\..\Interfaces\{323d64a8-a273-4967-b795-d2431306c535}: [DhcpDomain] Dlink
Tcpip\..\Interfaces\{323d64a8-a273-4967-b795-d2431306c535}\347414455435F564347303F55374: [DhcpNameServer] 5.20.0.10 5.20.0.11
Tcpip\..\Interfaces\{323d64a8-a273-4967-b795-d2431306c535}\347414455435F564347303F55374: [DhcpDomain] Dlink
Tcpip\..\Interfaces\{323d64a8-a273-4967-b795-d2431306c535}\347616475637F564347303F5548545: [DhcpNameServer] 5.20.0.10 5.20.0.11
Tcpip\..\Interfaces\{323d64a8-a273-4967-b795-d2431306c535}\347616475637F564347303F5548545: [DhcpDomain] Dlink
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Legion\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-27]
Edge Extension: (Google Docs Offline) - C:\Users\Legion\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-28]
Edge Extension: (Online Security) - C:\Users\Legion\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl [2024-06-14]
Edge Extension: (Edge relevant text changes) - C:\Users\Legion\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Profile: C:\Users\Legion\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2024-02-25]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
 
Chrome: 
=======
CHR Profile: C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default [2024-03-12]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US91215G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: („Google“ dokumentai neprisijungus) - C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-23]
CHR Extension: („Chrome“ internetinės parduotuvės mokėjimo sistema) - C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-23]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
 
Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001) Opera GXStable - "C:\Users\Legion\AppData\Local\Programs\Opera GX\Launcher.exe"
 
