Tech Support banner

Browser popups with weird urls and "On proxy-server *URL* you need to enter login and password"

Jump to Latest Follow

Status
Not open for further replies.
1 - 13 of 13 Posts
idkman

·
Registered
Joined
·
6 Posts
Discussion Starter #1 (Edited)
It shows the general dialogue when the site needs login and password. This says roughly
"On proxy-server hxxps://koiq-37c8e4.cream-regards.net you need to enter login and password"
330489

Also if you could write what that typically says on english it would help a lot since I would know what exactly to google

And I same pop up appear absolutely randomly with different URLS
330490

this url looks particularly suspicious.

Code: 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021

Ran by nkshv (administrator) on MSI (Micro-Star International Co., Ltd. GL65 Leopard 10SCXR) (15-01-2021 20:59:34)

Running from D:\Apps\Farbar Recovery Scan Tool

Loaded Profiles: nkshv

Platform: Windows 10 Home Single Language Version 20H2 19042.685 (X64) Language: Русский (Россия)

Default browser: Edge

Boot Mode: Normal



==================== Processes (Whitelisted) =================



(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe

(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\10.1.0.3194\AdskLicensingService\AdskLicensingService.exe

(Autodesk, Inc. -> Autodesk) C:\Users\nkshv\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe

(Autodesk, Inc. -> Autodesk, Inc.) D:\Apps\Autodesk\Inventor 2021\Moldflow\bin\mitsijm.exe

(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe

(A-Volute SAS -> A-Volute) C:\Users\nkshv\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe

(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe

(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe

(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe

(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe

(Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_26b207b939eae50e\OneApp.IGCC.WinService.exe

(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e67d3946e6cd0335\igfxCUIService.exe

(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e67d3946e6cd0335\igfxEM.exe

(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_67ebcbaf734be2a4\IntelCpHDCPSvc.exe

(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_67ebcbaf734be2a4\IntelCpHeciSvc.exe

(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_48973fc6c96c696a\RstMwService.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <22>

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_bd367893e1ff9b5c\Display.NvContainer\NVDisplay.Container.exe <2>

(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85a48ee0cac1d3dd\RtkAudUService64.exe

(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve -> Valve Corporation) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>

(Valve -> Valve Corporation) D:\Games\Steam\steam.exe



==================== Registry (Whitelisted) ===================



(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)



HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-12-10] (Intel(R) Rapid Storage Technology -> Intel Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [664872 2020-03-04] (Autodesk, Inc. -> Autodesk, Inc.)

HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\Users\nkshv\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe [1077864 2020-01-02] (Autodesk, Inc. -> Autodesk)

HKU\S-1-5-21-1482872955-3569544570-3760393657-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)

HKU\S-1-5-21-1482872955-3569544570-3760393657-1001\...\Run: [XDM] => "C:\Program Files (x86)\XDM\java-runtime\bin\javaw.exe" -jar "C:\Program Files (x86)\XDM\xdman.jar" -m

HKU\S-1-5-21-1482872955-3569544570-3760393657-1001\...\Run: [GalaxyClient] => [X]

HKLM\Software\Microsoft\Active Setup\Installed Components: [{28B89EEF-4107-0000-7102-CF3F3A09B77D}] -> msiexec /fus {28B89EEF-4107-0000-7102-CF3F3A09B77D}

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

Policies: C:\Users\Все пользователи\NTUSER.pol: Restriction <==== ATTENTION



==================== Scheduled Tasks (Whitelisted) ============



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



Task: {01290C41-32F4-4ECA-99EB-4C6784D4BD2B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

Task: {186623A4-952E-4DC5-8C00-A5E3185DF8CF} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1066416 2020-11-04] (A-Volute -> Nahimic)

Task: {5D0EC8EC-DC63-4964-B98A-0BCFA2F93FCA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {614A56AA-456B-4A27-92E1-8376726B4D6A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {77FEC3F8-BEC1-4650-A072-BB7B47E2E1D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {844F5B76-AAD6-4A42-80D0-7C61031E82B5} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)

Task: {A3852E11-1401-4E3F-8203-8401DC1D7B59} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1482872955-3569544570-3760393657-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-09] (Microsoft Windows -> )

Task: {B7919E87-0BE7-4961-B047-387DC2D8898D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {E644F3DE-DB0D-4268-8AB5-0017452B4533} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [822704 2020-11-04] (A-Volute -> Nahimic)



(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)





==================== Internet (Whitelisted) ====================



(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)



Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{8b8a78fc-ea66-41a9-809a-32dec8e1eb7d}: [NameServer] 195.34.31.50,62.112.106.130

Tcpip\..\Interfaces\{8b8a78fc-ea66-41a9-809a-32dec8e1eb7d}: [DhcpNameServer] 192.168.1.254



Edge:

======

DownloadDir: C:\Users\nkshv\Downloads

Edge HomeButtonPage: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001 -> hxxp://google.com/

Edge DefaultProfile: Default

Edge Profile: C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-15]

Edge DownloadDir: D:\Загрузки\Edge

Edge HomePage: Default -> hxxps://www.youtube.com/

Edge StartupUrls: Default -> "hxxp://google.com/"

Edge Extension: (Universal Bypass) - C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ckiidekccfgninkobmmofopbbdgdclgg [2020-12-07]

Edge Extension: (Xtreme Download Manager) - C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dkckaoghoiffdbomfbbodbbgmhjblecj [2020-12-09]

Edge Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2020-12-17]

Edge Extension: (Google Документы офлайн) - C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-13]

Edge Extension: (uBlock Origin) - C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2020-12-31]

Edge Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2020-12-08]

Edge Profile: C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-01-15]

Edge Extension: (Xtreme Download Manager) - C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\dkckaoghoiffdbomfbbodbbgmhjblecj [2020-12-16]

Edge Extension: (MetaMask) - C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-01-08]

Edge Extension: (uBlock Origin) - C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2020-12-31]

Edge Profile: C:\Users\nkshv\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2021-01-15]



FireFox:

========

FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-07] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-07] (Oracle America, Inc. -> Oracle Corporation)



==================== Services (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1046904 2020-03-04] (Autodesk, Inc. -> Autodesk Inc.)

