Sabsik Trojan virus – Virus, Trojan, Spyware, and Malware Removal Help

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2021

Ran by User (08-12-2021 15:57:51)

Running from C:UsersUserDesktop

Microsoft Windows 10 Home Version 21H2 19044.1348 (X64) (2021-11-05 22:22:45)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-385135449-394030211-517703415-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-385135449-394030211-517703415-503 – Limited – Disabled)

Guest (S-1-5-21-385135449-394030211-517703415-501 – Limited – Disabled)

katie (S-1-5-21-385135449-394030211-517703415-1003 – Limited – Enabled) => C:Userskatie

User (S-1-5-21-385135449-394030211-517703415-1002 – Administrator – Enabled) => C:UsersUser

WDAGUtilityAccount (S-1-5-21-385135449-394030211-517703415-504 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

CCleaner (HKLM…CCleaner) (Version: 5.87 – Piriform)

Dolby Atmos Windows API SDK (HKLM…{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 – Dolby Laboratories, Inc.)

Dolby Atmos Windows API SDK (HKLM…{9CA4B078-7AD1-4B2D-BF5F-2E640A86035B}) (Version: 1.1.6.31 – Dolby Laboratories, Inc.)

Dolby Atmos Windows APP (HKLM…{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 – Dolby Laboratories, Inc.)

Dolby Atmos Windows APP (HKLM…{A71AABE5-1807-4115-93B1-9626C4DA6452}) (Version: 1.1.6.22 – Dolby Laboratories, Inc.)

Intel® Chipset Device Software (HKLM-x32…{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 – Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM…{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 – Intel Corporation)

Intel® Security Assist (HKLM-x32…{48c15373-d551-45a7-8ba1-70da81efc7e2}) (Version: 5.1.15.312 – Intel Corporation)

Intel® Software Guard Extensions Platform Software (HKLM-x32…ARP_for_prd_SGX_1.7.102.37526) (Version: 1.7.102.37526 – Intel Corporation)

Lenovo Pen Settings Service (HKLM…ISD Tablet Driver) (Version: 7.5.1.31 – Wacom Technology Corp.)

Lenovo Vantage Service (HKLM-x32…VantageSRV_is1) (Version: 3.9.23.0 – Lenovo Group Ltd.)

Lenovo Yoga Mode Control (Inf Install) (HKLM…ACPIVPC) (Version: 15.11.28.173 – Lenovo)

Malwarebytes version 4.4.11.149 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 – Malwarebytes)

Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.14527.20276 – Microsoft Corporation)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 96.0.1054.43 – Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 96.0.1054.43 – Microsoft Corporation)

Microsoft OneDrive (HKU.DEFAULT…OneDriveSetup.exe) (Version: 18.151.0729.0013 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-385135449-394030211-517703415-1002…OneDriveSetup.exe) (Version: 21.220.1024.0005 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM-x32…{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM…{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32…{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.22060 – Microsoft Corporation) Hidden

SUPERAntiSpyware (HKLM…{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 – SUPERAntiSpyware.com)

Tweaking.com – Windows Repair (HKLM-x32…Tweaking.com – Windows Repair) (Version: 4.12.0 – Tweaking.com)

Vulkan Run Time Libraries 1.0.42.0 (HKLM…VulkanRT1.0.42.0) (Version: 1.0.42.0 – LunarG, Inc.)

Windows PC Health Check (HKLM…{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 – Microsoft Corporation)

 

Packages:

=========

HP Smart -> C:Program FilesWindowsAppsAD2F1837.HPPrinterControl_132.5.268.0_x64__v10z8vjag6ke6 [2021-12-08] (HP Inc.)

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-10] (Microsoft Studios) [MS Ad]

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-11-08] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:WINDOWSSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_265ae64a27da8cadigfxDTCM.dll [2018-12-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-11-08] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

==================== Loaded Modules (Whitelisted) =============

 

2021-11-05 15:49 – 2021-11-05 15:49 – 000366592 _____ () [File not signed] C:WINDOWSassemblyNativeImages_v4.0.30319_32Interop.CxHef9fb4ae#4d64907b03893c75b156c78c574c7ffaInterop.CxHDAudioAPILib.ni.dll

2021-11-05 15:49 – 2021-11-05 15:49 – 000018944 _____ () [File not signed] C:WINDOWSassemblyNativeImages_v4.0.30319_32Interop.CxUtilSvcLib5afc08088c053c4522e3570fe8016e01Interop.CxUtilSvcLib.ni.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

