Constant Virus Notifications – Virus, Trojan, Spyware, and Malware Removal Help

Here is the FRST.txt file:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2021

Ran by micha (administrator) on DESKTOP-JMGEQHM (Gigabyte Technology Co., Ltd. H170-Gaming 3) (20-09-2021 13:28:36)

Running from C:UsersmichaDownloads

Loaded Profiles: micha

Platform: Windows 10 Home Version 20H2 19042.1237 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() [File not signed] C:Program FilesElgatoSoundCaptureSoundCapture.exe

() [File not signed] C:UsersmichaAppDataRoamingElgatoStreamDeckPluginstv.twitch.studio.sdPlugintwitchstudiostreamdeck.exe

(Adobe Inc. -> ) C:Program Files (x86)AdobeAdobe SyncCoreSyncCoreSync.exe

(Adobe Inc. -> Adobe Inc) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonIPCBoxAdobeIPCBroker.exe

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonADSAdobe Desktop Service.exe

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobe Installer.exe

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe

(Adobe Inc. -> Adobe Inc.) C:Program FilesAdobeAdobe Creative CloudACCCreative Cloud Helper.exe <2>

(Adobe Inc. -> Adobe Inc.) C:Program FilesAdobeAdobe Creative CloudACCCreative Cloud.exe

(Adobe Inc. -> Adobe Inc.) C:Program FilesCommon FilesAdobeAdobe Desktop CommonHEXAdobe CEF Helper.exe <2>

(Adobe Inc. -> Adobe Systems Incorporated) C:Program FilesAdobeAdobe Creative Cloud ExperienceCCXProcess.exe

(Adobe Inc. -> Adobe Systems Incorporated) C:Program FilesCommon FilesAdobeCreative Cloud LibrariesCCLibrary.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe

(Adobe Systems Incorporated) C:Program FilesWindowsAppsAdobeNotificationClient_2.0.1.8_x86__enpm4xejd91ycAdobeNotificationClient.exe

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:Program FilesAMDCNextCNextamdow.exe

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:Program FilesAMDCNextCNextAMDRSServ.exe

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:Program FilesAMDCNextCNextRadeonSoftware.exe

(Advanced Micro Devices, Inc. -> AMD) C:Program FilesAMDPerformance Profile ClientAUEPLauncher.exe

(Advanced Micro Devices, Inc. -> AMD) C:Program FilesAMDPerformance Profile ClientAUEPMaster.exe

(Advanced Micro Devices, Inc. -> AMD) C:Program FilesAMDPerformance Profile ClientAUEPUF.exe

(Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepository͠470.inf_amd64_35c64671e7fac064B360357atieclxx.exe

(Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepository͠470.inf_amd64_35c64671e7fac064B360357atiesrxx.exe

(Apple Inc.) C:Program FilesWindowsAppsAppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc) C:Program FilesElgatoStreamDeckStreamDeck.exe

(Discord Inc. -> Discord Inc.) C:UsersmichaAppDataLocalDiscordapp-1.0.9002Discord.exe <6>

(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesLauncherEngineBinariesWin64EpicWebHelper.exe <2>

(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe

(Even Balance, Inc. -> ) C:WindowsSysWOW64PnkBstrA.exe

(FabulaTech, LLP -> ) C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnlsv.exe

(FabulaTech, LLP -> ) C:Program FilesCommon FilesVMwareScannerRedirectionftscanmgrhv.exe

(FabulaTech, LLP -> VMware) C:Program FilesCommon FilesVMwareSerialPortRedirectionClientvmwsprrdpwks.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleChromeApplicationchrome.exe <14>

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.102GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.102GoogleCrashHandler64.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:UsersmichaAppDataLocalMicrosoftOneDrive21.170.0822.0002FileCoAuth.exe

(Microsoft Corporation -> Microsoft Corporation) C:UsersmichaAppDataLocalMicrosoftOneDriveOneDrive.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbweWinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe

(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:WindowsSystem32amdlogsr.exe

(OpenJS Foundation -> Node.js) C:Program FilesAdobeAdobe Creative Cloud Experiencelibsnode.exe

(OpenJS Foundation -> Node.js) C:Program FilesCommon FilesAdobeCreative Cloud Librarieslibsnode.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerSynapseRzSynapse.exe

(The Qt Company Oy -> The Qt Company Ltd.) C:Program FilesElgatoStreamDeckQtWebEngineProcess.exe <5>

(VMware, Inc. -> VMware, Inc.) C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe

(VMware, Inc. -> VMware, Inc.) C:Program Files (x86)VMwareVMware Horizon View ClientClientServicehorizon_client_service.exe

(Voicemod Sociedad Limitada -> ) C:UsersmichaAppDataRoamingElgatoStreamDeckPluginsnet.voicemod.windowsdesktop.sdPluginvoicemodplugin.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [AdobeGCInvoker-1.0] => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)

HKLM…Run: [AdobeAAMUpdater-1.0] => C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM…Run: [AdobePSE18AutoAnalyzer] => C:Program FilesAdobeElements 2020 OrganizerElements Auto Creations 2020.exe [3560048 2019-08-27] (Adobe Inc. -> Adobe Systems Incorporated)

HKLM…Run: [Elgato Sound Capture] => C:Program FilesElgatoSoundCaptureSoundCapture.exe [1234944 2020-12-03] () [File not signed]

HKLM…Run: [Stream Deck] => C:Program FilesElgatoStreamDeckStreamDeck.exe [10215960 2021-06-11] (Corsair Memory, Inc. -> Corsair Memory, Inc)

HKLM…Run: [Logitech Download Assistant] => C:WindowsSystem32LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)

HKLM-x32…Run: [Adobe CCXProcess] => C:Program Files (x86)AdobeAdobe Creative Cloud ExperienceCCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )

HKLM-x32…Run: [Razer Synapse] => C:Program Files (x86)RazerSynapseRzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)

HKLM-x32…Run: [TeamsMachineInstaller] => C:Program Files (x86)Teams InstallerTeams.exe [114671912 2021-02-10] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32…Run: [Adobe Creative Cloud] => C:Program FilesAdobeAdobe Creative CloudACCCreative Cloud.exe [779504 2021-06-29] (Adobe Inc. -> Adobe Inc.)

HKUS-1-5-21-1783447242-3632329100-3797296807-1001…Run: [AMDDVR] => C:Program FilesAMDCNextCNextAMDRSServ.exe [2491576 2020-05-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

HKUS-1-5-21-1783447242-3632329100-3797296807-1001…Run: [EpicGamesLauncher] => C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe [33336800 2021-09-16] (Epic Games Inc. -> Epic Games, Inc.)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication93.0.4577.82Installerchrmstp.exe [2021-09-15] (Google LLC -> Google LLC)

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {02FC851F-FDDF-43DA-B50A-44BFB23012BB} – System32TasksAdobeGCInvoker-1.0 => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {0C8FE9CB-98EB-4BB1-9B4B-085238E8E840} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [139096 2021-09-19] (Microsoft Corporation -> Microsoft Corporation)

Task: {20D44C51-BABD-43ED-A203-B59E2679E6CA} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-06-09] (Google LLC -> Google LLC)

Task: {35C1204F-55AC-49B0-BCBE-3A88B2DA0A0D} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [7053768 2021-09-19] (Microsoft Corporation -> Microsoft Corporation)

Task: {5BE84227-71AF-4329-9B93-E8F13CB7D0F7} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {65CE84A6-D5DA-4381-B719-1572E4FF60E8} – System32TasksStartCNBM => C:Program FilesAMDCNextCNextcncmd.exe [61624 2020-05-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: {77A9C796-3224-4CDB-9329-17A20DF195E1} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {7C465050-FFD8-4030-A80B-4D3CDA9857A8} – System32TasksStartCN => C:Program FilesAMDCNextCNextcncmd.exe [61624 2020-05-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: {96479197-F675-4547-B66F-9E50B9FA4919} – System32TasksAMDLinkUpdate => C:Program FilesAMDCIMBIN64InstallManagerApp.exe [1628160 2020-05-15] (Advanced Micro Devices, Inc.) [File not signed]

Task: {A5E5DC72-A20F-4E6A-B5ED-FEFA42CCF3BE} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [139096 2021-09-19] (Microsoft Corporation -> Microsoft Corporation)

Task: {B7104B52-473D-4E3B-BC76-D62360BABD6B} – System32TasksAMDInstallLauncher => C:Program FilesAMDCIMBin64InstallManagerApp.exe [1628160 2020-05-15] (Advanced Micro Devices, Inc.) [File not signed]