Brave: 
=======
BRA Profile: C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-06-28]
BRA Extension: (RoPro - Enhance Your Roblox Experience) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\adbacgifemdbhdkfppmeilbgppmhaobf [2024-06-08]
BRA Extension: (Malwarebytes Browser Guard) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-06-28]
BRA Extension: (Roblox+) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2024-06-25]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-06-28]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-06-28]
BRA Extension: (Brave Ads Resources) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\aokfbnlokidoepkhilbmfdkdhajkpbli [2024-06-27]
BRA Extension: (Brave NTP background images) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-05-13]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-06-28]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-06-28]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-06-28]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-05-13]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-06-28]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-06-19]
BRA Extension: (Brave Ads Resources) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2024-05-13]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Legion\AppData\Local\BraveSoftware\Brave-Browser\User Data\peigikhkkjnlhlpbangknejbdpkgoaga [2024-06-28]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [5328200 2024-05-25] (AnyDesk Software GmbH -> AnyDesk Software GmbH)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [9026968 2024-06-04] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [761752 2024-06-04] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2272152 2024-06-04] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1198488 2024-06-04] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2023-12-29] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15772456 2023-12-29] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-05-13] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\elevation_service.exe [2688024 2024-06-25] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-05-13] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [18727320 2024-04-04] (Avast Software s.r.o. -> AVAST Software)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe [1928648 2020-05-20] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [16925592 2024-04-04] (Avast Software s.r.o. -> AVAST Software)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [44056 2024-06-20] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [292888 2024-06-20] (Intel Corporation -> Intel)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-12-29] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [390400 2020-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 FortectDaemon; C:\Program Files\Fortect\bin\MainDaemon.exe [5309392 2024-05-19] (Fortect LTD -> Fortect Ltd.)
R2 FortectService; C:\Program Files\Fortect\MainService.exe [6757328 2024-05-20] (Fortect LTD -> Fortect LTD.)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [4920184 2024-03-25] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe [168776 2024-04-01] (Lenovo -> Lenovo)
S4 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe [34168 2024-03-03] (Lenovo -> Lenovo)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8895072 2024-06-28] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-06-28] (Malwarebytes Inc. -> Malwarebytes)
R2 MEmuSVC; C:\Program Files\Microvirt\MEmu\MemuService.exe [85304 2019-09-12] (Shanghai Microvirt Software Technology Co., Ltd. -> )
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_9a2c79b60d6607c6\Display.NvContainer\NVDisplay.Container.exe [1274992 2023-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
S4 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Connect\openvpnserv.exe [147456 2022-04-22] (The OpenVPN Project) [File not signed]
S4 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [6291440 2024-04-03] (Rockstar Games, Inc. -> Rockstar Games)
S4 scvpn; C:\Program Files (x86)\Sophos\Connect\scvpn.exe [1788768 2022-11-09] (Sophos Ltd -> Sophos)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [12545432 2024-06-27] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-04-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 strongSwan; C:\Program Files (x86)\Sophos\Connect\charon-svc.exe [406452 2022-05-05] () [File not signed]
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [807344 2024-04-12] (Oracle Corporation -> Oracle and/or its affiliates)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9623432 2023-11-28] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-28] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20424 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229832 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [380360 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [292808 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84536 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [27760 2024-02-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28728 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [269768 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [548808 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [97848 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69168 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [941640 2024-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1195464 2024-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203832 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [306744 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [79248 2024-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Avast Software)
S3 aswWireGuard; C:\WINDOWS\System32\drivers\aswWireguard.sys [174480 2024-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Avast Software)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 droidvcam0_aud0; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamaudio.inf_amd64_f08960db84657665\droidcamaudio.sys [33808 2022-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 droidvcam0_vid0; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_9e3a469e272f0bb8\droidcamvideo.sys [135696 2022-06-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 FBNetFilter; C:\WINDOWS\System32\drivers\FBNetFlt.sys [60784 2023-12-06] (Lenovo -> Lenovo)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2024-03-25] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
S0 hidgamemap; C:\WINDOWS\System32\drivers\hidgamemap.sys [352616 2023-06-14] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 iriuna0; C:\WINDOWS\system32\drivers\iriuna0.sys [46976 2021-04-06] (Iriun Oy -> Windows ® Win 7 DDK provider)
S0 lci_proxywddm; C:\WINDOWS\System32\drivers\lci_proxywddm.sys [122576 2020-06-17] (Splashtop Inc. -> LuminonCore)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221136 2024-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-06-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [320360 2021-01-04] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
S3 nssmkig; C:\WINDOWS\System32\drivers\Nssmkig.sys [35392 2023-06-14] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [44080 2016-09-27] (Shaul Eizikovich -> Nefarius Software Solutions)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [76832 2022-09-30] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
R3 tapSophos; C:\WINDOWS\System32\drivers\tapSophos.sys [36856 2022-02-21] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [254776 2024-04-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1064168 2024-04-12] (Oracle Corporation -> Oracle and/or its affiliates)
S3 VCamSDK; C:\WINDOWS\system32\DRIVERS\VCamSDK.sys [1090904 2019-12-22] (Shanghai Yitu Information Technology Co.,Ltd. -> e2eSoft)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [22035200 2023-11-27] (Riot Games, Inc. -> Riot Games, Inc.)
R3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\mvvad.sys [48144 2023-08-30] (Voicemod Sociedad Limitada -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20928 2024-03-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [603416 2024-03-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-28] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [312776 2024-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-28 19:24 - 2024-06-28 19:25 - 000043819 _____ C:\Users\Legion\Downloads\FRST.txt
2024-06-28 19:24 - 2024-06-28 19:25 - 000000000 ____D C:\FRST
2024-06-28 19:22 - 2024-06-28 19:23 - 002395648 _____ (Farbar) C:\Users\Legion\Downloads\FRST64.exe
2024-06-28 14:48 - 2024-06-28 14:48 - 000005574 _____ C:\Users\Legion\Downloads\SolaraB (2).zip
2024-06-28 13:21 - 2024-06-28 19:23 - 000000000 ____D C:\Users\Legion\AppData\Local\Malwarebytes
2024-06-28 13:21 - 2024-06-28 13:21 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-06-28 13:20 - 2024-06-28 13:20 - 002591712 _____ (Malwarebytes) C:\Users\Legion\Downloads\MBSetup.exe
2024-06-28 13:20 - 2024-06-28 13:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-06-27 18:09 - 2024-06-27 18:09 - 000000000 ____D C:\Program Files\dotnet
2024-06-27 18:08 - 2024-06-27 18:08 - 000001123 _____ C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wave.lnk
2024-06-27 18:08 - 2024-06-27 18:08 - 000001121 _____ C:\Users\Legion\OneDrive\Desktop\Wave.lnk
2024-06-27 18:08 - 2024-06-27 18:08 - 000000000 ____D C:\Users\Legion\AppData\Local\Bloxstrap
2024-06-27 18:07 - 2024-06-27 18:08 - 000000000 ____D C:\Users\Legion\AppData\Local\Luau Language Server
2024-06-27 18:07 - 2024-06-27 18:08 - 000000000 ____D C:\Users\Legion\AppData\Local\CefSharp
2024-06-27 17:43 - 2024-06-27 17:49 - 000000000 ____D C:\Users\Legion\OneDrive\Desktop\Fluxus
2024-06-27 17:42 - 2022-08-16 15:57 - 004116992 _____ (Fluxteam) C:\Users\Legion\OneDrive\Desktop\Fluxus V7.exe
2024-06-27 17:32 - 2024-06-27 17:32 - 000000000 ____D C:\Users\Legion\AppData\Roaming\npm
2024-06-27 17:32 - 2024-06-27 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2024-06-27 17:32 - 2024-06-27 17:32 - 000000000 ____D C:\Program Files\nodejs
2024-06-27 08:15 - 2024-06-28 16:08 - 000000000 ____D C:\Users\Legion\AppData\Local\Discord
2024-06-27 08:15 - 2024-06-27 08:15 - 000002244 _____ C:\Users\Legion\OneDrive\Desktop\Discord.lnk
2024-06-27 08:14 - 2024-06-27 08:14 - 114111256 _____ (Discord Inc.) C:\Users\Legion\Downloads\DiscordSetup.exe
2024-06-26 10:14 - 2024-06-26 10:14 - 000246522 _____ C:\Users\Legion\Downloads\fpsguis_1.txt
2024-06-26 09:39 - 2024-06-28 11:58 - 000000000 ____D C:\SolaraTab
2024-06-25 13:20 - 2024-06-25 13:20 - 000000000 ____D C:\Users\Legion\AppData\Local\MultiPlayerManager
2024-06-25 12:10 - 2024-06-26 09:12 - 000001201 _____ C:\Users\Legion\OneDrive\Desktop\Nox Asst.lnk
2024-06-25 12:10 - 2024-06-25 12:10 - 000001100 _____ C:\Users\Legion\OneDrive\Desktop\Nox.lnk
2024-06-25 12:10 - 2024-06-25 12:10 - 000000000 ____D C:\Users\Legion\AppData\Roaming\NoxSrv
2024-06-25 12:10 - 2024-06-25 12:10 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2024-06-25 12:09 - 2024-06-26 09:12 - 000000000 ____D C:\Users\Legion\.BigNox
2024-06-25 12:09 - 2024-06-25 12:09 - 000000000 ____D C:\Program Files (x86)\Bignox
2024-06-24 19:22 - 2024-06-27 20:22 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Fortect
2024-06-24 19:22 - 2024-06-24 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fortect
2024-06-24 19:21 - 2024-06-28 19:22 - 000000000 ____D C:\ProgramData\Fortect
2024-06-24 19:21 - 2024-06-24 19:21 - 000000000 ____D C:\Program Files\Fortect
2024-06-19 17:44 - 2024-06-19 17:44 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2024-06-19 17:43 - 2024-06-19 17:43 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2024-06-19 17:43 - 2024-06-19 17:43 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2024-06-19 17:43 - 2024-06-19 17:43 - 000122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2024-06-19 17:43 - 2024-06-19 17:43 - 000109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2024-06-19 17:43 - 2024-06-19 17:43 - 000000000 ____D C:\Program Files (x86)\OpenAL
2024-06-17 17:21 - 2024-06-17 17:21 - 000000000 ____D C:\Users\Legion\AppData\LocalLow\OhYeah
2024-06-17 17:20 - 2024-06-17 17:20 - 000000223 _____ C:\Users\Legion\OneDrive\Desktop\Banana.url
2024-06-16 17:21 - 2024-06-16 17:21 - 000000000 ____D C:\Users\Legion\AppData\Local\FactoryGame
2024-06-13 19:38 - 2024-06-13 19:38 - 000000000 ____D C:\Users\Legion\OneDrive\Documents\StageSimulator
2024-06-13 19:37 - 2024-06-13 19:37 - 000000000 ____D C:\Users\Legion\AppData\LocalLow\Dukes Games
2024-06-13 19:18 - 2024-06-27 13:47 - 000001274 _____ C:\Users\Legion\OneDrive\Desktop\Medal.lnk
2024-06-13 19:17 - 2024-06-13 19:18 - 000000000 ____D C:\Users\Legion\AppData\Local\Medal
2024-06-13 16:54 - 2024-06-13 16:54 - 022532861 _____ C:\Users\Legion\Downloads\0613.mp4
2024-06-13 15:12 - 2024-06-13 15:12 - 000000000 ____D C:\Users\Legion\AppData\Roaming\.1911
2024-06-12 16:43 - 2024-06-12 16:46 - 000000000 ___HD C:\$WinREAgent
2024-06-10 14:58 - 2024-06-10 15:01 - 1768960425 _____ C:\Users\Legion\Downloads\Fame and fortune.mp4
2024-06-10 13:07 - 2024-06-10 13:10 - 000000000 ____D C:\Users\Legion\Downloads\0610
2024-06-05 07:58 - 2024-06-05 07:58 - 000002423 _____ C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic (work or school).lnk
2024-06-05 07:57 - 2024-06-28 15:02 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Microsoft\Teams
2024-06-04 20:39 - 2024-06-04 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iriun Webcam
2024-06-04 20:39 - 2024-06-04 20:39 - 000000000 ____D C:\Program Files (x86)\Iriun Webcam
2024-06-04 20:39 - 2024-06-04 20:39 - 000000000 ____D C:\Program Files (x86)\dotnet
2024-06-04 20:39 - 2021-04-06 21:13 - 000046976 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\iriuna0.sys
2024-06-04 20:32 - 2024-06-04 20:35 - 000000000 ____D C:\Users\Legion\AppData\Roaming\droidcam-obs-client
2024-06-04 20:32 - 2024-06-04 20:32 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam Client
2024-06-04 20:32 - 2024-06-04 20:32 - 000000000 ____D C:\Program Files\DroidCam
2024-06-04 14:52 - 2024-06-04 14:52 - 000315288 _____ (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
2024-06-02 18:24 - 2024-06-03 18:42 - 000002340 _____ C:\Users\Legion\OneDrive\Desktop\Messenger.lnk
2024-05-30 13:27 - 2024-05-30 13:27 - 000024821 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-05-30 13:25 - 2024-05-30 13:25 - 000024821 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-28 19:22 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-06-28 19:19 - 2023-12-30 04:50 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-28 19:19 - 2023-12-29 18:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-28 15:08 - 2023-12-30 04:49 - 000000000 ____D C:\WINDOWS\INF
2024-06-28 15:08 - 2023-12-29 19:07 - 000851008 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-06-28 15:03 - 2024-05-28 21:21 - 000000000 ____D C:\Users\Legion\AppData\Local\LogMeIn Hamachi
2024-06-28 15:03 - 2023-12-29 19:27 - 000000000 ____D C:\Users\Legion\AppData\Roaming\discord
2024-06-28 15:01 - 2024-03-14 21:01 - 000003124 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2024-06-28 15:01 - 2024-03-14 20:58 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2024-06-28 15:01 - 2024-03-14 20:57 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2024-06-28 15:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\ServiceState
2024-06-28 15:01 - 2023-12-29 19:25 - 000000000 ____D C:\ProgramData\Avast Software
2024-06-28 15:01 - 2023-12-29 19:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2024-06-28 15:01 - 2023-12-29 19:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-06-28 15:01 - 2023-12-29 18:58 - 000000000 ____D C:\ProgramData\NVIDIA
2024-06-28 15:01 - 2021-05-26 07:20 - 000012288 ___SH C:\DumpStack.log.tmp
2024-06-28 14:49 - 2024-01-12 17:56 - 000000000 ____D C:\Program Files (x86)\Steam
2024-06-28 14:49 - 2023-12-30 04:47 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-06-28 13:21 - 2023-12-30 04:50 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-06-28 13:20 - 2024-03-17 19:26 - 000000000 ____D C:\Program Files\Malwarebytes
2024-06-28 12:55 - 2023-12-29 19:06 - 000000000 ____D C:\Users\Legion\AppData\Local\D3DSCache
2024-06-28 12:37 - 2023-12-30 04:50 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-28 12:37 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-28 12:03 - 2023-12-29 19:44 - 000000000 ____D C:\Users\Legion\AppData\Local\CrashDumps
2024-06-28 09:19 - 2023-12-29 19:00 - 000000000 ____D C:\Users\Legion
2024-06-27 19:22 - 2024-05-09 15:34 - 000001402 _____ C:\Users\Legion\OneDrive\Desktop\Roblox Player.lnk
2024-06-27 19:22 - 2023-10-24 19:43 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2024-06-27 18:23 - 2024-03-06 16:26 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Medal
2024-06-27 18:09 - 2023-12-29 19:48 - 000000000 ____D C:\ProgramData\Package Cache
2024-06-27 13:48 - 2024-03-06 16:27 - 000000000 ____D C:\Users\Legion\OneDrive\Documents\Medal
2024-06-27 13:48 - 2024-03-06 16:27 - 000000000 ____D C:\Medal
2024-06-27 13:47 - 2024-03-06 16:26 - 000001276 _____ C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Medal.lnk
2024-06-27 08:15 - 2023-12-29 19:27 - 000000000 ____D C:\Users\Legion\AppData\Local\SquirrelTemp
2024-06-27 08:15 - 2021-05-25 18:35 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-06-27 08:07 - 2024-02-23 12:32 - 000002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-26 22:01 - 2024-01-14 00:28 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2024-06-26 16:57 - 2024-02-23 13:00 - 000000000 ____D C:\Users\Legion\AppData\Local\Nox
2024-06-26 09:31 - 2024-02-23 13:27 - 000000299 _____ C:\Users\Legion\d4ac4633ebd6440fa397b84f1bc94a3c.7z
2024-06-26 09:12 - 2024-02-23 13:10 - 000000000 ____D C:\Users\Legion\AppData\Local\NoxSrv
2024-06-26 09:12 - 2024-02-23 13:05 - 000000000 ____D C:\Users\Legion\vmlogs
2024-06-26 09:12 - 2023-10-28 18:02 - 000000000 ____D C:\Users\Legion\.android
2024-06-26 09:02 - 2023-12-30 04:48 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-06-26 08:30 - 2024-05-13 21:01 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-06-25 19:27 - 2024-02-18 16:01 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2024-06-25 19:27 - 2024-02-18 16:01 - 000000000 ____D C:\Program Files (x86)\Intel
2024-06-25 18:39 - 2024-05-28 18:11 - 000000000 ____D C:\Users\Legion\AppData\Local\BeamNG.drive
2024-06-25 15:58 - 2021-12-04 15:39 - 000000000 ____D C:\Users\Legion\OneDrive\Desktop\Games
2024-06-25 15:57 - 2023-12-29 19:51 - 000000000 ____D C:\Program Files\Epic Games
2024-06-25 15:34 - 2023-12-29 19:27 - 000941640 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2024-06-25 15:22 - 2024-02-23 12:35 - 000000000 ____D C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
2024-06-25 12:11 - 2024-03-08 20:28 - 000000000 ____D C:\Users\Legion\AppData\Local\log
2024-06-25 12:09 - 2024-02-23 13:01 - 000000000 ____D C:\Program Files (x86)\Nox
2024-06-25 12:09 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\Registration
2024-06-25 10:01 - 2023-12-29 19:08 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3696553442-1637611387-1488000935-1001
2024-06-25 10:01 - 2023-12-29 19:08 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3696553442-1637611387-1488000935-1001
2024-06-25 10:01 - 2023-12-29 19:08 - 000002386 _____ C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-06-25 09:59 - 2023-12-29 19:00 - 000000000 ____D C:\Users\Johnson
2024-06-24 19:01 - 2023-12-29 19:17 - 000003552 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1703866663
2024-06-24 16:39 - 2023-12-29 19:27 - 001195464 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSP.sys
2024-06-22 09:31 - 2023-12-29 18:58 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-22 09:11 - 2023-12-29 19:17 - 000001435 _____ C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk
2024-06-19 17:43 - 2024-03-14 20:58 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2024-06-19 17:43 - 2024-03-14 20:58 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2024-06-18 13:34 - 2024-05-09 15:48 - 000000000 ____D C:\Users\Legion\AppData\Local\Roblox
2024-06-18 10:58 - 2024-03-14 19:53 - 000001402 _____ C:\Users\Legion\OneDrive\Desktop\Roblox Studio.lnk
2024-06-17 17:20 - 2021-05-28 13:52 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-06-15 19:33 - 2024-02-02 15:13 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2024-06-15 10:22 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-06-14 23:20 - 2024-01-18 20:03 - 000000000 ____D C:\Users\Legion\AppData\Local\Messenger
2024-06-14 23:08 - 2024-01-18 20:03 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Messenger
2024-06-13 19:19 - 2024-03-06 16:27 - 000000000 ____D C:\Users\Legion\AppData\Local\Ferox_Games_B.V
2024-06-13 19:18 - 2024-03-06 16:26 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Medal B.V
2024-06-13 16:53 - 2024-03-31 09:54 - 000000000 ____D C:\Users\Legion\AppData\Local\CapCut Drafts
2024-06-13 15:12 - 2021-05-25 18:26 - 000000000 ____D C:\Users\Legion\OneDrive\Documents\My Games
2024-06-13 09:20 - 2023-12-30 04:50 - 000000000 ____D C:\ProgramData\USOPrivate
2024-06-13 09:04 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\SystemResources
2024-06-13 09:04 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-06-13 09:04 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-06-13 09:04 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-06-13 09:04 - 2023-12-29 18:58 - 000295632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-06-12 16:47 - 2023-12-29 19:00 - 003216384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-06-12 16:43 - 2023-12-29 23:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-06-12 16:41 - 2023-12-29 23:40 - 199048176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-06-08 10:21 - 2023-12-29 19:06 - 000000000 ____D C:\ProgramData\Packages
2024-06-07 21:31 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-06-07 14:24 - 2023-12-29 19:03 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{2121464B-D06B-446D-95D6-652F3430FB92}
2024-06-07 14:24 - 2023-12-29 19:03 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{DB3639C8-E820-4018-ADCD-59E949E03320}
2024-06-05 08:01 - 2023-12-29 19:06 - 000000000 ____D C:\Users\Legion\AppData\Local\Packages
2024-06-04 20:46 - 2024-01-22 21:15 - 000000000 ____D C:\Users\Legion\AppData\Local\ElevatedDiagnostics
2024-06-04 14:52 - 2023-12-29 19:27 - 000548808 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2024-06-04 14:52 - 2023-12-29 19:27 - 000380360 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2024-06-04 14:52 - 2023-12-29 19:27 - 000306744 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswVmm.sys
2024-06-04 14:52 - 2023-12-29 19:27 - 000292808 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2024-06-04 14:52 - 2023-12-29 19:27 - 000269768 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2024-06-04 14:52 - 2023-12-29 19:27 - 000229832 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArPot.sys
2024-06-04 14:52 - 2023-12-29 19:27 - 000097848 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2024-06-04 14:52 - 2023-12-29 19:27 - 000084536 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2024-06-04 14:52 - 2023-12-29 19:27 - 000069168 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2024-06-04 14:52 - 2023-12-29 19:27 - 000028728 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2024-06-04 14:52 - 2023-12-29 19:27 - 000020424 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\UUS
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\setup
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-06-02 04:01 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-06-02 04:00 - 2023-12-30 04:50 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-06-02 04:00 - 2023-12-30 04:50 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-06-02 04:00 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-06-02 04:00 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-06-02 04:00 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\InboxApps
2024-06-02 04:00 - 2023-12-30 04:50 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-06-02 04:00 - 2023-12-30 04:47 - 000000000 ____D C:\WINDOWS\servicing
2024-05-30 13:30 - 2023-12-30 04:50 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-05-30 13:30 - 2023-12-30 04:50 - 000024383 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-05-29 19:05 - 2024-05-28 19:17 - 000000000 ____D C:\Users\Legion\Downloads\New folder
 
