Powershell Virus Chaos

artistwantab · Jan 9, 2026

Hey guys!

Its been years since I needed your expertise but I really F&*%^*&^* up this time.

So I downloaded what I thought was a book. It downloaded and Defender didn't catch it. I looked at it and never bothered to check the extension. Looked like a normal Epub Icon. I clicked on it expecting either my epub viewer or acrobat reader would open and then Power Shell noticed open and I knew I F&*&* up.

Disconnected from network and internet and shut down the computer. After a restart (still disconnected from internet and network) it looked fine. Then Windows PowerShell asking for permission to change system and it will not let me click no or bypass the notice. I can't access the Task Manager to close it.

Re-started in Safemode and started to run all the Virus Protections you suggest.

Adware installs....In the Log.... I believe the Firefox Pups are safe but not sure
Malwarebytes will not install on my system now. I downloaded the latest OFFLINE installer because I am in safe mode and don't want the risk of going online. Wont install! Maybe because its in safemode? I can't bypass the powershell notice to try it on normal mode even without the internet
Hitman Pro will not let me save a log file not sure if its a safemode thing or possibly a virus. I took a screen shot of malware it catches

I also took an photo of the PowerShell notice....Claims its from windows.

Help! Thanks in advance.

Oh My! · Jan 9, 2026

Greetings and welcome to the Major Geeks Malware Forum.

Please do this

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

Download FRST64 and save the file on your Desktop

If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english

Right click on the icon and select Run as administrator

Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option

Click Yes to the disclaimer

Click Scan and allow the program to run

When completed, FRST.txt and Addition.txt reports will be saved on the Desktop

Please attach the reports to your reply

===================================================

Things I would like to see in your next reply.

Attached reports

artistwantab · Jan 9, 2026

I should have mentioned this.

I am on a 64 bit system but with a 32 OS. I did this because "at the time" I was afraid all my scanners and printers would not be compatible with the 64bit OS.

Oh My! · Jan 9, 2026

OK, download the FRST 32-bit Version.

artistwantab · Jan 9, 2026

Sorry to say but FRST stalls as soon as it starts "scanning other areas".

I tried unchecking all but on of the items on the whitelist. Same result. Whatever this is....it sure has a hold of my system.

Oh My! · Jan 10, 2026

I think it is an issue with FRST. Let me check with the author of the program.

Could I trouble you to ask if you can do the below?

Delete and FRST.txt report that may have been created even though the program crashed.

Please do this. Make sure you recheck the Whitelisted boxes.

===================================================

Process Monitor - Capturing FRST Scan

--------------------

Download Process Monitor and save it to your Desktop

Right click on Procmon and select Run as administrator

Agree to any permission requests

Hit Ctrl + E to stop capturing events

Hit Ctrl + X at the same time to clear the display

Open the Task Manager window

Right click on FRST and select Run as administrator

On the Process Monitor window hit Ctrl + E to restart the capturing of events

Immediately thereafter select Scan on the FRST window

When FRST disappears from the Task Manager window hit Ctrl + E on the Process Monitor window to stop capturing events

Hit the Ctrl + S keys at the same time

Select All events and .PML format and save the file onto your Desktop as Logfile.PML

Please zip and upload the file to GoFile or the file hosting site of your choice.

Copy and paste the download link in your reply.

Copy and paste the partial FRST.txt report in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Download link

artistwantab · Jan 10, 2026

Good News!

I got FRST to finish. Restarted a few times but it completed.

BTW... I tried running Process Monitor but wouldn't run because I was in safe mode.

Oh My! · Jan 11, 2026

===================================================

Farbar Recovery Scan Tool - Run Fix in Safe Mode With Attached Fixlist

--------------------

Download the attached file and save it in the same location as FRST64 (Desktop, Downloads folder, etc.) <<< Important

Click Start, type Startup, then select Change advanced startup options

Under Recovery options and to the right of Advanced startup click Restart now

Select Troubleshoot

Select Advanced Options

Select Startup Settings

Select Restart

Press 4 to select Safe Mode and allow the computer to boot up

Right click on FRST and select Run as administrator

Click Fix and once completed your computer will reboot into Normal Boot

The tool will create a log in the same location as FRST64 called Fixlog.txt

Copy and paste the contents of the report in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog

artistwantab · Jan 11, 2026

I hope this is how you wanted it.

