PUA:Win32/Softcnapp - Virus, Trojan, Spyware, and Malware Removal Help (2024)

I went through the steps, and it looks like the PUA/Softcnapp went away, there are no detections for it and windows defender has a green checkmark.

Now I got a "Protected memory access blocked" in protection history.

"Your administrator has blocked this action.

App or process blocked: LEDkeeper2.exe

Protected folder: \Device\harddisk0\DR0

Blocked by: Controlled folder access"

Thanks again,

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01

Ran by Alex (21-04-2024 12:02:30) Run:1

Running from F:\

Loaded Profiles: Alex

Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:

*****************

HKU\S-1-5-21-3285030820-2945007817-2664301725-1001\...\RunOnce: [Application Restart #2] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

HKU\S-1-5-21-3285030820-2945007817-2664301725-1001\...\Run: [Bethesda.net] => [X]

S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION

HKLM\...\Run: [RtkAudUService] => "C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_5d66730f577c60c7\RtkAudUService64.exe" -background (No File)

HKU\S-1-5-21-3285030820-2945007817-2664301725-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File)

Task: {DFAF8FEF-F15E-4AA7-AF40-26E48DE7A21E} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File)

Task: {4995CF78-0DAB-423E-9857-5FC3A4F3584D} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -startupTask (No File)

CustomCLSID: HKU\S-1-5-21-3285030820-2945007817-2664301725-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2021\acad.exe => No File

CustomCLSID: HKU\S-1-5-21-3285030820-2945007817-2664301725-1001_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> D:\Program Files\Autodesk2019\AutoCAD 2019\acad.exe /Automation => No File

CustomCLSID: HKU\S-1-5-21-3285030820-2945007817-2664301725-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> D:\Program Files\Autodesk2019\AutoCAD 2019\acad.exe => No File

CustomCLSID: HKU\S-1-5-21-3285030820-2945007817-2664301725-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2021\acad.exe /Automation => No File

CustomCLSID: HKU\S-1-5-21-3285030820-2945007817-2664301725-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Program Files\Autodesk2019\AutoCAD 2019\en-US\acadficn.dll => No File

HKLM\...\Run: [RtkAudUService] => "C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_5d66730f577c60c7\RtkAudUService64.exe" -background (No File)

HKU\S-1-5-21-3285030820-2945007817-2664301725-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File)

Task: {DFAF8FEF-F15E-4AA7-AF40-26E48DE7A21E} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File)

U1 avgbdisk; no ImagePath

S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log:F107EE40EF [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log_backup1:2DD1EC5C91 [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer10.log:CCC93B07B0 [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer10.log_backup1:AD433BF298 [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer11.log:72C8986B20 [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer11.log_backup1:97A90964FA [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer12.log:C40F6B9209 [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer12.log_backup1:7CC29836A6 [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer13.log:AE3C879266 [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer14.log:DE1448F4D7 [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer15.log:16B67B15CB [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer16.log:2B192A174C [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer17.log:3D6CA1C7DE [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer18.log:A25BF494CE [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer19.log:43C23F3FDE [3434]

AlternateDataStreams: C:\ProgramData\DisplaySessionContainer2.log:CCB2353F35 [3434]

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3434]

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk:88797FF0B7 [3434]

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk:34D926B811 [3434]

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk:09A0A90EF3 [3434]

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure VPN.lnk:7AC6E55F7D [3434]

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3434]

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk:C5112377E0 [3434]

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [3434]

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk:B021ADA33C [3434]

Powershell: Set-MpPreference -EnableControlledFolderAccess Disabled

Powershell: Set-MpPreference -DisableRealtimeMonitoring $true

cmd: del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log"

cmd: del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log"

cmd: del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log"

cmd: del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\*

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\*

Powershell: Set-MpPreference -EnableControlledFolderAccess Enabled

Powershell: Set-MpPreference -DisableRealtimeMonitoring $false

Powershell: Get-MpThreatDetection

cmd: sfc /scannow

cmd: DISM /Online /Cleanup-Image /CheckHealth

cmd: bcdedit /deletevalue {default} safeboot

Reboot:

*****************

"HKU\S-1-5-21-3285030820-2945007817-2664301725-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2" => removed successfully

"HKU\S-1-5-21-3285030820-2945007817-2664301725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Bethesda.net" => removed successfully

HKLM\System\CurrentControlSet\Services\cpuz149 => removed successfully

cpuz149 => service removed successfully

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RtkAudUService" => removed successfully

"HKU\S-1-5-21-3285030820-2945007817-2664301725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RiotClient" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFAF8FEF-F15E-4AA7-AF40-26E48DE7A21E}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFAF8FEF-F15E-4AA7-AF40-26E48DE7A21E}" => removed successfully