R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16930616 2019-12-18] (Autodesk, Inc. -> Autodesk)

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818288 2020-12-07] (EasyAntiCheat Oy -> Epic Games, Inc)

S3 GalaxyClientService; C:\Games\GOG Galaxy\GalaxyClientService.exe [1741384 2020-12-08] (GOG Sp. z o.o. -> GOG.com)

S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-12-08] (GOG Sp. z o.o. -> GOG.com)

R2 mitsijm2021; D:\Apps\Autodesk\Inventor 2021\Moldflow\bin\mitsijm.exe [844088 2019-12-04] (Autodesk, Inc. -> Autodesk, Inc.)

R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [2719664 2020-11-04] (A-Volute -> Nahimic)

R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2020-12-11] (Even Balance, Inc. -> )

R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2020-12-11] (Even Balance, Inc. -> )

R2 RtkAudioUniversalService; C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85a48ee0cac1d3dd\RtkAudUService64.exe [1183968 2020-10-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_bd367893e1ff9b5c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_bd367893e1ff9b5c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem



===================== Drivers (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [18448 2019-10-17] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)

R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85592 2020-06-16] (A-Volute -> Windows (R) Win 7 DDK provider)

U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [89968 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-06] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-06] (Microsoft Windows -> Microsoft Corporation)

S1 EneTechIo; \??\C:\WINDOWS\system32\drivers\ene.sys [X]



==================== NetSvcs (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)





==================== One month (created) (Whitelisted) =========



(If an entry is included in the fixlist, the file/folder will be moved.)



2021-01-15 20:58 - 2021-01-15 20:59 - 000000000 ____D C:\FRST

2021-01-14 22:03 - 2021-01-14 22:03 - 020077498 _ C:\Users\nkshv\Downloads\Unusual Music Creators Collab.zip

2021-01-12 16:51 - 2021-01-12 16:56 - 000000000 ____D C:\Users\nkshv\AppData\Roaming\gsmartcontrol

2021-01-10 13:07 - 2021-01-10 13:07 - 000000000 ____D C:\Users\nkshv\AppData\Local\IsolatedStorage

2021-01-10 12:26 - 2021-01-10 12:26 - 000000000 ____D C:\Users\nkshv\AppData\Local\Autodesk,_Inc

2021-01-10 12:24 - 2021-01-10 12:24 - 000000000 ____D C:\Users\nkshv\AppData\Local\CefSharp

2021-01-10 12:23 - 2021-01-10 12:23 - 000000000 ____D C:\Users\Все пользователи\FLEXnet

2021-01-10 12:23 - 2021-01-10 12:23 - 000000000 ____D C:\ProgramData\FLEXnet

2021-01-10 12:19 - 2021-01-10 12:19 - 000000000 ____D C:\Users\nkshv\AppData\Local\AdSSO

2021-01-10 12:15 - 2021-01-10 12:15 - 000002298 _ C:\Users\nkshv\Desktop\Install Now Autodesk Inventor 2021.lnk

2021-01-10 12:15 - 2021-01-10 12:15 - 000001460 _ C:\Users\Public\Desktop\Приложение Autodesk для ПК.lnk

2021-01-10 12:15 - 2021-01-10 12:15 - 000000000 ____D C:\Users\nkshv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk

2021-01-10 12:15 - 2021-01-10 12:15 - 000000000 ____D C:\Program Files (x86)\Autodesk

2021-01-10 12:13 - 2021-01-10 12:13 - 000001957 _ C:\Users\Public\Desktop\DWG TrueView 2021 - English.lnk

2021-01-10 12:13 - 2021-01-10 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DWG TrueView 2021 - English

2021-01-10 12:04 - 2021-01-10 12:04 - 000000000 ____D C:\Users\Public\Documents\.forever

2021-01-10 12:04 - 2021-01-10 12:04 - 000000000 ____D C:\Program Files\Microsoft SQL Server

2021-01-10 12:04 - 2021-01-10 12:04 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server

2021-01-10 12:03 - 2021-01-10 12:28 - 000000000 ____D C:\Users\nkshv\Documents\Inventor

2021-01-10 12:03 - 2021-01-10 12:23 - 000000000 ____D C:\Users\nkshv\AppData\Local\Autodesk

2021-01-10 12:02 - 2021-01-10 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Inventor 2021

2021-01-10 12:02 - 2021-01-10 12:32 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared

2021-01-10 12:02 - 2021-01-10 12:24 - 000000000 ____D C:\Users\Public\Documents\Autodesk

2021-01-10 12:02 - 2021-01-10 12:02 - 000001913 _ C:\Users\Public\Desktop\Autodesk Inventor Professional 2021.lnk

2021-01-10 11:40 - 2021-01-10 12:32 - 000000000 ____D C:\Program Files\Autodesk

2021-01-10 11:37 - 2021-01-10 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk

2021-01-10 11:32 - 2021-01-10 20:40 - 000000000 ____D C:\Users\Все пользователи\Autodesk

2021-01-10 11:32 - 2021-01-10 20:40 - 000000000 ____D C:\ProgramData\Autodesk

2021-01-10 11:30 - 2021-01-10 12:15 - 000000000 ____D C:\Users\nkshv\AppData\Roaming\Autodesk

2021-01-10 11:30 - 2021-01-10 11:30 - 000000000 ____D C:\Autodesk

2021-01-09 22:31 - 2021-01-09 22:46 - 000000000 ____D C:\Users\nkshv\AppData\Roaming\shapez.io-standalone

2021-01-09 18:41 - 2021-01-09 18:41 - 000000000 ____D C:\Users\nkshv\AppData\LocalLow\Vonsnake

2021-01-07 13:13 - 2021-01-07 13:13 - 000000000 ____D C:\Users\nkshv\Documents\Uncrewed Game

2021-01-06 17:10 - 2021-01-06 17:10 - 000000016 _ C:\Users\nkshv\AppData\Roaming\obs-virtualcam.txt

2021-01-06 14:58 - 2021-01-06 14:59 - 119314642 _ C:\Users\nkshv\Downloads\Cement Tea - 抜歯.zip

2021-01-04 14:21 - 2021-01-04 14:21 - 000000052 _ C:\Users\nkshv\Desktop\httpswww.researchgate.netprofileAsdasd_Asdasd47.txt

