script ver. 2023.07.30
File name: AVbr.exe
Start-up time: 2023.08.09-11:52:39
Launched from: C:\temp\AVbr\AV_block_remover\
System: x64 Windows 10 Pro
Build number: 19045
AVBr has been run with local Administrator rights.
Elevation of privileges of rights is successful.
System booted up in Normal Mode.
Last update was on: 2023.08.07
Current date is: 2023.08.09
This version is up to date: 2023.08.07
Script running will be continued after 20 seconds.
C:\ProgramData\ReaItekHD\ - Exists
C:\ProgramData\BookManager\ - Exists
C:\ProgramData\FingerPrint\ - Exists
C:\ProgramData\Microsoft\Check\ - Exists
C:\ProgramData\Microsoft\Intel\ - Exists
C:\ProgramData\Microsoft\temp\ - Exists
C:\ProgramData\PuzzleMedia\ - Exists
C:\ProgramData\RobotDemo\ - Exists
C:\ProgramData\RunDLL\ - Exists
C:\ProgramData\Setup\ - Exists
C:\ProgramData\System32\ - Exists
C:\ProgramData\Windows Tasks Service\ - Exists
C:\ProgramData\WindowsTask\ - Exists
C:\ProgramData\install\ - Exists
C:\ProgramData\microsoft\clr_optimization_v4.0.30318_64\ - Exists
C:\Users\3770\AppData\Roaming\RMS_settings\ - Exists
C:\Program Files\Internet Explorer\bin\ - Exists
C:\Program Files\RDP Wrapper\ - Exists
C:\Windows\Fonts\Mysql\ - Exists
C:\Windows\speechstracing\ - Exists
C:\ProgramData\360safe\ - Exists
C:\ProgramData\AVAST Software\ - Exists
C:\ProgramData\Avira\ - Exists
C:\ProgramData\Doctor Web\ - Exists
C:\ProgramData\ESET\ - Exists
C:\ProgramData\Evernote\ - Exists
C:\ProgramData\Kaspersky Lab Setup Files\ - Exists
Run an application takeown.exe /f "C:\ProgramData\Kaspersky Lab Setup Files\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\ProgramData\Kaspersky Lab Setup Files\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\ProgramData\Kaspersky Lab Setup Files\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Kaspersky Lab Setup Files\" /grant:r *S-1-5-32-545:(OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Kaspersky Lab Setup Files\" /grant:r *S-1-5-32-544:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Kaspersky Lab Setup Files\" /grant:r *S-1-5-18:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Kaspersky Lab Setup Files\" /grant:r *S-1-5-11:(OI)(CI)F /T /C /L
Exit code = 0
C:\ProgramData\Malwarebytes\ - Exists
C:\ProgramData\McAfee\ - Exists
C:\ProgramData\Norton\ - Exists
C:\ProgramData\WavePad\ - Exists
C:\ProgramData\grizzly\ - Exists
C:\Program Files\7-Zip\ - Exists
Run an application takeown.exe /f "C:\Program Files\7-Zip\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\Program Files\7-Zip\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\Program Files\7-Zip\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\Program Files\7-Zip\" /grant:r *S-1-5-32-545:(OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\7-Zip\" /grant:r *S-1-5-32-544:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\7-Zip\" /grant:r *S-1-5-18:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\7-Zip\" /grant:r *S-1-5-11:(OI)(CI)F /T /C /L
Exit code = 0
C:\Program Files\AVAST Software\ - Exists
C:\Program Files\AVG\ - Exists
C:\Program Files\Bitdefender Agent\ - Exists
C:\Program Files\ByteFence\ - Exists
C:\Program Files\Cezurity\ - Exists
C:\Program Files\Common Files\AV\ - Exists
C:\Program Files\Common Files\Doctor Web\ - Exists
C:\Program Files\Common Files\McAfee\ - Exists
C:\Program Files\COMODO\ - Exists
C:\Program Files\DrWeb\ - Exists
C:\Program Files\Enigma Software Group\ - Exists
C:\Program Files\EnigmaSoft\ - Exists
C:\Program Files\ESET\ - Exists
C:\Program Files\HitmanPro\ - Exists
C:\Program Files\Loaris Trojan Remover\ - Exists
C:\Program Files\Malwarebytes\ - Exists
Run an application takeown.exe /f "C:\Program Files\Malwarebytes\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\Program Files\Malwarebytes\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\Program Files\Malwarebytes\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\Program Files\Malwarebytes\" /grant:r *S-1-5-32-545:(OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Malwarebytes\" /grant:r *S-1-5-32-544:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Malwarebytes\" /grant:r *S-1-5-18:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Malwarebytes\" /grant:r *S-1-5-11:(OI)(CI)F /T /C /L
Exit code = 0
C:\Program Files\Process Hacker 2\ - Exists
C:\Program Files\Process Lasso\ - Exists
C:\Program Files\Rainmeter\ - Exists
C:\Program Files\Ravantivirus\ - Exists
C:\Program Files\RogueKiller\ - Exists
C:\Program Files\SpyHunter\ - Exists
C:\Program Files\SUPERAntiSpyware\ - Exists
C:\Program Files\Transmission\ - Exists
C:\Program Files (x86)\360\ - Exists
C:\Program Files (x86)\AVAST Software\ - Exists
C:\Program Files (x86)\AVG\ - Exists
C:\Program Files (x86)\Cezurity\ - Exists
C:\Program Files (x86)\GRIZZLY Antivirus\ - Exists
C:\Program Files (x86)\IObit\IObit Malware Fighter\ - Exists
C:\Program Files (x86)\IObit\ - Exists
C:\Program Files (x86)\Microsoft JDX\ - Exists
C:\Program Files (x86)\Moo0\ - Exists
C:\Program Files (x86)\Panda Security\ - Exists
C:\Program Files (x86)\SpeedFan\ - Exists
C:\Program Files (x86)\SpyHunter\ - Exists
C:\Program Files (x86)\Transmission\ - Exists
C:\AdwCleaner\ - Exists
Run an application takeown.exe /f "C:\AdwCleaner\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\AdwCleaner\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\AdwCleaner\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\AdwCleaner\" /grant:r *S-1-5-32-545:(OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\AdwCleaner\" /grant:r *S-1-5-32-544:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\AdwCleaner\" /grant:r *S-1-5-18:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\AdwCleaner\" /grant:r *S-1-5-11:(OI)(CI)F /T /C /L
Exit code = 0
C:\FRST\ - Exists
Run an application takeown.exe /f "C:\FRST\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\FRST\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\FRST\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\FRST\" /grant:r *S-1-5-32-545:(OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\FRST\" /grant:r *S-1-5-32-544:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\FRST\" /grant:r *S-1-5-18:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\FRST\" /grant:r *S-1-5-11:(OI)(CI)F /T /C /L
Exit code = 0
C:\KVRT2020_Data\ - Exists
Run an application takeown.exe /f "C:\KVRT2020_Data\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\KVRT2020_Data\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\KVRT2020_Data\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\KVRT2020_Data\" /grant:r *S-1-5-32-545:(OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\KVRT2020_Data\" /grant:r *S-1-5-32-544:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\KVRT2020_Data\" /grant:r *S-1-5-18:(OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\KVRT2020_Data\" /grant:r *S-1-5-11:(OI)(CI)F /T /C /L
Exit code = 0
TermService is set to manual start.
Create SWPRV service:
[SC] CreateService SUCCESS
Exit code = 0
[SC] ChangeServiceConfig2 SUCCESS
Exit code = 0
SOFTWARE\tektonit\ - deleted
PowerShellVersion: 5.1.19041.1