C:\WINDOWS\System32\Tasks\NIUpdateServiceCheckTask => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NIUpdateServiceCheckTask" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4995CF78-0DAB-423E-9857-5FC3A4F3584D}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4995CF78-0DAB-423E-9857-5FC3A4F3584D}" => removed successfully

C:\WINDOWS\System32\Tasks\NIUpdateServiceStartupTask => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NIUpdateServiceStartupTask" => removed successfully

HKU\S-1-5-21-3285030820-2945007817-2664301725-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8} => removed successfully

HKU\S-1-5-21-3285030820-2945007817-2664301725-1001_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C} => removed successfully

HKU\S-1-5-21-3285030820-2945007817-2664301725-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37} => removed successfully

HKU\S-1-5-21-3285030820-2945007817-2664301725-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3} => removed successfully

HKU\S-1-5-21-3285030820-2945007817-2664301725-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => removed successfully

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RtkAudUService" => not found

"HKU\S-1-5-21-3285030820-2945007817-2664301725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RiotClient" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFAF8FEF-F15E-4AA7-AF40-26E48DE7A21E}" => not found

"C:\WINDOWS\System32\Tasks\NIUpdateServiceCheckTask" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NIUpdateServiceCheckTask" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4995CF78-0DAB-423E-9857-5FC3A4F3584D}" => not found

"C:\WINDOWS\System32\Tasks\NIUpdateServiceStartupTask" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NIUpdateServiceStartupTask" => not found

HKLM\System\CurrentControlSet\Services\avgbdisk => removed successfully

avgbdisk => service removed successfully

cpuz149 => service not found.

C:\ProgramData\DisplaySessionContainer1.log => ":F107EE40EF" ADS removed successfully

C:\ProgramData\DisplaySessionContainer1.log_backup1 => ":2DD1EC5C91" ADS removed successfully

C:\ProgramData\DisplaySessionContainer10.log => ":CCC93B07B0" ADS removed successfully

C:\ProgramData\DisplaySessionContainer10.log_backup1 => ":AD433BF298" ADS removed successfully

C:\ProgramData\DisplaySessionContainer11.log => ":72C8986B20" ADS removed successfully

C:\ProgramData\DisplaySessionContainer11.log_backup1 => ":97A90964FA" ADS removed successfully

C:\ProgramData\DisplaySessionContainer12.log => ":C40F6B9209" ADS removed successfully

C:\ProgramData\DisplaySessionContainer12.log_backup1 => ":7CC29836A6" ADS removed successfully

C:\ProgramData\DisplaySessionContainer13.log => ":AE3C879266" ADS removed successfully

C:\ProgramData\DisplaySessionContainer14.log => ":DE1448F4D7" ADS removed successfully

C:\ProgramData\DisplaySessionContainer15.log => ":16B67B15CB" ADS removed successfully

C:\ProgramData\DisplaySessionContainer16.log => ":2B192A174C" ADS removed successfully

C:\ProgramData\DisplaySessionContainer17.log => ":3D6CA1C7DE" ADS removed successfully

C:\ProgramData\DisplaySessionContainer18.log => ":A25BF494CE" ADS removed successfully

C:\ProgramData\DisplaySessionContainer19.log => ":43C23F3FDE" ADS removed successfully

C:\ProgramData\DisplaySessionContainer2.log => ":CCB2353F35" ADS removed successfully

C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS removed successfully

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk => ":88797FF0B7" ADS removed successfully

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk => ":34D926B811" ADS removed successfully

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk => ":09A0A90EF3" ADS removed successfully

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure VPN.lnk" => ":7AC6E55F7D" ADS not found.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk => ":BE32D07BC5" ADS removed successfully

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk => ":C5112377E0" ADS removed successfully

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk => ":980850BA8A" ADS removed successfully

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk => ":B021ADA33C" ADS removed successfully

========= Set-MpPreference -EnableControlledFolderAccess Disabled =========

========= End of Powershell: =========

========= Set-MpPreference -DisableRealtimeMonitoring $true =========

========= End of Powershell: =========

========= del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log" =========

Deleted file - C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log

========= End of CMD: =========

========= del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log" =========

Deleted file - C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log

========= End of CMD: =========

========= del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log" =========

Deleted file - C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log

========= End of CMD: =========

========= del /f /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db" =========