Code:

Fix result of Farbar Recovery Scan Tool (x86) Version: 17-11-2025
Ran by admin (11-01-2026 15:45:41) Run:1
Running from C:\Users\admin\Desktop\Virus
Loaded Profiles: admin & Administrator
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [AdobeBridge] => [X]
S3 Browser; %SystemRoot%\System32\browser.dll [X]
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [BitTorrent] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [WinFLTray] => C:\WINDOWS\system32\WinFLTray.ex (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [qBittorrent] => "C:\Program Files\qBittorrent\qbittorrent.exe" "--profile=" "--configuration=" (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [bt] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
Task: {849CF9A2-C938-4A17-830F-D7B07EBA1622} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe  (No File)
Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\PROGRA~1\TOTALV~1\TVCShellExt.dll -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
FirewallRules: [TCP Query User{39C16681-7106-449A-BCC1-EAB39961B77D}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [UDP Query User{C2EB1761-3646-49B6-A9FC-00F6585B8110}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe => No File
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe => No File
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe => No File
FirewallRules: [{EC666267-BBD2-42D9-AB46-8F49A1650401}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe => No File
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [TCP Query User{76417CCC-DAC3-43DF-B267-9C9FB3B458C2}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [UDP Query User{D4384E30-6C36-4C0A-818E-6A65816D3987}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [TCP Query User{C51F3774-F08A-4D04-8D69-BBB364B25958}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
FirewallRules: [UDP Query User{7A45682E-B9DA-4137-BCF7-7153DA5DD3C5}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [BitTorrent] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [WinFLTray] => C:\WINDOWS\system32\WinFLTray.ex (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [qBittorrent] => "C:\Program Files\qBittorrent\qbittorrent.exe" "--profile=" "--configuration=" (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [bt] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
Task: {849CF9A2-C938-4A17-830F-D7B07EBA1622} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe  (No File)
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\Caravan [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myTOR [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Security [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myOffice [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\my46 [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myFun [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myHomes [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myRealEstate [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myWorkshops\colorrelations [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myLoft [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myWebDesign [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\lifesChase [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myAmazonBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Software [not found] <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DS708 Printer.lnk [2025-12-19] <==== ATTENTION
ShortcutTarget: DS708 Printer.lnk -> C:\Program Files\MaxiDas708\PCLink.exe (Autel) [File not signed] <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {F122C983-B8AB-4E66-9F22-2FFA6327A07D} - System32\Tasks\RealtechDriver => C:\WINDOWS\system32\cmd.exe [236544 2024-05-15] (Microsoft Windows -> Microsoft Corporation) -> /s /c start /min cmd /c "C:\Users\admin\AppData\Local\Packages\Microsoft.WindowsSoundDiagnostics\Cache\RealtechDriver.vbs" <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\Caravan [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myTOR [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Security [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myOffice [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\my46 [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myFun [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myHomes [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myRealEstate [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myWorkshops\colorrelations [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myLoft [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myWebDesign [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\lifesChase [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myAmazonBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Software [not found] <==== ATTENTION
safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Policies\Explorer: [HideSCAMeetNow] 0
IFEO\mpcmdrun.exe: [Debugger] C:\WINDOWS\System32\systray.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
2026-01-08 21:13 - 2021-12-24 10:28 - 000008192 ___SH C:\DumpStack.log.tmp
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\Caravan [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myTOR [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Security [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myOffice [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\my46 [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myFun [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myHomes [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myRealEstate [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myWorkshops\colorrelations [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myLoft [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myWebDesign [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\lifesChase [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myAmazonBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Software [not found] <==== ATTENTION
Task: {F122C983-B8AB-4E66-9F22-2FFA6327A07D} - System32\Tasks\RealtechDriver => C:\WINDOWS\system32\cmd.exe [236544 2024-05-15] (Microsoft Windows -> Microsoft Corporation) -> /s /c start /min cmd /c "C:\Users\admin\AppData\Local\Packages\Microsoft.WindowsSoundDiagnostics\Cache\RealtechDriver.vbs" <==== ATTENTION
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [BitTorrent] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [WinFLTray] => C:\WINDOWS\system32\WinFLTray.ex (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [qBittorrent] => "C:\Program Files\qBittorrent\qbittorrent.exe" "--profile=" "--configuration=" (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [bt] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
Task: {849CF9A2-C938-4A17-830F-D7B07EBA1622} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe  (No File)
127.0.0.1       localhost

