Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Google Chrome to let Isolated Web App access sensitive USB devices

Featured Deal: Block malvertising with $60 off AdGuard ad blocker

Latest Buyer's Guide:    Best web browsers with built in VPN: Boost online privacy

Generic User Avatar

Persistent Malware even after formatting, hopeless at this point

Started by NoMaliciousIntent , Yesterday, 02:09 PM

  • Please log in to reply
No replies to this topic

#1 NoMaliciousIntent

NoMaliciousIntent

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:12:56 AM

Posted Yesterday, 02:09 PM

Ive been dealing with what seems to be some sort of malware that is persistent across windows installations and even ssd changes. I will slowly lose windows privilege's, windows will start to break, to my admin account eventually being disabled, and eventually windows becoming unbootable. Ive been fighting this losing battle for about 6 months, with the most recent windows failure ending right after i found a notepad message in Chinese put on my desktop that translated to "tired of fighting? its just begun, look at your phone". After looking at my my android it seems that root access has been granted through some sort of malware and this was confirmed after bringing it to a specialist who noted my s24U had been compromised through some sort of "bluetooth tethering" and more than 100 apps have had changes to them granting permissions that should not be granted, ie camera/microphone access, bluetooth control, wifi control, ect.. Factory resetting my phone did not fix the issue and i was told a firmware flash would be the only solution, but they said i need to get my PC solved at the same time in case they are linked because processes on my android are linked to windows in some way. After looking through all 3 of my computers, i found bitcoin miners installed on all 3, 2 of which being laptops which i have kept off and pulled the SSD's.

This desktop had 2 SSD's attached previously where the BTC mining was most prominent looking back at the history being several years, and after i removed those SSD's 6 months ago, very apparent issues started which seemed to resemble a RAT with some sort of backdoor for firmware malware due to persistence after formatting. This might have been attributed to reinfection from infected USB's or an infected network, but after bringing my pc to a new network and reinstalling windows on a new SSD, I am immediately getting a network security message from Eset Smart Security Premium stating the following: Network threat blocked, ARP Cache poisoning attack. A device (192.168.*.*) on the network is sending malicious traffic. This can be an attempt to attack your computer."  This worries me of continued persistence after a fresh install from a windows install usb using a non-infected computer on a new network. I would greatly appreciate it if someone could look through some basic logs for me to point me in the right direction. Thankyou.

 

A side note, on every new install, find that in my device manager, "Microsoft Kernel Debug Network Adapter" is enabled right from the start, so i disable it. I am UNABLE to disable it using CMD as i get the error stating that "secure boot must be disabled..yada yada yada" so i just disable it through device manager. I also updated my bios to the most recent version prior to this recent windows reinstall.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.06.2024
Ran by Drake (administrator) on DESKTOP-IVLLINQ (Micro-Star International Co., Ltd. MS-7D91) (29-06-2024 12:38:14)
Running from C:\Users\Drake\Documents\FRST64.exe
Loaded Profiles: Drake
Platform: Microsoft Windows 10 Home Version 22H2 19045.4598 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\ESET\ESET Security\egui.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\SysInspector.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <19>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(explorer.exe ->) (Wireshark Foundation -> The Wireshark developer community, hxxps://www.wireshark.org/) C:\Program Files\Wireshark\Wireshark.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_28404aaca623afbd\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9471a153dc4a2e67\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_473b0a6bfde8ccb7\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Skype Software Sarl -> ) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(svchost.exe ->) (Skype Software Sarl -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeApp.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [195256 2024-05-29] (ESET, spol. s r.o. -> ESET)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2899493621-2652884681-1434404966-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2866712 2024-06-25] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\Installer\chrmstp.exe [2024-06-29] (Brave Software, Inc. -> Brave Software, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {98D63A62-A7B5-4823-85C2-EA38E665C457} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{458EC05D-3D8F-4736-AAAF-DA4E7B554EB7} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167448 2024-06-29] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D49353B5-AF1E-40E5-994C-09583A586266} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{795AADDE-2D1E-4D1A-A2AE-D2533623B063} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167448 2024-06-29] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {7EE89590-FEC6-4CD3-95AC-3CC93BBAD701} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\System32\MRT.exe [199048176 2024-06-29] (Microsoft Windows -> Microsoft Corporation) -> C:\Windows\system32\/EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x80072ee7"
Task: {FFEE3C2F-B5B6-4D21-BE2F-CEDDE7C42FB7} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{db436e6e-ffc6-44d5-918f-a9bf6290096e}: [NameServer] 9.9.9.9
Tcpip\..\Interfaces\{db436e6e-ffc6-44d5-918f-a9bf6290096e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{db436e6e-ffc6-44d5-918f-a9bf6290096e}\84F4C4C4F4751495: [NameServer] 9.9.9.9
Tcpip\..\Interfaces\{db436e6e-ffc6-44d5-918f-a9bf6290096e}\84F4C4C4F4751495: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge Profile: C:\Users\Drake\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-29]
 
