Unknown Rootkit Removal in Hidden Partition - Virus, Trojan, Spyware, and Malware Removal Help (2024)

Hi there...

After months of searching and all AVs coming back clean, I came across ListParts64 here and finally found the hidden partition.

I have had a persistent infection for close to almost a year, and have done multiple OS installs and even replaced my hard drive.

FRST doesn't log everything that is running on my computer so I've included my FRST scan, an ESET Sysinspector file as well as my ESET scan results which dont reflect in the FRST scan at all. Ive also attached the ListParts64 results which show the hidden partition.

Whatever is running on my laptop has infected my router and all my mobile devices too as well as hacked every account I have including my bank account but I suspect once I clean my laptop, I reset my router and my phone, everything will be normal again... It's been months and I honestly thought I was going crazy...

Please can someone assist me with removing this rootkit. I have no idea what else is hiding on my laptop...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2023
Ran by User (administrator) on DESKTOP-9PF4B4V (ASUSTeK COMPUTER INC. ASUS EXPERTBOOK B1500CEAEY_B1500CEAE) (05-07-2023 14:04:15)
Running from C:\Users\User\Desktop\FRST64.exe
Loaded Profiles: User
Platform: Microsoft Windows 11 Pro Version 21H2 22000.2057 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(082E9164-EE6C-4EC8-B62C-441FAE7BEFA1 -> Mozilla Corporation) C:\Program Files\WindowsApps\Mozilla.Firefox_115.0.0.0_x64__n80bbvh6b1yt2\VFS\ProgramFiles\Firefox Package Root\firefox.exe <9>
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusOSD.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.exe <12>
(C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoNotificationUx.exe
(DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusOptimization.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusOptimizationStartupTask.exe
(DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSoftwareManager\AsusSoftwareManager.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_aa253b3f3f01136e\igfxCUIServiceN.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_aa253b3f3f01136e\igfxEMN.exe
(explorer.exe ->) (Lansweeper -> Fing Ltd) C:\Program Files\Fing\Fing.exe <4>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b55ed36a9a78cc75\RtkAudUService64.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemote.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\abmsvc.inf_amd64_e252965a69453f26\AbmSvcPackage\x64\AbmSvcHost.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\abmsvc.inf_amd64_e252965a69453f26\AbmSvcPackage\x64\DevHookSvc.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\AsusAppService\AsusAppService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkNear\AsusLinkNear.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusOptimization.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSoftwareManager\AsusSoftwareManager.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSwitch\AsusSwitch.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(services.exe ->) (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.) C:\Windows\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_ac596dfdbac4d686\IgoAudioService_x64.exe
(services.exe ->) (DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_15c9ea6001a5206d\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_21e0cf0737fd48af\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_6a2f3d49c30e0a95\Intel_PIE_Service.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_aa253b3f3f01136e\igfxCUIServiceN.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_601c7757f6792eb2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c36abd3b34566934\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Lansweeper -> Fing Limited) C:\Program Files\Fing\resources\extraResources\fingagent.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_444148fa7298b49f\RtkAudUService64.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(svchost.exe ->) (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.) C:\Windows\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_ac596dfdbac4d686\iGoSwServer.exe <2>
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b55ed36a9a78cc75\RtkAudUService64.exe [3495792 2022-06-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194704 2023-03-24] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-3524819722-3214085969-1858649465-1001\...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4113872 2023-06-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3524819722-3214085969-1858649465-1001\...\Run: [electron.app.Fing] => C:\Program Files\Fing\Fing.exe [136147888 2023-06-26] (Lansweeper -> Fing Ltd)
HKU\S-1-5-21-3524819722-3214085969-1858649465-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3524819722-3214085969-1858649465-1001\...\Policies\Explorer\DisallowRun: [1] powershell.exe
HKU\S-1-5-21-3524819722-3214085969-1858649465-1001\...\Policies\Explorer\DisallowRun: [2] powershell_is.exe
HKU\S-1-5-21-3524819722-3214085969-1858649465-1001\...\Policies\Explorer\DisallowRun: [3] pwsh.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13AC75AF-84B1-4985-B899-DA1D7A18A0A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {15B8EA23-CCF5-4919-8DF8-6FE3A9B0B4E8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Users\User\Downloads\MSERT.exe [142677440 2023-06-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {24E262C2-E1BF-4220-B586-C2A2CB55ADD5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3EF912FB-5C0B-4705-85CC-C348D7F1A34D} - System32\Tasks\iGoAudioTask => C:\Windows\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_ac596dfdbac4d686\iGoSwServer.exe [698192 2022-08-30] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
Task: {4CBA1AC0-F20A-4F41-8D02-D59419BAB0C3} - System32\Tasks\iGoAudioTaskSession => C:\Windows\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_ac596dfdbac4d686\iGoSwServer.exe [698192 2022-08-30] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
Task: {554E6405-36B0-47F5-A0CE-3E8DA4DD4C48} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_444148fa7298b49f\RtkAudUService64.exe [1646392 2023-02-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {5BF379C9-20AE-43C7-BDBD-4A6210E9C9DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {72F3F96F-0525-45C4-9E08-98E2A207D607} - System32\Tasks\ASUS Update Checker 2.0 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSoftwareManager\AsusUpdateChecker.exe [797776 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {8C781624-FEA0-489D-9EA2-188C8A1D4027} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusHotkey.exe [291456 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {B4FEF678-C08B-4344-90EB-7B35313496B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B9088B43-1562-4544-8FDD-D5E498D9F335} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [File not signed]
Task: {D03EFB5A-1A9E-4A3F-995A-A6D19AEA234B} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3860560 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.16.5.1 41.87.126.254 41.87.127.254
Tcpip\..\Interfaces\{1b2cc1f1-ade1-44ce-a36b-1620d2eea7c5}: [DhcpNameServer] 172.16.5.1 41.87.126.254 41.87.127.254
Tcpip\..\Interfaces\{295f2889-f21c-4baf-a2e8-f41566da3f56}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5d6db059-7afd-4042-9106-92d9fc8f4452}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Edge:
=======
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-05]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-03]