2020-12-31 15:53 - 2020-12-31 15:53 - 000000000 ____D C:\Users\nkshv\Documents\ColdBeamGames

2020-12-29 16:48 - 2021-01-12 15:10 - 000000231 _ C:\Users\nkshv\Desktop\Progress.txt

2020-12-27 14:26 - 2020-12-27 14:26 - 000000000 ____D C:\Users\nkshv\AppData\Local\NBTExplorer

2020-12-27 10:34 - 2020-12-27 10:34 - 000000000 ____D C:\Users\nkshv\AppData\Local\Overwolf

2020-12-27 10:11 - 2020-12-27 10:11 - 000001813 _ C:\Users\nkshv\Desktop\Новый текстовый документ.txt

2020-12-26 17:49 - 2020-12-26 17:49 - 000000000 ____D C:\Users\nkshv\AppData\Local\Fallout4

2020-12-26 17:38 - 2021-01-09 17:03 - 000000000 ____D C:\Users\nkshv\AppData\Roaming\.minecraft

2020-12-26 17:37 - 2020-12-26 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher

2020-12-26 17:32 - 2020-12-26 17:32 - 000001225 _ C:\Users\nkshv\Desktop\SSD.lnk

2020-12-26 15:40 - 2020-12-28 19:29 - 000000073 _ C:\Users\nkshv\Desktop\SSD.txt

2020-12-25 11:35 - 2020-12-25 11:35 - 000000000 ____D C:\Users\nkshv\AppData\Local\Saber

2020-12-24 21:57 - 2020-12-24 21:57 - 000000065 _ C:\Users\nkshv\Desktop\mcwait.txt

2020-12-24 21:07 - 2020-12-26 16:28 - 000007605 _ C:\Users\nkshv\AppData\Local\Resmon.ResmonCfg

2020-12-24 19:44 - 2020-12-24 19:44 - 000000000 ____D C:\Users\nkshv\AppData\LocalLow\Temp

2020-12-24 13:39 - 2020-12-24 13:54 - 000000000 ____D C:\Users\nkshv\AppData\Roaming\vlc

2020-12-23 13:59 - 2020-12-23 13:59 - 000003632 _ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask

2020-12-22 17:56 - 2020-12-26 16:40 - 000000000 ____D C:\Program Files\AdoptOpenJDK

2020-12-22 16:10 - 2020-12-22 16:10 - 000000000 ____D C:\Users\nkshv\AppData\LocalLow\Unity

2020-12-21 23:19 - 2020-12-28 18:23 - 000000090 _ C:\Users\nkshv\Desktop\httpswww.youtube.comwatchv=ERq4Kb0aPfc.txt

2020-12-18 17:54 - 2020-12-18 17:54 - 000061872 _ C:\Users\nkshv\Downloads\a41a3fd0bf7460de0ddf6fd5.jpeg

2020-12-18 16:52 - 2021-01-14 14:34 - 000000000 ____D C:\Users\nkshv\Downloads\VK audio

2020-12-18 16:44 - 2020-12-18 16:44 - 000001164 _ C:\Users\nkshv\Desktop\Checked.lnk

2020-12-18 16:44 - 2020-12-18 16:44 - 000001164 _ C:\Users\nkshv\Desktop\Artists.lnk

2020-12-18 16:44 - 2020-12-18 16:44 - 000001144 _ C:\Users\nkshv\Desktop\Check.lnk

2020-12-18 16:44 - 2020-12-18 16:44 - 000001022 _ C:\Users\nkshv\Desktop\Notes.lnk

2020-12-18 16:43 - 2020-12-18 16:43 - 000000821 _ C:\Users\nkshv\Desktop\Info.lnk

2020-12-18 10:33 - 2020-12-19 20:39 - 000000258 __RSH C:\Users\Все пользователи\ntuser.pol

2020-12-18 10:33 - 2020-12-19 20:39 - 000000258 __RSH C:\ProgramData\ntuser.pol

2020-12-18 09:34 - 2020-12-18 09:34 - 000000000 ____D C:\Users\nkshv\AppData\Local\kenshi

2020-12-17 22:52 - 2020-12-21 11:29 - 000002507 _ C:\Users\nkshv\Desktop\Tr.lnk

2020-12-17 22:51 - 2020-12-17 22:51 - 000001245 _ C:\Users\nkshv\Desktop\PicoTorrent.lnk

2020-12-17 22:51 - 2020-12-17 22:51 - 000000932 _ C:\Users\nkshv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PicoTorrent.lnk

2020-12-17 22:50 - 2020-12-17 22:50 - 000001290 _ C:\Users\nkshv\Desktop\OHM.lnk

2020-12-17 22:50 - 2020-12-17 22:50 - 000001170 _ C:\Users\nkshv\Desktop\Syncthing.lnk

2020-12-17 22:47 - 2020-12-17 22:47 - 000001236 _ C:\Users\nkshv\Desktop\YoutubeDL.lnk

2020-12-17 22:46 - 2020-12-17 22:46 - 000001329 _ C:\Users\nkshv\Desktop\OBS.lnk

2020-12-17 22:46 - 2020-12-17 22:46 - 000001136 _ C:\Users\nkshv\Desktop\Audacity.lnk

2020-12-17 22:46 - 2020-12-17 22:46 - 000001036 _ C:\Users\nkshv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\obs64.lnk

2020-12-17 22:46 - 2020-12-17 22:46 - 000000917 _ C:\Users\nkshv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\youtube-dl-gui.lnk

2020-12-17 22:45 - 2020-12-17 22:45 - 000000707 _ C:\Users\nkshv\Desktop\Приложения.lnk

2020-12-17 22:44 - 2020-12-17 22:44 - 000001094 _ C:\Users\nkshv\Desktop\5 Сем.lnk

2020-12-17 22:44 - 2020-12-17 22:44 - 000000870 _ C:\Users\nkshv\Desktop\Документы.lnk

2020-12-17 22:43 - 2020-12-17 22:43 - 000000791 _ C:\Users\nkshv\Desktop\Изображения.lnk

2020-12-17 22:42 - 2020-12-17 22:42 - 000000755 _ C:\Users\nkshv\Desktop\Загрузки.lnk

2020-12-17 22:41 - 2020-12-17 22:41 - 000000951 _ C:\Users\nkshv\Desktop\Tracks.lnk

2020-12-16 14:12 - 2020-12-16 14:12 - 000000000 ____D C:\Users\nkshv\.cache

2020-12-16 14:10 - 2020-12-16 14:11 - 000000000 ____D C:\Users\nkshv\AppData\Roaming\youtube-dlg

2020-12-16 14:04 - 2020-12-16 14:07 - 037725168 _ C:\Users\nkshv\Downloads\youtube-dl-gui-0.4-win-portable.zip

2020-12-16 12:44 - 2020-12-16 12:44 - 000000877 _ C:\Users\nkshv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\syncthing.lnk



==================== One month (modified) ==================



(If an entry is included in the fixlist, the file/folder will be moved.)



