Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-11-2021
Ran by kenzi (07-11-2021 19:09:18)
Running from C:\Users\kenzi\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2021-10-16 18:50:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1266628079-2253192551-1405753121-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1266628079-2253192551-1405753121-503 - Limited - Disabled)
Guest (S-1-5-21-1266628079-2253192551-1405753121-501 - Limited - Disabled)
kenzi (S-1-5-21-1266628079-2253192551-1405753121-1001 - Administrator - Enabled) => C:\Users\kenzi
WDAGUtilityAccount (S-1-5-21-1266628079-2253192551-1405753121-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4_2) (Version: 22.4.2.242 - Adobe Inc.)
BitTorrent (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\BitTorrent) (Version: 7.10.5.46097 - BitTorrent Inc.)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 1.29.1 - Bitwarden Inc.)
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.3.145.1003 - BlueStack Systems, Inc.)
BlueStacks X (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\BlueStacks X) (Version: 0.11.1.9 - BlueStack Systems, Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 95.1.31.88 - Brave Software Inc)
CrystalDiskInfo 8.12.10 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.10 - Crystal Dew World)
CrystalDiskMark 8.0.4 (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4 - Crystal Dew World)
Discord (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
DriversCloud.com (HKLM\...\{0337BFA9-63C1-41A6-BB12-85690990C119}) (Version: 11.0.3.0 - Cybelsoft)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.0.157.5037 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{d3ae0bdb-bfa2-4b09-9c5a-ec955ad35b7c}) (Version: 12.0.157.5037 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
FIFA 21 (HKLM-x32\...\{A918ACE7-A83B-41F4-8746-AEF8DC821879}) (Version: 1.0.72.32477 - Electronic Arts)
FileBot (HKLM\...\{9A045E8D-DA4E-476B-A51F-55A0D3146FC1}) (Version: 4.9.4 - Point Planck Limited)
Intel Driver && Support Assistant (HKLM-x32\...\{5C00DA99-5159-4D09-A629-018EF8A66825}) (Version: 21.6.39.5 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{88B98508-2D8F-46F1-90AD-557BE40C7067}) (Version: 2.4.07642 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{a3052cfa-e19e-4092-a8e5-264f6d84442c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2117.15.0.2272 - Intel Corporation)
Intel(R) Network Connections 24.3.0.6 (HKLM\...\PROSetDX) (Version: 24.3.0.6 - Intel)
Intel® Driver & Support Assistant (HKLM-x32\...\{481781ea-4aa2-4f86-83f6-6800c40421fe}) (Version: 21.6.39.5 - Intel)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2021.11.8744 - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2019 - fr-fr (HKLM\...\ProPlus2019Volume - fr-fr) (Version: 16.0.14332.20033 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20033 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20033 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040C-1000-0000000FF1CE}) (Version: 16.0.14332.20011 - Microsoft Corporation) Hidden
OP.GG 1.0.7 (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\35c3f6f2-9851-552e-9b8e-cd08ef2d1674) (Version: 1.0.7 - OP.GG)
Opera GX Stable 80.0.4170.61 (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Opera GX 80.0.4170.61) (Version: 80.0.4170.61 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.106.49298 - Electronic Arts, Inc.)
Plex (HKLM-x32\...\Plex) (Version: 1.35.1 - Plex, Inc.)
Private Internet Access (HKLM\...\{33023371-7761-4F81-BBB1-0E0D0D175ACF}) (Version: 3.1.0+06756 - Private Internet Access, Inc.)