FireFox:
========
FF DefaultProfile: n36ovlcd.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n36ovlcd.default [2023-07-04]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c1tgtva4.default-release [2023-07-05]
FF Extension: (Language: English (CA)) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c1tgtva4.default-release\Extensions\langpack-en-CA@firefox.mozilla.org.xpi [2023-07-05]
FF Extension: (Add-ons Restricted Domains) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c1tgtva4.default-release\features\{6d0497c4-4a7e-477d-89cb-5c41515ae21e}\addons-restricted-domains@mozilla.com.xpi [2023-07-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AbmSvc; C:\Windows\System32\DriverStore\FileRepository\abmsvc.inf_amd64_e252965a69453f26\AbmSvcPackage\x64\AbmSvcHost.exe [415352 2021-08-12] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 AsusAppService; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\AsusAppService\AsusAppService.exe [1174608 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkNear\AsusLinkNear.exe [1637456 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemote.exe [783952 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
R2 ASUSOptimization; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusOptimization.exe [468600 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSoftwareManager; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSoftwareManager\AsusSoftwareManager.exe [1125456 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSwitch; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSwitch\AsusSwitch.exe [641104 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3860560 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [826960 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 DevHookSvc; C:\Windows\System32\DriverStore\FileRepository\abmsvc.inf_amd64_e252965a69453f26\AbmSvcPackage\x64\DevHookSvc.exe [284256 2021-08-12] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [241760 2022-04-29] (DTS, Inc. -> DTS Inc.)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [2509944 2023-03-24] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3650416 2023-03-24] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3650416 2023-03-24] (ESET, spol. s r.o. -> ESET)
R2 IgoAudioService; C:\Windows\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_ac596dfdbac4d686\IgoAudioService_x64.exe [34984 2022-08-30] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\\AS\\IAS\\IntelAudioService.exe [532024 ] (Intel Corporation -> Intel)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [352656 2023-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe [3232576 2023-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe [133592 2023-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 ELANFPService; %SystemRoot%\System32\ELANFPService.exe [X]
R2 Fing.Agent; "C:\Program Files\Fing\resources\extraResources\fingagent.exe" --servicemode Fing.Agent --agentroot "C:\Users\User\AppData\Roaming"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 assdv2; C:\Windows\System32\DriverStore\FileRepository\abmsvc.inf_amd64_e252965a69453f26\AbmSvcPackage\x64\assdv2.sys [44568 2021-08-12] (ASUSTeK COMPUTER INC. -> ASUS)
R3 AsusPTPDrv; C:\Windows\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_2be525c42dff92ab\AsusPTPFilter.sys [123456 2022-06-07] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 AsusSAIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemAnalysis\AsusSAIO.sys [46720 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S3 ASUSSecDrive; C:\Windows\System32\DriverStore\FileRepository\abmsvc.inf_amd64_e252965a69453f26\AbmSvcPackage\x64\ASUSSecDrive.sys [48112 2021-08-12] (ASUSTeK COMPUTER INC. -> ASUSTEK COMPUTER INC.)
R1 ATKWMIACPIIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusWmiAcpi.sys [48760 2023-05-18] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d.inf_amd64_f3c6513565231a23\e1d.sys [609456 2022-11-14] (Intel Corporation -> Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [198448 2023-03-24] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [118872 2023-03-24] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2023-03-24] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [244920 2023-03-24] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [55440 2023-03-24] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [81728 2023-03-24] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [123008 2023-03-24] (ESET, spol. s r.o. -> ESET)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-20] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-20] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1548488 2022-10-27] (Intel Corporation -> Intel Corporation)
S3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_7ae6b189c18fd26e\IntcUSB.sys [1661704 2021-02-18] (Smart Sound Technology -> Intel® Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-08-10] (Intel Corporation -> Intel Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 UsbNcm; C:\Windows\System32\drivers\UsbNcm.sys [139264 2021-06-05] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2023-06-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [103656 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498944 2023-06-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99568 2023-06-24] (Microsoft Windows -> Microsoft Corporation)
U1 aswbdisk; no ImagePath
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-05 14:03 - 2023-07-05 14:04 - 000000000 ____D C:\Users\User\Desktop\FRST
2023-07-05 13:34 - 2023-07-05 13:34 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2023-07-05 13:22 - 2023-07-05 13:22 - 000001098 __RSH C:\ProgramData\ntuser.pol
2023-07-05 13:04 - 2023-07-05 13:17 - 684550144 _____ C:\Users\User\Downloads\krd.iso
2023-07-05 12:44 - 2023-07-05 13:18 - 000000000 ____D C:\Users\User\AppData\Local\Rufus
2023-07-05 12:37 - 2023-07-05 12:40 - 870318080 _____ C:\Users\User\Downloads\eset_sysrescue_live.img
2023-07-05 12:36 - 2023-07-05 12:37 - 001410120 _____ (Akeo Consulting) C:\Users\User\Downloads\rufus-4.1.exe
2023-07-05 12:08 - 2023-07-05 12:08 - 000001275 _____ C:\Users\User\Desktop\ESET Online Scanner.lnk
2023-07-05 12:06 - 2023-07-05 12:06 - 000000000 ____D C:\Symbols
2023-07-05 12:03 - 2023-07-05 11:59 - 000444455 _____ C:\Users\User\Desktop\SysInspector-DESKTOP-9PF4B4V-230705-115842.zip
2023-07-05 11:39 - 2023-07-05 11:39 - 000003534 _____ C:\Users\User\Desktop\ESET Scan Results Full 05.07.2023 txttxt.txt