Brave: 
=======
BRA Profile: C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-06-29]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-06-29]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-06-29]
BRA Extension: (Brave NTP background images) - C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-06-29]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-06-29]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-06-29]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2024-06-29]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-06-29]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-06-29]
BRA Extension: (Brave Ads Resources) - C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2024-06-29]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-06-29]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Drake\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-06-29]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167448 2024-06-29] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\elevation_service.exe [2688024 2024-06-25] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167448 2024-06-29] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [5584248 2024-05-29] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3903168 2024-05-29] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3903168 2024-05-29] (ESET, spol. s r.o. -> ESET)
S2 Intel® Platform License Manager Service; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_473b0a6bfde8ccb7\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [218432 2024-05-29] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [119008 2024-05-29] (Microsoft Windows Hardware Compatibility Publisher -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2024-05-22] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [259752 2024-05-29] (ESET, spol. s r.o. -> ESET)
S2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [57832 2024-05-29] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [84120 2024-05-29] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [125952 2024-05-29] (ESET, spol. s r.o. -> ESET)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_774a66f35d00ad3d\iaLPSS2_GPIO2_ADL.sys [140960 2022-06-23] (Intel Corporation -> Intel Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [77792 2023-10-19] (Nmap Software LLC -> Insecure.Com LLC.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-29 14:23 - 2024-06-29 11:20 - 000000000 ____D C:\Windows\Panther
2024-06-29 13:32 - 2024-06-29 13:32 - 000000000 ____H C:\Users\Drake\Documents\Default.rdp
2024-06-29 13:29 - 2024-06-29 13:29 - 000000000 ___RD C:\Users\Drake\OneDrive
2024-06-29 13:29 - 2024-06-29 10:47 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2899493621-2652884681-1434404966-1001
2024-06-29 13:28 - 2024-06-29 13:28 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-06-29 13:28 - 2024-06-29 11:10 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2024-06-29 13:28 - 2024-06-29 10:53 - 000000000 ____D C:\Users\Drake\AppData\Roaming\Microsoft\MMC
2024-06-29 13:27 - 2024-06-29 13:27 - 000000020 ___SH C:\Users\Drake\ntuser.ini
2024-06-29 13:27 - 2024-06-29 13:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-06-29 13:27 - 2024-06-29 13:27 - 000000000 ___SD C:\Users\Drake\AppData\Roaming\Microsoft\SystemCertificates
2024-06-29 13:27 - 2024-06-29 13:27 - 000000000 ___SD C:\Users\Drake\AppData\Roaming\Microsoft\Protect
2024-06-29 13:27 - 2024-06-29 13:27 - 000000000 ___SD C:\Users\Drake\AppData\Roaming\Microsoft\Crypto
2024-06-29 13:27 - 2024-06-29 13:27 - 000000000 ___SD C:\Users\Drake\AppData\Roaming\Microsoft\Credentials
2024-06-29 13:27 - 2024-06-29 13:27 - 000000000 ___RD C:\Users\Drake\3D Objects
2024-06-29 13:27 - 2024-06-29 13:27 - 000000000 ____D C:\Users\Drake\AppData\Roaming\Microsoft\Windows
2024-06-29 13:27 - 2024-06-29 13:27 - 000000000 ____D C:\Users\Drake\AppData\Roaming\Microsoft\Vault
2024-06-29 13:27 - 2024-06-29 13:27 - 000000000 ____D C:\Users\Drake\AppData\Roaming\Microsoft\Network
2024-06-29 13:27 - 2024-06-29 13:27 - 000000000 ____D C:\Users\Drake\AppData\Roaming\Adobe
2024-06-29 13:27 - 2024-06-29 13:27 - 000000000 ____D C:\Users\Drake\AppData\Local\ConnectedDevicesPlatform
2024-06-29 13:27 - 2024-06-29 11:22 - 000000000 ____D C:\Users\Drake\AppData\Local\Packages