2021-01-15 16:46 - 2019-12-07 12:14 - 000000000 ____D C:\Users\Все пользователи\regid.1991-06.com.microsoft

2021-01-15 16:46 - 2019-12-07 12:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2021-01-15 14:21 - 2020-12-10 10:21 - 000000000 ____D C:\Users\nkshv\AppData\Roaming\obs-studio

2021-01-15 10:45 - 2019-12-07 12:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2021-01-15 10:34 - 2020-12-07 09:23 - 000000000 ___HD C:\$WinREAgent

2021-01-15 10:32 - 2020-12-06 18:54 - 000000000 ____D C:\WINDOWS\system32\MRT

2021-01-15 10:29 - 2020-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2021-01-15 10:29 - 2020-12-06 18:54 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2021-01-13 20:10 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\NDF

2021-01-13 15:03 - 2019-12-07 12:14 - 000000000 ___HD C:\Program Files\WindowsApps

2021-01-13 15:03 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2021-01-10 20:47 - 2020-12-07 11:22 - 001755704 _ C:\WINDOWS\system32\PerfStringBackup.INI

2021-01-10 20:47 - 2019-12-07 17:34 - 000772062 _ C:\WINDOWS\system32\perfh019.dat

2021-01-10 20:47 - 2019-12-07 17:34 - 000152272 _ C:\WINDOWS\system32\perfc019.dat

2021-01-10 20:47 - 2019-12-07 12:13 - 000000000 ____D C:\WINDOWS\INF

2021-01-10 20:40 - 2020-12-07 11:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2021-01-10 20:40 - 2020-12-07 11:14 - 000773152 _ C:\WINDOWS\system32\FNTCACHE.DAT

2021-01-10 20:40 - 2020-12-07 11:14 - 000008192 ___SH C:\DumpStack.log.tmp

2021-01-10 20:40 - 2020-12-06 17:42 - 000000000 ____D C:\Users\Все пользователи\NVIDIA

2021-01-10 20:40 - 2020-12-06 17:42 - 000000000 ____D C:\ProgramData\NVIDIA

2021-01-10 20:40 - 2020-12-06 17:24 - 000000000 __SHD C:\Users\nkshv\IntelGraphicsProfiles

2021-01-10 19:21 - 2019-12-07 12:03 - 000524288 _ C:\WINDOWS\system32\config\BBI

2021-01-10 12:12 - 2019-12-07 12:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2021-01-10 12:11 - 2019-11-14 02:47 - 000000000 ____D C:\Program Files\Microsoft Office

2021-01-09 21:11 - 2020-12-07 10:06 - 000002457 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2021-01-09 19:11 - 2020-12-07 12:21 - 000000000 ____D C:\Users\nkshv\Documents\BeamNG.drive

2021-01-07 17:29 - 2020-12-15 12:37 - 000000000 ____D C:\Users\nkshv\AppData\Roaming\audacity

2021-01-07 14:43 - 2020-12-07 09:27 - 000000000 ___DC C:\WINDOWS\Panther

2021-01-06 17:07 - 2020-12-09 18:47 - 000000496 _ C:\WINDOWS\system32\Drivers\etc\hosts.ics

2021-01-03 14:53 - 2020-12-09 21:59 - 000000000 ____D C:\Users\nkshv\AppData\Local\Syncthing

2021-01-02 20:21 - 2020-12-07 12:19 - 000000000 ____D C:\Users\nkshv\AppData\Roaming\SpinTires MudRunner

2020-12-31 10:08 - 2020-12-14 10:11 - 000000000 ____D C:\Users\nkshv\Downloads\Compressed

2020-12-27 10:34 - 2020-12-06 17:30 - 000000000 ____D C:\Users\nkshv\AppData\Local\D3DSCache

2020-12-26 22:50 - 2020-12-06 17:25 - 000000000 ____D C:\Users\nkshv\AppData\Local\NVIDIA Corporation

2020-12-26 17:49 - 2020-12-07 11:33 - 000000000 ____D C:\Users\nkshv\Documents\My Games

2020-12-26 16:35 - 2020-12-07 20:56 - 000000000 _ C:\Users\nkshv\.xdm-global-lock

2020-12-26 16:26 - 2020-12-07 11:15 - 000000000 ____D C:\Users\nkshv

2020-12-26 16:03 - 2020-12-06 17:24 - 000000000 ____D C:\Users\nkshv\AppData\Local\ConnectedDevicesPlatform

2020-12-26 16:03 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2020-12-25 18:20 - 2020-12-06 17:24 - 000000000 ____D C:\Users\nkshv\AppData\Local\Packages

2020-12-25 13:25 - 2020-12-06 17:26 - 000000000 ____D C:\Users\nkshv\AppData\Local\PlaceholderTileLogoFolder

2020-12-25 13:25 - 2019-11-14 02:08 - 000000000 ____D C:\Users\Все пользователи\Packages

2020-12-25 13:25 - 2019-11-14 02:08 - 000000000 ____D C:\ProgramData\Packages

2020-12-22 17:06 - 2020-12-07 12:16 - 000000000 ____D C:\Users\nkshv\AppData\LocalLow\Nolla_Games_Noita

2020-12-21 11:29 - 2020-12-08 13:07 - 000002507 _ C:\Users\nkshv\Desktop\M.lnk

2020-12-19 20:29 - 2019-11-14 02:08 - 000000000 __RHD C:\Users\Public\AccountPictures

2020-12-19 12:59 - 2020-12-09 18:42 - 000001162 _ C:\WINDOWS\system32\config\VSMIDK