2023-07-05 11:37 - 2023-07-05 11:38 - 000003534 _____ C:\Users\User\Desktop\ESET Scan Results Full 05.07.2023 txt.xml
2023-07-05 11:30 - 2023-07-05 11:31 - 000002374 _____ C:\Users\User\Desktop\unhide.txt
2023-07-05 11:28 - 2023-07-05 11:29 - 000016978 _____ C:\Users\User\Desktop\ESET Scan Results 05.07.2023 txt.txt
2023-07-05 11:27 - 2023-07-05 11:27 - 000027253 _____ C:\Users\User\Desktop\ESET Scan Results 05.07.2023.xml
2023-07-05 11:26 - 2023-07-05 11:26 - 000432592 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\unhide.exe
2023-07-05 11:04 - 2023-07-05 13:48 - 000000000 ____D C:\Users\User\AppData\Roaming\Fing
2023-07-05 11:03 - 2023-07-05 11:03 - 000003460 _____ C:\Windows\system32\Tasks\npcapwatchdog
2023-07-05 11:03 - 2023-07-05 11:03 - 000001766 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fing.lnk
2023-07-05 11:03 - 2023-07-05 11:03 - 000001754 _____ C:\Users\Public\Desktop\Fing.lnk
2023-07-05 11:03 - 2023-07-05 11:03 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2023-07-05 11:03 - 2023-07-05 11:03 - 000000000 ____D C:\Windows\system32\Npcap
2023-07-05 11:03 - 2023-07-05 11:03 - 000000000 ____D C:\Users\User\AppData\Roaming\FingAgent
2023-07-05 11:03 - 2023-07-05 11:03 - 000000000 ____D C:\Users\User\AppData\Local\fing-updater
2023-07-05 11:03 - 2023-07-05 11:03 - 000000000 ____D C:\ProgramData\Fingagent
2023-07-05 11:03 - 2023-07-05 11:03 - 000000000 ____D C:\Program Files\Npcap
2023-07-05 11:03 - 2023-07-05 11:03 - 000000000 ____D C:\Program Files\Fing
2023-07-05 11:01 - 2023-07-05 11:01 - 097821656 _____ (Fing Ltd) C:\Users\User\Downloads\Fing.exe
2023-07-05 10:39 - 2023-07-05 14:04 - 000023446 _____ C:\Users\User\Desktop\FRST.txt
2023-07-05 10:39 - 2023-07-05 14:04 - 000000000 ____D C:\FRST
2023-07-05 10:38 - 2023-07-05 10:38 - 002383360 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2023-07-05 10:28 - 2023-07-05 10:28 - 015274968 _____ (ESET) C:\Users\User\Downloads\esetonlinescanner(2).exe
2023-07-05 10:28 - 2023-07-05 10:28 - 015274968 _____ (ESET) C:\Users\User\Downloads\esetonlinescanner(1).exe
2023-07-05 10:26 - 2023-07-05 12:31 - 000001381 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-07-05 10:26 - 2023-07-05 10:26 - 015274968 _____ (ESET) C:\Users\User\Downloads\esetonlinescanner.exe
2023-07-05 10:26 - 2023-07-05 10:26 - 000000000 ____D C:\Users\User\AppData\Local\ESET
2023-07-05 07:48 - 2023-07-05 07:48 - 000000112 ___SH C:\bootTel.dat
2023-07-05 07:41 - 2023-07-05 07:41 - 000000000 ____D C:\$SysReset
2023-07-05 05:45 - 2023-07-05 05:45 - 000008192 _____ C:\Windows\system32\config\userdiff
2023-07-05 05:43 - 2023-03-24 16:56 - 000118872 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys
2023-07-05 04:44 - 2023-07-05 09:24 - 000049533 _____ C:\Windows\diagwrn.xml
2023-07-05 04:44 - 2023-07-05 09:24 - 000049533 _____ C:\Windows\diagerr.xml
2023-07-05 03:25 - 2023-07-05 03:25 - 000000000 ___RD C:\Users\User\Downloads\B9ECED6F.ASUSPCAssistant_qmba6cd70vzyy!App
2023-07-04 22:33 - 2023-07-05 12:08 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2023-07-04 22:15 - 2023-07-04 22:15 - 000000000 ____D C:\Users\User\AppData\Local\CEF
2023-07-04 22:11 - 2023-07-05 09:49 - 000000000 ____D C:\ProgramData\Avast Software
2023-07-04 21:57 - 2023-07-04 21:57 - 000263576 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online.exe
2023-07-04 17:00 - 2023-07-04 17:00 - 000000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2023-07-04 17:00 - 2023-07-04 17:00 - 000000000 ____D C:\Users\User\AppData\Local\Mozilla
2023-07-04 16:52 - 2023-07-04 16:54 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2023-07-04 16:52 - 2023-07-04 16:52 - 000000000 ____D C:\Windows\system32\Drivers\mde
2023-07-04 16:47 - 2023-07-04 16:47 - 011049656 _____ (ASUSTeK COMPUTER INC.) C:\Users\User\Downloads\ASUS_B1500CEAE_311_BIOS_Update.exe
2023-07-04 16:10 - 2023-07-04 16:33 - 000000000 ____D C:\EEK
2023-07-04 16:10 - 2023-07-04 16:10 - 000000000 ____D C:\ProgramData\Emsisoft
2023-07-04 16:08 - 2023-07-04 16:09 - 346671416 _____ C:\Users\User\Downloads\EmsisoftEmergencyKit.exe
2023-07-04 13:23 - 2023-07-04 13:23 - 009637746 _____ C:\Users\User\Downloads\triangle_check_win.zip
2023-07-04 13:23 - 2023-07-04 13:23 - 000000000 ____D C:\Users\User\Downloads\triangle_check_win
2023-07-04 11:34 - 2023-07-04 11:34 - 000002016 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2023-07-04 11:25 - 2023-07-04 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2023-07-04 11:25 - 2023-07-04 11:25 - 000000000 ____D C:\ProgramData\ESET
2023-07-04 11:25 - 2023-07-04 11:25 - 000000000 ____D C:\Program Files\ESET
2023-07-04 11:22 - 2023-07-04 11:22 - 000001231 _____ C:\Users\User\Documents\Malwarebytes Scan 04.07.2023.txt
2023-07-04 11:20 - 2023-07-04 11:20 - 008971384 _____ (ESET) C:\Users\User\Downloads\eset_smart_security_premium_live_installer.exe
2023-07-04 10:38 - 2023-07-04 10:38 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2023-07-04 10:37 - 2023-07-04 10:37 - 002649072 _____ (Malwarebytes) C:\Users\User\Downloads\MBSetup.exe
2023-07-04 10:27 - 2023-07-05 13:49 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-07-03 10:22 - 2023-07-05 19:22 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBackup Viewer
2023-07-03 10:22 - 2023-07-03 10:23 - 000000000 ____D C:\Users\User\AppData\Local\iBackup Viewer
2023-07-03 10:22 - 2023-07-03 10:22 - 000000000 ____D C:\Users\User\AppData\Local\CrashRpt
2023-07-03 10:20 - 2023-07-03 10:21 - 064681784 _____ (iMacTools ) C:\Users\User\Downloads\iBackupViewerSetup.exe
2023-07-03 10:08 - 2023-07-03 10:08 - 000000000 ____D C:\Users\User\AppData\Roaming\TSMonitor
2023-07-03 10:08 - 2023-07-03 10:08 - 000000000 ____D C:\Users\User\AppData\Roaming\Tenorshare
2023-07-03 10:08 - 2023-07-03 10:08 - 000000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
2023-07-03 10:08 - 2023-07-03 10:08 - 000000000 ____D C:\Tenorshare
2023-07-03 10:07 - 2023-07-05 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2023-07-03 10:07 - 2023-07-03 10:07 - 002117904 _____ (Tenorshare Co., Ltd.) C:\Users\User\Downloads\ultdata-ios-bing.exe
2023-07-03 10:07 - 2023-07-03 10:07 - 000001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltData.lnk
2023-07-03 10:07 - 2023-07-03 10:07 - 000000000 ____D C:\Program Files (x86)\Tenorshare
2023-07-02 18:02 - 2023-07-02 18:05 - 000000000 ____D C:\Users\User\Documents\00008030-0016188A1146802E