2024-06-29 13:27 - 2024-06-29 11:22 - 000000000 ____D C:\ProgramData\Packages
2024-06-29 13:27 - 2024-06-29 11:06 - 000000000 ____D C:\Users\Drake\AppData\Local\VirtualStore
2024-06-29 13:27 - 2024-06-29 10:56 - 000000000 ____D C:\Users\Drake
2024-06-29 13:27 - 2024-06-29 10:54 - 000000000 ____D C:\Users\Drake\AppData\Local\Publishers
2024-06-29 13:27 - 2024-06-29 10:47 - 000002367 _____ C:\Users\Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-06-29 13:24 - 2024-06-29 13:24 - 000000000 _SHDL C:\Documents and Settings
2024-06-29 13:23 - 2024-06-29 13:23 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-29 13:23 - 2024-06-29 13:23 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-06-29 13:23 - 2024-06-29 13:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-29 13:23 - 2024-06-29 13:23 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-06-29 13:23 - 2024-06-29 13:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-06-29 13:23 - 2024-06-29 13:23 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-06-29 13:23 - 2024-06-29 13:23 - 000000000 ____D C:\Windows\ServiceProfiles
2024-06-29 13:23 - 2024-06-29 11:05 - 000008192 ___SH C:\DumpStack.log.tmp
2024-06-29 13:23 - 2024-06-29 11:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-06-29 13:23 - 2024-06-29 11:02 - 000259496 _____ C:\Windows\system32\FNTCACHE.DAT
2024-06-29 13:23 - 2024-06-29 10:46 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-06-29 12:38 - 2024-06-29 12:38 - 000012253 _____ C:\Users\Drake\Documents\FRST.txt
2024-06-29 12:37 - 2024-06-29 12:38 - 000000000 ____D C:\FRST
2024-06-29 12:37 - 2024-06-29 12:37 - 002395648 _____ (Farbar) C:\Users\Drake\Documents\FRST64.exe
2024-06-29 11:37 - 2024-06-29 11:38 - 000000000 ____D C:\Users\Drake\AppData\Roaming\Wireshark
2024-06-29 11:36 - 2024-06-29 11:36 - 000003460 _____ C:\Windows\system32\Tasks\npcapwatchdog
2024-06-29 11:36 - 2024-06-29 11:36 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2024-06-29 11:36 - 2024-06-29 11:36 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2024-06-29 11:36 - 2024-06-29 11:36 - 000000000 ____D C:\Windows\system32\Npcap
2024-06-29 11:36 - 2024-06-29 11:36 - 000000000 ____D C:\Program Files\Wireshark
2024-06-29 11:36 - 2024-06-29 11:36 - 000000000 ____D C:\Program Files\Npcap
2024-06-29 11:35 - 2024-06-29 11:35 - 086489296 _____ (Wireshark development team) C:\Users\Drake\Documents\Wireshark-4.2.5-x64.exe
2024-06-29 11:34 - 2024-06-29 11:34 - 000000000 ____D C:\Users\Drake\AppData\LocalLow\Intel
2024-06-29 11:19 - 2024-06-29 11:19 - 000002016 _____ C:\Users\Public\Desktop\ESET Safe Banking & Browsing.lnk
2024-06-29 11:09 - 2024-06-29 11:09 - 000000000 ____D C:\Users\Drake\AppData\Local\ESET
2024-06-29 11:09 - 2024-06-29 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2024-06-29 11:09 - 2024-06-29 11:09 - 000000000 ____D C:\ProgramData\ESET
2024-06-29 11:09 - 2024-06-29 11:09 - 000000000 ____D C:\Program Files\ESET
2024-06-29 11:08 - 2024-06-29 11:08 - 008790880 _____ (Malwarebytes) C:\Users\Drake\Documents\adwcleaner(1).exe
2024-06-29 11:08 - 2024-06-29 11:08 - 000000000 ____D C:\AdwCleaner
2024-06-29 11:06 - 2024-06-29 11:06 - 000001872 _____ C:\Users\Drake\Desktop\Rkill.txt
2024-06-29 11:06 - 2024-06-29 11:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-06-29 11:04 - 2024-06-29 11:04 - 000000000 ____D C:\Windows\system32\MRT
2024-06-29 11:04 - 2024-06-29 11:04 - 000000000 ____D C:\Program Files\RUXIM
2024-06-29 11:02 - 2024-06-29 11:02 - 000000000 ____D C:\Windows\system32\compatrel
2024-06-29 11:00 - 2024-06-29 11:00 - 005659583 _____ (Swearware) C:\Users\Drake\Documents\ComboFix.exe
2024-06-29 11:00 - 2024-06-29 11:00 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Drake\Documents\rkill.exe
2024-06-29 10:59 - 2024-06-29 10:59 - 008791352 _____ (Malwarebytes) C:\Users\Drake\Documents\AdwCleaner.exe
2024-06-29 10:59 - 2024-06-29 10:59 - 000388608 _____ (Trend Micro Inc.) C:\Users\Drake\Documents\HijackThis.exe
2024-06-29 10:56 - 2024-06-29 11:36 - 000000000 ____D C:\ProgramData\Package Cache
2024-06-29 10:56 - 2024-06-29 10:56 - 000021724 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-06-29 10:56 - 2024-06-29 10:56 - 000021724 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-06-29 10:56 - 2024-06-29 10:56 - 000000000 ____D C:\Users\Drake\Intel