==================== Files in the root of some directories ========
 
2024-04-03 13:56 - 2024-04-03 13:56 - 000000057 _____ () C:\Users\Legion\AppData\Local\link.txt
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
2. Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.06.2024
Ran by Legion (28-06-2024 19:25:58)
Running from C:\Users\Legion\Downloads
Microsoft Windows 11 Pro Version 23H2 22631.3737 (X64) (2023-12-29 16:06:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3696553442-1637611387-1488000935-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3696553442-1637611387-1488000935-503 - Limited - Disabled)
Guest (S-1-5-21-3696553442-1637611387-1488000935-501 - Limited - Disabled)
Johnson (S-1-5-21-3696553442-1637611387-1488000935-1027 - Limited - Enabled) => C:\Users\Johnson
Legion (S-1-5-21-3696553442-1637611387-1488000935-1001 - Administrator - Enabled) => C:\Users\Legion
WDAGUtilityAccount (S-1-5-21-3696553442-1637611387-1488000935-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AlterCam (HKLM-x32\...\{358AF097-92D1-4750-80E1-F71904AC8CE2}_is1) (Version: 6.2 - Bolide® Software)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 8.0.10 - AnyDesk Software GmbH)
Avast One (HKLM\...\Avast Antivirus) (Version: 24.5.6116 - Avast Software)
BeamMP-Launcher version 2.0.71 (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\{4A233C59-AF33-417D-B19E-B49D67433455}_is1) (Version: 2.0.71 - BeamMP)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 126.1.67.123 - Brave Software Inc)
CapCut (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\CapCut) (Version: 3.9.0.1459 - Bytedance Pte. Ltd.)
Discord (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Discord) (Version: 1.0.9152 - Discord Inc.)
DM220 (HKLM-x32\...\DM220_is1) (Version:  - )
Documentation Manager (HKLM\...\{E904139A-DC55-420D-94C7-5D6297F3C385}) (Version: 23.30.0.6 - Intel Corporation) Hidden
DroidCam Audio & Video Drivers (New) (HKLM\...\DroidCamDrivers) (Version: 7.0.0 - Dev47Apps)
DroidCam Client (New) (HKLM\...\DroidCamOBSClient) (Version: 7.0.4 - Dev47Apps)
Epic Games Launcher (HKLM-x32\...\{B85FAA6E-A9AA-4655-9029-E1A4EDC05E1A}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
FiveM (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\CitizenFX_FiveM) (Version:  - Cfx.re)
Floating Sandbox 1.18.0.4 (HKLM\...\{12671513-70E2-4420-8F2F-FC766F7AA951}) (Version: 1.18.0.4 - Gabriele Giuseppini)
Fortect (HKLM\...\Fortect) (Version: 6.5.0.2 - Fortect)
Free Download Manager (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\{0C1D4CF2-5575-4786-834C-B0FC977E9714}}_is1) (Version: 6.20.0.5510 - Softdeluxe)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
Hamachi (HKLM-x32\...\{C00E2143-38F2-49BA-AB8A-03F22F02F0A4}) (Version: 2.3.0.111 - LogMeIn, Inc.) Hidden
Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.3.0.111 - LogMeIn, Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{A3A258AC-BF95-41DA-8693-807E4A5BF10D}) (Version: 24.3.26.8 - Intel) Hidden
Intel® Computing Improvement Program (HKLM\...\{15E71D2B-4046-4B9D-A8BB-EBFC5CC12D86}) (Version: 2.4.10717 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000030-0230-1033-84C8-B8D95FA3C8C3}) (Version: 23.30.0.3 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{ae13aa25-496e-45dc-86f8-939f17f479f4}) (Version: 23.30.0.6 - Intel Corporation) Hidden
Iriun Webcam version 2.8.5 (HKLM-x32\...\IriunWebcam_is1) (Version: 2.8.5 - Iriun)
Java™ SE Development Kit 18.0.2.1 (64-bit) (HKLM\...\{F3A2A837-F83B-5732-97F2-309BE0F51E0C}) (Version: 18.0.2.1 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Legion Arena (HKLM-x32\...\Legion Arena_is1) (Version: 1.3.1.1 - Lenovo Group Ltd.)
Lenovo Service Bridge (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.17 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0139 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.0.75.0 - Lenovo Group Ltd.)
LSPD First Response (HKLM-x32\...\LSPD First Response) (Version: 0.4.9 - G17 Media)
Malwarebytes version 5.1.5.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.5.116 - Malwarebytes)
Medal (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Medal) (Version: 4.2445.0 - Medal B.V.)
MEmu (HKLM-x32\...\MEmu) (Version: 9.1.1.0 - Microvirt Software Technology Co., Ltd.)
Messenger (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 213.0.605013946 - Facebook, Inc.)
Microsoft .NET Host - 6.0.28 (x86) (HKLM-x32\...\{B8AD6FF3-F1AE-4B6C-8221-27115C288906}) (Version: 48.112.10439 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.31 (x64) (HKLM\...\{59ED1DC1-E3E4-4BC0-B43F-143CCC38FF17}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.28 (x86) (HKLM-x32\...\{445A9CB5-FB36-4D43-B5E6-EDA1D91D1BF5}) (Version: 48.112.10439 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.31 (x64) (HKLM\...\{9992D04E-553E-4BC2-B0EC-4A394DD19986}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.28 (x86) (HKLM-x32\...\{EC87845D-BC44-440E-800D-DCCC48655E89}) (Version: 48.112.10439 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.31 (x64) (HKLM\...\{0950F07D-F1C4-47A5-AC88-C5FAA5DC564D}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.68 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.68 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\OneDriveSetup.exe) (Version: 24.116.0609.0005 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Teams) (Version: 1.7.00.13456 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.14501 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.28 (x86) (HKLM-x32\...\{74947d38-8303-49cd-91a9-0ae2929e3331}) (Version: 6.0.28.33420 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.28 (x86) (HKLM-x32\...\{E7F502FB-1F92-4EC3-9F8F-5E0ACD4DAFF5}) (Version: 48.112.10435 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.31 (x64) (HKLM\...\{EFE53353-800E-4987-B965-1C968D0F23A4}) (Version: 48.124.15242 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.31 (x64) (HKLM-x32\...\{1a7abdc5-639b-4af0-87c6-dbc511750c6e}) (Version: 6.0.31.33720 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSI Afterburner 4.6.5 (HKLM-x32\...\Afterburner) (Version: 4.6.5 - MSI Co., LTD)
Node.js (HKLM\...\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}) (Version: 18.16.0 - Node.js Foundation)
NoxPlayer (HKLM-x32\...\Nox) (Version: 7.0.6.0 - Duodian Technology Co. Ltd.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenIV (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\OpenIV) (Version: 4.1.1502 - .black/OpenIV Team)
Opera GX Stable 109.0.5097.142 (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Opera GX 109.0.5097.142) (Version: 109.0.5097.142 - Opera Software)
Oracle VM VirtualBox 7.0.16 (HKLM\...\{ED04AD5D-C4A4-4112-A6FC-7DA557F358D1}) (Version: 7.0.16 - Oracle and/or its affiliates)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
RivaTuner Statistics Server 7.3.4 (HKLM-x32\...\RTSS) (Version: 7.3.4 - Unwinder)
RK 818 (HKLM-x32\...\{AFBC646C-1994-4B5E-85A0-B35C6C8BD849}) (Version: 1.0.1.1 - RK)
RK Keyboard (HKLM-x32\...\{F5704F18-47C0-41F4-ABF6-0B85B099288E}_is1) (Version: 4.5 - RK)
Roblox Player for Legion (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Studio for Legion (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\roblox-studio) (Version:  - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.87.1898 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.3.0.2 - Rockstar Games)
Sophos Connect (HKLM-x32\...\{1374D91F-0559-4883-975D-EF51ECAAC3C8}) (Version: 2.2.90.1104 - Sophos Ltd)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VALORANT (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.48.0.0 - Voicemod, Inc., Sucursal en España)
WinRAR 6.24 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.24.0 - win.rar GmbH)
WM80 (HKLM-x32\...\WM80_is1) (Version:  - )
Zoom (HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\ZoomUMX) (Version: 5.17.2 (29988) - Zoom Video Communications, Inc.)
 