Task: {C5AF4C41-7F9D-43E4-AAFD-5D1BD989BE64} – System32TasksStartDVR => C:Program FilesAMDCNextCNextRSServCmd.exe [69304 2020-05-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: {C810D61B-89BE-49CE-8ADB-FC183D288FAF} – System32TasksMicrosoftOfficeOffice Serviceability Manager => C:Program FilesCommon FilesMicrosoft SharedClickToRunofficesvcmgr.exe [4102784 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {CC9FAD33-D6B1-4880-B2CB-B8328B4D7024} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [7053768 2021-09-19] (Microsoft Corporation -> Microsoft Corporation)

Task: {D97AEBA7-632D-4160-B4BA-A6B5737786A6} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-06-09] (Google LLC -> Google LLC)

Task: {F511DED3-B0A7-40E3-AB3D-B5A67193DAE2} – System32TasksModifyLinkUpdate => C:Program FilesAMDCIMBin64InstallManagerApp.exe [1628160 2020-05-15] (Advanced Micro Devices, Inc.) [File not signed]

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:WINDOWSexplorer.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: 127.0.0.1 view-localhost # view localhost server

TcpipParameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip..Interfaces{16b1f27e-53bd-4913-8daf-6b1fcd02d72f}: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

Edge: 

=======

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

Edge DefaultProfile: Default

Edge Profile: C:UsersmichaAppDataLocalMicrosoftEdgeUser DataDefault [2021-09-20]

Edge HomePage: Default -> hxxps://www.google.com/

 

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:Program FilesVideoLANVLCnpvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll [2021-06-29] (Adobe Inc. -> Adobe Systems)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect32.dll [2021-06-29] (Adobe Inc. -> Adobe Systems)

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR Profile: C:UsersmichaAppDataLocalGoogleChromeUser DataDefault [2021-09-20]

CHR Notifications: Default -> hxxps://matrix-news.org; hxxps://www.messenger.com

CHR HomePage: Default -> hxxps://www.google.com/

CHR DefaultSearchURL: Default -> hxxps://search.onfireshield.com/?dsf&yh&q={searchTerms}

CHR DefaultSearchKeyword: Default -> FireShield

CHR DefaultSuggestURL: Default -> hxxps://ext.onfireshield.com/api/ext/suggest?q={searchTerms}

CHR Extension: (Slides) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2020-07-13]

CHR Extension: (Twitch Chat pronouns) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsagnfbjmjkdncblnkpkgoefbpogemfcii [2021-05-18]

CHR Extension: (BetterTTV) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsajopnjidmegmdimjlfnijceegpefgped [2021-09-17]

CHR Extension: (Docs) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2020-07-13]

CHR Extension: (Google Drive) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-10-19]

CHR Extension: (YouTube) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-13]

CHR Extension: (Sheets) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2020-07-13]

CHR Extension: (FireShield) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsgfdkoahooibdcaeejmhidmldhlgemkoa [2021-08-13]

CHR Extension: (Google Docs Offline) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-25]

CHR Extension: (Streamlabs Export To StreamElements) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsmicpdieddpifbgnnlbelgamnfpeonkpe [2021-07-25]

CHR Extension: (Chrome Web Store Payments) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]

CHR Extension: (Netflix Party is now Teleparty) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionsoocalimimngaihdkbihfgmpkcpnmlaoa [2021-09-19]

CHR Extension: (Gmail) – C:UsersmichaAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]

CHR Profile: C:UsersmichaAppDataLocalGoogleChromeUser DataGuest Profile [2021-07-01]

CHR Profile: C:UsersmichaAppDataLocalGoogleChromeUser DataSystem Profile [2021-07-01]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdobeUpdateService; C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe [842480 2021-06-29] (Adobe Inc. -> Adobe Inc.)

R2 AGMService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AGSService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AUEPLauncher; C:Program FilesAMDPerformance Profile ClientAUEPLauncher.exe [60600 2020-05-15] (Advanced Micro Devices, Inc. -> AMD)

R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)

R2 client_service; C:Program Files (x86)VMwareVMware Horizon View ClientClientServicehorizon_client_service.exe [444632 2020-12-20] (VMware, Inc. -> VMware, Inc.)

S3 EpicOnlineServices; C:Program Files (x86)Epic GamesEpic Online ServicesserviceEpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)

R2 ftnlsv3hv; C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnlsv.exe [473200 2020-11-03] (FabulaTech, LLP -> )

R2 ftscanmgrhv; C:Program FilesCommon FilesVMwareScannerRedirectionftscanmgrhv.exe [299120 2020-11-04] (FabulaTech, LLP -> )

R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7785656 2021-09-20] (Malwarebytes Inc -> Malwarebytes)

S3 OfficeSvcManagerAddons; C:WINDOWSsystem32dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-04-23] (Microsoft Windows -> Microsoft Corporation)

R2 PnkBstrA; C:WindowsSysWOW64PnkBstrA.exe [75136 2020-10-21] (Even Balance, Inc. -> )

R2 vmwsprrdpwks; C:Program FilesCommon FilesVMwareSerialPortRedirectionClientvmwsprrdpwks.exe [480368 2020-11-24] (FabulaTech, LLP -> VMware)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2108.7-0NisSrv.exe [2772856 2021-09-04] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2108.7-0MsMpEng.exe [136640 2021-09-04] (Microsoft Windows Publisher -> Microsoft Corporation)

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AppleKmdfFilter; C:WINDOWSSystem32driversAppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 AppleLowerFilter; C:WINDOWSSystem32driversAppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

S3 BthHFEnum; C:WINDOWSSystem32driversbthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]

R3 ElgatoGC656Y; C:WINDOWSSystem32DriversElgatoGC656.sys [43392 2020-10-05] (Elgato Systems LLC -> UB658)

R3 ElgatoVAD; C:WINDOWSSystem32driversElgatoVAD.sys [39208 2020-05-13] (Elgato Systems LLC -> Elgato Systems GmbH)

R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [160176 2021-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [210344 2021-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [198888 2021-09-20] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [68528 2021-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-09-20] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [149424 2021-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S3 rzendpt; C:WINDOWSSystem32driversrzendpt.sys [50392 2015-08-13] (Razer Inc. -> Razer Inc)

R3 ScpVBus; C:WINDOWSSystem32driversScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)

R3 vjoy; C:WINDOWSSystem32driversvjoy.sys [44784 2015-05-05] (Shaul Eizikovich -> Shaul Eizikovich)

R3 VOICEMOD_Driver; C:WINDOWSsystem32driversvmdrv.sys [48136 2021-08-12] (Voicemod Sociedad Limitada -> Windows ® Win 7 DDK provider)

S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [48536 2021-09-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [433384 2021-09-04] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [86264 2021-09-04] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-09-20 13:28 – 2021-09-20 13:29 – 000023588 _____ C:UsersmichaDownloadsFRST.txt

2021-09-20 13:27 – 2021-09-20 13:28 – 000000000 ____D C:FRST

2021-09-20 13:26 – 2021-09-20 13:26 – 002304512 _____ (Farbar) C:UsersmichaDownloadsFRST64.exe

2021-09-20 13:26 – 2021-09-20 13:26 – 002015744 _____ (Farbar) C:UsersmichaDownloadsFRST.exe

2021-09-20 13:07 – 2021-09-20 13:07 – 000198888 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys

2021-09-20 13:07 – 2021-09-20 13:07 – 000149424 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys

2021-09-20 13:07 – 2021-09-20 13:07 – 000068528 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys

2021-09-20 13:06 – 2021-09-20 13:06 – 000000000 ____D C:WINDOWSpss

2021-09-20 12:58 – 2021-09-20 13:06 – 000329246 _____ C:WINDOWSntbtlog.txt

2021-09-20 12:58 – 2021-09-20 13:02 – 000000214 _____ C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job

2021-09-20 12:39 – 2021-09-20 13:07 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2021-09-20 12:39 – 2021-09-20 13:02 – 000210344 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys

2021-09-20 12:39 – 2021-09-20 12:39 – 000002033 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk

2021-09-20 12:39 – 2021-09-20 12:39 – 000002021 _____ C:UsersPublicDesktopMalwarebytes.lnk

2021-09-20 12:39 – 2021-09-20 12:38 – 000160176 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys

2021-09-20 12:39 – 2021-09-20 12:38 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys

2021-09-20 12:38 – 2021-09-20 12:38 – 002101944 _____ (Malwarebytes) C:UsersmichaDownloadsMBSetup-119967.119967-consumer (1).exe

2021-09-20 12:38 – 2021-09-20 12:38 – 000000000 ____D C:ProgramDataMalwarebytes

2021-09-20 11:23 – 2021-09-20 11:23 – 000000000 ____D C:WINDOWSLastGood.Tmp

2021-09-19 23:42 – 2021-09-19 23:42 – 000000000 ____D C:UsersmichaAppDataLocalmbam