2023-07-02 17:58 - 2023-07-02 17:58 - 000000000 ____D C:\Users\User\Documents\SC Info
2023-07-02 17:58 - 2023-07-02 17:58 - 000000000 ____D C:\Users\User\Documents\iPhone Temporary Files
2023-07-02 17:58 - 2023-07-02 17:58 - 000000000 ____D C:\Users\User\Documents\adi
2023-07-02 17:58 - 2023-07-02 17:34 - 000001054 _____ C:\Users\User\Documents\iPodDevices.xml
2023-07-02 17:34 - 2023-07-02 17:34 - 000000000 ____D C:\Users\User\Apple
2023-07-02 16:58 - 2023-07-02 16:58 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2023-07-02 16:45 - 2023-07-02 16:45 - 000000000 ____D C:\ProgramData\Apple Computer
2023-07-02 16:45 - 2023-07-02 16:45 - 000000000 ____D C:\ProgramData\Apple
2023-06-30 16:17 - 2023-06-30 16:17 - 000000000 ____D C:\Windows\Firmware
2023-06-30 16:17 - 2023-04-03 05:56 - 005161280 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw10.sys
2023-06-30 16:17 - 2023-04-03 05:56 - 001469760 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter10.dll
2023-06-30 15:21 - 2023-06-30 15:21 - 000000000 ____D C:\$WinREAgent
2023-06-30 12:17 - 2023-07-05 13:45 - 000001575 _____ C:\Windows\system32\config\VSMIDK
2023-06-30 10:17 - 2022-09-30 12:56 - 000292064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll
2023-06-30 10:17 - 2022-09-30 12:56 - 000247008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll
2023-06-30 09:14 - 2023-07-05 08:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\MMC
2023-06-30 09:11 - 2023-06-30 09:11 - 000000000 ____D C:\Users\User\AppData\Local\OneDrive
2023-06-30 09:08 - 2023-07-05 13:53 - 000003752 _____ C:\Windows\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2023-06-24 12:23 - 2023-06-24 12:23 - 000000000 ____D C:\Users\User\AppData\Local\PeerDistRepub
2023-06-24 12:21 - 2023-06-24 12:23 - 000000000 ____D C:\Windows\system32\MRT
2023-06-23 00:54 - 2023-07-05 05:43 - 000000000 ____D C:\Windows\Panther
2023-06-22 23:59 - 2023-07-02 16:44 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3524819722-3214085969-1858649465-1001
2023-06-22 23:59 - 2023-07-02 16:44 - 000002380 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-06-22 23:59 - 2023-06-22 23:59 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-06-22 23:59 - 2023-06-22 15:51 - 000000000 ___RD C:\Users\User\OneDrive
2023-06-22 23:58 - 2023-06-22 23:58 - 000000000 ____D C:\Windows\CSC
2023-06-22 23:57 - 2023-07-05 19:22 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Crypto
2023-06-22 23:57 - 2023-07-05 19:22 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Spelling
2023-06-22 23:57 - 2023-07-05 11:19 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Credentials
2023-06-22 23:57 - 2023-07-05 09:26 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2023-06-22 23:57 - 2023-07-05 09:26 - 000000000 ____D C:\ProgramData\Packages
2023-06-22 23:57 - 2023-07-05 02:59 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2023-06-22 23:57 - 2023-07-04 22:34 - 000000000 ____D C:\Users\User\AppData\Local\Publishers
2023-06-22 23:57 - 2023-07-02 18:11 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Protect
2023-06-22 23:57 - 2023-06-22 23:57 - 000000020 ___SH C:\Users\User\ntuser.ini
2023-06-22 23:57 - 2023-06-22 23:57 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\SystemCertificates
2023-06-22 23:57 - 2023-06-22 23:57 - 000000000 ___RD C:\Users\Public\AccountPictures
2023-06-22 23:57 - 2023-06-22 23:57 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows
2023-06-22 23:57 - 2023-06-22 23:57 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Vault
2023-06-22 23:57 - 2023-06-22 23:57 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Network
2023-06-22 23:57 - 2023-06-22 23:57 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe
2023-06-22 23:57 - 2023-06-22 23:57 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2023-06-22 23:57 - 2023-06-22 23:57 - 000000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform
2023-06-22 23:56 - 2023-06-22 23:56 - 000000000 _SHDL C:\Documents and Settings
2023-06-22 23:55 - 2023-07-05 13:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-06-22 23:55 - 2023-07-05 13:45 - 000000000 ____D C:\Intel
2023-06-22 23:55 - 2023-07-05 05:55 - 000002516 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-22 23:55 - 2023-07-05 05:55 - 000002354 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-22 23:55 - 2023-06-24 12:23 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-06-22 23:55 - 2023-06-22 23:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2023-06-22 23:55 - 2023-06-22 23:55 - 000000000 ____D C:\Windows\system32\Tasks\Intel
2023-06-22 23:55 - 2023-06-22 15:06 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-06-22 23:55 - 2023-06-22 15:06 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-06-22 23:54 - 2023-07-05 13:45 - 000012288 ___SH C:\DumpStack.log.tmp
2023-06-22 23:54 - 2023-07-05 13:45 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-06-22 23:54 - 2023-07-04 16:56 - 000292696 _____ C:\Windows\system32\FNTCACHE.DAT
2023-06-22 23:54 - 2023-06-22 23:54 - 000000000 ____D C:\Windows\ServiceProfiles
2023-06-22 15:53 - 2023-07-05 13:45 - 000003308 _____ C:\Windows\system32\Tasks\iGoAudioTask
2023-06-22 15:53 - 2023-06-22 15:53 - 000003366 _____ C:\Windows\system32\Tasks\iGoAudioTaskSession
2023-06-22 15:53 - 2023-06-22 15:53 - 000001844 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AI ClearVoice Speaker.lnk
2023-06-22 15:52 - 2023-06-30 10:18 - 000003366 _____ C:\Windows\system32\Tasks\RtkAudUService64_BG
2023-06-22 15:51 - 2023-07-02 16:44 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3524819722-3214085969-1858649465-1001
2023-06-22 15:50 - 2023-06-22 15:50 - 000000000 ____D C:\Windows\system32\DTS
2023-06-22 15:50 - 2022-06-30 10:14 - 006174016 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2023-06-22 15:49 - 2023-06-22 15:49 - 000000000 ____D C:\ProgramData\Intel
2023-06-22 15:28 - 2023-07-05 13:45 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2023-06-22 15:28 - 2023-06-22 15:28 - 000000000 ____D C:\Users\User\AppData\LocalLow\Intel
2023-06-22 15:27 - 2021-03-09 05:22 - 000308632 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2023-06-22 15:27 - 2021-03-09 05:22 - 000256000 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2023-06-22 15:27 - 2021-03-09 05:22 - 000147344 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2023-06-22 15:27 - 2021-03-09 05:21 - 001790224 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-06-22 15:27 - 2021-03-09 05:21 - 001790224 _____ C:\Windows\system32\vulkaninfo.exe