Packages:
=========
 
„Microsoft“ nuotraukos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11060.20006.0_x64__8wekyb3d8bbwe [2024-06-28] (Microsoft Corporation) [Startup Task]
AMD Radeon Software -> C:\Program Files\WindowsApps\advancedmicrodevicesinc-2.amdradeonsoftware_10.20.10028.0_x64__0a9344xs7nr4m [2024-02-07] (Advanced Micro Devices Inc.) [Startup Task]
Dolby Atmos for Gaming -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyatmosforgaming_3.20602.609.0_x64__rz1tebttyb220 [2024-02-07] (Dolby Laboratories)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2403.25.0_x64__k1h2ywk1493x8 [2024-06-22] (LENOVO INC.)
Microsoft Teams -> C:\Program Files\WindowsApps\MSTeams_24152.412.2958.9166_x64__8wekyb3d8bbwe [2024-06-26] (Microsoft) [Startup Task]
Microsoft Teams Play Together -> C:\Program Files\WindowsApps\Microsoft.TeamsXboxGameBarWidget_1.2401.2901.0_x64__8wekyb3d8bbwe [2024-05-23] (Microsoft Corporation)
Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-06-27] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24052.57.0_x64__cw5n1h2txyewy [2024-06-22] (Microsoft Windows) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-04-23] (NVIDIA Corp.)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2406.406.0_x64__8wekyb3d8bbwe [2024-06-27] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.12.219.0_x64__dt26b99r8h8gj [2024-02-07] (Realtek Semiconductor Corp)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.630.557.0_x64__55nm5eh3cm0pr [2024-06-28] (Roblox Corporation)
Shutdown Timer Classic -> C:\Program Files\WindowsApps\19341LukasLangrock.ShutdownTimerClassic_1.2.3.0_x64__jnfph5tq58r4j [2024-06-22] (Lukas Langrock)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-13] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-13] (Microsoft Corp.)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-06-13] (Microsoft Windows)
WinRAR -> C:\Program Files\WinRAR [2024-01-22] (win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Legion\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.14501\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{6a27a1a9-7be8-1491-04ca-ee68a211c258}\localserver32 -> "C:\Program Files\Google\Play Games\current\service\Service.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (VOICEMOD, INC. SUCURSAL EN ESPAÑA -> Voicemod)
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Legion\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-06-04] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-06-04] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-06-04] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-06-04] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_9a2c79b60d6607c6\nvshext.dll [2023-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-06-04] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-28] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2017-03-02 15:19 - 2017-03-02 15:19 - 000310272 ____N (easyhook.codeplex.com) [File not signed] C:\ProgramData\Dolby\DAX3\RADARHOST\EasyHook64.dll
2024-01-20 12:00 - 2023-12-18 18:36 - 000045056 _____ (Softdeluxe) [File not signed] C:\Users\Legion\AppData\Local\Softdeluxe\Free Download Manager\logger.dll
2024-01-20 12:00 - 2023-12-18 18:47 - 000691200 _____ (Softdeluxe) [File not signed] C:\Users\Legion\AppData\Local\Softdeluxe\Free Download Manager\vmsclshared.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gaimin platform.lnk:ED09BD5172 [6018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\netcut.url:8DE7B6794B [6018]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8450]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo -> Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo -> Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2023-12-30 04:50 - 2023-12-30 04:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Fortect;C:\Program Files\nodejs\;C:\Program Files\dotnet\
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Legion\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\10867284136175659428\133637958050443600.jpg
HKU\S-1-5-21-3696553442-1637611387-1488000935-1027\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run32: => "Sophos Connect"
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_4EAA8FB2F3B9A75B07E38904574735CD"
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\StartupApproved\Run: => "Voicemod"
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\StartupApproved\Run: => "LenovoVantage"
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\StartupApproved\Run: => "LenovoVantageToolbar"
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\StartupApproved\Run: => "NoxMultiPlayer"
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\StartupApproved\Run: => "Medal"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{24977E66-F49E-480B-BCF8-531510FD6963}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{327341AA-DE45-41A4-B458-A916FF2E75FA}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{1FF57E7E-3BC1-4096-82E7-98E5E2F15814}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1CBDD80C-437E-428F-88E1-EB722E975FA0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1D3ECD40-3D89-4CFD-8527-506DA686886F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4C980166-B9B8-4C50-8A40-1E37F8C5A8D5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EF53D44F-D69D-41D5-8E77-552DE2DB4F02}] => (Allow) C:\Users\Legion\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0473A773-5B4B-4A0A-92E6-61A84A952907}] => (Allow) C:\Users\Legion\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{2D3F60A0-DD14-440A-B044-16A7EF0EC16D}] => (Allow) C:\Users\Legion\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{FB0DA8B6-CF20-4D6E-9FEF-C0E00A0C3733}C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6FA58B3A-8BCC-4052-8E6E-87E1937C7061}C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File
FirewallRules: [{132EE2CD-814C-4B3F-A7C4-29043042B06E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{8B9041F4-05E3-4BD8-BCC2-BBC4F879A34F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{726EB6BE-404E-4211-A96F-22702735FC45}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{FD29CD24-191E-413F-A229-A6A14C3CAAF1}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [TCP Query User{503141F4-2466-4C78-A782-B60FCBAC79F7}C:\users\legion\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\legion\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{8C2E4ED5-F924-4953-82DA-C9458C2EFA0F}C:\users\legion\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\legion\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{EF2285DA-E304-4DC0-9845-0DFDDE8C5106}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed]
FirewallRules: [{E778B195-91A1-4C21-973F-A2E2725522AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed]
FirewallRules: [TCP Query User{CC53AC4A-F023-49F7-B7FB-7DAB461950A1}C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe] => (Block) C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe => No File
FirewallRules: [UDP Query User{9102178A-30F8-4510-94C5-24B53A16E20F}C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe] => (Block) C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe => No File
FirewallRules: [TCP Query User{9CE8A48B-DCC3-42F3-8123-79712C646227}C:\users\legion\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\legion\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{EFBCE6F5-91AA-4333-BBC8-C01919C629E6}C:\users\legion\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\legion\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{41521658-50A2-4125-B297-0D0877143CA0}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{96BB3526-95B5-4968-BDAA-B41D0F791246}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{4469A2F0-2382-4B1B-9759-67907F2D5E74}C:\program files\epic games\payday2\payday2_win32_release.exe] => (Allow) C:\program files\epic games\payday2\payday2_win32_release.exe => No File
FirewallRules: [UDP Query User{85E9AEFF-0147-4616-8ECB-3E14F57EF194}C:\program files\epic games\payday2\payday2_win32_release.exe] => (Allow) C:\program files\epic games\payday2\payday2_win32_release.exe => No File
FirewallRules: [TCP Query User{5C2D6394-8378-4B0B-9928-9CF2AF327AD6}C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe] => (Block) C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe => No File
FirewallRules: [UDP Query User{F8013A9C-0664-4313-B8BF-D034AB2F7B69}C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe] => (Block) C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe => No File
FirewallRules: [TCP Query User{31DFFF17-11EB-47FB-946E-75108C6E4B51}C:\users\legion\appdata\roaming\.minecraft\runtime\minecraft-java-exe\minecraftjava.exe] => (Allow) C:\users\legion\appdata\roaming\.minecraft\runtime\minecraft-java-exe\minecraftjava.exe
FirewallRules: [UDP Query User{F88E25B2-633C-47CA-96CC-E7EB8CEB905F}C:\users\legion\appdata\roaming\.minecraft\runtime\minecraft-java-exe\minecraftjava.exe] => (Allow) C:\users\legion\appdata\roaming\.minecraft\runtime\minecraft-java-exe\minecraftjava.exe
FirewallRules: [{CD256811-66A9-48CD-9879-746FBCCC8A1D}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (VOICEMOD, INC. SUCURSAL EN ESPAÑA -> Voicemod)
FirewallRules: [{9B27D7E2-6468-4ABD-B3D9-DC8394C26AB8}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (VOICEMOD, INC. SUCURSAL EN ESPAÑA -> Voicemod)
FirewallRules: [{FDB4C9C6-1DD6-4155-990E-A3975E33B5F8}] => (Allow) C:\Users\Legion\OneDrive\Desktop\Games\BeamNG.drive.v0.32.1\BeamNG.drive.exe (BeamNG GmbH -> BeamNG GmbH)
FirewallRules: [{2824E7D8-E6A7-4820-8A90-DE880971C5A0}] => (Allow) C:\Users\Legion\AppData\Roaming\BeamMP-Launcher\BeamMP-Launcher.exe (BeamMP Mod Team -> BeamMP Mod Team) [File not signed]
FirewallRules: [{C4E86EE8-A98B-48B2-9F8C-C42182533EB3}] => (Allow) LPort=30814
FirewallRules: [{285089C7-72D5-4A24-BE73-76561617020C}] => (Allow) C:\Program Files (x86)\Iriun Webcam\IriunWebcam.exe (IriunWebcam) [File not signed]
FirewallRules: [{4FA16EEF-DE7E-43E3-B2AF-3048095259C3}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{9785A692-8B40-4E78-A1A9-9589ED076DAE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{4FD4D34B-E9CA-4C18-8DEF-9918A26FF3AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe () [File not signed]
FirewallRules: [{E8416DC1-72EE-4C0D-AB77-27FC94B422C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banana\Banana.exe () [File not signed]
FirewallRules: [{E67FC532-B2B5-4471-96CD-A982CE5FA2EA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0C9098BE-24B4-4654-A11A-A13A229636F5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C5C05722-91C9-43E0-8A97-3806DC32F53F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{850C02B6-3CCC-4190-91D6-560EAD51ECE5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{268DA60B-FCF5-4C31-A0C9-1ED23AA7949B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9D118132-E1BF-4D8B-BF81-416D3C81E6E6}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{86396061-146E-468D-945B-A7385AF9C370}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC6B58E7-C3E1-462B-8BFA-4F953E19DC49}] => (Allow) C:\Program Files\Fortect\MainService.exe (Fortect LTD -> Fortect LTD.)
FirewallRules: [{A57C4868-2066-4274-B0D5-FDD7ADFF1A17}] => (Allow) C:\Program Files\Fortect\MainService.exe (Fortect LTD -> Fortect LTD.)
FirewallRules: [{FE4292BC-E0B7-4813-B11E-447C4C7D3A1E}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{55B78816-827B-4A3A-9717-D15E144B4992}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Nox Limited -> Nox Limited Corporation)
FirewallRules: [{794F401E-E28B-4A7C-BED2-68BD1B370CB6}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{1EDE98CB-3293-4E72-B0BE-762DCB8F5D8A}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24152.412.2958.9166_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5763EF4-FAA8-4F6C-ABB2-D4CB3E8F1D37}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24152.412.2958.9166_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9DBE1C04-42BD-407B-8887-CD6D3FEA8D86}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{99816E9A-ABE9-40C4-BA2C-19C299D2ABB4}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{BE30C5FC-7D42-4B22-A1D7-B13F2A3B45CE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{F6CCB35A-B970-4863-BE20-2D41D0795154}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{C6F8FA7E-A30E-468B-AF75-D21893B64512}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{16E80680-2030-4EEC-BCA1-A4CB2D2ABDFA}C:\program files\nodejs\node.exe] => (Block) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [UDP Query User{F2287CBF-75EB-4307-9B74-75D04EA2EBF1}C:\program files\nodejs\node.exe] => (Block) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
 
==================== Restore Points =========================
 
27-06-2024 11:26:59 Windows Update
27-06-2024 11:26:59 Windows Update
27-06-2024 11:27:00 Windows Update
 
==================== Faulty Device Manager Devices ============
 
Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: AlterCam Virtual Camera
Description: AlterCam Virtual Camera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: e2eSoft
Service: VCamSDK
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: DroidCam Video
Description: DroidCam Video
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: DEV47APPS
Service: droidvcam0_vid0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/28/2024 07:19:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/28/2024 03:59:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/28/2024 03:59:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/28/2024 03:20:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Legion\AppData\Local\CapCut\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest.
 
Error: (06/28/2024 03:02:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/28/2024 03:02:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/28/2024 03:01:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (06/28/2024 01:21:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Legion\AppData\Local\CapCut\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest.
 
 
System errors:
=============
Error: (06/28/2024 01:27:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/28/2024 01:27:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (06/28/2024 10:37:03 AM) (Source: DCOM) (EventID: 10005) (User: JONAS)
Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_52e7b with arguments "Unavailable" in order to run the server:
Windows.Media.Capture.Internal.AppCaptureShell
 
Error: (06/28/2024 10:37:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BcastDVRUserService_52e7b service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/28/2024 10:37:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BcastDVRUserService_52e7b service to connect.
 
Error: (06/28/2024 09:45:36 AM) (Source: DCOM) (EventID: 10005) (User: JONAS)
Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_558fa with arguments "Unavailable" in order to run the server:
Windows.Media.Capture.Internal.AppCaptureShell
 
Error: (06/28/2024 09:45:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BcastDVRUserService_558fa service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/28/2024 09:45:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BcastDVRUserService_558fa service to connect.
 
 
Windows Defender:
================
Date: 2024-03-28 16:36:10
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2024-06-28 19:20:39
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. 
 
Date: 2024-06-28 16:09:36
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO EUCN39WW 09/09/2022
Motherboard: LENOVO INVALID
Processor: AMD Ryzen 5 4600H with Radeon Graphics 
Percentage of memory in use: 93%
Total physical RAM: 7549.32 MB
Available physical RAM: 524.07 MB
Total Virtual: 19325.32 MB
Available Virtual: 8210.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:476.18 GB) (Free:79.42 GB) (Model: SAMSUNG MZALQ512HALU-000L2) NTFS
 
\\?\Volume{6b3cb176-ba3a-4101-a324-ac8610b08a37}\ () (Fixed) (Total:0.64 GB) (Free:0.08 GB) NTFS
\\?\Volume{2824862b-23b2-4d30-98ec-d0210e34e206}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: D9FA2484)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
-Kyle

#4 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,110 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted 28 June 2024 - 09:50 PM

Thank you for the reports.
 