2024-06-29 10:56 - 2024-06-29 10:56 - 000000000 ____D C:\ProgramData\Intel Package Cache {9f9c9e51-d42f-4462-a27a-7d419da18045}
2024-06-29 10:56 - 2024-06-29 10:56 - 000000000 ____D C:\ProgramData\Intel Package Cache {58E22E6B-0E58-4E93-AF9A-036556EB66F5}
2024-06-29 10:56 - 2024-06-29 10:56 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
2024-06-29 10:56 - 2024-06-29 10:56 - 000000000 ____D C:\Program Files\Intel
2024-06-29 10:56 - 2024-06-29 10:56 - 000000000 ____D C:\Program Files (x86)\Intel
2024-06-29 10:54 - 2024-06-29 11:05 - 000000000 ____D C:\ProgramData\NVIDIA
2024-06-29 10:54 - 2024-06-29 10:54 - 000000000 ____D C:\Windows\SysWOW64\NV
2024-06-29 10:54 - 2024-06-29 10:54 - 000000000 ____D C:\Windows\system32\NV
2024-06-29 10:54 - 2024-06-29 10:54 - 000000000 ____D C:\Windows\system32\lxss
2024-06-29 10:54 - 2024-06-29 10:54 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2024-06-29 10:54 - 2024-06-29 10:54 - 000000000 ____D C:\Users\Drake\AppData\LocalLow\NVIDIA
2024-06-29 10:54 - 2024-06-29 10:54 - 000000000 ____D C:\Users\Drake\AppData\Local\Comms
2024-06-29 10:54 - 2024-06-29 10:54 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-06-29 10:54 - 2024-06-29 10:54 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-06-29 10:54 - 2024-06-29 10:54 - 000000000 ____D C:\Program Files (x86)\MSI
2024-06-29 10:53 - 2024-06-29 10:54 - 000000130 _____ C:\Users\Drake\AppData\LocalLow\19a8fde49016454ad9e4ce051ddb65358e44e227f0836792d5e497959e62a6c1
2024-06-29 10:53 - 2024-06-29 10:53 - 000011216 _____ C:\Users\Drake\AppData\LocalLow\42a51546fe6f8cff8752672bcf666628dc6db996acc8cfc96251275b1dc1b733
2024-06-29 10:53 - 2024-06-29 10:53 - 000000000 ___HD C:\$WinREAgent
2024-06-29 10:53 - 2024-06-29 10:53 - 000000000 ____D C:\ProgramData\Intel
2024-06-29 10:53 - 2024-05-31 10:56 - 000784056 _____ (Intel) C:\Windows\system32\libvpl.dll
2024-06-29 10:53 - 2024-05-31 10:56 - 000668576 _____ (Intel) C:\Windows\SysWOW64\libvpl.dll
2024-06-29 10:53 - 2024-05-31 10:55 - 000979160 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2024-06-29 10:53 - 2024-05-31 10:55 - 000737880 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2024-06-29 10:53 - 2024-05-31 10:55 - 000621816 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2024-06-29 10:53 - 2024-05-31 10:55 - 000590344 _____ C:\Windows\SysWOW64\IntelControlLib32.dll
2024-06-29 10:53 - 2024-05-31 10:55 - 000480824 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2024-06-29 10:53 - 2024-05-31 10:54 - 002115272 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-06-29 10:53 - 2024-05-31 10:54 - 002115272 _____ C:\Windows\system32\vulkaninfo.exe
2024-06-29 10:53 - 2024-05-31 10:54 - 002038976 _____ C:\Windows\system32\ze_intel_gpu_raytracing.dll
2024-06-29 10:53 - 2024-05-31 10:54 - 001673192 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-06-29 10:53 - 2024-05-31 10:54 - 001673192 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-06-29 10:53 - 2024-05-31 10:54 - 001462872 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-06-29 10:53 - 2024-05-31 10:54 - 001462872 _____ C:\Windows\system32\vulkan-1.dll
2024-06-29 10:53 - 2024-05-31 10:54 - 000792152 _____ C:\Windows\system32\ze_loader.dll
2024-06-29 10:53 - 2024-05-31 10:54 - 000560728 _____ C:\Windows\system32\ze_tracing_layer.dll
2024-06-29 10:53 - 2024-05-31 10:54 - 000349784 _____ C:\Windows\system32\ze_validation_layer.dll
2024-06-29 10:53 - 2024-05-31 10:53 - 027984064 _____ (Intel Corporation) C:\Windows\system32\mfxplugin64_hw.dll
2024-06-29 10:53 - 2024-05-31 10:53 - 020708032 _____ (Intel Corporation) C:\Windows\SysWOW64\mfxplugin32_hw.dll
2024-06-29 10:53 - 2024-05-31 10:53 - 001305280 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-06-29 10:53 - 2024-05-31 10:53 - 001305280 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-06-29 10:53 - 2024-05-31 10:53 - 000331448 _____ C:\Windows\system32\ControlLib.dll
2024-06-29 10:53 - 2024-05-31 10:53 - 000277600 _____ C:\Windows\SysWOW64\ControlLib32.dll