2023-06-22 15:27 - 2021-03-09 05:21 - 001386264 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-06-22 15:27 - 2021-03-09 05:21 - 001386264 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-06-22 15:27 - 2021-03-09 05:21 - 001096304 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-06-22 15:27 - 2021-03-09 05:21 - 001096304 _____ C:\Windows\system32\vulkan-1.dll
2023-06-22 15:27 - 2021-03-09 05:21 - 000949368 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-06-22 15:27 - 2021-03-09 05:21 - 000949368 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-06-22 15:27 - 2021-03-09 05:21 - 000172080 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2023-06-22 15:11 - 2023-06-22 15:11 - 000000000 ____D C:\Users\User\AppData\Local\Comms
2023-06-22 15:11 - 2023-06-22 15:11 - 000000000 ____D C:\Users\User\AppData\Local\ASUS
2023-06-22 15:09 - 2023-07-05 08:49 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-06-22 15:06 - 2023-07-05 09:23 - 000004122 _____ C:\Windows\system32\Tasks\ASUS Update Checker 2.0
2023-06-22 15:06 - 2023-07-04 17:05 - 000000000 ____D C:\ProgramData\ASUS
2023-06-22 15:06 - 2023-06-30 16:17 - 000003756 _____ C:\Windows\system32\Tasks\ASUS Optimization 36D18D69AFC3
2023-06-22 15:03 - 2023-07-05 13:52 - 000803404 _____ C:\Windows\system32\PerfStringBackup.INI
2023-06-22 15:02 - 2023-07-05 09:26 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-05 19:22 - 2021-06-05 14:10 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2023-07-05 19:22 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2023-07-05 19:22 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\spool
2023-07-05 19:22 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\NDF
2023-07-05 19:22 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\MsDtc
2023-07-05 19:22 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2023-07-05 19:22 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\LiveKernelReports
2023-07-05 13:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SystemTemp
2023-07-05 13:52 - 2021-06-05 14:09 - 000000000 ____D C:\Windows\INF
2023-07-05 13:45 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\ServiceState
2023-07-05 13:45 - 2021-06-05 14:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-05 13:36 - 2021-06-05 14:01 - 000524288 _____ C:\Windows\system32\config\BBI
2023-07-05 09:28 - 2021-06-05 14:10 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-05 09:28 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\AppReadiness
2023-07-05 09:24 - 2022-05-07 11:06 - 000000000 ____D C:\$WINDOWS.~BT
2023-07-05 05:41 - 2021-06-05 14:01 - 000000000 ____D C:\Windows\CbsTemp
2023-07-05 01:19 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\oobe
2023-07-05 00:27 - 2021-06-05 14:01 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-07-04 22:13 - 2021-06-05 14:10 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ___SD C:\Windows\SysWOW64\F12
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\WUModels
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\gl-ES
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\eu-ES
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\Com
2023-07-04 16:55 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\ca-ES
2023-07-04 16:54 - 2021-06-05 16:30 - 000000000 ___SD C:\Windows\system32\AppV
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ___SD C:\Windows\system32\UNP
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ___SD C:\Windows\system32\F12
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SystemResources
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\vi-VN
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\Sysprep
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\setup
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\migwiz
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\lv-LV
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\lt-LT
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\id-ID
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\gl-ES
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\eu-ES
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\et-EE
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\es-MX
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\Dism
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\DDFs
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\Com
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\ca-ES
2023-07-04 16:54 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\appraiser
2023-07-04 16:52 - 2021-06-05 16:30 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-07-04 16:52 - 2021-06-05 16:30 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-07-04 16:52 - 2021-06-05 16:30 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ___RD C:\Windows\PrintDialog
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SystemApps
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\ShellExperiences
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\ShellComponents
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\Provisioning
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\IME
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\DiagTrack
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\BrowserCore
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\bcastdvr
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ____D C:\Program Files\Windows Defender
2023-07-04 16:52 - 2021-06-05 14:10 - 000000000 ____D C:\Program Files\Common Files\System
2023-07-04 16:52 - 2021-06-05 14:01 - 000000000 ____D C:\Windows\servicing
2023-06-30 15:44 - 2021-06-05 14:08 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2023-06-30 15:44 - 2021-06-05 14:08 - 000209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2023-06-30 15:44 - 2021-06-05 14:08 - 000114688 _____ (Khronos Group) C:\Windows\system32\opencl.dll
2023-06-30 15:44 - 2021-06-05 14:08 - 000078336 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
2023-06-24 12:17 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\appcompat
2023-06-23 00:54 - 2021-06-05 14:08 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2023-06-22 23:58 - 2021-06-05 16:30 - 000000000 ____D C:\Windows\system32\FxsTmp
2023-06-22 23:56 - 2021-06-05 14:10 - 000000000 ____D C:\ProgramData\USOPrivate