2020-12-18 10:33 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy

2020-12-18 10:33 - 2019-03-19 07:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy

2020-12-17 19:25 - 2020-12-07 11:18 - 000003356 _ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1482872955-3569544570-3760393657-1001

2020-12-17 19:25 - 2020-12-07 11:15 - 000002422 _ C:\Users\nkshv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2020-12-17 19:25 - 2020-12-06 17:25 - 000000000 ___RD C:\Users\nkshv\OneDrive

2020-12-16 09:36 - 2020-12-06 21:38 - 000000000 ____D C:\Users\nkshv\AppData\Local\NVIDIA



==================== Files in the root of some directories ========



2021-01-06 17:10 - 2021-01-06 17:10 - 000000016 _ () C:\Users\nkshv\AppData\Roaming\obs-virtualcam.txt

2020-12-24 21:07 - 2020-12-26 16:28 - 000007605 _ () C:\Users\nkshv\AppData\Local\Resmon.ResmonCfg



==================== SigCheck ============================



(There is no automatic fix for files that do not pass verification.)



==================== End of FRST.txt ========================
 

Attachments

icotonev

·
Security Moderator
Security Team , Malware Removal
Joined
·
184 Posts
#2 (Edited)
Hello, idkman..! :)


  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

Next ....

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.


Next ....

  • If you have a 32 bit system Download FRST to your Desktop.
  • If you have a 64 bit system Download FRST64 to your Desktop.
  • If you don't know whether your system is 32 bit or 64 bit, download both. Only one will run on your machine. That's the one to use.
  • Double click Frst.exe to launch it.
  • FRSTwill start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
 
idkman

·
Registered
Joined
·
6 Posts
Discussion Starter #3
icotonev said:
Hello, idkman..! :)


  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

Next ....

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.


Next ....

  • If you have a 32 bit system Download FRST to your Desktop.
  • If you have a 64 bit system Download FRST64 to your Desktop.
  • If you don't know whether your system is 32 bit or 64 bit, download both. Only one will run on your machine. That's the one to use.
  • Double click Frst.exe to launch it.
  • FRSTwill start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
Click to expand...
malwarebytes and adwcleaner found nothing. addition and frst are the same files i added to my first post
 

Attachments

icotonev

·
Security Moderator
Security Team , Malware Removal
Joined
·
184 Posts
#4
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it (don't include Code: ) ....
Code: 
Start::
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1482872955-3569544570-3760393657-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Все пользователи\NTUSER.pol: Restriction <==== ATTENTION
S1 EneTechIo; \??\C:\WINDOWS\system32\drivers\ene.sys [X]
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> D:\Apps\Autodesk\Inventor 2021\Bin\AcInetUI.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll => No File
FirewallRules: [{9393DF87-2703-47C0-B957-2F354C9A5223}] => (Allow) C:\Program Files\BlueStacks_msi2\HD-Player.exe => No File
FirewallRules: [{CA448D3A-96DA-4B4C-BCEB-202836CEFE96}] => (Allow) C:\Games\Steam\Steam.exe => No File
FirewallRules: [{B018C9C8-9BC3-47E7-B66E-34AD240EB4EE}] => (Allow) C:\Games\Steam\Steam.exe => No File
FirewallRules: [{1FBD5509-38F3-4F16-8CD4-45E382C8154C}] => (Allow) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{16468C85-BA2E-4E83-9A49-C9178A57B263}] => (Allow) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{37403BB7-D8E1-41C6-9CDE-0D2A4C727EBF}] => (Allow) C:\Games\Steam\steamapps\common\TerraTech\TerraTechWin64.exe => No File
FirewallRules: [{BA7DED6D-B803-44E4-A6C0-E21281C42205}] => (Allow) C:\Games\Steam\steamapps\common\TerraTech\TerraTechWin64.exe => No File
FirewallRules: [TCP Query User{DF6BCFAB-7927-46B0-ADC6-A8389FB75364}C:\games\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\games\minecraft\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{C3A3A7DC-AEE3-4858-883C-0B640696E447}C:\games\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\games\minecraft\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [{E432DD6D-DBE6-40C6-BD3D-B75986935299}] => (Allow) C:\Games\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe => No File
FirewallRules: [{3737C321-23E3-4E60-A021-8FC5B5BD0C13}] => (Allow) C:\Games\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe => No File
FirewallRules: [{16456444-2026-43A7-892E-B39BF00D8628}] => (Allow) C:\Games\Steam\steamapps\common\Totally Accurate Battle Simulator\TotallyAccurateBattleSimulator.exe => No File