==================== Memory info ===========================

BIOS: LENOVO EUCN39WW 09/09/2022
Motherboard: LENOVO INVALID
Processor: AMD Ryzen 5 4600H with Radeon Graphics
Percentage of memory in use: 93%
Total physical RAM: 7549.32 MB
Available physical RAM: 524.07 MB
Total Virtual: 19325.32 MB
Available Virtual: 8210.3 MB

There is insufficient available memory to effectively run your computer. You should expect to experience some performance issues.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\Legion\AppData\LocalLow\OhYeah
Folder: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File) 
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [com.messenger] => C:\Users\Legion\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (No File) 
Task: {1EB99A3B-5065-4207-AF5D-0388C4CA845F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File) 
Task: {FC6DE0F4-A256-4BAA-A3E0-4F49C2B1E115} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{6a27a1a9-7be8-1491-04ca-ee68a211c258}\localserver32 -> "C:\Program Files\Google\Play Games\current\service\Service.exe" -ToastActivated => No File 
FirewallRules: [{0473A773-5B4B-4A0A-92E6-61A84A952907}] => (Allow) C:\Users\Legion\AppData\Roaming\Zoom\bin\airhost.exe => No File 
FirewallRules: [{2D3F60A0-DD14-440A-B044-16A7EF0EC16D}] => (Allow) C:\Users\Legion\AppData\Roaming\Zoom\bin\airhost.exe => No File 
FirewallRules: [TCP Query User{FB0DA8B6-CF20-4D6E-9FEF-C0E00A0C3733}C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File 
FirewallRules: [UDP Query User{6FA58B3A-8BCC-4052-8E6E-87E1937C7061}C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File 
FirewallRules: [TCP Query User{CC53AC4A-F023-49F7-B7FB-7DAB461950A1}C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe] => (Block) C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe => No File 
FirewallRules: [UDP Query User{9102178A-30F8-4510-94C5-24B53A16E20F}C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe] => (Block) C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe => No File 
FirewallRules: [TCP Query User{4469A2F0-2382-4B1B-9759-67907F2D5E74}C:\program files\epic games\payday2\payday2_win32_release.exe] => (Allow) C:\program files\epic games\payday2\payday2_win32_release.exe => No File 
FirewallRules: [UDP Query User{85E9AEFF-0147-4616-8ECB-3E14F57EF194}C:\program files\epic games\payday2\payday2_win32_release.exe] => (Allow) C:\program files\epic games\payday2\payday2_win32_release.exe => No File 
FirewallRules: [TCP Query User{5C2D6394-8378-4B0B-9928-9CF2AF327AD6}C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe] => (Block) C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe => No File 
FirewallRules: [UDP Query User{F8013A9C-0664-4313-B8BF-D034AB2F7B69}C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe] => (Block) C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe => No File 
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File) 
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [com.messenger] => C:\Users\Legion\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (No File) 
Task: {1EB99A3B-5065-4207-AF5D-0388C4CA845F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File) 
Task: {FC6DE0F4-A256-4BAA-A3E0-4F49C2B1E115} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gaimin platform.lnk:ED09BD5172 [6018] 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\netcut.url:8DE7B6794B [6018] 
2024-06-19 17:43 - 2024-03-14 20:58 - 000000000 ___HD C:\WINDOWS\msdownld.tmp 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#5 Kylehasajob

Kylehasajob
  • Topic Starter

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:07:56 AM

Posted Yesterday, 01:45 AM

Hello, i am sending the fixlog information. But i have a question, is it okay if i will not answer for about a day and a half?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.06.2024
Ran by Legion (29-06-2024 09:38:04) Run:1
Running from C:\Users\Legion\Downloads
Loaded Profiles: Legion & Johnson
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\Legion\AppData\LocalLow\OhYeah
Folder: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File) 
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [com.messenger] => C:\Users\Legion\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (No File) 
Task: {1EB99A3B-5065-4207-AF5D-0388C4CA845F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File) 
Task: {FC6DE0F4-A256-4BAA-A3E0-4F49C2B1E115} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
CustomCLSID: HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{6a27a1a9-7be8-1491-04ca-ee68a211c258}\localserver32 -> "C:\Program Files\Google\Play Games\current\service\Service.exe" -ToastActivated => No File 
FirewallRules: [{0473A773-5B4B-4A0A-92E6-61A84A952907}] => (Allow) C:\Users\Legion\AppData\Roaming\Zoom\bin\airhost.exe => No File 
FirewallRules: [{2D3F60A0-DD14-440A-B044-16A7EF0EC16D}] => (Allow) C:\Users\Legion\AppData\Roaming\Zoom\bin\airhost.exe => No File 
FirewallRules: [TCP Query User{FB0DA8B6-CF20-4D6E-9FEF-C0E00A0C3733}C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File 
FirewallRules: [UDP Query User{6FA58B3A-8BCC-4052-8E6E-87E1937C7061}C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File 
FirewallRules: [TCP Query User{CC53AC4A-F023-49F7-B7FB-7DAB461950A1}C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe] => (Block) C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe => No File 
FirewallRules: [UDP Query User{9102178A-30F8-4510-94C5-24B53A16E20F}C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe] => (Block) C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe => No File 
FirewallRules: [TCP Query User{4469A2F0-2382-4B1B-9759-67907F2D5E74}C:\program files\epic games\payday2\payday2_win32_release.exe] => (Allow) C:\program files\epic games\payday2\payday2_win32_release.exe => No File 
FirewallRules: [UDP Query User{85E9AEFF-0147-4616-8ECB-3E14F57EF194}C:\program files\epic games\payday2\payday2_win32_release.exe] => (Allow) C:\program files\epic games\payday2\payday2_win32_release.exe => No File 
FirewallRules: [TCP Query User{5C2D6394-8378-4B0B-9928-9CF2AF327AD6}C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe] => (Block) C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe => No File 
FirewallRules: [UDP Query User{F8013A9C-0664-4313-B8BF-D034AB2F7B69}C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe] => (Block) C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe => No File 
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File) 
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\...\Run: [com.messenger] => C:\Users\Legion\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (No File) 
Task: {1EB99A3B-5065-4207-AF5D-0388C4CA845F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File) 
Task: {FC6DE0F4-A256-4BAA-A3E0-4F49C2B1E115} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gaimin platform.lnk:ED09BD5172 [6018] 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\netcut.url:8DE7B6794B [6018] 
2024-06-19 17:43 - 2024-03-14 20:58 - 000000000 ___HD C:\WINDOWS\msdownld.tmp 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= Folder: C:\Users\Legion\AppData\LocalLow\OhYeah ========================
 
2024-06-17 17:21 - 2024-06-17 17:21 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Legion\AppData\LocalLow\OhYeah\Banana
2024-06-17 17:21 - 2024-06-17 17:28 - 000011537 ____A [A717BCF8C6EE11F070683377B97B1862] () C:\Users\Legion\AppData\LocalLow\OhYeah\Banana\Player.log
 
====== End of Folder: ======
 
 
========================= Folder: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms ========================
 
2024-02-23 12:35 - 2024-02-02 02:24 - 000195216 ____A [B4EA86862BAF364DEFEDCECD3264C252] () C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\readme.txt
 
====== End of Folder: ======
 
"HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RiotClient" => removed successfully
"HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\Software\Microsoft\Windows\CurrentVersion\Run\\com.messenger" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EB99A3B-5065-4207-AF5D-0388C4CA845F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EB99A3B-5065-4207-AF5D-0388C4CA845F}" => removed successfully
C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC6DE0F4-A256-4BAA-A3E0-4F49C2B1E115}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC6DE0F4-A256-4BAA-A3E0-4F49C2B1E115}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKU\S-1-5-21-3696553442-1637611387-1488000935-1001_Classes\CLSID\{6a27a1a9-7be8-1491-04ca-ee68a211c258} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0473A773-5B4B-4A0A-92E6-61A84A952907}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D3F60A0-DD14-440A-B044-16A7EF0EC16D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FB0DA8B6-CF20-4D6E-9FEF-C0E00A0C3733}C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6FA58B3A-8BCC-4052-8E6E-87E1937C7061}C:\users\legion\onedrive\desktop\games\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CC53AC4A-F023-49F7-B7FB-7DAB461950A1}C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9102178A-30F8-4510-94C5-24B53A16E20F}C:\users\legion\appdata\local\medal\app-4.2344.0\medal.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4469A2F0-2382-4B1B-9759-67907F2D5E74}C:\program files\epic games\payday2\payday2_win32_release.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{85E9AEFF-0147-4616-8ECB-3E14F57EF194}C:\program files\epic games\payday2\payday2_win32_release.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5C2D6394-8378-4B0B-9928-9CF2AF327AD6}C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F8013A9C-0664-4313-B8BF-D034AB2F7B69}C:\users\legion\onedrive\desktop\games\nour\nour play with your food.exe" => removed successfully
"HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RiotClient" => not found
"HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\Software\Microsoft\Windows\CurrentVersion\Run\\com.messenger" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EB99A3B-5065-4207-AF5D-0388C4CA845F}" => not found
"C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC6DE0F4-A256-4BAA-A3E0-4F49C2B1E115}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gaimin platform.lnk => ":ED09BD5172" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\netcut.url => ":8DE7B6794B" ADS removed successfully
 
"C:\WINDOWS\msdownld.tmp" Folder move:
 
C:\WINDOWS\msdownld.tmp => moved successfully
 
========= sfc /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.22621.2792
 
Image Version: 10.0.22631.3737
 
No component store corruption detected.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 09:40:18 ====

#6 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,110 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted Yesterday, 08:04 AM

No problem at all on the delay. Thanks for your kindness in letting me know.

When you are able, please run this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
cmd: type "C:\Users\Legion\AppData\LocalLow\OhYeah\Banana\Player.log"
cmd: type "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\readme.txt"
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Sophos Scan & Clean

--------------------
  • Download Sophos Scan & Clean and save it to your Desktop
  • Right click on the icon and select Run as administrator
  • Click Next, review the Terms and conditions and if you agree click Next again
  • When completed click Next twice
  • Click Save Log and save the log onto the Desktop
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog
  • Sophos report

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#7 Kylehasajob

Kylehasajob
  • Topic Starter

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:07:56 AM

Posted Today, 08:28 AM

Hello, thank you for your patience  :) . I will now be sending you the information.

1. FRST

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.06.2024
Ran by Legion (30-06-2024 16:19:33) Run:2
Running from C:\Users\Legion\Downloads
Loaded Profiles: Legion
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
cmd: type "C:\Users\Legion\AppData\LocalLow\OhYeah\Banana\Player.log"
cmd: type "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\readme.txt"
End::
*****************
 
 
========= type "C:\Users\Legion\AppData\LocalLow\OhYeah\Banana\Player.log" =========
 
[Physics::Module] Initialized MultithreadedJobDispatcher with 11 workers.
Initialize engine version: 2022.3.18f1 (d29bea25151d)
[Subsystems] Discovering subsystems at path C:/Program Files (x86)/Steam/steamapps/common/Banana/Banana_Data/UnitySubsystems
GfxDevice: creating device client; threaded=1; jobified=0
Direct3D:
    Version:  Direct3D 11.0 [level 11.1]
    Renderer: NVIDIA GeForce GTX 1650 Ti (ID=0x1f95)
    Vendor:   NVIDIA
    VRAM:     3950 MB
    Driver:   31.0.15.4633
<RI> Initializing input.
<RI> Input initialized.
<RI> Initialized touch support.
NotSupportedException: IL2CPP does not support marshaling delegates that point to instance methods to native code. The method we're attempting to marshal is: Steamworks.fo`1[[Steamworks.UserStatsReceived_t, Assembly-CSharp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null]]::bwv
  at Steamworks.fo`1[a].bwx () [0x00000] in <00000000000000000000000000000000>:0 
  at BratusSteamLibraries.SteamAchievements..ctor () [0x00000] in <00000000000000000000000000000000>:0 
 
UnloadTime: 1.248800 ms
NotSupportedException: To marshal a managed method, please add an attribute named 'MonoPInvokeCallback' to the method definition. The method we're attempting to marshal is: SteamManager::gt
  at SteamManager.OnEnable () [0x00000] in <00000000000000000000000000000000>:0 
  at UnityEngine.GameObject.AddComponent[T] () [0x00000] in <00000000000000000000000000000000>:0 
  at SteamManager.gs () [0x00000] in <00000000000000000000000000000000>:0 
  at UpdateMoney.Awake () [0x00000] in <00000000000000000000000000000000>:0 
UnityEngine.GameObject:AddComponent()
SteamManager:gs()
UpdateMoney:Awake()
 
NotSupportedException: IL2CPP does not support marshaling delegates that point to instance methods to native code. The method we're attempting to marshal is: Steamworks.fo`1[[Steamworks.HTTPRequestCompleted_t, Assembly-CSharp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null]]::bwv
  at Steamworks.fo`1[a].bwx () [0x00000] in <00000000000000000000000000000000>:0 
  at Steamworks.fo`1[a].bwp (Steamworks.fo`1+APIDispatchDelegate[T] a) [0x00000] in <00000000000000000000000000000000>:0 
  at UserScripts.OnEnable () [0x00000] in <00000000000000000000000000000000>:0 
 
NullReferenceException: Object reference not set to an instance of an object.
  at UserScripts.Start () [0x00000] in <00000000000000000000000000000000>:0 
 