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully.
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully.
HKLM\System\CurrentControlSet\Services\Browser => removed successfully.
Browser => service removed successfully.
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent" => removed successfully.
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinFLTray" => removed successfully.
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\qBittorrent" => removed successfully.
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\bt" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{849CF9A2-C938-4A17-830F-D7B07EBA1622}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{849CF9A2-C938-4A17-830F-D7B07EBA1622}" => removed successfully.
C:\Windows\System32\Tasks\CCleaner Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removed successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 => removed successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TVCShellExt => removed successfully.
HKLM\Software\Classes\CLSID\{4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => removed successfully.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully.
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => removed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully.
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully.
HKU\.DEFAULT\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully.
HKU\.DEFAULT\SOFTWARE\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => removed successfully.
HKU\.DEFAULT\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully.
HKU\.DEFAULT\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{39C16681-7106-449A-BCC1-EAB39961B77D}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C2EB1761-3646-49B6-A9FC-00F6585B8110}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-In-UDP-x86" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-UDP-x86" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-TCP-x86" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC666267-BBD2-42D9-AB46-8F49A1650401}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01DF0815-250E-4BEF-A399-C43432F6D46B}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{76417CCC-DAC3-43DF-B267-9C9FB3B458C2}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D4384E30-6C36-4C0A-818E-6A65816D3987}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C51F3774-F08A-4D04-8D69-BBB364B25958}C:\program files\qbittorrent\qbittorrent.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7A45682E-B9DA-4137-BCF7-7153DA5DD3C5}C:\program files\qbittorrent\qbittorrent.exe" => removed successfully.
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinFLTray" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\qBittorrent" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\bt" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{849CF9A2-C938-4A17-830F-D7B07EBA1622} => not found
"C:\Windows\System32\Tasks\CCleaner Update" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update => not found
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DS708 Printer.lnk => moved successfully
C:\Program Files\MaxiDas708\PCLink.exe => moved successfully

"C:\WINDOWS\system32\GroupPolicy\Machine" Folder move:

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

"C:\WINDOWS\system32\GroupPolicy\User" Folder move:

C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F122C983-B8AB-4E66-9F22-2FFA6327A07D}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F122C983-B8AB-4E66-9F22-2FFA6327A07D}" => removed successfully.
C:\Windows\System32\Tasks\RealtechDriver => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealtechDriver" => removed successfully.

=========================  bcdedit ========================


The operation completed successfully.

========= End of bcdedit =========

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAMeetNow" => removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpcmdrun.exe => removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F122C983-B8AB-4E66-9F22-2FFA6327A07D} => not found
"C:\Windows\System32\Tasks\RealtechDriver" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealtechDriver => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinFLTray" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\qBittorrent" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\bt" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{849CF9A2-C938-4A17-830F-D7B07EBA1622} => not found
"C:\Windows\System32\Tasks\CCleaner Update" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update => not found
127.0.0.1       localhost => Error: No automatic fix found for this entry.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-01-2026 15:47:45)

"C:\DumpStack.log.tmp" => Could not move.

==== End of Fixlog 15:47:45 ====

Oh My! · Jan 11, 2026

Can you see if you can run a FRST Scan in normal boot?

artistwantab · Jan 11, 2026

Yes and here are the logs. Also no PowerShell Notice.

I have not connected to internet or network yet.

Oh My! · Jan 12, 2026

Great, we are making progress.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST64 will do it for you
Code:
Start::
CreateRestorePoint:
CloseProcesses:
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Farbar Recovery Scan Tool SearchAll

--------------------

Launch FRST

Copy and paste the following in the Search: box
Code:
SearchAll: NIGHTCRAWLER
Click the Search Files button

When completed click OK and a Search.txt document will open on your desktop

Attach the report to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog

Attached Search.txt report

artistwantab · Jan 12, 2026

Here you go.

The second script wont work because "Nightcrawler" is a computer on the network. Since I have yet to connect to the network there is nothing to find.

Nightcrawler houses all of my Firefox Profiles and Backups which is why it is showing up in all the logs.

As soon as I clean this computer I am going to do virus scans all other computers within the network.

