This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi, I downloaded gifyourgame and Kaspersky found a virus in it and quarantined it. After that I tried to play Rust. Rust, along with every game I own that uses EasyAntiCheat now has an error message when I try to boot it from steam. I put a screenshot of the error message at the bottom of this post. The first error message comes up and when I click ok, I get the second one. Each game has a different .dll error, Rust has the hid.dll error, Apex Legends has the normaliz.dll error, and 7 Days to Die has the wsock32.dll error. These errors only just started to appear. These are Microsoft dll's. Gif Your Game is a clipping software. My anti-virus Kaspersky caught it this morning trying to put a trojan horse into my PC, (PDM:Trojan.Win32.Generic) is what Kaspersky called it.
I ran sfc /scannow and got this:
Windows Resource Protection found corrupt files but was unable to fix some of them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
Then, I went to the CBS.log and found these messages:
2021-08-16 17:35:53, Info CSI 00000075 Warning: Overlap: Directory ??\C:\WINDOWS\System32\drivers\en-US\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:35:53, Info CSI 00000076 Warning: Overlap: Directory ??\C:\WINDOWS\System32\wbem\en-US\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:35:53, Info CSI 00000077 Warning: Overlap: Directory ??\C:\WINDOWS\help\mui\0409\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:36:33, Info CSI 000000f1 Warning: Overlap: Directory ??\C:\ProgramData\Microsoft\Windows\Start Menu\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:36:33, Info CSI 000000f2 Warning: Overlap: Directory ??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:36:33, Info CSI 000000f3 Warning: Overlap: Directory ??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:37:15, Info CSI 00000182 Warning: Overlap: Directory ??\C:\WINDOWS\SysWOW64\drivers\en-US\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:37:15, Info CSI 00000183 Warning: Overlap: Directory ??\C:\WINDOWS\SysWOW64\wbem\en-US\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:37:15, Info CSI 00000184 Warning: Overlap: Directory ??\C:\WINDOWS\help\mui\0409\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:37:29, Info CSI 000001b9 Warning: Overlap: Directory ??\C:\Program Files (x86)\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:37:29, Info CSI 000001ba Warning: Overlap: Directory ??\C:\ProgramData\Microsoft\Windows\Start Menu\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:37:29, Info CSI 000001bb Warning: Overlap: Directory ??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2021-08-16 17:37:29, Info CSI 000001bc Warning: Overlap: Directory ??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.1151, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
The last thing I tried was trying to find the SFCdetails but this command didn't work in the Admin Command Prompt as this website instructed. Nothing happened. No file was generated.
Command:
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 18%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
The only place you can find .dlls are usually third party sites which may contain malware.
Many of the errors suggest that the malware has taken ownership of some files.
I would register with one of the malware removal sites to be 100% sure there’s nothing left, they will also help with recovering your PC after the infection & will be better placed to find clean .dll files if needed.
Hi. Thank you for responding.
I ran all 3 and turned kaspersky off. Nothing was found. I assumed kaspersky had cleaned it already.
I also deleted the games and reinstalled. Nothing changed. They still give the same error.
I don't think I ever created a system restore point so I have nothing to restore.
Is there anyway to find the dll files from Microsoft or somewhere and reinstall them? I have searched so far and found many sites but don't know if I can trust their files.
Thanks!
Hello, I’m Virginia, I have 20 years of expertise in fixing my own & friends’ PC problems.
Sorry to hear you’re experiencing problems. May I ask which Windows 10 build are you running - 1909, 2004, 20H2 or 21H1?
MBAM free: https://www.malwarebytes.com/mwb-download/
Eset online scanner: http://www.eset.com/us/online-scanner/
Adwcleaner: https://www.malwarebytes.com/adwcleaner/
If these find one or more infections but do not fully remove them it will be wise to register with a malware removal site to receive dedicated malware removal instructions, an expert will remain with you throughout the process until confirmation that your PC is 100% clean.
Malwarebytes virus/malware removal forum:
https://forums.malwarebytes.com/forum/7-windows...
Bleeping computer malware/virus removal forum:
https://www.bleepingcomputer.com/forums/forum22...
It sounds like Kaspersky deleted none game related files along with the infected game.
Have you tried system restore to before you downloaded the infected program?
Try running these programs:
Disclaimer - This post contains reference to non-Microsoft websites and there may be ads on the page for products & services including products frequently classified as a PUP (Potentially Unwanted Product). Please thoroughly research any product / service advertised on the page before you decide to use them. Your discretion is very much advised.