2024-06-29 10:53 - 2024-01-21 23:56 - 001488008 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-06-29 10:53 - 2024-01-21 23:56 - 001227400 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-06-29 10:53 - 2024-01-21 23:53 - 000669816 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2024-06-29 10:53 - 2024-01-21 23:53 - 000504840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2024-06-29 10:53 - 2024-01-21 23:52 - 001541152 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2024-06-29 10:53 - 2024-01-21 23:52 - 001198624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2024-06-29 10:53 - 2024-01-21 23:52 - 000958600 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2024-06-29 10:53 - 2024-01-21 23:52 - 000810528 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2024-06-29 10:53 - 2024-01-21 23:52 - 000131560 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2024-06-29 10:53 - 2024-01-21 23:51 - 015095408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2024-06-29 10:53 - 2024-01-21 23:51 - 012375160 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2024-06-29 10:53 - 2024-01-21 23:51 - 002171424 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2024-06-29 10:53 - 2024-01-21 23:51 - 001624072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2024-06-29 10:53 - 2024-01-21 23:51 - 000996872 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2024-06-29 10:53 - 2024-01-21 23:51 - 000774176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2024-06-29 10:53 - 2024-01-21 23:51 - 000459384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2024-06-29 10:53 - 2024-01-21 23:50 - 006462496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2024-06-29 10:53 - 2024-01-21 23:50 - 005862408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2024-06-29 10:53 - 2024-01-21 23:50 - 005861000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2024-06-29 10:53 - 2024-01-21 23:50 - 003619952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2024-06-29 10:53 - 2024-01-21 23:50 - 000853104 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2024-06-29 10:53 - 2024-01-21 23:49 - 007869560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2024-06-29 10:53 - 2024-01-21 23:49 - 006745752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2024-06-29 10:53 - 2024-01-21 23:12 - 000113947 _____ C:\Windows\system32\nvinfo.pb
2024-06-29 10:52 - 2024-06-29 12:29 - 000000000 ____D C:\Users\Drake\AppData\Local\D3DSCache
2024-06-29 10:50 - 2024-06-29 10:50 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-06-29 10:50 - 2024-06-29 10:50 - 000002399 _____ C:\Users\Public\Desktop\Brave.lnk
2024-06-29 10:50 - 2024-06-29 10:50 - 000000000 ____D C:\Users\Drake\AppData\Local\OneDrive
2024-06-29 10:50 - 2024-06-29 10:50 - 000000000 ____D C:\Users\Drake\AppData\Local\BraveSoftware
2024-06-29 10:50 - 2024-06-29 10:50 - 000000000 ____D C:\Program Files\BraveSoftware
2024-06-29 10:49 - 2024-06-29 10:49 - 000003860 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{795AADDE-2D1E-4D1A-A2AE-D2533623B063}
2024-06-29 10:49 - 2024-06-29 10:49 - 000003736 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{458EC05D-3D8F-4736-AAAF-DA4E7B554EB7}
2024-06-29 10:49 - 2024-06-29 10:49 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2024-06-29 10:48 - 2024-06-29 10:48 - 001275176 _____ (BraveSoftware Inc.) C:\Users\Drake\Downloads\BraveBrowserSetup-BRV011.exe
2024-06-29 10:47 - 2024-06-29 11:12 - 000000000 ____D C:\Users\Drake\AppData\Roaming\Microsoft\Spelling
2024-06-29 10:47 - 2024-06-29 11:03 - 000000000 ____D C:\Program Files (x86)\Razer
2024-06-29 10:47 - 2024-06-29 10:47 - 010351480 _____ (ESET) C:\Users\Drake\Downloads\eset_smart_security_premium_live_installer.exe
2024-06-29 10:47 - 2024-06-29 10:47 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2899493621-2652884681-1434404966-1001
2024-06-29 10:47 - 2024-06-29 10:47 - 000000000 ____D C:\Users\Drake\AppData\Local\PlaceholderTileLogoFolder
2024-06-29 10:47 - 2024-06-29 10:47 - 000000000 ____D C:\ProgramData\Razer
2024-06-29 10:47 - 2023-06-16 07:33 - 000161920 _____ (Razer Inc) C:\Windows\system32\RazerS2S3CoinstallerEx.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-29 14:22 - 2019-12-07 02:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2024-06-29 13:27 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-06-29 13:27 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate
2024-06-29 13:26 - 2019-12-07 02:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2024-06-29 13:23 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\appcompat