Code:

Fix result of Farbar Recovery Scan Tool (x86) Version: 17-11-2025
Ran by admin (12-01-2026 12:15:16) Run:2
Running from D:\
Loaded Profiles: admin & Administrator
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [AdobeBridge] => [X]
S3 Browser; %SystemRoot%\System32\browser.dll [X]
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [BitTorrent] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [WinFLTray] => C:\WINDOWS\system32\WinFLTray.ex (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [qBittorrent] => "C:\Program Files\qBittorrent\qbittorrent.exe" "--profile=" "--configuration=" (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [bt] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
Task: {849CF9A2-C938-4A17-830F-D7B07EBA1622} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe  (No File)
Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File 
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\PROGRA~1\TOTALV~1\TVCShellExt.dll -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
FirewallRules: [TCP Query User{39C16681-7106-449A-BCC1-EAB39961B77D}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [UDP Query User{C2EB1761-3646-49B6-A9FC-00F6585B8110}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe => No File
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe => No File
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe => No File
FirewallRules: [{EC666267-BBD2-42D9-AB46-8F49A1650401}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe => No File
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [TCP Query User{76417CCC-DAC3-43DF-B267-9C9FB3B458C2}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [UDP Query User{D4384E30-6C36-4C0A-818E-6A65816D3987}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [TCP Query User{C51F3774-F08A-4D04-8D69-BBB364B25958}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
FirewallRules: [UDP Query User{7A45682E-B9DA-4137-BCF7-7153DA5DD3C5}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe => No File
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [BitTorrent] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [WinFLTray] => C:\WINDOWS\system32\WinFLTray.ex (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [qBittorrent] => "C:\Program Files\qBittorrent\qbittorrent.exe" "--profile=" "--configuration=" (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [bt] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
Task: {849CF9A2-C938-4A17-830F-D7B07EBA1622} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe  (No File)
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\Caravan [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myTOR [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Security [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myOffice [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\my46 [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myFun [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myHomes [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myRealEstate [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myWorkshops\colorrelations [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myLoft [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myWebDesign [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\lifesChase [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myAmazonBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Software [not found] <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DS708 Printer.lnk [2025-12-19] <==== ATTENTION
ShortcutTarget: DS708 Printer.lnk -> C:\Program Files\MaxiDas708\PCLink.exe (Autel) [File not signed] <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {F122C983-B8AB-4E66-9F22-2FFA6327A07D} - System32\Tasks\RealtechDriver => C:\WINDOWS\system32\cmd.exe [236544 2024-05-15] (Microsoft Windows -> Microsoft Corporation) -> /s /c start /min cmd /c "C:\Users\admin\AppData\Local\Packages\Microsoft.WindowsSoundDiagnostics\Cache\RealtechDriver.vbs" <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\Caravan [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myTOR [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Security [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myOffice [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\my46 [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myFun [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myHomes [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myRealEstate [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myWorkshops\colorrelations [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myLoft [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myWebDesign [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\lifesChase [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myAmazonBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Software [not found] <==== ATTENTION
safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Policies\Explorer: [HideSCAMeetNow] 0
IFEO\mpcmdrun.exe: [Debugger] C:\WINDOWS\System32\systray.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
2026-01-08 21:13 - 2021-12-24 10:28 - 000008192 ___SH C:\DumpStack.log.tmp
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\Caravan [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myTOR [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Security [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myOffice [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myGarage\my46 [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\myFun [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myHomes [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_regardingRealEstate\myRealEstate [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myWorkshops\colorrelations [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myLoft [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myStudio\myWebDesign [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\lifesChase [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\_myBooks\myAmazonBooks [not found] <==== ATTENTION
FF ProfilePath: \\NIGHTCRAWLER\Havok\Havok\myProfiles\Software [not found] <==== ATTENTION
Task: {F122C983-B8AB-4E66-9F22-2FFA6327A07D} - System32\Tasks\RealtechDriver => C:\WINDOWS\system32\cmd.exe [236544 2024-05-15] (Microsoft Windows -> Microsoft Corporation) -> /s /c start /min cmd /c "C:\Users\admin\AppData\Local\Packages\Microsoft.WindowsSoundDiagnostics\Cache\RealtechDriver.vbs" <==== ATTENTION
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [BitTorrent] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [WinFLTray] => C:\WINDOWS\system32\WinFLTray.ex (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [qBittorrent] => "C:\Program Files\qBittorrent\qbittorrent.exe" "--profile=" "--configuration=" (No File)
HKU\S-1-5-21-1338094631-473847612-4086204359-1001\...\Run: [bt] => "C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED (No File)
Task: {849CF9A2-C938-4A17-830F-D7B07EBA1622} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe  (No File)
127.0.0.1       localhost