Private Internet Access WinTUN Driver (HKLM\...\{0419A0C0-4CC8-459E-9BAE-F3BF5D2E2CCB}) (Version: 1.0 - Private Internet Access, Inc.) Hidden
Spotify (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Spotify) (Version: 1.1.71.560.gc21c3367 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinSCP 5.19.3 (HKLM-x32\...\winscp3_is1) (Version: 5.19.3 - Martin Prikryl)
Packages:
=========
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.20.2.0_x64__6rarf9sa4v8jt [2021-10-28] (Disney)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.1.257.0_x64__v10z8vjag6ke6 [2021-11-03] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-10-16] (INTEL CORP) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-11-03] (Apple Inc.) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-03] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-26] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2021-10-16] (Realtek Semiconductor Corp)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.15.163.0_x64__43tkc6nmykmb6 [2021-11-03] (Ookla)
Ubuntu 20.04 LTS -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu20.04onWindows_2004.2021.825.0_x64__79rhkp1fndgsc [2021-10-28] (Canonical Group Limited)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1266628079-2253192551-1405753121-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\kenzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Apps\YouTube Music.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\kenzi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Brave.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --load-extension="C:\ProgramData\Klzz\Wnfwnv\5AF80890"
==================== Loaded Modules (Whitelisted) =============
0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ () [Access Denied] C:\ProgramData\NotifyTrace\YtyyesHack\ayrseft_Brared.dll
2021-11-03 21:53 - 2021-11-03 21:12 - 000635904 _____ () [File not signed] \\?\C:\Program Files\LGHUB\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2021-11-03 20:45 - 2021-11-03 07:41 - 000508416 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\resources\app.asar.unpacked\node_modules\node-ovhook\build\Release\node_ovhook.node
2021-11-03 20:45 - 2021-11-03 07:41 - 000159744 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\resources\app.asar.unpacked\node_modules\rust-process\native\index.node
2021-11-07 18:55 - 2021-11-07 18:55 - 000152064 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Temp\5fbdebe3-cf43-4705-a30c-63bc49b2edcd.tmp.node
2021-11-07 18:55 - 2021-11-07 18:55 - 000795136 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Temp\98032ac5-fd38-42a3-b9c9-38fa26f2dcfb.tmp.node
2021-11-07 18:55 - 2021-11-07 18:55 - 000161280 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Temp\de91c81b-666d-4ddb-a505-8fcaf6ba166c.tmp.node
2021-04-13 13:36 - 2021-04-13 13:36 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2021-10-16 20:25 - 2021-10-16 20:25 - 000967168 _____ () [File not signed] C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc.dll
2021-10-30 15:26 - 2021-10-30 15:26 - 002699264 _____ () [File not signed] C:\Program Files\Bitwarden\ffmpeg.dll
2021-10-30 15:26 - 2021-10-30 15:26 - 000442368 _____ () [File not signed] C:\Program Files\Bitwarden\libegl.dll
2021-10-30 15:26 - 2021-10-30 15:26 - 008143872 _____ () [File not signed] C:\Program Files\Bitwarden\libglesv2.dll
2021-11-03 20:45 - 2021-11-03 07:41 - 002823680 _____ () [File not signed] C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\ffmpeg.dll
2021-11-03 20:45 - 2021-11-03 07:41 - 000449024 _____ () [File not signed] C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\libegl.dll
2021-11-03 20:45 - 2021-11-03 07:41 - 007620096 _____ () [File not signed] C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\libglesv2.dll
2021-10-21 16:26 - 2021-10-21 16:26 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2021-10-21 16:26 - 2021-10-21 16:26 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-07-23 10:36 - 2021-07-23 10:36 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2021-10-20 14:57 - 2021-10-20 14:56 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-10-20 14:57 - 2021-10-20 14:57 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 002815488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 000678400 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2021-10-20 14:57 - 2021-10-20 14:56 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3998]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2021-10-30 15:07 - 000000891 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 license.piriform.com