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

See Also
The processing of Group Policy failedSOLVED - SCCM Client not downloading content to ccmcacheMicrosoft Removes Windows 10 1909 Realtek Driver Update Block[SOLVED] - Faulting module ucrtbade.dll - Causes windows to flicker and become completely unresponsive

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2023
Ran by User (05-07-2023 14:05:41)
Running from C:\Users\User\Desktop
Microsoft Windows 11 Pro Version 21H2 22000.2057 (X64) (2023-06-22 21:56:14)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3524819722-3214085969-1858649465-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3524819722-3214085969-1858649465-503 - Limited - Disabled)
Guest (S-1-5-21-3524819722-3214085969-1858649465-501 - Limited - Disabled)
User (S-1-5-21-3524819722-3214085969-1858649465-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-3524819722-3214085969-1858649465-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ESET Security (HKLM\...\{67878CC3-9C1F-40AD-9027-A6469F3C58F4}) (Version: 16.1.14.0 - ESET, spol. s r.o.)
Fing 3.4.0 (HKLM\...\Fing Desktop) (Version: 3.4.0 - Fing Ltd)
iBackup Viewer 4.27.20.1 (HKU\S-1-5-21-3524819722-3214085969-1858649465-1001\...\{5B428966-3054-41E3-B0F8-008EE30BD019}_is1) (Version: - iMacTools)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3524819722-3214085969-1858649465-1001\...\OneDriveSetup.exe) (Version: 23.127.0618.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{D98EA283-A784-4037-BD51-739D87BFF693}) (Version: 4.73.0.0 - Microsoft Corporation)
Npcap OEM (HKLM-x32\...\NpcapInst) (Version: 1.55 - Nmap Project)
UltData (HKLM-x32\...\{UltData}_is1) (Version: 9.4.29.3 - Tenorshare, Inc.)

Packages:
=========
DTS Audio Processing -> C:\Program Files\WindowsApps\DTSInc.DTSAudioProcessing_1.10.13.0_x64__t5j2fzbtdg37r [2023-07-05] (DTS, Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-05] (INTEL CORP) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-07-02] (Apple Inc.) [Startup Task]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.97.61391.0_x64__8wekyb3d8bbwe [2023-07-05] (Microsoft Corporation) [Startup Task]
Mozilla Firefox -> C:\Program Files\WindowsApps\Mozilla.Firefox_115.0.0.0_x64__n80bbvh6b1yt2 [2023-07-05] (Mozilla)
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy [2023-07-04] (ASUSTeK COMPUTER INC.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.36.273.0_x64__dt26b99r8h8gj [2023-06-24] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-07-02] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0 [2023-07-05] (Spotify AB) [Startup Task]
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-03-24] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-03-24] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-03-24] (ESET, spol. s r.o. -> ESET)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2023-07-05 13:45 - 2023-07-05 13:45 - 000637440 _____ () [File not signed] \\?\C:\Users\User\AppData\Local\Temp\6af30f7d-97c9-443c-abac-de69a39a85dc.tmp.node

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\User\Downloads\eset_smart_security_premium_live_installer.exe:MBAM.Zone.Identifier [205]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 14:08 - 2021-06-05 14:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3524819722-3214085969-1858649465-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 172.16.5.1 - 41.87.126.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [PlayTo-SSDP-Discovery-PlayToScope] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [PlayTo-QWave-In-TCP-PlayToScope] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [PlayTo-QWave-In-UDP-PlayToScope] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [Microsoft-Windows-PeerDist-WSD-In] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [AllJoyn-Router-In-UDP] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [AllJoyn-Router-In-TCP] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{8CA42526-F087-4884-B574-C1CF184E14EA}] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{7729AF52-01A4-4E9F-A3DE-34DECF9C5618}] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{326CB764-E48F-4F4B-8E62-D5C8AB694057}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{48DD9023-83EE-412E-80ED-12D8BC8450BE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B5FEAF51-DC8D-4223-BD01-D4E6C1900C5D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{3C1A668F-FE6F-4B09-80B8-CB8401670D41}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{5D0077A7-DE8B-4184-A5F9-0AA53DBF8DF4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{512A6577-2924-43FB-B111-42CBF66CF829}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{9D5F94CC-AE1E-4D28-BA11-D6DF1A006B41}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{263649D9-55E3-405D-93D9-2E1B9E3FC81F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{85619A18-C683-4F94-892E-417BD1C1F4B3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9F7977BA-0E3D-4EBE-8FE6-0825995E0C8E}] => (Allow) C:\Users\User\Downloads\ultdata-ios-bing.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.)
FirewallRules: [{A5546C36-5BF1-4185-902C-6B5D29ABB60C}] => (Allow) C:\Users\User\Downloads\ultdata-ios-bing.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.)
FirewallRules: [{E943C4F1-1BC9-4CC6-A307-BC0E886B56D1}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{0AC7CC33-C07B-46DD-8F99-A8FDF0A5C55D}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{4F535AC6-09D4-45DC-A48B-9BA7EAA9E922}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{34AD8DE9-A122-4F4C-834E-51BDEFEF3CC9}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{E57630D4-1F39-487A-B9FC-91F82E6ACD73}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{AC4A9D77-8A7A-4E62-943A-D2C273D6FED4}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSwitch\AsusSwitchNet.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{E57E0BCB-3538-4EBD-822B-B152EF213E34}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{D2BCC39C-2858-4D1D-8A74-723BB5B7CCB3}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{E43393AD-5B8A-485C-9AF8-4A190A3491F5}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)

==================== Restore Points =========================

==================== Faulty Device Manager Devices ============

See Also
Z690-I "SM BUS Controller" and "PCI Device" no compatible driver

Name: Intel® Smart Sound Technology for USB Audio
Description: Intel® Smart Sound Technology for USB Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcUSB
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (07/05/2023 01:24:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fingagent.exe, version: 3.4.0.0, time stamp: 0x6495a78a
Faulting module name: fingagent.exe, version: 3.4.0.0, time stamp: 0x6495a78a
Exception code: 0x40000015
Fault offset: 0x000efc6e
Faulting process id: 0x13ec
Faulting application start time: 0x01d9af300b9cff84
Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Faulting module path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Report Id: fac670ac-32dc-4657-8847-6b66a98a0b73
Faulting package full name:
Faulting package-relative application ID:

Error: (07/05/2023 12:36:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.22000.1, time stamp: 0xb3908376
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80131623
Fault offset: 0x00007ffc05fe200f
Faulting process id: 0x8ec
Faulting application start time: 0x01d9af2c81ce8106
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: unknown
Report Id: 560b21ae-f382-4ce2-a0c4-1e3aa80a5933
Faulting package full name:
Faulting package-relative application ID:

Error: (07/05/2023 12:36:08 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Unexpected exception thrown from the provider:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()

Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (07/05/2023 12:36:07 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (07/05/2023 12:36:07 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (07/05/2023 12:36:07 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (07/05/2023 12:08:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.22000.1641, time stamp: 0xeef88e63
Exception code: 0xc0000005
Fault offset: 0x002f1817
Faulting process id: 0x134
Faulting application start time: 0x01d9af2898d7b86d
Faulting application path: C:\Users\User\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\Windows\SYSTEM32\WININET.dll
Report Id: 6c0ad22b-68b6-447f-920d-6f424465aff6
Faulting package full name:
Faulting package-relative application ID:

Error: (07/05/2023 12:07:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.22000.1641, time stamp: 0xeef88e63
Exception code: 0xc0000005
Fault offset: 0x002f1817
Faulting process id: 0x3a88
Faulting application start time: 0x01d9af2887429b13
Faulting application path: C:\Users\User\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\Windows\SYSTEM32\WININET.dll
Report Id: f01c5755-4e83-4445-a707-bd93699dbe9e
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (07/05/2023 01:46:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9PF4B4V)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (07/05/2023 01:45:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:37:14 PM on ‎7/‎5/‎2023 was unexpected.

Error: (07/05/2023 01:44:58 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (07/05/2023 01:34:34 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (07/05/2023 01:34:25 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (07/05/2023 01:24:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fing.Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/05/2023 01:24:33 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{1B2CC1F1-ADE1-44CE-A36B-1620D2EEA7C5} because another computer on the network has the same name. The server could not start.

Error: (07/05/2023 01:24:30 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {89bbeaf1-4065-4e56-b1ae-6b6468f4097c}, had event 74

Windows Defender:
================
Date: 2023-07-04 10:34:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-07-02 16:42:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-24 12:23:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2023-07-05 03:37:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.3572.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2023-07-05 03:37:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.3572.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x80070102
Error description: The wait operation timed out.

CodeIntegrity:
===============
Date: 2023-07-05 13:48:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: ASUSTeK COMPUTER INC. B1500CEAEY.321 12/22/2022
Motherboard: ASUSTeK COMPUTER INC. B1500CEAEY
Processor: 11th Gen Intel® Core™ i5-1135G7 @ 2.40GHz
Percentage of memory in use: 63%
Total physical RAM: 7881.99 MB
Available physical RAM: 2847.54 MB
Total Virtual: 9097.99 MB
Available Virtual: 3199.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.08 GB) (Free:366.56 GB) (Model: NVMe Biwintech SSD NX500 512GB) NTFS

\\?\Volume{1c2b0de5-ac6f-4747-b194-f4851c28dc3c}\ () (Fixed) (Total:0.75 GB) (Free:0.25 GB) NTFS
\\?\Volume{81ed65af-9d0a-4711-ac12-ff4350dec9cd}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 749D0C98)

Partition: GPT.

==================== End of Addition.txt =======================

ListParts by Farbar Version: 31-07-2014
Ran by User (administrator) on 05-07-2023 at 14:40:46
WIN_81 (X64)
Running From: C:\Users\User\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 77%
Total physical RAM: 7881.99 MB
Available physical RAM: 1802.8 MB
Total Pagefile: 9097.99 MB
Available Pagefile: 1942.51 MB
Total Virtual: 131072 MB
Available Virtual: 131067.83 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:476.08 GB) (Free:365.04 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 476 GB 2048 KB *

Partitions of Disk 0:
===============

Disk ID: {39C3FAA5-7745-4751-B495-2FCA9CA5CF6E}

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 100 MB 1024 KB
Partition 2 Reserved 16 MB 101 MB
Partition 3 Primary 476 GB 117 MB
Partition 4 Recovery 765 MB 476 GB

======================================================================================================

Disk: 0
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT32 Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 3
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 476 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 4
Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden : Yes
Required: Yes
Attrib : 0X8000000000000001

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 NTFS Partition 765 MB Healthy Hidden

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 749D0C98

Partition : GPT Partition Type

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{8691cba6-1b2c-11ee-8e31-806e6f6e6963}
{1ef972b7-1277-11ee-8e1f-806e6f6e6963}
{8691cba7-1b2c-11ee-8e31-806e6f6e6963}
timeout 2

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {e8929395-114e-11ee-9da8-897b2c7e990e}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Firmware Application (101fffff)
-------------------------------
identifier {1ef972b7-1277-11ee-8e1f-806e6f6e6963}
device partition=\Device\HarddiskVolume1
path \EFI\Boot\BootX64.efi
description UEFI:Removable Device

Firmware Application (101fffff)
-------------------------------
identifier {8691cba6-1b2c-11ee-8e31-806e6f6e6963}
description UEFI:CD/DVD Drive

Firmware Application (101fffff)
-------------------------------
identifier {8691cba7-1b2c-11ee-8e31-806e6f6e6963}
description UEFI:Network Device

Windows Boot Loader
-------------------
identifier {a2a13741-1b58-11ee-b8d0-806dc05f06ee}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{a2a13742-1b58-11ee-b8d0-806dc05f06ee}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{a2a13742-1b58-11ee-b8d0-806dc05f06ee}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.efi
description Windows 11
locale en-US
inherit {bootloadersettings}
recoverysequence {a2a13741-1b58-11ee-b8d0-806dc05f06ee}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {e8929395-114e-11ee-9da8-897b2c7e990e}
nx OptOut
bootmenupolicy Standard

Resume from Hibernate
---------------------
identifier {e8929395-114e-11ee-9da8-897b2c7e990e}
device partition=C:
path \Windows\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {a2a13741-1b58-11ee-b8d0-806dc05f06ee}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
custom:21000026 partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {a2a13742-1b58-11ee-b8d0-806dc05f06ee}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi

****** End Of Log ******

Attached Files

  • FRST.txt 46.39KB2 downloads
  • Addition.txt 21.5KB5 downloads
  • ESET Scan Results 05.07.2023 txt.txt 16.58KB7 downloads
  • Result.txt 8.29KB5 downloads
  • SysInspector-DESKTOP-9PF4B4V-230705-115842.zip 434.04KB3 downloads

Edited by OhheyDanica, 05 July 2023 - 08:49 AM.