2024-06-29 12:12 - 2023-12-03 19:52 - 000000000 ____D C:\Windows\SystemTemp
2024-06-29 11:36 - 2019-12-07 02:13 - 000000000 ____D C:\Windows\INF
2024-06-29 11:22 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-29 11:22 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\AppReadiness
2024-06-29 11:20 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-29 11:09 - 2019-12-07 02:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-06-29 11:05 - 2019-12-07 02:03 - 000524288 _____ C:\Windows\system32\config\BBI
2024-06-29 11:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SystemResources
2024-06-29 11:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\spool
2024-06-29 11:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-06-29 11:04 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\CbsTemp
2024-06-29 11:03 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-06-29 11:02 - 2023-12-03 19:52 - 000000000 ____D C:\Windows\InboxApps
2024-06-29 11:02 - 2019-12-07 02:52 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-06-29 11:02 - 2019-12-07 02:52 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-06-29 11:02 - 2019-12-07 02:52 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-06-29 11:02 - 2019-12-07 02:52 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ___SD C:\Windows\system32\UNP
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ___SD C:\Windows\system32\F12
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\setup
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\oobe
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\migwiz
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\Dism
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\DDFs
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ShellComponents
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\Provisioning
2024-06-29 11:02 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\bcastdvr
2024-06-29 11:02 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\servicing
2024-06-29 10:51 - 2019-12-07 02:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-06-29 10:47 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ServiceState
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.06.2024
Ran by Drake (29-06-2024 12:38:44)
Running from C:\Users\Drake\Documents
Microsoft Windows 10 Home Version 22H2 19045.4598 (X64) (2024-06-29 20:24:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2899493621-2652884681-1434404966-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2899493621-2652884681-1434404966-503 - Limited - Disabled)
Drake (S-1-5-21-2899493621-2652884681-1434404966-1001 - Administrator - Enabled) => C:\Users\Drake
Guest (S-1-5-21-2899493621-2652884681-1434404966-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2899493621-2652884681-1434404966-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
FW: ESET Firewall (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 126.1.67.123 - Brave Software Inc)
Dynamic Application Loader Host Interface Service (HKLM\...\{B8F67CAD-D16A-4AC8-B4F1-3AE8A9FF22F5}) (Version: 1.0.0.0 - Intel Corporation) Hidden
ESET Security (HKLM\...\{2E8A6E4C-5B0C-4943-A3E9-57BB3447FD2F}) (Version: 17.1.13.0 - ESET, spol. s r.o.)
Intel® Chipset Device Software (HKLM\...\{BAB97289-552B-49D5-B1E7-95DB4E4D2DEF}) (Version: 10.1.19627.8423 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{f48aa9ec-42b9-428a-8536-42b3a4b738c8}) (Version: 10.1.19627.8423 - Intel® Corporation)
Intel® Management Engine Components (HKLM\...\{1B2B12B8-AE77-4104-97FE-904274D21B6C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2230.3.19.0 - Intel Corporation)
Intel® Management Engine Driver (HKLM\...\{5F953BF8-C54E-4335-B7C9-873508D2CE1A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME WMI Provider (HKLM\...\{2D7D4B84-FDD2-42BC-9B5B-ADAB4E31AC5E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2899493621-2652884681-1434404966-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.78 - Nmap Project)
NVIDIA Graphics Driver 546.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.65 - NVIDIA Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Wireshark 4.2.5 x64 (HKLM-x32\...\Wireshark) (Version: 4.2.5 - The Wireshark developer community, hxxps://www.wireshark.org)
 