FirewallRules: [{D5D6634E-08EF-48F7-A7AC-179D1C26FDA0}] => (Allow) C:\Games\Steam\steamapps\common\Totally Accurate Battle Simulator\TotallyAccurateBattleSimulator.exe => No File
FirewallRules: [{9229FEB2-6D2A-43D2-93BE-29DF6EB26839}] => (Allow) C:\Games\Steam\steamapps\common\Clone Drone in the Danger Zone\Clone Drone in the Danger Zone.exe => No File
FirewallRules: [{99C8E188-234A-4305-8054-52B8C3EB83E8}] => (Allow) C:\Games\Steam\steamapps\common\Clone Drone in the Danger Zone\Clone Drone in the Danger Zone.exe => No File
FirewallRules: [{0DD752E4-AB5F-4E4F-9C22-07A023DD55B0}] => (Allow) C:\Games\Steam\steamapps\common\MountBlade Warband\mb_warband.exe => No File
FirewallRules: [{5A6ABE3E-4BBD-46A4-BA32-EA19737AA941}] => (Allow) C:\Games\Steam\steamapps\common\MountBlade Warband\mb_warband.exe => No File
FirewallRules: [{B1A47430-2026-4A6C-A10E-E5D99AC86F3D}] => (Allow) C:\Games\Steam\steamapps\common\ClusterTruck\Clustertruck.exe => No File
FirewallRules: [{379AD911-BB3E-4EC0-A14B-50294B116CE0}] => (Allow) C:\Games\Steam\steamapps\common\ClusterTruck\Clustertruck.exe => No File
FirewallRules: [{3C69A040-05CC-496D-ADB6-53312AAC1139}] => (Allow) C:\Games\Steam\steamapps\common\Noita\noita.exe => No File
FirewallRules: [{52225BC1-6AA9-4D5C-832B-7011B56F1B22}] => (Allow) C:\Games\Steam\steamapps\common\Noita\noita.exe => No File
FirewallRules: [{1B27D3B1-CFD4-4A76-A5D5-0600DF09F54B}] => (Allow) C:\Games\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe => No File
FirewallRules: [{47B156F7-7EBD-4703-9E88-A0056DE40F67}] => (Allow) C:\Games\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe => No File
FirewallRules: [TCP Query User{B21AF6EC-B5C0-4E7B-92D9-60F7978FB7BB}C:\program files\persepolis download manager\aria2c.exe] => (Allow) C:\program files\persepolis download manager\aria2c.exe => No File
FirewallRules: [UDP Query User{019565AA-3FE0-4741-A6AD-0B57DFBFDD01}C:\program files\persepolis download manager\aria2c.exe] => (Allow) C:\program files\persepolis download manager\aria2c.exe => No File
FirewallRules: [{05BC23BA-7B2C-4A87-BEDB-5C68D8AA1FB4}] => (Allow) C:\Games\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe => No File
FirewallRules: [{F83C1914-0176-409A-A19B-209761C5C093}] => (Allow) C:\Games\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe => No File
FirewallRules: [{E6EFADFC-B668-45EF-9B81-B815A1FDA88A}] => (Allow) C:\Games\Steam\steamapps\common\MudRunner\MudRunner.exe => No File
FirewallRules: [{AAD89D3B-5804-4E6B-87A0-6035EB483FD0}] => (Allow) C:\Games\Steam\steamapps\common\MudRunner\MudRunner.exe => No File
FirewallRules: [{A6CEF380-FD76-40B2-ACC7-224086CF256D}] => (Allow) C:\Games\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{F3C35CB3-912C-45BC-B240-B433DBD06275}] => (Allow) C:\Games\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{88BD133A-D479-4BEA-A813-DE6833D0C3EF}] => (Allow) C:\Games\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{F73E618A-AAE7-426D-8761-978A6C34E75C}] => (Allow) C:\Games\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{741D3C59-067C-43BA-B1D8-140859571300}] => (Allow) C:\Games\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe => No File
FirewallRules: [{60C94625-5849-4BFB-BED2-8E9205D68CFF}] => (Allow) C:\Games\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe => No File
FirewallRules: [TCP Query User{50BD0D36-06C4-4BA2-A9D1-2B9975806B79}C:\apps\picotorrent 0.23.0 x64\picotorrent.exe] => (Allow) C:\apps\picotorrent 0.23.0 x64\picotorrent.exe => No File
FirewallRules: [UDP Query User{00074679-EA69-4736-BB7B-34F4D57C2EF7}C:\apps\picotorrent 0.23.0 x64\picotorrent.exe] => (Allow) C:\apps\picotorrent 0.23.0 x64\picotorrent.exe => No File
FirewallRules: [{EA36264F-E08C-4D13-897B-E0302ED6CA9B}] => (Allow) C:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{13F2BC11-4A2B-4285-8235-046F0014B63A}] => (Allow) C:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{40135242-9501-44A6-8435-439BC3F597AC}] => (Allow) C:\Games\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [{FA0B84D8-83F9-4F6E-9957-8BD92F00AE97}] => (Allow) C:\Games\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [{CB163DA7-16A5-46CF-9776-9E09D5A07CCD}] => (Allow) C:\Games\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [{799ABBBE-2C3E-469B-A8F0-16EF2F785104}] => (Allow) C:\Games\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [TCP Query User{FA9F37E4-9F24-4E69-8F9E-2BC82E6DEAD6}D:\apps\easyeda\easyeda.exe] => (Allow) D:\apps\easyeda\easyeda.exe => No File
FirewallRules: [UDP Query User{A7D43F9F-1C78-4EF0-8440-3AEF10D50948}D:\apps\easyeda\easyeda.exe] => (Allow) D:\apps\easyeda\easyeda.exe => No File