127.0.0.1 http://www.piriform.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kenzi\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wallpaperbetter.com_1920x1080.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Calculator"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\StartupFolder: => "RUNDLL32.EXE.lnk"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\StartupFolder: => "IntelRapid.lnk"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_51468CC7A89CF6F2E72B3A5E67F0C488"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "WinHost"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{4204F1CA-7E16-4942-8D09-FFE392B1B2EF}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{9AE599C2-A6E8-4E3C-B4BB-22D2D7E7AF1C}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{96E12AB2-B242-4126-8494-6D1163826D5E}] => (Allow) C:\Program Files\EA Games\FIFA 21\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F6F2E580-48EB-4A5B-B35E-D9177130FC31}] => (Allow) C:\Program Files\EA Games\FIFA 21\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{C43171B6-DC6D-453E-8267-6BC7F7211C88}C:\program files\ea games\fifa 21\fifa21.exe] => (Block) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [UDP Query User{7C6D89E6-B2A4-43B8-9318-E934714A7909}C:\program files\ea games\fifa 21\fifa21.exe] => (Block) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{7226709D-32F8-464C-A4BF-CBB03C6A838E}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{2B9D697F-0A8D-4949-BA8A-7663ED6DEC29}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{168B3DAD-4212-45A1-B157-6568336A3226}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{92744CCC-B063-4A9B-AC6C-940B64B40120}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{521D0683-83FE-4DB1-A6B7-E0A63FABFCC4}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft)
FirewallRules: [{04A48DE7-A855-41D0-A6E1-C14BBF25BC46}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft)
FirewallRules: [TCP Query User{B94878C2-9940-4156-BCAD-D430BB957D10}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9007D433-2C4E-4526-BC84-EC95F86B9B11}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EC133F88-C33C-456A-ACB5-D5924BB63D48}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF801B73-8171-41E5-980E-BCCA4042DE42}] => (Allow) LPort=1688
FirewallRules: [{C37EA684-6577-4D99-8ECF-FE5833F96E09}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9118E300-E903-4063-9F3E-BE3CCB71B955}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BF4E113A-91A6-4162-B339-3B2A6F30548D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{C51AC590-96F6-4A2D-85BB-564B1E0C51EB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{7AE0E6E4-EAD0-4025-879D-E13CAE618CA7}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{2305B234-A4A4-46C1-9175-D0D724F35277}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{E5876589-4958-4A26-9271-A4F356D2C7FD}] => (Allow) C:\Users\kenzi\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{11F7830F-A9D5-4EC1-8B1D-92BF9879E7BA}] => (Allow) C:\Users\kenzi\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{30E43E66-6848-4F03-B706-EE43D31F5D3F}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{6D4AAB1D-3865-4A03-86C7-81895F7147F1}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{C9C55AAC-1298-4C14-A36E-58BB42DBEAD6}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D70BBA64-A882-4EC6-9024-D19254A0ED17}C:\program files\ea games\fifa 21\fifa21.exe] => (Allow) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [UDP Query User{81803BBF-349E-4EE3-B02C-91C29EACBF9D}C:\program files\ea games\fifa 21\fifa21.exe] => (Allow) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{40AF6FD7-E9E4-4E4E-9B02-81E08AECBA4F}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{B1558BA5-FCDA-4C39-82D1-44828FC0E827}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{133BA207-DEFD-494B-9208-A67628DE018B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F9602E36-DFEC-4B81-9E26-5A16F9B29E6A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C9DBD9C-FE66-4CB4-BFF9-BD17DCA2BF20}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1328A75-05E1-4A57-88F7-F1221C2F0087}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5001ED0B-43AE-432D-96AC-6A777A582D0A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{14E8FFD0-A85A-4E3D-9D7E-A2448EF0FC57}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{766E0587-E0E0-4A19-AED1-5F816ED5BC3C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{289AA53E-11D7-4274-88DE-785EC181AC54}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{A6AB2E6A-B188-45CF-B856-32753DA8024C}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{08497133-2929-405B-A505-DED5ED5D349E}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{0CF013F4-D743-4401-AA87-A470DEA2B09D}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems)
FirewallRules: [TCP Query User{4EFE18A7-0587-45B5-8827-8DD08BBED740}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe () [File not signed]
FirewallRules: [UDP Query User{88F4261F-40F8-4DEE-8E27-5A43946F0708}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe () [File not signed]
FirewallRules: [{1577702D-A5EF-49DF-94E2-B1632B9D2346}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E79F4F8-D8D1-449E-BD8E-859D6631A421}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{84978316-EFC8-4561-A280-C6B11BE2CE16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{76800882-6347-4B79-9625-F7103BE7CD53}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
04-11-2021 21:59:18 Intel® Driver & Support Assistant
04-11-2021 23:52:57 Windows Modules Installer
07-11-2021 11:43:12 Installed Intel(R) Network Connections.