Unknown Rootkit Removal in Hidden Partition - Virus, Trojan, Spyware, and Malware Removal Help (2024)

FAQs

Can rootkits be removed? ›

Rootkit removal procedures:

For deep hardware rootkits, use a bootable antivirus or anti-rootkit disk. System and software updates: Ensure that your operating system and all software are up to date with the latest security patches. This helps close vulnerabilities that rootkits exploit to gain access.

Discover More
Does resetting a PC remove rootkits? ›

Each year, viruses become more sophisticated, and cybercriminals are finding new ways to infect unsuspecting devices. So, you may encounter trojans and rootkits that can survive a factory reset, but it's relatively rare.

Know More
How do I know if I have a rootkit virus? ›

There are various ways to look for a rootkit on an infected machine. Detection methods include behavioral-based methods (e.g., looking for strange behavior on a computer system), signature scanning and memory dump analysis. Often, the only option to remove a rootkit is to completely rebuild the compromised system.

Read More
What damage can a rootkit cause? ›

Rootkits can hide keyloggers, which capture your keystrokes without your consent. This makes it easy for cybercriminals to steal your personal information, such as credit card or online banking details. Rootkits can allow hackers to use your computer to launch DDoS attacks or send out spam emails.

Get More Info Here
What does rootkit do to your computer? ›

A rootkit is a malicious software bundle designed to give unauthorized access to a computer or other software. Rootkits are hard to detect and can conceal their presence within an infected system. Hackers use rootkit malware to remotely access your computer, manipulate it, and steal data.

View Details
Can trojan virus be removed by factory reset? ›

Will a factory reset remove a virus? Performing a factory reset is the best way to get rid of viruses, spyware, and other malware. A factory reset will delete everything that wasn't originally installed on the device. This includes any viruses that infected your operating system and files.

Read More
Does a factory reset remove spyware? ›

Unfortunately, hackers are getting better at attacking different devices. If you get malware on your iPhone or Android device, does a factory reset remove it? The short answer is that it can and will in most cases, but there are some things to consider first.

Learn More Now
How to remove trojan virus? ›

Installing and using a trusted antivirus solution is also one of the top ways to get rid of trojans. An effective antivirus program searches for valid trust and app behavior, as well as trojan signatures in files in order to detect, isolate and then promptly remove them.

Continue Reading
How do I scan my computer for rootkits? ›

A surefire way to find a rootkit is with a memory dump analysis. You can always see the instructions a rootkit is executing in memory, and that is one place it can't hide. Behavioral analysis is one of the other more reliable methods of detecting rootkits.

Get More Info
Which AntiVirus can detect rootkits? ›

Rootkits are some of the most insidious types of malware out there — keep them off your computer with one of the best rootkit removers available. AVG AntiVirus FREE is a powerful rootkit scanner and remover that cleans rootkits from your device and defends against many other types of threats.

See Details

What is the difference between a rootkit and a trojan? ›

In most cases, the level of access that trojans provide to attackers is limited; a trojan might allow attackers to view sensitive data, for instance, but not run commands as the administrative user. In contrast, rootkits provide complete, administrator-level access.

View More
Does factory reset remove rootkit? ›

A factory reset cannot:

Remove the bulk of standard viruses and malware. Eliminate rootkit malware that gives hackers administrator access to your device.

Show Me More
Is it illegal to have a rootkit? ›

Most rootkits are classified as malware, because the payloads they are bundled with are malicious. For example, a payload might covertly steal user passwords, credit card information, computing resources, or conduct other unauthorized activities.

View Details
Can you stop a rootkit? ›

Rootkits are one of the most difficult malware programs to remove from infected machines. As a result, there is no guaranteed method for recovering a machine infiltrated by a rootkit, but there are steps that users and organizations can take to protect their computers and remove the malware.

Explore More
Can Windows Defender remove rootkits? ›

Microsoft security software includes many technologies designed specifically to remove rootkits. If you think you have a rootkit, you might need an extra tool that helps you boot to a known trusted environment.

See Details
Does reinstalling Windows remove rootkits? ›

If a rootkit is running at the boot, hardware and even hypervisor level, the last resort of removing a rootkit is to erase your device and reinstall OS. Though it is very risky, this method can be 100% sure to get rid of rootkits.

Learn More

References

Top Articles
28 Gluten-Free Meal Prep Recipes
Swiss Chard Gratin Recipe | Feed Me Phoebe
‘The Exorcism’ Review: Russell Crowe Is Fighting Demons Again But This Time The Devil Is In The Details
Die Filmstarts-Kritik zu The Pope's Exorcist
Diving into RFID Protocols with Flipper Zero
Beginner's Guide to HID iClass Cloning with the Flipper Zero
Sound Tracing System Tower Of Fantasy
Smith-Mcneal Obituaries
Making Your Own Kombucha Scoby Is Actually Pretty Easy
What is another word for "is about"?
Latest Posts
Keto Cinnamon Rolls - Low Carb Dessert - Keto Recipes
Ginger Elixir Recipe (Jamu Juice)
Article information

Author: Chrissy Homenick

Last Updated:

Views: 5562

Rating: 4.3 / 5 (54 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Chrissy Homenick

Birthday: 2001-10-22

Address: 611 Kuhn Oval, Feltonbury, NY 02783-3818

Phone: +96619177651654

Job: Mining Representative

Hobby: amateur radio, Sculling, Knife making, Gardening, Watching movies, Gunsmithing, Video gaming

Introduction: My name is Chrissy Homenick, I am a tender, funny, determined, tender, glorious, fancy, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.