EmptyTemp:
End::
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
 
idkman

·
Registered
Joined
·
6 Posts
Discussion Starter #5
icotonev said:
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it (don't include Code: ) ....
Code: 
Start::
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1482872955-3569544570-3760393657-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Все пользователи\NTUSER.pol: Restriction <==== ATTENTION
S1 EneTechIo; \??\C:\WINDOWS\system32\drivers\ene.sys [X]
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> D:\Apps\Autodesk\Inventor 2021\Bin\AcInetUI.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1482872955-3569544570-3760393657-1001_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll => No File
FirewallRules: [{9393DF87-2703-47C0-B957-2F354C9A5223}] => (Allow) C:\Program Files\BlueStacks_msi2\HD-Player.exe => No File
FirewallRules: [{CA448D3A-96DA-4B4C-BCEB-202836CEFE96}] => (Allow) C:\Games\Steam\Steam.exe => No File
FirewallRules: [{B018C9C8-9BC3-47E7-B66E-34AD240EB4EE}] => (Allow) C:\Games\Steam\Steam.exe => No File
FirewallRules: [{1FBD5509-38F3-4F16-8CD4-45E382C8154C}] => (Allow) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{16468C85-BA2E-4E83-9A49-C9178A57B263}] => (Allow) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{37403BB7-D8E1-41C6-9CDE-0D2A4C727EBF}] => (Allow) C:\Games\Steam\steamapps\common\TerraTech\TerraTechWin64.exe => No File
FirewallRules: [{BA7DED6D-B803-44E4-A6C0-E21281C42205}] => (Allow) C:\Games\Steam\steamapps\common\TerraTech\TerraTechWin64.exe => No File
FirewallRules: [TCP Query User{DF6BCFAB-7927-46B0-ADC6-A8389FB75364}C:\games\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\games\minecraft\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{C3A3A7DC-AEE3-4858-883C-0B640696E447}C:\games\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\games\minecraft\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [{E432DD6D-DBE6-40C6-BD3D-B75986935299}] => (Allow) C:\Games\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe => No File
FirewallRules: [{3737C321-23E3-4E60-A021-8FC5B5BD0C13}] => (Allow) C:\Games\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe => No File
FirewallRules: [{16456444-2026-43A7-892E-B39BF00D8628}] => (Allow) C:\Games\Steam\steamapps\common\Totally Accurate Battle Simulator\TotallyAccurateBattleSimulator.exe => No File
FirewallRules: [{D5D6634E-08EF-48F7-A7AC-179D1C26FDA0}] => (Allow) C:\Games\Steam\steamapps\common\Totally Accurate Battle Simulator\TotallyAccurateBattleSimulator.exe => No File
FirewallRules: [{9229FEB2-6D2A-43D2-93BE-29DF6EB26839}] => (Allow) C:\Games\Steam\steamapps\common\Clone Drone in the Danger Zone\Clone Drone in the Danger Zone.exe => No File
FirewallRules: [{99C8E188-234A-4305-8054-52B8C3EB83E8}] => (Allow) C:\Games\Steam\steamapps\common\Clone Drone in the Danger Zone\Clone Drone in the Danger Zone.exe => No File
FirewallRules: [{0DD752E4-AB5F-4E4F-9C22-07A023DD55B0}] => (Allow) C:\Games\Steam\steamapps\common\MountBlade Warband\mb_warband.exe => No File
FirewallRules: [{5A6ABE3E-4BBD-46A4-BA32-EA19737AA941}] => (Allow) C:\Games\Steam\steamapps\common\MountBlade Warband\mb_warband.exe => No File
FirewallRules: [{B1A47430-2026-4A6C-A10E-E5D99AC86F3D}] => (Allow) C:\Games\Steam\steamapps\common\ClusterTruck\Clustertruck.exe => No File
FirewallRules: [{379AD911-BB3E-4EC0-A14B-50294B116CE0}] => (Allow) C:\Games\Steam\steamapps\common\ClusterTruck\Clustertruck.exe => No File
FirewallRules: [{3C69A040-05CC-496D-ADB6-53312AAC1139}] => (Allow) C:\Games\Steam\steamapps\common\Noita\noita.exe => No File
FirewallRules: [{52225BC1-6AA9-4D5C-832B-7011B56F1B22}] => (Allow) C:\Games\Steam\steamapps\common\Noita\noita.exe => No File
FirewallRules: [{1B27D3B1-CFD4-4A76-A5D5-0600DF09F54B}] => (Allow) C:\Games\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe => No File
FirewallRules: [{47B156F7-7EBD-4703-9E88-A0056DE40F67}] => (Allow) C:\Games\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe => No File
FirewallRules: [TCP Query User{B21AF6EC-B5C0-4E7B-92D9-60F7978FB7BB}C:\program files\persepolis download manager\aria2c.exe] => (Allow) C:\program files\persepolis download manager\aria2c.exe => No File
FirewallRules: [UDP Query User{019565AA-3FE0-4741-A6AD-0B57DFBFDD01}C:\program files\persepolis download manager\aria2c.exe] => (Allow) C:\program files\persepolis download manager\aria2c.exe => No File
FirewallRules: [{05BC23BA-7B2C-4A87-BEDB-5C68D8AA1FB4}] => (Allow) C:\Games\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe => No File
FirewallRules: [{F83C1914-0176-409A-A19B-209761C5C093}] => (Allow) C:\Games\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe => No File
FirewallRules: [{E6EFADFC-B668-45EF-9B81-B815A1FDA88A}] => (Allow) C:\Games\Steam\steamapps\common\MudRunner\MudRunner.exe => No File
FirewallRules: [{AAD89D3B-5804-4E6B-87A0-6035EB483FD0}] => (Allow) C:\Games\Steam\steamapps\common\MudRunner\MudRunner.exe => No File
FirewallRules: [{A6CEF380-FD76-40B2-ACC7-224086CF256D}] => (Allow) C:\Games\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{F3C35CB3-912C-45BC-B240-B433DBD06275}] => (Allow) C:\Games\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{88BD133A-D479-4BEA-A813-DE6833D0C3EF}] => (Allow) C:\Games\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{F73E618A-AAE7-426D-8761-978A6C34E75C}] => (Allow) C:\Games\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{741D3C59-067C-43BA-B1D8-140859571300}] => (Allow) C:\Games\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe => No File
FirewallRules: [{60C94625-5849-4BFB-BED2-8E9205D68CFF}] => (Allow) C:\Games\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe => No File
FirewallRules: [TCP Query User{50BD0D36-06C4-4BA2-A9D1-2B9975806B79}C:\apps\picotorrent 0.23.0 x64\picotorrent.exe] => (Allow) C:\apps\picotorrent 0.23.0 x64\picotorrent.exe => No File
FirewallRules: [UDP Query User{00074679-EA69-4736-BB7B-34F4D57C2EF7}C:\apps\picotorrent 0.23.0 x64\picotorrent.exe] => (Allow) C:\apps\picotorrent 0.23.0 x64\picotorrent.exe => No File
FirewallRules: [{EA36264F-E08C-4D13-897B-E0302ED6CA9B}] => (Allow) C:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{13F2BC11-4A2B-4285-8235-046F0014B63A}] => (Allow) C:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{40135242-9501-44A6-8435-439BC3F597AC}] => (Allow) C:\Games\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [{FA0B84D8-83F9-4F6E-9957-8BD92F00AE97}] => (Allow) C:\Games\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [{CB163DA7-16A5-46CF-9776-9E09D5A07CCD}] => (Allow) C:\Games\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [{799ABBBE-2C3E-469B-A8F0-16EF2F785104}] => (Allow) C:\Games\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [TCP Query User{FA9F37E4-9F24-4E69-8F9E-2BC82E6DEAD6}D:\apps\easyeda\easyeda.exe] => (Allow) D:\apps\easyeda\easyeda.exe => No File
FirewallRules: [UDP Query User{A7D43F9F-1C78-4EF0-8440-3AEF10D50948}D:\apps\easyeda\easyeda.exe] => (Allow) D:\apps\easyeda\easyeda.exe => No File

EmptyTemp:
End::
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
Click to expand...
 

Attachments

icotonev

·
Security Moderator
Security Team , Malware Removal
Joined
·
184 Posts
#6
Well...! Tell me if the problem remains ..?

List Edge Extensions

  • Please type or copy edge://extensions in Edge address bar and Edge will display your extensions in a nice grid.
    Each extension shows the icon, name, brief description, Details and Remove buttons, and status toggle.
  • List just a names of all Edge Extensions you can see
  • Do you see unused or unknown extensions ..?