Setting up 6 worker threads for Enlighten.
Memory Statistics:
[ALLOC_TEMP_TLS] TLS Allocator
  StackAllocators : 
    [ALLOC_TEMP_MAIN]
      Peak usage frame count: [0-1.0 KB]: 12191 frames, [1.0 KB-2.0 KB]: 17 frames, [4.0 KB-8.0 KB]: 4 frames, [16.0 KB-32.0 KB]: 2 frames, [2.0 MB-4.0 MB]: 1 frames
      Initial Block Size 4.0 MB
      Current Block Size 4.0 MB
      Peak Allocated Bytes 2.1 MB
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 11]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Loading.PreloadManager]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 36.3 KB
      Overflow Count 4
    [ALLOC_TEMP_Background Job.worker 3]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 4]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 7]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 6]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 12]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 2]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 9]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Job.worker 0]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 18.7 KB
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 10]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Job.worker 5]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 20.6 KB
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 8]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 15]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 1]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_EnlightenWorker] x 6
      Initial Block Size 64.0 KB
      Current Block Size 64.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Job.worker 1]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 20.6 KB
      Overflow Count 0
    [ALLOC_TEMP_Job.worker 3]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 21.8 KB
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 13]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 5]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_UnityGfxDeviceWorker]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 7.2 KB
      Overflow Count 0
    [ALLOC_TEMP_Job.worker 4]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 19.8 KB
      Overflow Count 0
    [ALLOC_TEMP_AssetGarbageCollectorHelper] x 11
      Initial Block Size 64.0 KB
      Current Block Size 64.0 KB
      Peak Allocated Bytes 138 B
      Overflow Count 0
    [ALLOC_TEMP_Job.worker 2]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 19.8 KB
      Overflow Count 0
    [ALLOC_TEMP_Job.worker 10]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 18.7 KB
      Overflow Count 0
    [ALLOC_TEMP_Job.worker 7]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 18.7 KB
      Overflow Count 0
    [ALLOC_TEMP_Job.worker 9]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 18.7 KB
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 0]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Job.worker 6]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 20.6 KB
      Overflow Count 0
    [ALLOC_TEMP_Job.worker 8]
      Initial Block Size 256.0 KB
      Current Block Size 256.0 KB
      Peak Allocated Bytes 18.7 KB
      Overflow Count 0
    [ALLOC_TEMP_Background Job.worker 14]
      Initial Block Size 32.0 KB
      Current Block Size 32.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
    [ALLOC_TEMP_Loading.AsyncRead]
      Initial Block Size 64.0 KB
      Current Block Size 64.0 KB
      Peak Allocated Bytes 288 B
      Overflow Count 0
    [ALLOC_TEMP_BatchDeleteObjects]
      Initial Block Size 64.0 KB
      Current Block Size 64.0 KB
      Peak Allocated Bytes 54 B
      Overflow Count 0
[ALLOC_DEFAULT] Dual Thread Allocator
  Peak main deferred allocation count 127
    [ALLOC_BUCKET]
      Large Block size 4.0 MB
      Used Block count 1
      Peak Allocated bytes 1.0 MB
    [ALLOC_DEFAULT_MAIN]
      Peak usage frame count: [16.0 MB-32.0 MB]: 12215 frames
      Requested Block Size 16.0 MB
      Peak Block count 2
      Peak Allocated memory 30.7 MB
      Peak Large allocation bytes 8.0 MB
    [ALLOC_DEFAULT_THREAD]
      Peak usage frame count: [16.0 MB-32.0 MB]: 12215 frames
      Requested Block Size 16.0 MB
      Peak Block count 1
      Peak Allocated memory 23.0 MB
      Peak Large allocation bytes 16.0 MB
[ALLOC_TEMP_JOB_1_FRAME]
  Initial Block Size 2.0 MB
  Used Block Count 0
  Overflow Count (too large) 0
  Overflow Count (full) 0
[ALLOC_TEMP_JOB_2_FRAMES]
  Initial Block Size 2.0 MB
  Used Block Count 0
  Overflow Count (too large) 0
  Overflow Count (full) 0
[ALLOC_TEMP_JOB_4_FRAMES (JobTemp)]
  Initial Block Size 2.0 MB
  Used Block Count 1
  Overflow Count (too large) 0
  Overflow Count (full) 0
[ALLOC_TEMP_JOB_ASYNC (Background)]
  Initial Block Size 1.0 MB
  Used Block Count 1
  Overflow Count (too large) 0
  Overflow Count (full) 0
[ALLOC_GFX] Dual Thread Allocator
  Peak main deferred allocation count 1
    [ALLOC_BUCKET]
      Large Block size 4.0 MB
      Used Block count 1
      Peak Allocated bytes 1.0 MB
    [ALLOC_GFX_MAIN]
      Peak usage frame count: [32.0 KB-64.0 KB]: 11593 frames, [64.0 KB-128.0 KB]: 435 frames, [128.0 KB-256.0 KB]: 187 frames
      Requested Block Size 16.0 MB
      Peak Block count 1
      Peak Allocated memory 240.6 KB
      Peak Large allocation bytes 0 B
    [ALLOC_GFX_THREAD]
      Peak usage frame count: [0.5 MB-1.0 MB]: 12215 frames
      Requested Block Size 16.0 MB
      Peak Block count 1
      Peak Allocated memory 0.8 MB
      Peak Large allocation bytes 0 B
[ALLOC_CACHEOBJECTS] Dual Thread Allocator
  Peak main deferred allocation count 2
    [ALLOC_BUCKET]
      Large Block size 4.0 MB
      Used Block count 1
      Peak Allocated bytes 1.0 MB
    [ALLOC_CACHEOBJECTS_MAIN]
      Peak usage frame count: [1.0 MB-2.0 MB]: 12215 frames
      Requested Block Size 4.0 MB
      Peak Block count 1
      Peak Allocated memory 1.1 MB
      Peak Large allocation bytes 0 B
    [ALLOC_CACHEOBJECTS_THREAD]
      Peak usage frame count: [0.5 MB-1.0 MB]: 12215 frames
      Requested Block Size 4.0 MB
      Peak Block count 1
      Peak Allocated memory 0.7 MB
      Peak Large allocation bytes 0 B
[ALLOC_TYPETREE] Dual Thread Allocator
  Peak main deferred allocation count 0
    [ALLOC_BUCKET]
      Large Block size 4.0 MB
      Used Block count 1
      Peak Allocated bytes 1.0 MB
    [ALLOC_TYPETREE_MAIN]
      Peak usage frame count: [8.0 KB-16.0 KB]: 12215 frames
      Requested Block Size 2.0 MB
      Peak Block count 1
      Peak Allocated memory 9.2 KB
      Peak Large allocation bytes 0 B
    [ALLOC_TYPETREE_THREAD]
      Peak usage frame count: [8.0 KB-16.0 KB]: 12215 frames
      Requested Block Size 2.0 MB
      Peak Block count 1
      Peak Allocated memory 10.5 KB
      Peak Large allocation bytes 0 B
 
 
========= End of CMD: =========
 
 
========= type "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\readme.txt" =========
 
LJ░  
<-          X 4Ç-  
 
========= End of CMD: =========
 
 
==== End of Fixlog 16:19:34 ====
 
2. Sophos
Sophos Scan & Clean
www.sophos.com
 
   Computer name . . . . : JONAS
   Windows . . . . . . . : 10.0.0.22631.X64/12
   User name . . . . . . : JONAS\Legion
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2024-06-30 16:22:37
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 8
   Traces  . . . . . . . : 26
 
   Objects scanned . . . : 2,819,294
   Files scanned . . . . : 226,990
   Remnants scanned  . . : 1,171,730 files / 1,420,574 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.10853\SolaraB\Solara\SolaraBootstrapper.exe -> Quarantined
      Size . . . . . . . : 13,312 bytes
      Age  . . . . . . . : 1.3 days (2024-06-29 10:06:39)
      Entropy  . . . . . : 4.7
      SHA-256  . . . . . : A7FECFC225DFDD4E14DCD4D1B4BA1B9F8E4D1984F1CDD8CDA3A9987E5D53C239
      Product  . . . . . : SolaraBootstrapper
      Publisher
      Description  . . . : SolaraBootstrapper
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Sophos . . . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -20.1s C:\Users\Legion\AppData\Local\Temp\Roblox\http\7a0f71a28c030bef909a5c46f9267f60
         -20.0s C:\Users\Legion\AppData\Local\Temp\Roblox\http\7f80797856fc905447c44a76092ca36b
         -13.5s C:\Users\Legion\AppData\Local\Temp\mat-debug-14120.log
         -13.5s C:\Users\Legion\AppData\Local\Packages\MicrosoftTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\Logs\MSTeamsBackgroundEcs_2024-06-29_10-06-25.1219.log
         -2.7s C:\Users\Legion\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\lockfile
         -2.5s C:\Users\Legion\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\SharedStorage-wal
         -2.5s C:\Users\Legion\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\SharedStorage-shm
         -2.3s C:\Users\Legion\AppData\Local\Temp\3cc5a2f2-c271-41a1-b72c-9292e54c7273.tmp
         -0.2s C:\Users\Legion\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\blob_storage\7ca79242-852e-49b7-a783-b8d7d0718b99\
         -0.1s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.10853\
         -0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.10853\SolaraB\Solara\
         -0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.10853\SolaraB\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.10853\SolaraB\Solara\SolaraBootstrapper.exe
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.10853\SolaraB\Solara\autoexec\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.10853\SolaraB\Solara\scripts\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.10853\SolaraB\Solara\workspace\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.10853\SolaraB\Solara\workspace\IY_ANO.iy
          3.6s C:\Users\Legion\AppData\Local\Temp\Roblox\http\79bf2e861789ade2b8018aea03d14a67
          3.7s C:\Users\Legion\AppData\Local\Temp\Roblox\http\f2e80b42b10b5b3681670bb6109107cc
          3.7s C:\Users\Legion\AppData\Local\Temp\Roblox\http\5eaad1e89dae650edba7ed7024540f44
          3.7s C:\Users\Legion\AppData\Local\Temp\Roblox\http\f5f365e478efee5f77bb7b0ab12998dc
          3.8s C:\Users\Legion\AppData\Local\Temp\Roblox\http\3e1434f8a40b4fda7653c47be63b0783
          3.8s C:\Users\Legion\AppData\Local\Temp\Roblox\http\73abb9dedf601fb317d9ebfe2a7a947f
          3.8s C:\Users\Legion\AppData\Local\Temp\Roblox\http\3b73a470490998838180a0c05ea18127
          3.8s C:\Users\Legion\AppData\Local\Temp\Roblox\http\e7322ac686c9105661da27adc9d21474
          3.9s C:\Users\Legion\AppData\Local\Temp\Roblox\http\d4995269d08e9a2a93b4d08dc05f5a28
          4.0s C:\Users\Legion\AppData\Local\Temp\Roblox\http\fb69c320ac4d38b4f8f7badc281c65bd
          4.0s C:\Users\Legion\AppData\Local\Temp\Roblox\http\7508747d4d9970b3deba33d61e3d378b
          4.4s C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Cache\d6ea106a-1d8b-4376-b04a-7ce96db3357a\
          4.6s C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Cache\d6ea106a-1d8b-4376-b04a-7ce96db3357a\content.phf
          4.8s C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Cache\d6ea106a-1d8b-4376-b04a-7ce96db3357a\content.bin
          4.9s C:\Windows\Temp\_avast_\nsfsp00000006.tmp
          5.3s C:\Windows\Temp\_avast_\nsfsp00000007.tmp
         15.5s C:\Users\Legion\AppData\Local\Temp\Roblox\http\cda9cad3700bfb432773771af8b13b4e
         15.5s C:\Users\Legion\AppData\Local\Temp\Roblox\http\87455d824aab3ec9e1a6a88db5f79299
         16.2s C:\Users\Legion\AppData\Local\Temp\Roblox\http\2c0bdeb70336740244429d0f27c8d69d
         16.7s C:\Users\Legion\AppData\Local\Temp\Roblox\http\6a814e4cccaf07d87dfa5fe37bb1f9a9
         42.7s C:\Users\Legion\AppData\Local\Temp\Roblox\http\bd846933fe76bdc5f2b838180e00cb7c
         44.6s C:\Users\Legion\AppData\Local\Temp\Roblox\http\1d91d274b37d0aa63fe44c2d5d9ed7bd
         44.6s C:\Users\Legion\AppData\Local\Temp\Roblox\sounds\RBX68FED8DB788844A2B4B62B5E6208686D
         52.9s C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.4c545771-3fd0-432c-8aa0-2264425bc22d.2.etl
         56.0s C:\Users\Legion\AppData\Local\Temp\Roblox\http\817087a415394a89886630199ad0af6d
         56.0s C:\Users\Legion\AppData\Local\Temp\Roblox\http\ad48b07379f8120c7c21462a111dd70d
         56.1s C:\Users\Legion\AppData\Local\Temp\Roblox\http\dea2ebbef75ccafc22c5db5e942d3ec9
         69.7s C:\Users\Legion\AppData\Local\Temp\Roblox\http\e80d932d163a92f31d1690e8fd5fb763
         87.3s C:\Users\Legion\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\BrowserMetrics-spare.pma
         92.6s C:\Users\Legion\AppData\Local\Temp\Roblox\http\d209e00e31cdb140517e0a4cbdc2147d
         92.7s C:\Users\Legion\AppData\Local\Temp\Roblox\http\300d532e9d346f02a791d64de9e07f7a
         93.3s C:\Users\Legion\AppData\Local\Temp\Roblox\http\255956d0c5644d369abbe4966f97a6e6
         93.3s C:\Users\Legion\AppData\Local\Temp\Roblox\http\93834d2de69b0b808ba97cb617d7adcd
 