07-11-2021 17:35:11 Restore Point Created by FRST
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/07/2021 06:59:00 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NRR6AVG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/07/2021 06:52:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (11/07/2021 06:52:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bd8fc1f2-a698-4b2e-a005-2fa79b30e455}
Error: (11/07/2021 05:58:18 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NRR6AVG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/07/2021 05:40:51 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NRR6AVG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/07/2021 11:44:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.1202, time stamp: 0x4aa1ce82
Faulting module name: msvcrt.dll, version: 7.0.19041.546, time stamp: 0x564f9f39
Exception code: 0x40000015
Fault offset: 0x000000000000ae22
Faulting process ID: 0x32c0
Faulting application start time: 0x01d7d3c354aeef54
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report ID: 43f05eee-6e48-4b88-a958-76e062f204af
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Error: (11/06/2021 12:45:12 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NRR6AVG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/06/2021 12:40:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x2580
Faulting application start time: 0x01d7d3031c4467e9
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: unknown
Report ID: 92550c97-e54e-47ea-a860-6fe85fa8c97c
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (11/07/2021 06:54:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicea service to connect.
Error: (11/07/2021 06:53:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/07/2021 06:53:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK service terminated unexpectedly. It has done this 1 time(s).
Error: (11/07/2021 06:52:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly. It has done this 1 time(s).
Error: (11/07/2021 06:52:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (11/07/2021 06:52:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The LGHUB Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (11/07/2021 06:52:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/07/2021 06:52:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
Windows Defender:
================
Date: 2021-11-06 12:42:15
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0
Name: Trojan:MSIL/RedLine.RPS!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.353.524.0, AS: 1.353.524.0, NIS: 1.353.524.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 21:53:49
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0
Name: Trojan:MSIL/RedLine.RPS!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.353.364.0, AS: 1.353.364.0, NIS: 1.353.364.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 21:12:04
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0
Name: Trojan:MSIL/RedLine.RPS!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.353.364.0, AS: 1.353.364.0, NIS: 1.353.364.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 20:45:42
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0
Name: Trojan:MSIL/RedLine.RPS!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.353.364.0, AS: 1.353.364.0, NIS: 1.353.364.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-10-30 16:26:29
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik.FL.B!ml&threatid=2147780203&enterprise=0
Name: Trojan:Win32/Sabsik.FL.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\kenzi\AppData\Local\Temp\drukpa\maraudvp.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.353.91.0, AS: 1.353.91.0, NIS: 1.353.91.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Event[0]:
Date: 2021-11-01 11:51:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.91.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-11-01 11:51:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.91.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-11-01 11:51:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.91.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-11-01 11:51:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.91.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-11-01 11:51:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.91.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
==================== Memory info ===========================
BIOS: LENOVO M1UKT65A 03/03/2021
Motherboard: LENOVO 312A
Processor: Intel(R) Pentium(R) Gold G5400 CPU @ 3.70GHz
Percentage of memory in use: 54%
Total physical RAM: 16256.09 MB
Available physical RAM: 7335.52 MB
Total Virtual: 19184.09 MB
Available Virtual: 9475.64 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:234.91 GB) (Free:71.11 GB) NTFS
\\?\Volume{41ac28d2-a90a-47e5-b5ad-dfad4cd0ca19}\ () (Fixed) (Total:0.57 GB) (Free:0.11 GB) NTFS
\\?\Volume{726ce9c5-b92d-4598-8798-a754ae5aff6c}\ (Recovery) (Fixed) (Total:2.38 GB) (Free:2 GB) NTFS
\\?\Volume{04d347e8-cfd2-4b7d-bdc5-f6337d401af7}\ (BOOT) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================
Ran by kenzi (07-11-2021 19:09:18)
Running from C:\Users\kenzi\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2021-10-16 18:50:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1266628079-2253192551-1405753121-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1266628079-2253192551-1405753121-503 - Limited - Disabled)
Guest (S-1-5-21-1266628079-2253192551-1405753121-501 - Limited - Disabled)
kenzi (S-1-5-21-1266628079-2253192551-1405753121-1001 - Administrator - Enabled) => C:\Users\kenzi
WDAGUtilityAccount (S-1-5-21-1266628079-2253192551-1405753121-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4_2) (Version: 22.4.2.242 - Adobe Inc.)