C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db

========= End of CMD: =========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\*" ==========

not found

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\8131B21F-152F-4813-9032-C930D7705FD7 => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\966752C6-F923-4066-87AA-84BD8F7E7C3D => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\AB50C361-5D6B-4EB9-A688-891899FAB9B9 => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\BE8B0B5B-4C7D-45CC-9AFA-188BB845B0F3 => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\9F73FF39-CBC3-4025-A8D6-A60CA9DE8BD5 => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03\3769E9FD-A29B-47AA-A392-4ABC9F02F708 => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03\81E547F8-8013-467F-9BBF-EEC31A0126AC => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\*" ==========

not found

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\02B1224C-3FE3-4505-8802-BFB37B20C777 => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\670B1AEB-490D-4D43-B62E-1D10EF12E72B => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\0F868087-5271-4862-BC4D-3CC7F4A916B9 => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\15158925-D81E-49AC-A502-241C3A489C28 => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\*" ==========

not found

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\899F4935-9612-4E46-A12A-4584A803E76A => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\00000000-0000-0000-0000-000000000000 => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\F65D1BE0-651E-450B-B70A-5F53DAC418A1 => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\00A059F1-4C51-4B00-858B-8D644FBD4621 => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\ADBA2E50-7C25-4C1B-96EF-0E0109994CBA => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\512CA72B-248C-418A-9E16-B726E7146228 => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\C8CE07F4-1331-428E-9DF8-81E39F8FA979 => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\677E5AAF-8C32-4C73-BE23-DA18F49EF009 => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\*" ==========

not found

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\*" ==========

not found

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\*" ==========

not found

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\390B492C-3D5B-4D97-A0C3-1CF002E1790E => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\DC777952-8DA5-4E4E-B54C-11108602FA74 => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\1725C60C-2BE2-4402-A445-02857CE16838 => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\F8408327-94D3-42E2-899C-0FDE63776245 => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\B4128D81-0DC3-4E0D-84B1-241724D58256 => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\*" ==========

not found

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20\7D7F7C44-A796-4F8A-A14C-0DED333DEFC6 => moved successfully

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20\F0CBC105-8779-478D-9F76-45BA6F98BC08 => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\*" ==========

not found

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\*" ========

=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\*" ==========

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\D3B1DF65-35D6-4AF6-83BE-F7B39BC2B14C => moved successfully

========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\*" ========

========= Set-MpPreference -EnableControlledFolderAccess Enabled =========

========= End of Powershell: =========

========= Set-MpPreference -DisableRealtimeMonitoring $false =========

========= End of Powershell: =========

========= Get-MpThreatDetection =========

========= End of Powershell: =========

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.

Verification 1% complete.

Verification 2% complete.

Verification 3% complete.

Verification 4% complete.

Verification 5% complete.

Verification 6% complete.

Verification 7% complete.

Verification 8% complete.

Verification 9% complete.

Verification 10% complete.

Verification 11% complete.

Verification 12% complete.

Verification 13% complete.

Verification 14% complete.

Verification 15% complete.

Verification 16% complete.

Verification 17% complete.

Verification 18% complete.

Verification 19% complete.

Verification 20% complete.

Verification 21% complete.

Verification 22% complete.

Verification 23% complete.

Verification 24% complete.

Verification 25% complete.

Verification 26% complete.

Verification 27% complete.

Verification 28% complete.

Verification 29% complete.

Verification 30% complete.

Verification 31% complete.

Verification 32% complete.

Verification 33% complete.

Verification 34% complete.

Verification 35% complete.

Verification 36% complete.

Verification 37% complete.

Verification 38% complete.

Verification 39% complete.

Verification 40% complete.

Verification 41% complete.

Verification 42% complete.

Verification 43% complete.

Verification 44% complete.

Verification 45% complete.

Verification 46% complete.

Verification 47% complete.

Verification 48% complete.

Verification 49% complete.

Verification 50% complete.

Verification 51% complete.

Verification 52% complete.

Verification 53% complete.

Verification 54% complete.

Verification 55% complete.

Verification 56% complete.

Verification 57% complete.

Verification 58% complete.

Verification 59% complete.

Verification 60% complete.

Verification 61% complete.

Verification 62% complete.

Verification 63% complete.

Verification 64% complete.

Verification 65% complete.

Verification 66% complete.

Verification 67% complete.

Verification 68% complete.

Verification 69% complete.

Verification 70% complete.

Verification 71% complete.

Verification 72% complete.

Verification 73% complete.

Verification 74% complete.

Verification 75% complete.

Verification 76% complete.

Verification 77% complete.

Verification 78% complete.

Verification 79% complete.

Verification 80% complete.

Verification 81% complete.

Verification 82% complete.

Verification 83% complete.

Verification 84% complete.

Verification 85% complete.

Verification 86% complete.

Verification 87% complete.

Verification 88% complete.

Verification 89% complete.

Verification 90% complete.

Verification 91% complete.

Verification 92% complete.

Verification 93% complete.

Verification 94% complete.

Verification 95% complete.

Verification 96% complete.

Verification 97% complete.

Verification 98% complete.

Verification 99% complete.

Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool

Version: 10.0.19041.3636

Image Version: 10.0.19045.4291

No component store corruption detected.

The operation completed successfully.

========= End of CMD: =========

========= bcdedit /deletevalue {default} safeboot =========

The operation completed successfully.

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 12:03:58 ====