Packages:
=========
 
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-29] (INTEL CORP) [Startup Task]
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2024-06-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2024-06-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2024-06-29] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2024-06-29] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-06-29] (NVIDIA Corp.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2024-06-29] (Skype)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-05-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-05-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_473b0a6bfde8ccb7\nvshext.dll [2024-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-05-29] (ESET, spol. s r.o. -> ESET)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2899493621-2652884681-1434404966-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 9.9.9.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{017B91AA-7DE2-4F3F-A73F-CA98A6D085A8}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
 
==================== Restore Points =========================
 
29-06-2024 11:21:58 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/29/2024 12:32:01 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2002) (User: NT AUTHORITY)
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (06/29/2024 12:32:01 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NT AUTHORITY)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (06/29/2024 12:26:01 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2002) (User: NT AUTHORITY)
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (06/29/2024 12:26:01 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NT AUTHORITY)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (06/29/2024 12:25:20 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
 
Error: (06/29/2024 12:25:20 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
 
Error: (06/29/2024 12:25:20 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
 
Error: (06/29/2024 12:24:01 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2002) (User: NT AUTHORITY)
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
 
System errors:
=============
Error: (06/29/2024 11:05:13 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Delivery Optimization service did not shut down properly after receiving a preshutdown control.
 
Error: (06/29/2024 11:04:45 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 00-00-00-00-00-00. Network operations on this system may
be disrupted as a result.
 
Error: (06/29/2024 11:04:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Windows Malicious Software Removal Tool x64 - v5.125 (KB890830).
 
Error: (06/29/2024 10:46:41 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.
 
Error: (06/29/2024 10:46:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:24:16 PM on ‎6/‎29/‎2024 was unexpected.
 
Error: (06/29/2024 01:26:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/29/2024 01:23:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The netprofm service terminated with the following error: 
The device is not ready.
 
 
CodeIntegrity:
===============
Date: 2024-06-29 12:25:20
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends International, LLC. 1.D2 06/05/2024
Motherboard: Micro-Star International Co., Ltd. MAG Z790 TOMAHAWK WIFI DDR4 (MS-7D91)
Processor: 13th Gen Intel® Core™ i5-13600K
Percentage of memory in use: 11%
Total physical RAM: 65312.1 MB
Available physical RAM: 58039.1 MB
Total Virtual: 75040.1 MB
Available Virtual: 67586.23 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.86 GB) (Free:820.34 GB) (Model: WD Blue SN580 1TB) NTFS
 
\\?\Volume{23d7482e-a364-4cb6-807b-3d0113a4636b}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{ef0c9294-4e34-4995-8548-64905a0eabf4}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

Attached Files


Edited by NoMaliciousIntent, Yesterday, 03:29 PM.

BC AdBot (Login to Remove)

 

Back to Virus, Trojan, Spyware, and Malware Removal Help


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·