BitTorrent (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\BitTorrent) (Version: 7.10.5.46097 - BitTorrent Inc.)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 1.29.1 - Bitwarden Inc.)
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.3.145.1003 - BlueStack Systems, Inc.)
BlueStacks X (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\BlueStacks X) (Version: 0.11.1.9 - BlueStack Systems, Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 95.1.31.88 - Brave Software Inc)
CrystalDiskInfo 8.12.10 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.10 - Crystal Dew World)
CrystalDiskMark 8.0.4 (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4 - Crystal Dew World)
Discord (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
DriversCloud.com (HKLM\...\{0337BFA9-63C1-41A6-BB12-85690990C119}) (Version: 11.0.3.0 - Cybelsoft)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.0.157.5037 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{d3ae0bdb-bfa2-4b09-9c5a-ec955ad35b7c}) (Version: 12.0.157.5037 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
FIFA 21 (HKLM-x32\...\{A918ACE7-A83B-41F4-8746-AEF8DC821879}) (Version: 1.0.72.32477 - Electronic Arts)
FileBot (HKLM\...\{9A045E8D-DA4E-476B-A51F-55A0D3146FC1}) (Version: 4.9.4 - Point Planck Limited)
Intel Driver && Support Assistant (HKLM-x32\...\{5C00DA99-5159-4D09-A629-018EF8A66825}) (Version: 21.6.39.5 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{88B98508-2D8F-46F1-90AD-557BE40C7067}) (Version: 2.4.07642 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{a3052cfa-e19e-4092-a8e5-264f6d84442c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2117.15.0.2272 - Intel Corporation)
Intel(R) Network Connections 24.3.0.6 (HKLM\...\PROSetDX) (Version: 24.3.0.6 - Intel)
Intel® Driver & Support Assistant (HKLM-x32\...\{481781ea-4aa2-4f86-83f6-6800c40421fe}) (Version: 21.6.39.5 - Intel)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2021.11.8744 - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2019 - fr-fr (HKLM\...\ProPlus2019Volume - fr-fr) (Version: 16.0.14332.20033 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20033 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20033 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040C-1000-0000000FF1CE}) (Version: 16.0.14332.20011 - Microsoft Corporation) Hidden
OP.GG 1.0.7 (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\35c3f6f2-9851-552e-9b8e-cd08ef2d1674) (Version: 1.0.7 - OP.GG)
Opera GX Stable 80.0.4170.61 (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Opera GX 80.0.4170.61) (Version: 80.0.4170.61 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.106.49298 - Electronic Arts, Inc.)
Plex (HKLM-x32\...\Plex) (Version: 1.35.1 - Plex, Inc.)
Private Internet Access (HKLM\...\{33023371-7761-4F81-BBB1-0E0D0D175ACF}) (Version: 3.1.0+06756 - Private Internet Access, Inc.)