2021-09-19 23:41 – 2021-09-19 23:41 – 000000000 ____D C:Program FilesMalwarebytes

2021-09-19 23:40 – 2021-09-19 23:40 – 002101944 _____ (Malwarebytes) C:UsersmichaDownloadsMBSetup-119967.119967-consumer.exe

2021-09-16 21:22 – 2021-09-16 21:22 – 000672768 _____ C:WINDOWSsystem32FsNVSDeviceSource.dll

2021-09-16 21:22 – 2021-09-16 21:22 – 000570368 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl

2021-09-16 21:22 – 2021-09-16 21:22 – 000452096 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl

2021-09-16 21:21 – 2021-09-16 21:21 – 002295296 _____ (Digimarc) C:WINDOWSsystem32DMRCDecoder.dll

2021-09-16 21:21 – 2021-09-16 21:21 – 002260992 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll

2021-09-16 21:21 – 2021-09-16 21:21 – 002111488 _____ (Digimarc) C:WINDOWSSysWOW64DMRCDecoder.dll

2021-09-16 21:21 – 2021-09-16 21:21 – 001823304 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-09-16 21:21 – 2021-09-16 21:21 – 001393480 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi

2021-09-16 21:21 – 2021-09-16 21:21 – 001333760 _____ C:WINDOWSSysWOW64TextInputMethodFormatter.dll

2021-09-16 21:21 – 2021-09-16 21:21 – 001313608 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi

2021-09-16 21:21 – 2021-09-16 21:21 – 001164288 _____ C:WINDOWSsystem32MBR2GPT.EXE

2021-09-16 21:21 – 2021-09-16 21:21 – 000566784 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv

2021-09-16 21:21 – 2021-09-16 21:21 – 000426496 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv

2021-09-16 21:21 – 2021-09-16 21:21 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe

2021-09-16 21:21 – 2021-09-16 21:21 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe

2021-09-16 21:21 – 2021-09-16 21:21 – 000162816 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe

2021-09-16 21:21 – 2021-09-16 21:21 – 000147456 _____ (Microsoft Corporation) C:WINDOWSsystem32wshom.ocx

2021-09-16 21:21 – 2021-09-16 21:21 – 000122880 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wshom.ocx

2021-09-16 21:21 – 2021-09-16 21:21 – 000098816 _____ C:WINDOWSsystem32Driverscimfs.sys

2021-09-16 21:21 – 2021-09-16 21:21 – 000011355 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-09-16 21:16 – 2021-09-16 21:16 – 000000000 ___HD C:$WinREAgent

2021-09-14 15:51 – 2021-09-14 15:51 – 000001064 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Photoshop 2020.lnk

2021-09-14 15:46 – 2021-09-14 15:46 – 000001064 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Photoshop 2021.lnk

2021-09-12 10:14 – 2021-09-12 10:14 – 080062576 _____ C:UsersmichaDownloadsiCloud Photos (3).zip

2021-09-08 12:13 – 2021-09-08 12:13 – 000001122 _____ C:UsersPublicDesktopProject64.lnk

2021-09-08 12:13 – 2021-09-08 12:13 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsProject64 2.3

2021-09-08 12:13 – 2021-09-08 12:13 – 000000000 ____D C:Program Files (x86)Project64 3.0

2021-09-08 12:12 – 2021-09-08 12:12 – 004355010 _____ ( ) C:UsersmichaDownloadsSetup Project64 3.0.1-5664-2df3434.exe

2021-09-08 12:08 – 2021-09-20 11:25 – 000004168 _____ C:WINDOWSsystem32TasksUser_Feed_Synchronization-{BAB59E3D-1EF5-4049-AB2D-4856C7B46636}

2021-09-08 12:03 – 2021-09-08 12:03 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsvJoy

2021-09-08 12:03 – 2021-09-08 12:03 – 000000000 ____D C:Program FilesvJoy

2021-09-08 12:03 – 2015-05-05 08:40 – 000044784 _____ (Shaul Eizikovich) C:WINDOWSsystem32Driversvjoy.sys

2021-09-08 12:03 – 2015-05-05 08:40 – 000017648 _____ (Windows ® Codename Longhorn DDK provider) C:WINDOWSsystem32Drivershidkmdf.sys

2021-09-08 12:02 – 2021-09-08 12:03 – 000000000 ____D C:Program Files (x86)GCNadapter

2021-09-08 12:02 – 2021-09-08 12:02 – 013005017 _____ (Matt Cunningham ) C:UsersmichaDownloadsWiiU-UsbSetup 2015-09-02.exe

2021-09-08 12:02 – 2021-09-08 12:02 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWii U USB GCN adapter

2021-09-08 11:50 – 2021-09-08 11:50 – 012551367 _____ C:UsersmichaDownloadsSuper Smash Bros. (U) [!].zip

2021-09-08 11:49 – 2021-09-08 12:13 – 000000000 ____D C:Program Files (x86)Project64 1.6

2021-09-08 11:48 – 2021-09-08 11:49 – 001867248 _____ C:UsersmichaDownloadsProject641.6.zip

2021-08-31 13:03 – 2021-09-01 12:59 – 000000000 ____D C:ProgramDataVoicemod

2021-08-31 13:03 – 2021-08-31 13:10 – 000000000 ____D C:UsersmichaAppDataLocalVoicemod

2021-08-31 13:03 – 2021-08-31 13:03 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsVoicemod

2021-08-31 13:03 – 2021-08-31 13:03 – 000000000 ____D C:Program FilesVoicemod Desktop

2021-08-31 13:03 – 2021-08-12 09:14 – 000048136 _____ (Windows ® Win 7 DDK provider) C:WINDOWSsystem32Driversvmdrv.sys

2021-08-31 13:02 – 2021-08-31 13:02 – 068871608 _____ (Voicemod S.L. ) C:UsersmichaDownloadsVoicemodSetup_2.18.0.2.exe

2021-08-31 12:56 – 2021-08-31 12:56 – 000001145 _____ C:UsersPublicDesktopStream Deck.lnk

2021-08-31 12:56 – 2021-08-31 12:56 – 000000000 ____D C:UsersmichaAppDataLocalElgato

2021-08-31 12:56 – 2021-08-31 12:56 – 000000000 ____D C:ProgramDataElgato

2021-08-31 12:55 – 2021-08-31 12:55 – 103190528 _____ C:UsersmichaDownloadsStream_Deck_5.0.1.14252.msi

2021-08-31 12:55 – 2021-08-31 12:55 – 000000000 ____D C:Program Files (x86)OBS Studio – FTL

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-09-20 13:29 – 2020-07-13 14:54 – 000000000 ____D C:UsersmichaAppDataRoamingdiscord

2021-09-20 13:22 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-09-20 13:11 – 2021-04-23 13:19 – 000840598 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-09-20 13:11 – 2019-12-07 05:13 – 000000000 ____D C:WINDOWSINF

2021-09-20 13:09 – 2020-06-09 22:21 – 000000000 ____D C:Program Files (x86)Google

2021-09-20 13:08 – 2020-07-18 14:46 – 000000000 ___RD C:UsersmichaCreative Cloud Files

2021-09-20 13:08 – 2020-07-13 14:54 – 000000000 ____D C:UsersmichaAppDataLocalSquirrelTemp

2021-09-20 13:08 – 2020-07-13 14:54 – 000000000 ____D C:UsersmichaAppDataLocalDiscord

2021-09-20 13:07 – 2021-04-23 13:20 – 000003126 _____ C:WINDOWSsystem32TasksAMDInstallLauncher

2021-09-20 13:07 – 2021-04-23 13:20 – 000003112 _____ C:WINDOWSsystem32TasksAMDLinkUpdate

2021-09-20 13:07 – 2021-04-23 13:20 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-09-20 13:07 – 2021-04-23 13:15 – 000008192 ___SH C:DumpStack.log.tmp

2021-09-20 13:07 – 2020-06-09 22:18 – 000000000 ___RD C:UsersmichaOneDrive

2021-09-20 13:06 – 2019-12-07 05:03 – 000786432 _____ C:WINDOWSsystem32configBBI

2021-09-20 12:57 – 2020-06-09 22:11 – 000065536 _____ C:WINDOWSsystem32spu_storage.bin

2021-09-20 12:51 – 2020-09-29 14:55 – 000000000 ____D C:UsersmichaAppDataRoamingvlc

2021-09-20 12:49 – 2020-06-09 22:11 – 000000000 ____D C:WINDOWSsystem32AMD

2021-09-20 12:44 – 2020-09-20 16:25 – 000000000 ____D C:UsersmichaAppDataLocalCrashDumps