Starting the export of Applocker policies.
Exit code = 0

Windows Defender settings are reset.
DefenderApiLogger logging enabled.
DefenderAuditLogger logging enabled.

Enabled Windows notification center (UseActionCenterExperience).

Notification area tooltips enabled (default state).

Windows notification center returned to default state (enabled).

HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications|DisableNotifications - deleted.

Enabled security notifications from Windows applications.
iTamperProtection = 0
iTamperProtection = 0
Tamper Protection is turned off. Please turn it on by this manual: https://safezone.cc/threads/42659/
Build number: 19045
DisableAntiSpyware = -1
DisableAntiVirus = -1
WDE key missing.
Export firewall rules.
Ok.

Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows\rutserv.exe"

No rules match the specified criteria.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows Tasks Service\winserv.exe"

Deleted 1 rule(s).
Ok.

Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AppModule.exe"

Deleted 1 rule(s).
Ok.

Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AMD.exe"

Deleted 1 rule(s).
Ok.

Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name="Remote Desktop" protocol=tcp localport=3389

Deleted 1 rule(s).
Ok.

Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=139

Deleted 1 rule(s).
Ok.

Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=445

No rules match the specified criteria.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=139

Deleted 1 rule(s).
Ok.

Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=445

No rules match the specified criteria.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=139

No rules match the specified criteria.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=445

Deleted 1 rule(s).
Ok.

Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=139

No rules match the specified criteria.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=445

Deleted 1 rule(s).
Ok.

Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name="allow RDP" protocol=tcp localport=3389

No rules match the specified criteria.

Exit code = 1
Hosts file MD5 = "CD50C9FDB997092DB174E0C27560A8C5"
Ignore selected.
Registry search of AV blocked signatures.
GRM = 3
Now the computer will be rebooted.
===================================================================================
The following logs were found in folder after previous runs of AVbr:
AV_block_remove_2023.08.09-11.52.log