Private Internet Access WinTUN Driver (HKLM\...\{0419A0C0-4CC8-459E-9BAE-F3BF5D2E2CCB}) (Version: 1.0 - Private Internet Access, Inc.) Hidden
Spotify (HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\Spotify) (Version: 1.1.71.560.gc21c3367 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinSCP 5.19.3 (HKLM-x32\...\winscp3_is1) (Version: 5.19.3 - Martin Prikryl)
Packages:
=========
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.20.2.0_x64__6rarf9sa4v8jt [2021-10-28] (Disney)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.1.257.0_x64__v10z8vjag6ke6 [2021-11-03] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-10-16] (INTEL CORP) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-11-03] (Apple Inc.) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-03] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-26] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2021-10-16] (Realtek Semiconductor Corp)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.15.163.0_x64__43tkc6nmykmb6 [2021-11-03] (Ookla)
Ubuntu 20.04 LTS -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu20.04onWindows_2004.2021.825.0_x64__79rhkp1fndgsc [2021-10-28] (Canonical Group Limited)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1266628079-2253192551-1405753121-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-10-21] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\kenzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Apps\YouTube Music.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\kenzi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Brave.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --load-extension="C:\ProgramData\Klzz\Wnfwnv\5AF80890"
==================== Loaded Modules (Whitelisted) =============
0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ () [Access Denied] C:\ProgramData\NotifyTrace\YtyyesHack\ayrseft_Brared.dll
2021-11-03 21:53 - 2021-11-03 21:12 - 000635904 _____ () [File not signed] \\?\C:\Program Files\LGHUB\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2021-11-03 20:45 - 2021-11-03 07:41 - 000508416 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\resources\app.asar.unpacked\node_modules\node-ovhook\build\Release\node_ovhook.node
2021-11-03 20:45 - 2021-11-03 07:41 - 000159744 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\resources\app.asar.unpacked\node_modules\rust-process\native\index.node
2021-11-07 18:55 - 2021-11-07 18:55 - 000152064 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Temp\5fbdebe3-cf43-4705-a30c-63bc49b2edcd.tmp.node
2021-11-07 18:55 - 2021-11-07 18:55 - 000795136 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Temp\98032ac5-fd38-42a3-b9c9-38fa26f2dcfb.tmp.node
2021-11-07 18:55 - 2021-11-07 18:55 - 000161280 _____ () [File not signed] \\?\C:\Users\kenzi\AppData\Local\Temp\de91c81b-666d-4ddb-a505-8fcaf6ba166c.tmp.node
2021-04-13 13:36 - 2021-04-13 13:36 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2021-10-16 20:25 - 2021-10-16 20:25 - 000967168 _____ () [File not signed] C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc.dll
2021-10-30 15:26 - 2021-10-30 15:26 - 002699264 _____ () [File not signed] C:\Program Files\Bitwarden\ffmpeg.dll
2021-10-30 15:26 - 2021-10-30 15:26 - 000442368 _____ () [File not signed] C:\Program Files\Bitwarden\libegl.dll
2021-10-30 15:26 - 2021-10-30 15:26 - 008143872 _____ () [File not signed] C:\Program Files\Bitwarden\libglesv2.dll
2021-11-03 20:45 - 2021-11-03 07:41 - 002823680 _____ () [File not signed] C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\ffmpeg.dll
2021-11-03 20:45 - 2021-11-03 07:41 - 000449024 _____ () [File not signed] C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\libegl.dll
2021-11-03 20:45 - 2021-11-03 07:41 - 007620096 _____ () [File not signed] C:\Users\kenzi\AppData\Local\Programs\opgg-electron-app\libglesv2.dll
2021-10-21 16:26 - 2021-10-21 16:26 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2021-10-21 16:26 - 2021-10-21 16:26 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-07-23 10:36 - 2021-07-23 10:36 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2021-10-20 14:57 - 2021-10-20 14:56 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-10-20 14:57 - 2021-10-20 14:57 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 002815488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 000678400 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2021-10-20 14:57 - 2021-10-20 14:56 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-10-21 11:11 - 2021-10-20 14:57 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll
2021-11-04 15:07 - 2021-11-04 15:07 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3998]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2021-10-30 15:07 - 000000891 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 license.piriform.com
127.0.0.1 http://www.piriform.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kenzi\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wallpaperbetter.com_1920x1080.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Calculator"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\StartupFolder: => "RUNDLL32.EXE.lnk"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\StartupFolder: => "IntelRapid.lnk"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_51468CC7A89CF6F2E72B3A5E67F0C488"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "WinHost"