2021-09-20 12:39 – 2019-12-07 05:14 – 000000000 ___HD C:WINDOWSELAMBKUP

2021-09-20 11:59 – 2021-04-23 13:20 – 000003380 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-1783447242-3632329100-3797296807-1001

2021-09-20 11:59 – 2021-04-23 13:16 – 000002383 _____ C:UsersmichaAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-09-20 00:38 – 2020-06-09 22:16 – 000000000 ____D C:UsersmichaAppDataLocalD3DSCache

2021-09-19 14:49 – 2020-09-24 11:48 – 000000000 ____D C:Program Files (x86)Steam

2021-09-19 12:03 – 2021-04-30 12:02 – 000000000 ____D C:Program FilesMicrosoft Office

2021-09-19 12:02 – 2019-12-07 05:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-09-19 12:02 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-09-19 11:59 – 2020-11-17 01:30 – 000000000 ___HD C:adobeTemp

2021-09-19 11:59 – 2020-07-13 14:43 – 000000000 ____D C:Program FilesCommon FilesAdobe

2021-09-19 11:58 – 2020-08-24 14:50 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-09-19 11:58 – 2020-08-24 14:50 – 000002276 _____ C:UsersPublicDesktopMicrosoft Edge.lnk

2021-09-17 14:10 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSLiveKernelReports

2021-09-17 02:18 – 2021-04-23 13:15 – 000439016 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64WinMetadata

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64oobe

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64Dism

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSystemResources

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinMetadata

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32migwiz

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32Dism

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32DDFs

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32appraiser

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSShellComponents

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSProvisioning

2021-09-17 02:17 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-09-17 02:17 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSservicing

2021-09-16 21:24 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-09-16 21:15 – 2020-07-18 14:47 – 000000000 ____D C:WINDOWSsystem32MRT

2021-09-16 21:14 – 2020-07-18 14:47 – 135637312 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-09-15 21:08 – 2020-06-09 22:22 – 000002301 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-09-15 21:08 – 2020-06-09 22:22 – 000002260 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2021-09-11 20:12 – 2020-10-02 21:19 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2021-09-08 12:14 – 2020-11-30 20:55 – 000000000 ____D C:UsersmichaOneDriveDocumentsGaming

2021-09-08 12:03 – 2021-02-09 17:33 – 000000258 __RSH C:ProgramDatantuser.pol

2021-09-08 11:22 – 2020-07-13 16:30 – 000000000 ____D C:UsersmichaAppDataRoamingobs-studio

2021-09-08 11:22 – 2020-07-13 14:22 – 000000000 ____D C:UsersmichaAppDataLocalUbisoft Game Launcher

2021-09-08 11:07 – 2020-07-13 15:13 – 000000000 ____D C:UsersmichaDownloadsDS4Windows

2021-09-08 10:32 – 2020-07-13 14:43 – 000000000 ____D C:Program FilesAdobe

2021-09-07 20:18 – 2021-04-23 13:15 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-09-04 16:56 – 2020-06-09 22:05 – 000000000 ____D C:WINDOWSsystem32Driverswd

2021-08-31 12:57 – 2020-07-13 16:23 – 000000000 ____D C:UsersmichaAppDataLocalcache

2021-08-31 12:56 – 2020-09-09 13:08 – 000000000 ____D C:UsersmichaAppDataRoamingElgato

2021-08-31 12:56 – 2020-09-09 13:08 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsElgato

2021-08-31 12:55 – 2020-09-09 13:08 – 000000000 ____D C:Program FilesElgato

2021-08-31 12:55 – 2020-07-13 14:11 – 000803176 ____N (Microsoft Corporation) C:WINDOWSsystem32MpSigStub.exe

2021-08-28 21:05 – 2020-06-09 22:16 – 000000000 ____D C:UsersmichaAppDataLocalPackages

2021-08-27 00:10 – 2021-04-23 13:16 – 000000000 ____D C:Usersmicha

 

==================== Files in the root of some directories ========

 

2020-07-13 15:26 – 2020-07-13 15:26 – 000000000 _____ () C:UsersmichaAppDataLocaloobelibMkey.log

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

 

 

Here is the Addition.txt file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2021

Ran by micha (20-09-2021 13:29:44)

Running from C:UsersmichaDownloads

Windows 10 Home Version 20H2 19042.1237 (X64) (2021-04-23 17:20:17)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-1783447242-3632329100-3797296807-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-1783447242-3632329100-3797296807-503 – Limited – Disabled)

Guest (S-1-5-21-1783447242-3632329100-3797296807-501 – Limited – Disabled)

micha (S-1-5-21-1783447242-3632329100-3797296807-1001 – Administrator – Enabled) => C:Usersmicha

WDAGUtilityAccount (S-1-5-21-1783447242-3632329100-3797296807-504 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 19.00 (x64) (HKLM…7-Zip) (Version: 19.00 – Igor Pavlov)

Adobe After Effects 2020 (HKLM-x32…AEFT_17_7) (Version: 17.7 – Adobe Inc.)

Adobe After Effects 2021 (HKLM-x32…AEFT_18_4_1) (Version: 18.4.1 – Adobe Inc.)

Adobe Creative Cloud (HKLM-x32…Adobe Creative Cloud) (Version: 5.5.0.617 – Adobe Inc.)

Adobe Genuine Service (HKLM-x32…AdobeGenuineService) (Version:  – Adobe)

Adobe Illustrator 2021 (HKLM-x32…ILST_25_4_1) (Version: 25.4.1 – Adobe Inc.)

Adobe Media Encoder 2020 (HKLM-x32…AME_14_9) (Version: 14.9 – Adobe Inc.)

Adobe Media Encoder 2021 (HKLM-x32…AME_15_4_1) (Version: 15.4.1 – Adobe Inc.)

Adobe Photoshop 2020 (HKLM-x32…PHSP_21_2_12) (Version: 21.2.12.215 – Adobe Inc.)

Adobe Photoshop 2021 (HKLM-x32…PHSP_22_5_1) (Version: 22.5.1.441 – Adobe Inc.)

Adobe Premiere Elements 2020 (HKLM-x32…PRE_18_1) (Version: 18.0 – Adobe Inc.)

Adobe Premiere Pro 2020 (HKLM-x32…PPRO_14_9) (Version: 14.9 – Adobe Inc.)

Adobe Premiere Pro 2021 (HKLM-x32…PPRO_15_4_1) (Version: 15.4.1 – Adobe Inc.)

AMD Software (HKLM…AMD Catalyst Install Manager) (Version: 20.4.2 – Advanced Micro Devices, Inc.)

Assassin’s Creed 1 (HKLM-x32…Uplay Install 82) (Version:  – Ubisoft)

Assassin’s Creed Brotherhood (HKLM-x32…Uplay Install 26) (Version:  – Ubisoft)

Assassin’s Creed Chronicles China (HKLM-x32…Uplay Install 1651) (Version:  – Ubisoft)

Assassin’s Creed Chronicles India (HKLM-x32…Uplay Install 1847) (Version:  – Ubisoft)

Assassins Creed Chronicles Russia (HKLM-x32…Uplay Install 1848) (Version:  – Ubisoft)

Assassin’s Creed II (HKLM-x32…Uplay Install 4) (Version:  – Ubisoft)

Assassin’s Creed III (HKLM-x32…Uplay Install 54) (Version:  – Ubisoft)

Assassin’s Creed III Remastered (HKLM-x32…Uplay Install 5183) (Version:  – Ubisoft)

Assassin’s Creed IV Black Flag (HKLM-x32…Uplay Install 273) (Version:  – Ubisoft)

Assassin’s Creed Liberation HD (HKLM-x32…Uplay Install 625) (Version:  – Ubisoft)

Assassin’s Creed Odyssey (HKLM-x32…Uplay Install 5059) (Version:  – Ubisoft)

Assassin’s Creed Origins (HKLM-x32…Uplay Install 3539) (Version:  – Ubisoft)

Assassin’s Creed Revelations (HKLM-x32…Uplay Install 40) (Version:  – Ubisoft)

Assassin’s Creed Rogue (HKLM-x32…Uplay Install 895) (Version:  – Ubisoft)

Assassin’s Creed Syndicate (HKLM-x32…Uplay Install 1875) (Version:  – Ubisoft)

Assassin’s Creed Unity (HKLM-x32…Uplay Install 720) (Version:  – Ubisoft)

Branding64 (HKLM…{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 – Advanced Micro Devices, Inc.) Hidden

Citra (HKUS-1-5-21-1783447242-3632329100-3797296807-1001…{b60c776a-c4ae-48d2-b1a2-681879a3ec82}) (Version: 1.0.0 – Citra Team)

Discord (HKUS-1-5-21-1783447242-3632329100-3797296807-1001…Discord) (Version: 0.0.309 – Discord Inc.)