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => not found
Browser => service not found.
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinFLTray" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\qBittorrent" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\bt" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{849CF9A2-C938-4A17-830F-D7B07EBA1622} => not found
"C:\Windows\System32\Tasks\CCleaner Update" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update => not found
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 => not found
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TVCShellExt => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => not found
HKU\.DEFAULT\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => not found
HKU\.DEFAULT\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => not found
HKU\.DEFAULT\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{39C16681-7106-449A-BCC1-EAB39961B77D}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C2EB1761-3646-49B6-A9FC-00F6585B8110}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-In-UDP-x86" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-UDP-x86" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-TCP-x86" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC666267-BBD2-42D9-AB46-8F49A1650401}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01DF0815-250E-4BEF-A399-C43432F6D46B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{76417CCC-DAC3-43DF-B267-9C9FB3B458C2}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D4384E30-6C36-4C0A-818E-6A65816D3987}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C51F3774-F08A-4D04-8D69-BBB364B25958}C:\program files\qbittorrent\qbittorrent.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7A45682E-B9DA-4137-BCF7-7153DA5DD3C5}C:\program files\qbittorrent\qbittorrent.exe" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinFLTray" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\qBittorrent" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\bt" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{849CF9A2-C938-4A17-830F-D7B07EBA1622} => not found
"C:\Windows\System32\Tasks\CCleaner Update" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update => not found
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DS708 Printer.lnk" => not found
"C:\Program Files\MaxiDas708\PCLink.exe" => not found
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
"C:\WINDOWS\system32\GroupPolicy\User" => not found
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F122C983-B8AB-4E66-9F22-2FFA6327A07D} => not found
"C:\Windows\System32\Tasks\RealtechDriver" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealtechDriver => not found

=========================  bcdedit ========================


An error occurred while attempting to delete the specified data element.
Element not found.

========= End of bcdedit =========

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAMeetNow" => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpcmdrun.exe => not found
"C:\ProgramData\Reprise" => ":wupeogjxldtlfudivq`qsp`27hfm" ADS not found.
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F122C983-B8AB-4E66-9F22-2FFA6327A07D} => not found
"C:\Windows\System32\Tasks\RealtechDriver" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealtechDriver => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinFLTray" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\qBittorrent" => not found
"HKU\S-1-5-21-1338094631-473847612-4086204359-1001\Software\Microsoft\Windows\CurrentVersion\Run\\bt" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{849CF9A2-C938-4A17-830F-D7B07EBA1622} => not found
"C:\Windows\System32\Tasks\CCleaner Update" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update => not found
127.0.0.1       localhost => Error: No automatic fix found for this entry.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-01-2026 12:17:42)

"C:\DumpStack.log.tmp" => Could not move.

==== End of Fixlog 12:17:42 ====

Oh My! · Jan 12, 2026

The Fixlog.txt report you posted is not from the instructions in Post #12.

artistwantab · Jan 12, 2026

I hit "scan" instead of fix....Sorry

Here you go.

Code:

Fix result of Farbar Recovery Scan Tool (x86) Version: 17-11-2025
Ran by admin (12-01-2026 18:04:49) Run:3
Running from C:\Users\admin\Desktop\Virus
Loaded Profiles: admin & Administrator
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
End::
*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore => removed successfully.
CreateRestorePoint: Error(3=winmgmts) -> Failed to create a restore point.
Processes closed successfully.
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
"C:\Program Files\Mozilla Firefox\browser"="0"
"C:\Program Files\Internet Explorer"="0"

=== End of ExportKey ===


The system needed a reboot.

==== End of Fixlog 18:04:50 ====

Oh My! · Jan 13, 2026 at 2:40 PM

How is the computer running? Any issues?

artistwantab · Jan 13, 2026 at 2:44 PM

I haven’t used it or connected to internet or network.

the powershell notice isn’t there however

should I run the other antivirus programs again

Oh My! · Jan 13, 2026 at 2:49 PM

Go ahead and connect to the Internet and see if you can run a new FRST Scan. If so, attach both reports to your reply.

artistwantab · Jan 13, 2026 at 4:18 PM

Nope....Keep installing an updated version of itself over and over and over. I need to go to task manager to "end task" just to close it.