 

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalAppXSvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalBFE => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalBITS => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalcamsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalClipSvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimaldps => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimallfsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMpsSvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalmsiserver => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalsemgrsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalSharedAccess => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalshellhwdetection => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTokenBroker => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRemoveSafeBoot => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0001 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0002 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0003 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0004 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0005 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0006 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0007 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0008 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0009 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0010 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0011 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0012 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0013 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0014 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0015 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0016 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0017 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0018 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0019 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0020 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0021 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0022 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0023 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0024 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0025 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0026 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0027 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0028 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0029 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0030 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0031 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0032 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0033 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0034 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0035 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0036 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0037 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0038 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0039 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0040 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0041 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0042 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0043 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0044 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0045 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0046 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0047 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0048 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0049 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0050 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0051 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0052 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0053 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0054 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0055 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0056 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0057 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0058 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0059 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0060 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0061 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0062 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0063 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0064 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0065 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0066 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0067 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0068 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0069 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0070 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0071 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0072 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0073 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0074 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0075 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0076 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0077 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0078 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0079 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0080 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0081 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0082 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0083 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0084 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0085 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0086 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0087 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0088 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0089 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0090 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0091 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0092 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0093 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0094 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0095 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0096 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0097 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0098 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0099 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsSystem0100 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0001 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0002 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0003 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0004 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0005 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0006 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0007 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0008 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0009 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0010 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0011 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0012 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0013 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0014 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0015 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0016 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0017 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0018 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0019 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRunAsTrustedInstaller0020 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalvss => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalWSService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkAppXSvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkBITS => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkcamsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkClipSvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkdps => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworklfsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkmsiserver => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkSamSs => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworksemgrsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkshellhwdetection => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworksrv => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworksrv2 => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworksrvnet => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTokenBroker => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRemoveSafeBoot => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0001 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0002 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0003 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0004 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0005 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0006 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0007 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0008 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0009 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0010 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0011 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0012 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0013 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0014 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0015 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0016 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0017 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0018 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0019 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0020 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0021 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0022 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0023 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0024 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0025 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0026 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0027 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0028 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0029 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0030 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0031 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0032 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0033 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0034 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0035 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0036 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0037 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0038 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0039 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0040 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0041 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0042 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0043 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0044 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0045 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0046 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0047 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0048 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0049 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0050 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0051 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0052 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0053 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0054 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0055 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0056 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0057 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0058 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0059 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0060 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0061 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0062 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0063 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0064 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0065 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0066 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0067 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0068 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0069 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0070 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0071 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0072 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0073 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0074 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0075 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0076 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0077 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0078 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0079 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0080 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0081 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0082 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0083 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0084 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0085 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0086 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0087 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0088 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0089 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0090 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0091 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0092 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0093 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0094 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0095 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0096 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0097 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0098 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0099 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsSystem0100 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0001 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0002 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0003 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0004 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0005 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0006 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0007 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0008 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0009 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0010 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0011 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0012 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0013 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0014 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0015 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0016 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0017 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0018 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0019 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRunAsTrustedInstaller0020 => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkvss => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkWSService => “”=”Service”

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

HKUS-1-5-21-385135449-394030211-517703415-1002SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE

HKUS-1-5-21-385135449-394030211-517703415-1002SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE

HKUS-1-5-21-385135449-394030211-517703415-1002SoftwareMicrosoftInternet ExplorerMain,Secondary Start Pages = hxxp://mystart.lenovo.com

Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-11-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-11-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-11-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-11-10] (Microsoft Corporation -> Microsoft Corporation)

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2017-03-18 15:03 – 2021-11-10 23:22 – 000000855 _____ C:WINDOWSsystem32driversetchosts

127.0.0.1       localhost

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)InteliCLS Client;C:Program FilesInteliCLS Client;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program Files (x86)IntelIntel® Management Engine ComponentsDAL;C:Program FilesIntelIntel® Management Engine ComponentsDAL;C:Program Files (x86)IntelIntel® Management Engine ComponentsIPT;C:Program FilesIntelIntel® Management Engine ComponentsIPT;%SYSTEMROOT%System32OpenSSH

HKUS-1-5-21-385135449-394030211-517703415-1002Control PanelDesktop\Wallpaper -> 

HKUS-1-5-21-385135449-394030211-517703415-1003Control PanelDesktop\Wallpaper -> C:WINDOWSwebwallpaperWindowsimg0.jpg