Elgato Game Capture HD (HKLM…{012C3D17-E621-4146-85C9-099B72C2AD67}) (Version: 3.70.51.3051 – Elgato Systems GmbH)

Elgato Stream Deck (HKLM…{06CA3675-CA3D-4CE9-9917-9604F5A34940}) (Version: 5.0.1.14252 – Elgato Systems GmbH)

Epic Games Launcher (HKLM-x32…{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 – Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM…{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

Epic Online Services (HKLM-x32…{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 – Epic Games, Inc.)

Game Capture HD60 v2.1.1.5 (HKLM-x32…Software_Elgato_Game Capture HD60) (Version: 2.1.1.5 – Elgato Systems)

Google Chrome (HKLM-x32…Google Chrome) (Version: 93.0.4577.82 – Google LLC)

Intel® C++ Redistributables on Intel® 64 (HKLM-x32…{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 – Intel Corporation)

Launcher Prerequisites (x64) (HKLM-x32…{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

Malwarebytes version 4.4.6.132 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 – Malwarebytes)

Maxon Cinema 4D 22 (HKLM…Maxon Cinema 4D S22) (Version: S22 – Maxon)

Microsoft 365 Apps for enterprise – en-us (HKLM…O365ProPlusRetail – en-us) (Version: 16.0.14326.20404 – Microsoft Corporation)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 93.0.961.52 – Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 93.0.961.52 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-1783447242-3632329100-3797296807-1001…OneDriveSetup.exe) (Version: 21.170.0822.0002 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40664 (HKLM-x32…{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40664 (HKLM-x32…{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29334 (HKLM-x32…{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.28.29334 (HKLM-x32…{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 – Microsoft Corporation)

Minecraft Launcher (HKLM-x32…{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 – Mojang)

OBS Studio (HKLM-x32…OBS Studio) (Version: 25.0.8 – OBS Project)

Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM…{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 – Microsoft Corporation) Hidden

Project64 version 3.0.1.5664 (HKLM-x32…{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 3.0.1.5664 – )

PunkBuster Services (HKLM-x32…PunkBusterSvc) (Version: 0.991 – Even Balance, Inc.)

Razer Synapse (HKLM-x32…{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.34 – Razer Inc.)

REAPER (x64) (HKLM…REAPER) (Version:  – )

Roblox Player for micha (HKUS-1-5-21-1783447242-3632329100-3797296807-1001…roblox-player) (Version:  – Roblox Corporation)

Screen Recorder Launcher (HKUS-1-5-21-1783447242-3632329100-3797296807-1001…ScreenRecorderLauncher) (Version: v2.9.3vo – )

Soundly (HKLM…Soundly) (Version:  – “Soundly”)

Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)

Streamlabs OBS (HKLM…29c4619-0385-5543-9426-46f9987161d9) (Version: 0.22.3 – General Workings, Inc.)

Teams Machine-Wide Installer (HKLM-x32…{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.4167 – Microsoft Corporation)

Twitch (HKUS-1-5-21-1783447242-3632329100-3797296807-1001…{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 – Twitch Interactive, Inc.)

Ubisoft Connect (HKLM-x32…Uplay) (Version: 111.0 – Ubisoft)

UXP WebView Support (HKLM-x32…UXPW_1_1_0) (Version: 1.1.0 – Adobe Inc.)

vJoy Device Driver 0.2.0.5 (HKLM…{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.0.5 – Shaul Eizikovich)

VLC media player (HKLM…VLC media player) (Version: 3.0.11 – VideoLAN)

VMware Horizon Client (HKLM…{48F41C97-B35C-4B53-93A4-7A2E44ACDA58}) (Version: 8.1.0.15949 – VMware, Inc.) Hidden

VMware Horizon Client (HKLM-x32…{ebadfcf5-e497-433f-8719-85458774974f}) (Version: 8.1.0.15949 – VMware, Inc.)

VMware Horizon HTML5 Multimedia Redirection Client (HKLM…{EAB951C4-8E94-4697-8CC7-CEF74732F7D8}) (Version: 8.1.0 – VMware, Inc.) Hidden

VMware Horizon Media Engine 11.0.0.614 (64-bit) (HKLM…{9F301D31-1EC9-4477-A8A5-E7A98DA92594}) (Version: 11.0.0.614 – VMware, Inc.) Hidden

VMware Horizon Media Redirection for Microsoft Teams (HKLM…{88BC38FA-39E3-4370-9B7F-CDDCE50598C9}) (Version: 8.1.0 – VMware, Inc.) Hidden

Voicemod (HKLM…{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.18.0.2 – Voicemod S.L.)

Wii U USB GCN adapter version 3.2.1 (HKLM-x32…{B3898604-95BA-4EBA-A8D7-C4C2BDC2712A}_is1) (Version: 3.2.1 – Matt Cunningham)

Zoom (HKUS-1-5-21-1783447242-3632329100-3797296807-1001…ZoomUMX) (Version: 5.2.1 (44052.0816) – Zoom Video Communications, Inc.)

 

Packages:

=========

Adobe Notification Client -> C:Program FilesWindowsAppsAdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-13] (Adobe Systems Incorporated)

Candy Crush Friends -> C:Program FilesWindowsAppsking.com.CandyCrushFriends_1.64.3.0_x86__kgqvnymyfvs32 [2021-09-19] (king.com)

Farm Heroes Saga -> C:Program FilesWindowsAppsking.com.FarmHeroesSaga_5.66.3.0_x86__kgqvnymyfvs32 [2021-09-08] (king.com)

HP Smart -> C:Program FilesWindowsAppsAD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-08-22] (HP Inc.)

iTunes -> C:Program FilesWindowsAppsAppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa [2021-08-12] (Apple Inc.) [Startup Task]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-23] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-07] (Microsoft Studios) [MS Ad]

Netflix -> C:Program FilesWindowsApps4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-10-15] (Netflix, Inc.)

Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-04-05] (Microsoft Corporation)

Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0 [2021-09-04] (Spotify AB) [Startup Task]

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKUS-1-5-21-1783447242-3632329100-3797296807-1001_ClassesCLSID{0047ADBE-9F73-CAFE-3A65-ACE857BB2020}localserver32 -> C:Program FilesAdobeElements 2020 OrganizerElements Auto Creations 2020.exe (Adobe Inc. -> Adobe Systems Incorporated)

CustomCLSID: HKUS-1-5-21-1783447242-3632329100-3797296807-1001_ClassesCLSID{0E270DAA-1BE6-48F2-AC49-A97EDFB40885} -> [Creative Cloud Files] => C:UsersmichaCreative Cloud Files [2020-07-18 14:46]

CustomCLSID: HKUS-1-5-21-1783447242-3632329100-3797296807-1001_ClassesCLSID{2F81B25E-7507-4844-BFF2-77D2CC24CED4}localserver32 -> C:Program FilesAdobeAdobe Creative CloudACCCreative Cloud.exe (Adobe Inc. -> Adobe Inc.)

CustomCLSID: HKUS-1-5-21-1783447242-3632329100-3797296807-1001_ClassesCLSID{e8c77137-e224-5791-b6e9-ff0305797a13}InprocServer32 -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)

ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )

ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )

ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-09-20] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:Program FilesAMDCNextCNextatiacm64.dll [2020-05-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-09-20] (Malwarebytes Corporation -> Malwarebytes)

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

==================== Loaded Modules (Whitelisted) =============

 

2019-07-18 11:30 – 2019-07-18 11:30 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 003567616 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll

2018-03-13 04:47 – 2018-03-13 04:47 – 000912896 _____ () [File not signed] C:Program FilesAMDPerformance Profile Clientaws-cpp-sdk-core.dll

2018-03-13 04:47 – 2018-03-13 04:47 – 003109888 _____ () [File not signed] C:Program FilesAMDPerformance Profile Clientaws-cpp-sdk-s3.dll

2015-02-19 01:13 – 2015-02-19 01:13 – 000817152 _____ () [File not signed] C:Program FilesAMDPerformance Profile ClientDevice.dll

2015-02-19 01:13 – 2015-02-19 01:13 – 003650560 _____ () [File not signed] C:Program FilesAMDPerformance Profile ClientPlatform.dll

2021-04-14 10:46 – 2021-04-14 10:46 – 000038400 _____ () [File not signed] C:Program FilesElgatoStreamDeckgiflib5.dll

2021-04-14 10:46 – 2021-04-14 10:46 – 000098816 _____ () [File not signed] C:Program FilesElgatoStreamDeckQtZeroConf.dll