Also, Still can't install malware bytes

Oh My! · Jan 13, 2026 at 5:28 PM

Please do this.

===================================================

System Summary Information

--------------------

Press the Windows Key + R at the same time

Type msinfo32 then click OK

Left click on System Summary

Click File, Save, name the file Summary and save it to your Desktop

Zip and attach the file to your reply

===================================================

Things I would like to see in your next reply.

Attached zip file

artistwantab · Jan 13, 2026 at 8:06 PM

Here you go

Oh My! · Jan 13, 2026 at 9:19 PM

There is an issue with a Windows service that prevented the step from working properly. I need to determine our next step which I will be posting tomorrow.

artistwantab · Jan 13, 2026 at 10:13 PM

Thank you

Oh My! · Jan 14, 2026 at 3:36 PM

Thank you for your patience while I determined our next step.

I would like us to uninstall the older version of Windows Repair currently on your system then download/run the latest version.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

Download Revo Uninstaller Free Portable and save it to your Desktop

Right click on the folder and select Extract All..., then click Extract

Double click on the RevoUninstaller-Portable folder

Right click on RevoUPort and select Run as administrator

Click OK on the License Agreement

From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Code:
Tweaking.com - Windows Repair
If the program's uninstaller appears work through the steps to remove the program(s)

Be sure the Advanced option is selected then click Scan

For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion

Once done click Finish

Reboot your computer

===================================================

Windows Repair (All in One) Portable Version - Common Repairs

--------------------

Download Windows Repair (All in One) Portable Version and save it to your Desktop

Click Start, type Startup, then select Change advanced startup options

Under Recovery options and to the right of Advanced startup click Restart now

Select Troubleshoot

Select Advanced Options

Select Startup Settings

Select Restart

Press 4 to select Safe Mode and allow the computer to boot up

Right click on the tweaking.com icon and select Extract All... then Extract again

Double click on the Tweaking.com folder

Right click on the Repair_Windows icon and select Run as administrator

If you are presented with a warning screen click Run, or take any other action you need to take to let it run. The file is safe.

Click I Agree

Select Jump To Repairs

Select Preset: Common Repairs

Under When Repairs Complete select Restart/Shutdown System then Restart System

Click Start Repairs

When the lengthy process is completed your computer will automatically reboot into Normal Boot

Double click the Tweaking.com folder (not .zip)

Double click on the Tweaking.com - Windows Repair folder

Please zip and attach the Logs folder to your reply

Check your computer performance

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Attached zip folder

artistwantab · Jan 14, 2026 at 4:09 PM

I cannot download the file from the link you supplied.

I went to tweaking.com and downloaded the latest version there. Will that work? Or is the link a special build?

TRIED AGAIN WORKS NOW

artistwantab · Jan 14, 2026 at 6:36 PM

Here you go.

Oh My! · Jan 15, 2026 at 10:01 AM

Please run a FRST Scan and attach both reports to your reply.

How is your computer running?

artistwantab · Jan 15, 2026 at 11:16 AM

Still wont run..,..same issue.

To be honest I am most concern about virus....I need to back up all the files on this computer and then I can format and do a clean install.

Thanks in advance

Oh My! · Jan 15, 2026 at 12:29 PM

OK, after you back up all of your files we can run a scan of them to make sure they are clean before your put them back on a clean install. If you'd like to do that let me know.

artistwantab · Jan 15, 2026 at 12:47 PM

I am most concerned while in the process of doing the back up I may have a trojan and such and comprising my information on the internet.

I know there were things that the scans found. PUP? The only scanner I cannot run is Malwarebytes for whatever reason. Virus or computer issue.

Oh My! · Jan 15, 2026 at 2:40 PM

The only thing we removed was junk, not malware. AdwCleaner found a few PUPs.

artistwantab · Jan 15, 2026 at 3:49 PM

Tell what is needed to remove any potential risks.

Oh My! · Jan 15, 2026 at 4:50 PM

There isn't anything that needs to be removed.

artistwantab · Jan 15, 2026 at 8:16 PM

Thank you! You went above and beyond helping me.

I am about 60% backing up all the files. I will be back.

Powershell Virus Chaos

artistwantab Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

Attached Files:

artistwantab Private First Class

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Oh My! Malware Expert Staff Member

artistwantab Private First Class

artistwantab Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Oh My! Malware Expert Staff Member

artistwantab Private First Class

Oh My! Malware Expert Staff Member

artistwantab Private First Class