   C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\SolaraBootstrapper.exe -> Quarantined
      Size . . . . . . . : 13,312 bytes
      Age  . . . . . . . : 1.2 days (2024-06-29 11:18:54)
      Entropy  . . . . . : 4.7
      SHA-256  . . . . . : A7FECFC225DFDD4E14DCD4D1B4BA1B9F8E4D1984F1CDD8CDA3A9987E5D53C239
      Product  . . . . . : SolaraBootstrapper
      Publisher
      Description  . . . : SolaraBootstrapper
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Sophos . . . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\
         -0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\
         -0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\SolaraBootstrapper.exe
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\autoexec\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\scripts\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\workspace\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\workspace\IY_ANO.iy
          4.4s C:\Windows\prefetch\SOLARABOOTSTRAPPER.EXE-172109E7.pf
          6.0s C:\Users\Legion\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\lockfile
          6.3s C:\Users\Legion\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\SharedStorage-wal
          6.3s C:\Users\Legion\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\SharedStorage-shm
         27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\
         27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\
         27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\
         27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\SolaraBootstrapper.exe
         27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\autoexec\
         27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\scripts\
         27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\workspace\
         27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\workspace\IY_ANO.iy
         31.6s C:\Windows\prefetch\SOLARABOOTSTRAPPER.EXE-A1F3AA1A.pf
         31.6s C:\Users\Legion\AppData\Local\Packages\Microsoft.WindowsTerminal_8wekyb3d8bbwe\LocalState\state.json
         33.6s C:\Users\Legion\AppData\Local\Temp\9afbf719-846a-4ef3-b5fe-46c7bc9be087.tmp
         36.6s C:\Users\Legion\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\blob_storage\858afe33-c0aa-42aa-bafb-e1f1763acc90\
 
   C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\SolaraBootstrapper.exe -> Quarantined
      Size . . . . . . . : 13,312 bytes
      Age  . . . . . . . : 1.2 days (2024-06-29 11:19:21)
      Entropy  . . . . . : 4.7
      SHA-256  . . . . . : A7FECFC225DFDD4E14DCD4D1B4BA1B9F8E4D1984F1CDD8CDA3A9987E5D53C239
      Product  . . . . . : SolaraBootstrapper
      Publisher
      Description  . . . : SolaraBootstrapper
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Sophos . . . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\
         -27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\
         -27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\
         -27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\SolaraBootstrapper.exe
         -27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\autoexec\
         -27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\scripts\
         -27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\workspace\
         -27.8s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.44345\SolaraB\Solara\workspace\IY_ANO.iy
         -23.4s C:\Windows\prefetch\SOLARABOOTSTRAPPER.EXE-172109E7.pf
         -21.8s C:\Users\Legion\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\lockfile
         -21.5s C:\Users\Legion\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\SharedStorage-wal
         -21.5s C:\Users\Legion\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\SharedStorage-shm
         -0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\
         -0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\SolaraBootstrapper.exe
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\autoexec\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\scripts\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\workspace\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.47125\SolaraB\Solara\workspace\IY_ANO.iy
          3.8s C:\Windows\prefetch\SOLARABOOTSTRAPPER.EXE-A1F3AA1A.pf
          3.9s C:\Users\Legion\AppData\Local\Packages\Microsoft.WindowsTerminal_8wekyb3d8bbwe\LocalState\state.json
          5.8s C:\Users\Legion\AppData\Local\Temp\9afbf719-846a-4ef3-b5fe-46c7bc9be087.tmp
          8.8s C:\Users\Legion\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\blob_storage\858afe33-c0aa-42aa-bafb-e1f1763acc90\
 
   C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.7619\SolaraB\Solara\SolaraBootstrapper.exe -> Quarantined
      Size . . . . . . . : 13,312 bytes
      Age  . . . . . . . : 1.2 days (2024-06-29 11:12:46)
      Entropy  . . . . . : 4.7
      SHA-256  . . . . . : A7FECFC225DFDD4E14DCD4D1B4BA1B9F8E4D1984F1CDD8CDA3A9987E5D53C239
      Product  . . . . . : SolaraBootstrapper
      Publisher
      Description  . . . : SolaraBootstrapper
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Sophos . . . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.7619\
         -0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.7619\SolaraB\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.7619\SolaraB\Solara\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.7619\SolaraB\Solara\SolaraBootstrapper.exe
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.7619\SolaraB\Solara\autoexec\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.7619\SolaraB\Solara\scripts\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.7619\SolaraB\Solara\workspace\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa10660.7619\SolaraB\Solara\workspace\IY_ANO.iy
 
   C:\Users\Legion\AppData\Local\Temp\Rar$EXa11692.14892\SolaraB\Solara\SolaraBootstrapper.exe -> Quarantined
      Size . . . . . . . : 13,312 bytes
      Age  . . . . . . . : 1.2 days (2024-06-29 11:13:59)
      Entropy  . . . . . : 4.7
      SHA-256  . . . . . : A7FECFC225DFDD4E14DCD4D1B4BA1B9F8E4D1984F1CDD8CDA3A9987E5D53C239
      Product  . . . . . : SolaraBootstrapper
      Publisher
      Description  . . . : SolaraBootstrapper
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Sophos . . . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -0.1s C:\Users\Legion\AppData\Local\Temp\Rar$EXa11692.14892\
         -0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa11692.14892\SolaraB\Solara\
         -0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa11692.14892\SolaraB\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa11692.14892\SolaraB\Solara\SolaraBootstrapper.exe
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa11692.14892\SolaraB\Solara\autoexec\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa11692.14892\SolaraB\Solara\scripts\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa11692.14892\SolaraB\Solara\workspace\
          0.0s C:\Users\Legion\AppData\Local\Temp\Rar$EXa11692.14892\SolaraB\Solara\workspace\IY_ANO.iy
          3.9s C:\Windows\prefetch\SOLARABOOTSTRAPPER.EXE-F5295FD1.pf
 
   C:\Users\Legion\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll -> Quarantined
      Size . . . . . . . : 4,418,560 bytes
      Age  . . . . . . . : 2.0 days (2024-06-28 15:20:16)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : DEC8C51C89452B183201E58E4CFCEFFB0924C4C1F7729841A739086711FF021F
    > Sophos . . . . . . : Generic Reputation PUA (PUA)
      Fuzzy  . . . . . . : 111.0
 