2021-04-14 10:46 – 2021-04-14 10:46 – 000720384 _____ () [File not signed] C:Program FilesElgatoStreamDeckturbojpeg.dll

2020-05-15 15:24 – 2020-05-15 15:24 – 001518592 _____ (Advanced Micro Devices, Inc.) [File not signed] C:Program FilesAMDWVROpenVRbinwin64driver_amdwvr.dll

2020-12-03 10:59 – 2020-12-03 10:59 – 000193024 _____ (Elgato Systems GmbH) [File not signed] C:Program FilesElgatoGameCaptureEGCAPILite.dll

2020-12-03 10:37 – 2020-12-03 10:37 – 001029632 _____ (Elgato Systems GmbH) [File not signed] C:Program FilesElgatoSoundCaptureElgatoVAD_Router.dll

2021-04-14 10:46 – 2021-04-14 10:46 – 001742848 _____ (SQLite Development Team) [File not signed] C:Program FilesElgatoStreamDecksqlite3.dll

2021-08-31 12:56 – 2021-08-04 10:51 – 003000832 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:UsersmichaAppDataRoamingElgatoStreamDeckPluginsnet.voicemod.windowsdesktop.sdPluginlibcrypto-1_1-x64.dll

2021-04-14 10:46 – 2021-04-14 10:46 – 002696704 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:Program FilesElgatoStreamDecklibcrypto-1_1-x64.dll

2021-04-14 10:46 – 2021-04-14 10:46 – 000642560 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:Program FilesElgatoStreamDecklibssl-1_1-x64.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqgif.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000039424 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqicns.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqico.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000413696 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqjpeg.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqsvg.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqtga.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000023552 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwbmp.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000519168 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwebp.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 001431040 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsplatformsqwindows.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 001180672 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginssqldriversqsqlite.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000135680 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsstylesqwindowsvistastyle.dll

2020-05-15 15:34 – 2020-05-15 15:34 – 006010880 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 006345216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 001078272 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000313856 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 004000256 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 003802624 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000171008 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickControls2.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 001083904 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickTemplates2.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000205312 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Sql.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000329728 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000113152 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000376320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 092323328 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 005560832 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000463360 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000188416 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 002888704 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000053760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000017408 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000287232 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControls.2qtquickcontrols2plugin.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000329216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000136192 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000089088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000312320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickTemplates.2qtquicktemplates2plugin.dll

2019-07-18 11:30 – 2019-07-18 11:30 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll

2020-05-15 15:34 – 2020-05-15 15:34 – 000085504 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtWebEngineqtwebengineplugin.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

 

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

HKUS-1-5-21-1783447242-3632329100-3797296807-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

SearchScopes: HKUS-1-5-21-1783447242-3632329100-3797296807-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootOffice16OCHelper.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKUS-1-5-21-1783447242-3632329100-3797296807-1001…sharepoint.com -> hxxps://tu-files.sharepoint.com

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-03-19 00:49 – 2021-01-25 13:29 – 000000876 _____ C:WINDOWSsystem32driversetchosts

127.0.0.1 view-localhost # view localhost server

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> %INTEL_DEV_REDIST%redistintel64compiler;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH

HKUS-1-5-21-1783447242-3632329100-3797296807-1001Control PanelDesktop\Wallpaper -> C:UsersmichaOneDrivePicturesSaved PicturesXenoblade 2 Background.jpg

DNS Servers: 75.75.75.75 – 75.75.76.76

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [UDP Query User{6F1BEFDE-271C-406A-809D-74284FB0B85A}C:saoimageds9ds9.exe] => (Allow) C:saoimageds9ds9.exe (Smithsonian Astrophysical Observatory) [File not signed]

FirewallRules: [TCP Query User{8CE1BF35-E863-4500-A1C3-55B9226A1B6A}C:saoimageds9ds9.exe] => (Allow) C:saoimageds9ds9.exe (Smithsonian Astrophysical Observatory) [File not signed]

FirewallRules: [UDP Query User{2DA89F1C-58FF-46CC-947E-7FD5DF2313FC}C:program files (x86)ubisoftubisoft game launchergamesassassin’s creed iii remasteredaciii.exe] => (Allow) C:program files (x86)ubisoftubisoft game launchergamesassassin’s creed iii remasteredaciii.exe (Ubisoft Entertainment -> )

FirewallRules: [TCP Query User{4C13554D-AE6F-425E-A4ED-9887803F76EF}C:program files (x86)ubisoftubisoft game launchergamesassassin’s creed iii remasteredaciii.exe] => (Allow) C:program files (x86)ubisoftubisoft game launchergamesassassin’s creed iii remasteredaciii.exe (Ubisoft Entertainment -> )

FirewallRules: [UDP Query User{FB77707E-D15D-4307-8875-AA0DD4A5D906}C:usersmichaappdataroamingzoombinzoom.exe] => (Allow) C:usersmichaappdataroamingzoombinzoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [TCP Query User{9879E922-8CFA-4F29-8065-C0323BFCB554}C:usersmichaappdataroamingzoombinzoom.exe] => (Allow) C:usersmichaappdataroamingzoombinzoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{48E07D6D-D855-4E32-8421-32D06216783B}] => (Allow) C:Program Files (x86)VMwareVMware Horizon View Clientx64vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [{53AABF08-50BE-4B3E-86BF-7FC5C05E9DE3}] => (Allow) C:Program Files (x86)VMwareVMware Horizon View Clientx64vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [{F0F8DB59-E183-4D11-BD60-CB785E660FE1}] => (Allow) C:Program Files (x86)VMwareVMware Horizon View Clientx64vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [{2A8AFDB9-4CDA-44C1-AA03-F6C6A63D97BC}] => (Allow) C:Program Files (x86)VMwareVMware Horizon View Clientx64vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [{B01A4058-97EC-40AD-B6C7-9C171118B6BD}] => (Allow) C:Program Files (x86)VMwareVMware Horizon View Clientx64vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [{2B4D3BB7-CA7E-4FE7-BB5E-D364D89A1A9F}] => (Allow) C:Program Files (x86)VMwareVMware Horizon View Clientx64vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [{9BF87878-F69C-46BE-9CED-48DA32122B19}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed RogueACC.exe (UBISOFT ENTERTAINMENT INC. -> )

FirewallRules: [{D6389A09-8F3C-46E8-BA48-B988F3CE8404}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed RogueACC.exe (UBISOFT ENTERTAINMENT INC. -> )

FirewallRules: [{72156377-C204-47A7-B68F-B00429D95A9C}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed IV Black FlagAC4BFMP.exe (Ubisoft Entertainment SA -> )

FirewallRules: [{92783198-05FC-416A-A9BD-3BD07671EB8C}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed IV Black FlagAC4BFMP.exe (Ubisoft Entertainment SA -> )

FirewallRules: [{8327B389-E2C4-4AE7-BEF1-06AB01A66B91}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed IV Black FlagAC4BFSP.exe (Ubisoft Entertainment -> )

FirewallRules: [{6CC90182-D5E5-4FA6-B58B-63193E386685}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed IV Black FlagAC4BFSP.exe (Ubisoft Entertainment -> )

FirewallRules: [{FE6AAA71-E52F-4309-87EA-84FFE65F5FC1}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed Liberation HDac3lhd_64.exe => No File

FirewallRules: [{1A6CEAF9-3547-4DBE-AD45-8135A20857B9}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed Liberation HDac3lhd_32.exe (Ubisoft Entertainment SA -> )

FirewallRules: [{D07E432C-A8D1-483E-AC12-1EB70398FA24}] => (Allow) C:WindowsSysWOW64PnkBstrB.exe (Even Balance, Inc. -> )

FirewallRules: [{BCD1B800-BD95-41C0-AE0B-2582150CD206}] => (Allow) C:WindowsSysWOW64PnkBstrB.exe (Even Balance, Inc. -> )

FirewallRules: [{A477D42C-6229-41CE-8633-70FB53EFF812}] => (Allow) C:WindowsSysWOW64PnkBstrA.exe (Even Balance, Inc. -> )

FirewallRules: [{87741EFB-8658-4867-8AA5-6B77ED9E6454}] => (Allow) C:WindowsSysWOW64PnkBstrA.exe (Even Balance, Inc. -> )

FirewallRules: [{FC3F6189-183F-4FF7-BD03-F8FC86FDA985}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed IIIAC3MP.exe (Ubisoft Entertainment SA -> )

FirewallRules: [{602DF738-0EAA-4EB0-A351-6A09885BF19F}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed IIIAC3MP.exe (Ubisoft Entertainment SA -> )