HKU\S-1-5-21-1266628079-2253192551-1405753121-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{4204F1CA-7E16-4942-8D09-FFE392B1B2EF}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{9AE599C2-A6E8-4E3C-B4BB-22D2D7E7AF1C}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{96E12AB2-B242-4126-8494-6D1163826D5E}] => (Allow) C:\Program Files\EA Games\FIFA 21\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F6F2E580-48EB-4A5B-B35E-D9177130FC31}] => (Allow) C:\Program Files\EA Games\FIFA 21\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{C43171B6-DC6D-453E-8267-6BC7F7211C88}C:\program files\ea games\fifa 21\fifa21.exe] => (Block) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [UDP Query User{7C6D89E6-B2A4-43B8-9318-E934714A7909}C:\program files\ea games\fifa 21\fifa21.exe] => (Block) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{7226709D-32F8-464C-A4BF-CBB03C6A838E}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{2B9D697F-0A8D-4949-BA8A-7663ED6DEC29}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{168B3DAD-4212-45A1-B157-6568336A3226}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{92744CCC-B063-4A9B-AC6C-940B64B40120}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{521D0683-83FE-4DB1-A6B7-E0A63FABFCC4}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft)
FirewallRules: [{04A48DE7-A855-41D0-A6E1-C14BBF25BC46}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft)
FirewallRules: [TCP Query User{B94878C2-9940-4156-BCAD-D430BB957D10}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9007D433-2C4E-4526-BC84-EC95F86B9B11}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EC133F88-C33C-456A-ACB5-D5924BB63D48}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF801B73-8171-41E5-980E-BCCA4042DE42}] => (Allow) LPort=1688
FirewallRules: [{C37EA684-6577-4D99-8ECF-FE5833F96E09}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9118E300-E903-4063-9F3E-BE3CCB71B955}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BF4E113A-91A6-4162-B339-3B2A6F30548D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{C51AC590-96F6-4A2D-85BB-564B1E0C51EB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{7AE0E6E4-EAD0-4025-879D-E13CAE618CA7}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{2305B234-A4A4-46C1-9175-D0D724F35277}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{E5876589-4958-4A26-9271-A4F356D2C7FD}] => (Allow) C:\Users\kenzi\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{11F7830F-A9D5-4EC1-8B1D-92BF9879E7BA}] => (Allow) C:\Users\kenzi\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{30E43E66-6848-4F03-B706-EE43D31F5D3F}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{6D4AAB1D-3865-4A03-86C7-81895F7147F1}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{C9C55AAC-1298-4C14-A36E-58BB42DBEAD6}C:\users\kenzi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenzi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D70BBA64-A882-4EC6-9024-D19254A0ED17}C:\program files\ea games\fifa 21\fifa21.exe] => (Allow) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [UDP Query User{81803BBF-349E-4EE3-B02C-91C29EACBF9D}C:\program files\ea games\fifa 21\fifa21.exe] => (Allow) C:\program files\ea games\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{40AF6FD7-E9E4-4E4E-9B02-81E08AECBA4F}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{B1558BA5-FCDA-4C39-82D1-44828FC0E827}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{133BA207-DEFD-494B-9208-A67628DE018B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F9602E36-DFEC-4B81-9E26-5A16F9B29E6A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C9DBD9C-FE66-4CB4-BFF9-BD17DCA2BF20}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1328A75-05E1-4A57-88F7-F1221C2F0087}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5001ED0B-43AE-432D-96AC-6A777A582D0A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{14E8FFD0-A85A-4E3D-9D7E-A2448EF0FC57}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{766E0587-E0E0-4A19-AED1-5F816ED5BC3C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{289AA53E-11D7-4274-88DE-785EC181AC54}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{A6AB2E6A-B188-45CF-B856-32753DA8024C}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{08497133-2929-405B-A505-DED5ED5D349E}C:\users\kenzi\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\kenzi\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{0CF013F4-D743-4401-AA87-A470DEA2B09D}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems)
FirewallRules: [TCP Query User{4EFE18A7-0587-45B5-8827-8DD08BBED740}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe () [File not signed]
FirewallRules: [UDP Query User{88F4261F-40F8-4DEE-8E27-5A43946F0708}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe () [File not signed]
FirewallRules: [{1577702D-A5EF-49DF-94E2-B1632B9D2346}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E79F4F8-D8D1-449E-BD8E-859D6631A421}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{84978316-EFC8-4561-A280-C6B11BE2CE16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{76800882-6347-4B79-9625-F7103BE7CD53}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
04-11-2021 21:59:18 Intel® Driver & Support Assistant
04-11-2021 23:52:57 Windows Modules Installer
07-11-2021 11:43:12 Installed Intel(R) Network Connections.