Fresh FRST64 Scan


You should still have FRST64.exe on your Desktop, if it is not here, copy it here!

  • Please close all open programs and windows.
  • Right-click FRST64.exe and select "Run as administrator..." to run it.
  • When the tool opens click Yes to the disclaimer if it is occurred.
  • Please be sure that 90 Days Files check box under Optional Scan section is checked.
  • Please be sure that Addition.txt check box under Optional Scan section is checked.
  • Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  • Please post the content of the both FRST.txt and Addition.txt in your next reply.
 
idkman

·
Registered
Joined
·
6 Posts
Discussion Starter #7
icotonev said:
Well...! Tell me if the problem remains ..?

List Edge Extensions

  • Please type or copy edge://extensions in Edge address bar and Edge will display your extensions in a nice grid.
    Each extension shows the icon, name, brief description, Details and Remove buttons, and status toggle.
  • List just a names of all Edge Extensions you can see
  • Do you see unused or unknown extensions ..?



Fresh FRST64 Scan


You should still have FRST64.exe on your Desktop, if it is not here, copy it here!

  • Please close all open programs and windows.
  • Right-click FRST64.exe and select "Run as administrator..." to run it.
  • When the tool opens click Yes to the disclaimer if it is occurred.
  • Please be sure that 90 Days Files check box under Optional Scan section is checked.
  • Please be sure that Addition.txt check box under Optional Scan section is checked.
  • Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  • Please post the content of the both FRST.txt and Addition.txt in your next reply.
Click to expand...
Установленные расширения
Из Microsoft Store

Universal Bypass
Не тратьте зря своё время на уступчивость. Universal Bypass автоматически пропускает раздражающие сокращатели ссылок.
Подробные сведенияУдалить


uBlock Origin
Наконец-то, быстрый и эффективный блокировщик для браузеров.
Подробные сведенияУдалить

Из других источников

GoFullPage - Full Page Screen Capture
Capture a screenshot of your current page in entirety and reliably—without requesting any extra permissions!
Подробные сведенияУдалить


Google Документы офлайн
Создавайте, просматривайте и редактируйте документы, таблицы и презентации без доступа к Интернету.
Подробные сведенияУдалить



SetupVPN - Lifetime Free VPN
Unblock any blocked website in your country, school or company. It's free and easy to use.
Подробные сведенияУдалить


Xtreme Download Manager
XDM is an open source download manager
Подробные сведенияУдалить

second profile also:
MetaMask
Расширение браузера для Ethereum
Подробные сведенияУдалить

all extensions are either from google web store or edge store and all definitely official

The popup appears once per week so I can't consistently test it, but also it seems like a malware malfunctioning and I might not be able to see its doings in the future.
can't paste the code its too big
 

Attachments

icotonev

·
Security Moderator
Security Team , Malware Removal
Joined
·
184 Posts
#8
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it (don't include Code: ) ....
Code: 
Start::
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1482872955-3569544570-3760393657-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Все пользователи\NTUSER.pol: Restriction <==== ATTENTION
S1 EneTechIo; \??\C:\WINDOWS\system32\drivers\ene.sys [X]

EmptyTemp:
End::
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
 
idkman

·
Registered
Joined
·
6 Posts
Discussion Starter #9
icotonev said:
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it (don't include Code: ) ....
Code: 
Start::
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1482872955-3569544570-3760393657-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Все пользователи\NTUSER.pol: Restriction <==== ATTENTION
S1 EneTechIo; \??\C:\WINDOWS\system32\drivers\ene.sys [X]

EmptyTemp:
End::
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
Click to expand...
Code: 
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-01-2021
Ran by nkshv (17-01-2021 21:04:06) Run:2
Running from C:\Users\nkshv\Desktop
Loaded Profiles: nkshv
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1482872955-3569544570-3760393657-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Все пользователи\NTUSER.pol: Restriction <==== ATTENTION
S1 EneTechIo; \??\C:\WINDOWS\system32\drivers\ene.sys [X]
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1482872955-3569544570-3760393657-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"C:\Users\Все пользователи\NTUSER.pol" => not found
HKLM\System\CurrentControlSet\Services\EneTechIo => removed successfully
EneTechIo => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9571392 B
Java, Flash, Steam htmlcache => 146750438 B
Windows/system/drivers => 7774 B
Edge => 0 B
Chrome => 0 B
Brave => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1518 B
nkshv => 10061914 B

RecycleBin => 0 B
EmptyTemp: => 166.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:04:19 ====
 

Attachments

idkman

·
Registered
Joined
·
6 Posts
Discussion Starter #10
icotonev said:
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it (don't include Code: ) ....
Code: 
Start::
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1482872955-3569544570-3760393657-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Все пользователи\NTUSER.pol: Restriction <==== ATTENTION
S1 EneTechIo; \??\C:\WINDOWS\system32\drivers\ene.sys [X]

EmptyTemp:
End::
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
Click to expand...
The issue is not fixed, I just had another pop-up
330562
 
icotonev

·
Security Moderator
Security Team , Malware Removal
Joined
·
184 Posts
#11
Hello, idkman..! I apologize for the late response ..!

  • If you have a 32 bit system Download FRST to your Desktop.
  • If you have a 64 bit system Download FRST64 to your Desktop.
  • If you don't know whether your system is 32 bit or 64 bit, download both. Only one will run on your machine. That's the one to use.
  • Double click Frst.exe to launch it.
  • FRSTwill start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
 
icotonev

·
Security Moderator
Security Team , Malware Removal
Joined
·
184 Posts
#12
Hello, idkman..! Are you still with me? Is the problem solved?
 
icotonev

·
Security Moderator
Security Team , Malware Removal
Joined
·
184 Posts
#13
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
 
1 - 13 of 13 Posts
Status
Not open for further replies.
About this Discussion
12 Replies
2 Participants
Last post:
icotonev
Tech Support
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Recommended Communities
Community avatar for Overclocking
Overclocking
590K+ members
Community avatar for AVS Forum
AVS Forum
1M+ members
Community avatar for Volvo XC100 Forum
Volvo XC100 Forum
NEW!
30+ members
Top