FirewallRules: [{98CB6294-17EA-4970-A7D7-677CD7006D4C}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed IIIAC3SP.exe (Ubisoft Entertainment -> )

FirewallRules: [{6D836CA7-B20E-40C9-A434-F1DB373C4C14}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed IIIAC3SP.exe (Ubisoft Entertainment -> )

FirewallRules: [{8F11D970-3A5C-47E1-B3C5-812D0E996F85}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed RevelationsACRMP.exe (UBISOFT ENTERTAINMENT INC. -> )

FirewallRules: [{2A97EDAA-7F94-4B1A-80F3-02436FE44E45}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed RevelationsACRMP.exe (UBISOFT ENTERTAINMENT INC. -> )

FirewallRules: [{FF6A78F9-8E4F-46DA-92D1-EC80A1278216}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed RevelationsACRPR.exe (Ubisoft Entertainment -> )

FirewallRules: [{FC776B80-AA96-41BD-AA41-17B5FB952BDB}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed RevelationsACRPR.exe (Ubisoft Entertainment -> )

FirewallRules: [{E7327166-89FF-4743-9538-93759C4964B8}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed RevelationsACRSP.exe (Ubisoft Entertainment -> )

FirewallRules: [{F221D0FB-4CFF-43D6-A170-86DD8767FA7C}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed RevelationsACRSP.exe (Ubisoft Entertainment -> )

FirewallRules: [{578331B4-DD4B-4780-B0D1-08D91608CBDC}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{9D23715E-2828-401D-88BF-A43CD6C7D0DA}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [UDP Query User{796965A7-2CCC-4F2B-A6D0-AFF9E2B2AF3D}C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe

FirewallRules: [TCP Query User{EEAE7364-6EF4-4972-90D1-D60EEF82AAE5}C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe

FirewallRules: [{2EAAF62D-8DC6-48CE-9AE4-3428592D8E68}] => (Allow) C:Program Files (x86)SteamsteamappscommonAmong UsAmong Us.exe () [File not signed]

FirewallRules: [{BDDD44DC-615F-4008-9115-27DC4FA7AABA}] => (Allow) C:Program Files (x86)SteamsteamappscommonAmong UsAmong Us.exe () [File not signed]

FirewallRules: [{040FFB76-8F6D-43E2-B211-2F3AB9F3318C}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe => No File

FirewallRules: [{798F6024-FF73-407E-BE66-159998798BB0}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe => No File

FirewallRules: [{3AB10AE9-94C8-4511-BCEA-D71B9936DE48}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [{5F864F1D-419F-4D86-825D-00BE219130B1}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [{93D7720D-D203-4A15-8CFE-D8AC4958C7EF}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed IIAssassinsCreedIIGame.exe (Ubisoft Entertainment -> )

FirewallRules: [{1ADA544E-EAF5-4524-8F36-77B2452F8028}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed IIAssassinsCreedIIGame.exe (Ubisoft Entertainment -> )

FirewallRules: [{FE94D6C9-4BC0-4847-9099-5D125DA29372}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed 1AssassinsCreed_Dx10.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

FirewallRules: [{70226BA7-42AA-47F8-B6A7-C7A8792C6C22}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed 1AssassinsCreed_Dx10.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

FirewallRules: [{489AC947-56D3-47E7-A211-B302D1448188}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed 1AssassinsCreed_Dx9.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

FirewallRules: [{ADE6CD4C-23B6-4BBA-A9B2-F13C23E9F894}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed 1AssassinsCreed_Dx9.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

FirewallRules: [{CF715B64-814D-4446-B446-27E7E36F0D07}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed 1AssassinsCreed_Game.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

FirewallRules: [{16C29AE9-0701-4006-9B92-5C412EA81B5C}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed 1AssassinsCreed_Game.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

FirewallRules: [{6A5F3A27-C82E-47CB-861A-9FBACDF06C7E}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed UnityACU.exe (UBISOFT ENTERTAINMENT INC. -> )

FirewallRules: [{E144B0AD-C0B4-454F-A17B-0C1D452BC2BE}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed UnityACU.exe (UBISOFT ENTERTAINMENT INC. -> )

FirewallRules: [{03EB8245-9A21-4303-A7F5-1126BB69E248}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed BrotherhoodACBMP.exe (UBISOFT ENTERTAINMENT INC. -> )

FirewallRules: [{EBDF012E-9B99-4BC8-8EA7-E951FADDED32}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed BrotherhoodACBMP.exe (UBISOFT ENTERTAINMENT INC. -> )

FirewallRules: [{69AE1A91-B749-441F-8EDA-CF3830E9CEB0}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed BrotherhoodACBSP.exe (Ubisoft Entertainment -> )

FirewallRules: [{F71B4DA3-2D11-451F-97DE-ADF6E61EDEC2}] => (Allow) C:Program Files (x86)UbisoftUbisoft Game LaunchergamesAssassin’s Creed BrotherhoodACBSP.exe (Ubisoft Entertainment -> )

FirewallRules: [{D59B3E9B-4F84-4801-8037-7D900D1D8F38}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{67BB14BD-5687-4E8C-94E2-3C80A0C066EB}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{E9AAE317-0FAC-43C1-8EDC-FA1C0B9255AA}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{62891FC5-E293-4E60-87EF-B26114F10241}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{CA51C547-FD14-4EA4-9A1E-58FA7D3FCC12}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{1F25390A-04B6-4F9A-B52E-822CB06A0A68}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{5AE9FBA8-90A9-4717-B53B-DE45D1E3A7E1}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{EF1A317E-628F-498A-9C60-ECD8B934EB7E}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{E1E8C3AC-4E9B-4F2F-9ADF-5CE46041E77E}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{60B7710F-416A-4F78-97A3-0A3D3C3D37DC}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{3B951569-3A53-4D03-8BF2-908EBEBAFDB4}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{E6FF32F0-904B-43A6-9A15-87481D40E8ED}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{340FA258-3068-432B-A21C-818B2607BECA}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{217D10D0-CF8F-41D1-942A-0E6F927FB046}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{23C17A77-D487-4094-9789-0B6C5C4E7527}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{3F14B5FA-9F40-42F8-A40D-3D9A95E00FA7}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{15E4B62F-2385-4A8C-8939-67008F0D2F14}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{84A07B5C-FD30-4FCA-8549-B5BCDE1F07F0}] => (Allow) C:Program FilesElgatoStreamDeckStreamDeck.exe (Corsair Memory, Inc. -> Corsair Memory, Inc)

FirewallRules: [{D0BD3F9E-1C86-4E25-819D-0594FDBC97D2}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{25942C7E-412E-4CDA-9A58-05BC7CDD2165}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{861B8A04-00AD-4104-90AB-CAC1B9C70465}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{420365F7-BF2D-47AD-B835-474ED7F0E1EB}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{5DC832E2-1F48-4370-86EC-D4FAFEA4D36E}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{6A52A7E5-FFF6-49CA-8BC2-2EA638A107A2}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{0CF7A645-BDFA-4078-B8CC-D1C5DCD3C5DF}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{AF902AEA-668E-4AB6-AD64-95035C12DD8F}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{5BFE5E65-DE01-4340-B4CC-A622B2DE1255}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{963B0169-F2A5-4B53-9793-F6A112F341AD}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication93.0.961.52msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

 

==================== Restore Points =========================

 

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (09/20/2021 12:44:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamtray.exe, version: 4.0.0.1117, time stamp: 0x61321f0b

Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce

Exception code: 0xc0000005

Fault offset: 0x0000000000219dc5

Faulting process id: 0x1b34

Faulting application start time: 0x01d7ae3e078fb248

Faulting application path: C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

Faulting module path: C:Program FilesMalwarebytesAnti-MalwareQt5Core.dll

Report Id: 0c0e3e88-b7b8-438a-a545-cfd1ad426f9f

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (09/20/2021 12:58:05 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ftnlsv.exe, version: 3.3.10.0, time stamp: 0x5fa14984

Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac

Exception code: 0xc0000409

Fault offset: 0x000000000008c56f

Faulting process id: 0xd80

Faulting application start time: 0x01d7add08383e805

Faulting application path: C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnlsv.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: 83885016-2a26-4203-ad1c-2a2a5d332190

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (09/19/2021 10:50:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ftnlsv.exe, version: 3.3.10.0, time stamp: 0x5fa14984

Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac

Exception code: 0xc0000409

Fault offset: 0x000000000008c56f

Faulting process id: 0x1a04

Faulting application start time: 0x01d7ad871131abdd

Faulting application path: C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnlsv.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: d9f28407-68e5-4943-8a87-9d934bc1192b

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (09/19/2021 02:49:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ftnlsv.exe, version: 3.3.10.0, time stamp: 0x5fa14984

Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac

Exception code: 0xc0000409

Fault offset: 0x000000000008c56f

Faulting process id: 0x498

Faulting application start time: 0x01d7ac51a7215386

Faulting application path: C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnlsv.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: e3f6974e-f75d-4d6e-96fe-f0808bcd2ee2

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (09/18/2021 01:54:31 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ftnlsv.exe, version: 3.3.10.0, time stamp: 0x5fa14984

Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac

Exception code: 0xc0000409

Fault offset: 0x000000000008c56f

Faulting process id: 0x39a4

Faulting application start time: 0x01d7ac0e7a710c18

Faulting application path: C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnlsv.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: 7187a0f1-1180-4f67-866f-d4cb731b72c6

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (09/17/2021 05:53:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ftnlsv.exe, version: 3.3.10.0, time stamp: 0x5fa14984

Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0x4f115fac

Exception code: 0xc0000409

Fault offset: 0x000000000008c56f

Faulting process id: 0xd8c

Faulting application start time: 0x01d7abd76a36608d

Faulting application path: C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnlsv.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: 5c11acea-f0f2-4c9c-a61d-ca22a7175cbe

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (09/01/2021 04:07:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ftnlsv.exe, version: 3.3.10.0, time stamp: 0x5fa14984

Faulting module name: ntdll.dll, version: 10.0.19041.1110, time stamp: 0xe7a22463

Exception code: 0xc0000409

Fault offset: 0x000000000008c57f

Faulting process id: 0xe80

Faulting application start time: 0x01d79edaef8fb4fd

Faulting application path: C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnlsv.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: f92853f9-a8d0-44e2-adfe-bd0fe8910014

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (08/31/2021 10:41:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ftnlsv.exe, version: 3.3.10.0, time stamp: 0x5fa14984

Faulting module name: ntdll.dll, version: 10.0.19041.1110, time stamp: 0xe7a22463

Exception code: 0xc0000409

Fault offset: 0x000000000008c57f

Faulting process id: 0x2a74

Faulting application start time: 0x01d79e18cc4efada

Faulting application path: C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnlsv.exe

Faulting module path: C:WINDOWSSYSTEM32ntdll.dll

Report Id: be8b1dda-5b15-4f24-aced-9dbb007fb250

Faulting package full name: 

Faulting package-relative application ID:

 

 

System errors:

=============

Error: (09/20/2021 01:06:54 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JMGEQHM)

Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (09/20/2021 01:06:35 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error “1084” attempting to start the service netprofm with arguments “Unavailable” in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (09/20/2021 01:06:27 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JMGEQHM)

Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (09/20/2021 01:06:20 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JMGEQHM)

Description: DCOM got error “1084” attempting to start the service TokenBroker with arguments “Unavailable” in order to run the server:

Windows.Internal.Security.Authentication.Web.TokenBrokerInternal

 

Error: (09/20/2021 01:06:05 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error “1084” attempting to start the service netprofm with arguments “Unavailable” in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (09/20/2021 01:05:35 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error “1084” attempting to start the service netprofm with arguments “Unavailable” in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (09/20/2021 01:05:05 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error “1084” attempting to start the service netprofm with arguments “Unavailable” in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (09/20/2021 01:04:36 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error “1084” attempting to start the service WSearch with arguments “Unavailable” in order to run the server:

{9E175B68-F52A-11D8-B9A5-505054503030}

 

 

Windows Defender:

================

Date: 2021-09-19 23:07:17

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Program:Win32/Contebrew.A!ml

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe; webfile:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe|https://s3.tebi.io/kanfi-web-fa/stub/YoutubeDownloaderInstallation.exe|pid:11992,ProcessStart:132743025430734466; webfile:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe|https://s3.tebi.io/kanfi-web-fa/stub/YoutubeDownloaderInstallation.exe|pid:2016,ProcessStart:132765807760504459; webfile:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe|https://s3.tebi.io/kanfi-web-fa/stub/YoutubeDownloaderInstallation.exe|pid:5580,ProcessStart:132765808364757346

Detection Origin: Internet

Detection Type: FastPath

Detection Source: Downloads and attachments

Process Name: C:Windowsexplorer.exe

Security intelligence Version: AV: 1.349.1037.0, AS: 1.349.1037.0, NIS: 1.349.1037.0

Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10

 

Date: 2021-09-19 23:06:55

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Program:Win32/Contebrew.A!ml

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe; webfile:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe|https://s3.tebi.io/kanfi-web-fa/stub/YoutubeDownloaderInstallation.exe|pid:11992,ProcessStart:132743025430734466; webfile:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe|https://s3.tebi.io/kanfi-web-fa/stub/YoutubeDownloaderInstallation.exe|pid:2016,ProcessStart:132765807760504459

Detection Origin: Internet

Detection Type: FastPath

Detection Source: Downloads and attachments

Process Name: C:Windowsexplorer.exe

Security intelligence Version: AV: 1.349.1037.0, AS: 1.349.1037.0, NIS: 1.349.1037.0

Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10

 

Date: 2021-09-19 23:06:20

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Program:Win32/Contebrew.A!ml

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe; webfile:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe|https://s3.tebi.io/kanfi-web-fa/stub/YoutubeDownloaderInstallation.exe|pid:11992,ProcessStart:132743025430734466; webfile:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe|https://s3.tebi.io/kanfi-web-fa/stub/YoutubeDownloaderInstallation.exe|pid:2016,ProcessStart:132765807760504459

Detection Origin: Internet

Detection Type: FastPath

Detection Source: Downloads and attachments

Process Name: C:WindowsSystem32svchost.exe

Security intelligence Version: AV: 1.349.1037.0, AS: 1.349.1037.0, NIS: 1.349.1037.0

Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10

 

Date: 2021-09-19 23:06:20

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Program:Win32/Contebrew.A!ml

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe; webfile:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe|https://s3.tebi.io/kanfi-web-fa/stub/YoutubeDownloaderInstallation.exe|pid:11992,ProcessStart:132743025430734466; webfile:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe|https://s3.tebi.io/kanfi-web-fa/stub/YoutubeDownloaderInstallation.exe|pid:2016,ProcessStart:132765807760504459

Detection Origin: Internet

Detection Type: FastPath

Detection Source: Downloads and attachments

Process Name: C:Program Files (x86)GoogleChromeApplicationchrome.exe

Security intelligence Version: AV: 1.349.1037.0, AS: 1.349.1037.0, NIS: 1.349.1037.0

Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10

 

Date: 2021-09-19 23:06:18

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Program:Win32/Contebrew.A!ml

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe; webfile:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe|https://s3.tebi.io/kanfi-web-fa/stub/YoutubeDownloaderInstallation.exe|pid:11992,ProcessStart:132743025430734466; webfile:_C:UsersmichaDownloadsYoutubeDownloader Installation.exe|https://s3.tebi.io/kanfi-web-fa/stub/YoutubeDownloaderInstallation.exe|pid:2016,ProcessStart:132765807760504459

Detection Origin: Internet

Detection Type: FastPath

Detection Source: Downloads and attachments

Process Name: C:Windowsexplorer.exe

Security intelligence Version: AV: 1.349.1037.0, AS: 1.349.1037.0, NIS: 1.349.1037.0

Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10

 

Date: 2021-09-20 13:02:07

Description: 

Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode 

Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

Date: 2021-09-20 12:58:26

Description: 

Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode 

Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

CodeIntegrity:

===============

Date: 2021-08-05 09:21:27

Description: 

Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32aepic.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. F5 03/14/2016

Motherboard: Gigabyte Technology Co., Ltd. H170-Gaming 3

Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz

Percentage of memory in use: 33%

Total physical RAM: 16335.92 MB

Available physical RAM: 10941.42 MB

Total Virtual: 18767.92 MB

Available Virtual: 9508.63 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.19 GB) (Free:14.29 GB) NTFS

 

\?Volume{fdcb4cc6-0000-0000-0000-100000000000} (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.11 GB) NTFS

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: FDCB4CC6)

Partition 1: (Active) – (Size=579 MB) – (Type=07 NTFS)

Partition 2: (Not Active) – (Size=465.2 GB) – (Type=07 NTFS)

 

==================== End of Addition.txt =======================


https://www.bleepingcomputer.com/forums/t/758725/constant-virus-notifications/

Erlando F Rasatro

Next Post

Video game consoles and smartphones will be harder to find this holiday season

Tue Mar 15 , 2022
In the six weeks leading up to Christmas, some of Apple’s biggest new products — including certain iPhone 13 models, some newer iPads and AirPods — are experiencing delays well into December, depending on model type, colors and the shopper’s location, according to analysts and online checks conducted by CNN […]