07-11-2021 17:35:11 Restore Point Created by FRST
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/07/2021 06:59:00 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NRR6AVG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/07/2021 06:52:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (11/07/2021 06:52:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bd8fc1f2-a698-4b2e-a005-2fa79b30e455}
Error: (11/07/2021 05:58:18 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NRR6AVG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/07/2021 05:40:51 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NRR6AVG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/07/2021 11:44:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.1202, time stamp: 0x4aa1ce82
Faulting module name: msvcrt.dll, version: 7.0.19041.546, time stamp: 0x564f9f39
Exception code: 0x40000015
Fault offset: 0x000000000000ae22
Faulting process ID: 0x32c0
Faulting application start time: 0x01d7d3c354aeef54
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report ID: 43f05eee-6e48-4b88-a958-76e062f204af
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Error: (11/06/2021 12:45:12 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NRR6AVG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (11/06/2021 12:40:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x2580
Faulting application start time: 0x01d7d3031c4467e9
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: unknown
Report ID: 92550c97-e54e-47ea-a860-6fe85fa8c97c
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (11/07/2021 06:54:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AppServicea service to connect.
Error: (11/07/2021 06:53:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/07/2021 06:53:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK service terminated unexpectedly. It has done this 1 time(s).
Error: (11/07/2021 06:52:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly. It has done this 1 time(s).
Error: (11/07/2021 06:52:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (11/07/2021 06:52:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The LGHUB Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (11/07/2021 06:52:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/07/2021 06:52:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
Windows Defender:
================
Date: 2021-11-06 12:42:15
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0
Name: Trojan:MSIL/RedLine.RPS!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.353.524.0, AS: 1.353.524.0, NIS: 1.353.524.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 21:53:49
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0
Name: Trojan:MSIL/RedLine.RPS!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.353.364.0, AS: 1.353.364.0, NIS: 1.353.364.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 21:12:04
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0
Name: Trojan:MSIL/RedLine.RPS!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.353.364.0, AS: 1.353.364.0, NIS: 1.353.364.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 20:45:42
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/RedLine.RPS!MTB&threatid=2147797360&enterprise=0
Name: Trojan:MSIL/RedLine.RPS!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\kenzi\AppData\Local\Temp\{u50n-tiBqK-pcL3-YoxtE}\04638802125.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.353.364.0, AS: 1.353.364.0, NIS: 1.353.364.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-10-30 16:26:29
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik.FL.B!ml&threatid=2147780203&enterprise=0
Name: Trojan:Win32/Sabsik.FL.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\kenzi\AppData\Local\Temp\drukpa\maraudvp.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.353.91.0, AS: 1.353.91.0, NIS: 1.353.91.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Event[0]:
Date: 2021-11-01 11:51:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.91.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-11-01 11:51:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.91.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-11-01 11:51:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.91.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-11-01 11:51:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.91.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-11-01 11:51:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.91.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
==================== Memory info ===========================
BIOS: LENOVO M1UKT65A 03/03/2021
Motherboard: LENOVO 312A
Processor: Intel(R) Pentium(R) Gold G5400 CPU @ 3.70GHz
Percentage of memory in use: 54%
Total physical RAM: 16256.09 MB
Available physical RAM: 7335.52 MB
Total Virtual: 19184.09 MB
Available Virtual: 9475.64 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:234.91 GB) (Free:71.11 GB) NTFS
\\?\Volume{41ac28d2-a90a-47e5-b5ad-dfad4cd0ca19}\ () (Fixed) (Total:0.57 GB) (Free:0.11 GB) NTFS
\\?\Volume{726ce9c5-b92d-4598-8798-a754ae5aff6c}\ (Recovery) (Fixed) (Total:2.38 GB) (Free:2 GB) NTFS
\\?\Volume{04d347e8-cfd2-4b7d-bdc5-f6337d401af7}\ (BOOT) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================