   C:\Users\Legion\OneDrive\Desktop\Fluxus V7.exe -> Quarantined
      Size . . . . . . . : 4,116,992 bytes
      Age  . . . . . . . : 2.9 days (2024-06-27 17:42:55)
      Entropy  . . . . . : 7.3
      SHA-256  . . . . . : 1E022D3886700317E5C41977DE8FD595DB5FBB3529164048ED09EE7EFDB5711D
      Needs elevation  . : Yes
      Product  . . . . . : Fluxus
      Publisher  . . . . : Fluxteam
      Description  . . . : Fluxus
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Sophos . . . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 106.0
      Forensic Cluster
         -3.6s C:\Users\Legion\AppData\Local\Temp\033e1889-0bfb-4983-91c5-00d07aa9d731.tmp.node
         -3.6s C:\Windows\prefetch\FLUXUS V7.EXE-23AB662C.pf
          0.0s C:\Users\Legion\OneDrive\Desktop\Fluxus V7.exe
          6.9s C:\Users\Legion\AppData\Local\Temp\xml_file (285).xml
          6.9s C:\Users\Legion\AppData\Local\Temp\xml_file (286).xml
         35.2s C:\Users\Legion\OneDrive\Desktop\Fluxus\
         35.5s C:\Windows\prefetch\FLUXUS V7.EXE-17332056.pf
         63.1s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a80
         65.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a81
         65.5s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a82
         65.5s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\f59ddd24d8d63c8e_0
         65.6s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a83
         65.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\301198f3ac6d07d8_0
         65.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\24f2c8e3a3a3dd4e_0
         66.9s C:\Users\Legion\AppData\Local\Temp\xml_file (287).xml
         66.9s C:\Users\Legion\AppData\Local\Temp\xml_file (288).xml
         70.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\30cd30dd1af25a8b_0
         70.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\e0e719e2257566a5_0
         71.1s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\985ca936e176b605_0
         71.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\f_000696
         71.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\f_000698
         71.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\f_000699
         71.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\f_00069a
         71.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\f_00069b
         73.0s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a84
         73.3s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\0e6fcdafbec70c5c_0
         73.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a85
         73.4s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\b1a41d591a7c1fbe_0
         73.4s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\572bc4b2d8f9cf3f_0
         73.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a86
         73.5s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a87
         73.5s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\305f1f3f41e7c7d1_0
         73.5s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a88
         73.5s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\8e01c5c4cbcf34e8_0
         73.5s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\e7e7db6e85ae750d_0
         73.5s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\baec08c1ec4d5828_0
         73.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\13f5ff072639e0f8_0
         73.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\cea2a521f120db54_0
         73.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\490eac2286ac02a3_0
         73.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\75110a7cc6182f0a_0
         73.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\81859c455324adba_0
         73.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\df617790a5782efa_0
         73.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\63137b0576ef73d1_0
         73.6s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a89
         73.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\a302bf1e68f47775_0
         73.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\117e43b020e75af7_0
         73.8s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\25ba1b160e7eec5a_0
         73.8s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a8a
         73.8s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\41a682a7c9a51561_0
         73.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\bc0f195c5ef77396_0
         74.0s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a8b
         74.1s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\bbd3f03da6209f8e_0
         74.1s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\49ed384c002452fb_0
         74.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a8c
         74.3s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\dd473be6f0871522_0
         74.6s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a8d
         74.6s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a8e
         74.6s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a8f
         75.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\54a8d152c8b0e693_0
         75.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\169be994c8f4125c_0
         75.8s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\e1e44c9bef303a41_0
         76.1s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\a7cf4c86f6b4bdf8_0
         76.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a90
         76.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a91
         76.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a92
         76.8s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\5721da6b84f187df_0
         76.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\bc6b526a5a9f286b_0
         76.9s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a93
         76.9s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a94
         76.9s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a95
         76.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\9002d130836eb142_0
         76.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\bbf6a31880ae4c91_0
         76.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\de96f1ef6e6d35a4_0
         76.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\cf4ebb898229a05a_0
         76.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\18dd99c556321338_0
         76.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\73539d0e595a9928_0
         76.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\abede6195888763e_0
         77.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\3bda4558a21a0fca_0
         77.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\fcb29e8fedaa4843_0
         77.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\7051a7eeeb28a284_0
         77.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\5ed711da4425b215_0
         77.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\becc814af7cb4127_0
         77.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\2956b00fcabaf0f0_0
         77.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\86bba1f255b05a91_0
         77.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\8a7e9fb17dfff003_0
         77.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\344ec6eade6d52a2_0
         77.1s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\4d574b42a3bded95_0
         80.4s C:\Users\Legion\AppData\Local\Temp\Roblox\http\bbed911709d9e336b9e6ead9299ed8b5
         80.4s C:\Users\Legion\AppData\Local\Temp\Roblox\http\eb167e447c1803a4ae64852ee40d4bdf
         80.4s C:\Users\Legion\AppData\Local\Temp\Roblox\http\38cce55563f7193d11cffea11e571e98
         80.4s C:\Users\Legion\AppData\Local\Temp\Roblox\http\6aa76a89a2eb16dce93f8441a9fcb562
         80.4s C:\Users\Legion\AppData\Local\Temp\Roblox\http\d7ef9c9042f19a69019db73b3997d834
         80.4s C:\Users\Legion\AppData\Local\Temp\Roblox\http\5d671302984c0ed87c5edc1df508e887
         85.5s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a98
         85.9s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a99
         87.5s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a9a
         89.0s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a9b
         90.6s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a9c
         91.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a9d
         98.3s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a9e
         99.5s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001a9f
         100.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aa0
         113.5s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aa1
         113.9s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aa2
         114.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\88ed65aa2b39b1ff_0
         114.1s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aa3
         114.1s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\c517fffd74c72194_0
         118.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aa4
         120.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aa5
         120.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aa6
         124.1s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aa7
         124.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aa8
         124.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aa9
         126.9s C:\Users\Legion\AppData\Local\Temp\xml_file (289).xml
         126.9s C:\Users\Legion\AppData\Local\Temp\xml_file (290).xml
         135.1s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aaa
         135.1s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aab
         135.1s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aac
         135.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aad
         135.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aae
         135.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aaf
         135.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ab0
         135.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ab1
         154.3s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ab2
         154.7s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ab3
         155.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ab4
         157.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ab5
         161.8s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ab6
         161.8s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ab7
         161.8s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ab8
         161.8s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ab9
         161.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\f_00069c
         162.0s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aba
         164.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\f_00069d
         164.0s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001abb
         168.0s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001abc
         168.0s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001abd
         168.0s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001abe
         168.8s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\f_00069e
         174.0s C:\Users\Legion\AppData\Local\Temp\Roblox\http\00664d658afbc88a9de8f90bd6f9fef4
         174.0s C:\Users\Legion\AppData\Local\Temp\Roblox\http\5dbecf8aa673ac942c2939f9f34f418d
         174.0s C:\Users\Legion\AppData\Local\Temp\Roblox\http\2a091cbb679c4d9015a128830e6780a4
         174.1s C:\Users\Legion\AppData\Local\Temp\Roblox\http\5cd42ad418bc9e14b5baa959ed7d629b
         174.9s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001abf
         175.5s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ac0
         187.8s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\389fd786f39f41c6_0
         190.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\7a2a9dfbbe3ad742_0
         190.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\fbc158402a9e5b42_0
         190.8s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\a9ab50c491093b3f_0
         191.1s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ac1
         191.1s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\bcf391a92485aa4f_0
         191.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\b6075b4ebc640f27_0
         194.9s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ac2
         194.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\31749b6724484254_0
         195.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\833f49f007e480e3_0
         195.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\f_00069f
         195.4s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\d01f5cae593b2c4d_0
         195.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\1b865c0d62902341_0
         195.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\d7d1005a67957a08_0
         195.8s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ac3
         195.8s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\87cb99c4317d4578_0
         195.9s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ac4
         195.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\5fd50ab1f924038b_0
         195.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\526cde8129b7af53_0
         196.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\70dff200700924b1_0
         196.0s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ac5
         196.0s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\0ff29cab939d0574_0
         196.5s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\e6bc68686ab6d58c_0
         196.5s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\f1f2100daa73fdce_0
         196.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\ae2050697debf8f9_0
         196.8s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ac6
         196.8s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ac7
         197.0s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ac8
         197.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\f_0006a0
         200.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\61b3ec9020739b1a_0
         200.8s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\a0e9e3c62adc12cd_0
         201.1s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\71e557dd601df7e3_0
         201.8s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ac9
         202.2s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\29208ea1da11c98a_0
         202.2s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\3c543499a848508b_0
         202.4s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\c18d200a17c340cd_0
         202.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\23374d827e4caac6_0
         202.8s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\b9c325fa534d4528_0
         202.9s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\87de9940e7bfb575_0
         203.1s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\2239778307245386_0
         203.2s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\52c2c9272ae9c649_0
         203.9s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001aca
         204.0s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001acb
         204.1s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\f57ea172ba3e9678_0
         204.1s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\98dbce66de012eeb_0
         204.4s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001acc
         204.6s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001acd
         204.7s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ace
         204.7s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001acf
         205.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ad0
         205.3s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ad1
         205.3s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\0ba6b024282d14ee_0
         205.4s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\4c0f304c20820601_0
         205.5s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ad2
         205.5s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ad3
         205.6s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\685bd645def7d80c_0
         205.7s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\61bc25e59a4c6d66_0
         206.2s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ad4
         206.3s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ad5
         206.3s C:\Users\Legion\AppData\Local\Opera Software\Opera GX Stable\Cache\old_Cache_Data_000\f_001ad6
         206.3s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\ac2c1d95d501d944_0
         206.3s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\1955cc9b0971e946_0
         206.5s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\3e44f1724cb1c39d_0
         206.8s C:\Users\Legion\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js\460ea86fa0b895a8_0
 
   C:\Users\Legion\OneDrive\Desktop\Solara\SolaraBootstrapper.exe -> Quarantined
      Size . . . . . . . : 13,312 bytes
      Age  . . . . . . . : 1.8 days (2024-06-28 20:54:00)
      Entropy  . . . . . : 4.7
      SHA-256  . . . . . : A7FECFC225DFDD4E14DCD4D1B4BA1B9F8E4D1984F1CDD8CDA3A9987E5D53C239
      Product  . . . . . : SolaraBootstrapper
      Publisher
      Description  . . . : SolaraBootstrapper
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Sophos . . . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -0.0s C:\Users\Legion\OneDrive\Desktop\Solara\
          0.0s C:\Users\Legion\OneDrive\Desktop\Solara\SolaraBootstrapper.exe
          0.0s C:\Users\Legion\OneDrive\Desktop\Solara\autoexec\
          0.0s C:\Users\Legion\OneDrive\Desktop\Solara\workspace\
          0.0s C:\Users\Legion\OneDrive\Desktop\Solara\scripts\
          0.0s C:\Users\Legion\OneDrive\Desktop\Solara\workspace\IY_ANO.iy
 
 
Suspicious files ____________________________________________________________
 
   C:\Program Files (x86)\Nox\bin\MultiPlayerManager.exe
      Size . . . . . . . : 3,928,552 bytes
      Age  . . . . . . . : 5.2 days (2024-06-25 12:09:21)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 504F8B725309C0342EFF923F10AD4C23101F3C90B94F23E669F1BEFF40B4AD43
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 26.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Uses the Windows Registry to run each time the user logs on.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NoxMultiPlayer
      References
         C:\Users\Legion\OneDrive\Desktop\Nox Asst.lnk
 
   C:\Program Files (x86)\Nox\bin\Qt5Core.dll
      Size . . . . . . . : 6,147,224 bytes
      Age  . . . . . . . : 5.2 days (2024-06-25 12:09:21)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 482341E03E70A6E96A3B846884CADD2B7012EC2DF09721990054012ACF4F2E9D
      Product  . . . . . : Qt5
      Publisher  . . . . : The Qt Company Ltd.
      Description  . . . : C++ Application Development Framework
      Version  . . . . . : 5.9.9.0
      Copyright  . . . . : Copyright (C) 2019 The Qt Company Ltd.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 28.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         File belongs to an identified security risk.
         Time indicates that the file appeared recently on this computer.
 
   C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe
      Size . . . . . . . : 85,416 bytes
      Age  . . . . . . . : 138.7 days (2024-02-12 23:04:20)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : A76BB9A1AAD6A4707233D1583032826A631CC1825E8D5FC9BFD3BBA4265424B7
      Product  . . . . . : Lenovo Vantage
      Publisher  . . . . : Lenovo
      Description  . . . : Vantage Toolbar
      Version  . . . . . : 1.0.4.9
      Copyright  . . . . : Copyright © 2018-2024 Lenovo. All rights reserved.
      RSA Key Size . . . : 4096
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Program starts automatically without user intervention.
         Uses the Windows Registry to run each time the user logs on.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LenovoVantageToolbar
 
   C:\ProgramData\Lenovo\Vantage\Addins\LenovoCompanionAppAddin\1.0.0.39\LenovoVantage.exe
      Size . . . . . . . : 25,496 bytes
      Age  . . . . . . . : 57.9 days (2024-05-03 18:53:12)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 6A8E438A60757821A0B7966F4FEAC27E2B7795A29ADFB74589426250965446C7
      Product  . . . . . : Lenovo Vantage
      Publisher  . . . . : Lenovo
      Description  . . . : Lenovo Vantage
      Version  . . . . . : 1.0.0.39
      RSA Key Size . . . : 4096
      LanguageID . . . . : 0
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Program starts automatically without user intervention.
         Uses the Windows Registry to run each time the user logs on.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LenovoVantage
 
   C:\Users\Legion\AppData\Local\Medal\update.exe
      Size . . . . . . . : 2,049,384 bytes
      Age  . . . . . . . : 16.9 days (2024-06-13 19:17:56)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : A79813B7DBDC038109603B24B03172671BDD7D3150DEF9DB1F9FD835CE6C9DFF
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 25.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Uses the Windows Registry to run each time the user logs on.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKU\S-1-5-21-3696553442-1637611387-1488000935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Medal
 
   C:\Users\Legion\OneDrive\Desktop\Games\Satisfactory.v0.8.3.3\Engine\Binaries\ThirdParty\Steamworks\Steamv157\Win64\steam_api64.dll
      Size . . . . . . . : 426,344 bytes
      Age  . . . . . . . : 14.0 days (2024-06-16 17:14:05)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 51425709B07D703F2B675828520C8D38AF2D014F40D175695BC299C32B37F685
      Product  . . . . . : Steam Client API
      Publisher  . . . . : Valve Corporation
      Description  . . . : Steam Client API (buildbot_winslave007@WUS)
      Version  . . . . . : 01.0.1.45
      Copyright  . . . . : Copyright (C) NisCkxU544c
      RSA Key Size . . . : 4096
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 29.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:doubleclick.net
   C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:googleadservices.com
   C:\Users\Legion\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:adnxs.com
   C:\Users\Legion\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:taboola.com
   C:\Users\Legion\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5BYP0JF1\eus.rubiconproject[1].xml
   C:\Users\Legion\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\8M9GPZGV\csync.smartadserver[1].xml
   C:\Users\Legion\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\E4D7XF7R\ads.pubmatic[1].xml
 
 
 
-Kyle

#8 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,110 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted Today, 09:39 AM

Thank you for the reports Kyle.

Before providing my conclusion regarding your initial concern, "Win64:Efiguard-B and Win64:Efiguard-A trojan removal" I wanted to evaluate the entirety of your system. No substantial threats were detected.

The Avast warning you are receiving regarding Efiguard is a known false positive detection. Below is an explanation I provided on a previous similar topic. Though you are using Avast, other antivirus programs have encountered similar False Positive detections.
 

EfiGuardDxe.efi can be associated with malware (Glupteba's UEFI Bootkit) which utilizes the Bootkit injection as part of its launching mechanism. However, this same Bootkit capability can be used for legitimate, non-malware purposes as well. The UEFI Bootkit in and of itself is not malicious, it is the purpose for the Bootkit which defines if it for good or evil. Your antivirus program is simply identifying its presence without determining its purpose.

Via my instructions I have been looking for any evidence the Bootkit was or is associated with malware. There is absolutely no evidence that is the case. In addition to my own evaluation, I have been consulting with my colleague Elise who is a Malware Analyst at Emsisoft. She has concluded this entry is not malicious. She also said there can be various ways the Bootkit can be installed, including the installation of software requiring the legitimate Bootkit entry.

The bottom line is your computer is not infected by a Bootkit and the flag can be ignored. You can create an Exclusion in your antivirus program to bypass the warning. Each antivirus product is different so if you need assistance creating the Exclusion let me know.


Let me know your thoughts.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·