DNS Servers: 192.168.1.254

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

MSCONFIGServices: !SASCORE => 2

MSCONFIGServices: AESMService => 2

MSCONFIGServices: AtherosSvc => 2

MSCONFIGServices: cphs => 3

MSCONFIGServices: cplspcon => 2

MSCONFIGServices: CxAudMsg => 2

MSCONFIGServices: CxUtilSvc => 2

MSCONFIGServices: Dolby DAX API Service => 2

MSCONFIGServices: esifsvc => 2

MSCONFIGServices: igfxCUIService2.0.0.0 => 2

MSCONFIGServices: ImControllerService => 2

MSCONFIGServices: Intel® Capability Licensing Service TCP IP Interface => 3

MSCONFIGServices: Intel® TechnologyAccessLegacyCSLoader => 2

MSCONFIGServices: Intel® TechnologyAccessService => 2

MSCONFIGServices: Intel® TPM Provisioning Service => 2

MSCONFIGServices: IntelBCAsvc => 2

MSCONFIGServices: isaCHelperSvc => 2

MSCONFIGServices: isaCSvc => 3

MSCONFIGServices: jhi_service => 2

MSCONFIGServices: LenovoVantageService => 2

MSCONFIGServices: LMS => 2

MSCONFIGServices: QcomWlanSrv => 2

MSCONFIGServices: SAService => 2

MSCONFIGServices: WTabletServiceISD => 2

MSCONFIGServices: YMC => 2

MSCONFIGServices: YogaPLService => 2

HKLM…StartupApprovedRun: => “SecurityHealth”

HKLM…StartupApprovedRun: => “APP”

HKUS-1-5-21-385135449-394030211-517703415-1002…StartupApprovedRun: => “OneDrive”

HKUS-1-5-21-385135449-394030211-517703415-1002…StartupApprovedRun: => “CCleaner”

HKUS-1-5-21-385135449-394030211-517703415-1002…StartupApprovedRun: => “CCleaner Smart Cleaning”

HKUS-1-5-21-385135449-394030211-517703415-1002…StartupApprovedRun: => “SUPERAntiSpyware”

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{7AD269CA-CCB7-46F1-ADC8-2686ED6A452A}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{4DF2CE18-9E3B-445D-833C-B1FC9108A0E3}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication96.0.1054.43msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

 

==================== Restore Points =========================

 

04-12-2021 10:47:23 Scheduled Checkpoint

08-12-2021 11:25:03 JRT Pre-Junkware Removal

08-12-2021 11:37:03 Windows Modules Installer

08-12-2021 11:39:47 Windows Modules Installer

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (12/08/2021 03:56:14 PM) (Source: VSS) (EventID: 12289) (User: )

Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\?Volume{cb22aa49-5cfc-4f7f-a97d-dc5a19bb3f78} – 000000000000026C,0x0053c008,00000228DD60A470,0,00000228DD60B4A0,4096,[0]).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Processing EndPrepareSnapshots

 

Context:

   Execution Context: System Provider

 

Error: (12/08/2021 12:26:00 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2002) (User: NT AUTHORITY)

Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

 

Error: (12/08/2021 12:26:00 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NT AUTHORITY)

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

 

Error: (12/08/2021 12:24:45 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:UsersUserAppDataLocalTempjrtCreateRestorePoint.exe  “JRT Pre-Junkware Removal”; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

 

Error: (12/08/2021 12:20:02 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2002) (User: NT AUTHORITY)

Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

 

Error: (12/08/2021 12:20:02 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NT AUTHORITY)

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

 

Error: (12/08/2021 12:17:56 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2002) (User: NT AUTHORITY)

Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

 

Error: (12/08/2021 12:17:56 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NT AUTHORITY)

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

 

 

System errors:

=============

Error: (12/08/2021 03:51:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Media Player Network Sharing Service service terminated with the following error: 

An attempt was made to reference a token that does not exist.

 

Error: (12/08/2021 01:05:04 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error “1084” attempting to start the service EventSystem with arguments “Unavailable” in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (12/08/2021 01:05:04 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error “1084” attempting to start the service EventSystem with arguments “Unavailable” in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (12/08/2021 01:05:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error “1084” attempting to start the service UsoSvc with arguments “Unavailable” in order to run the server:

{B91D5831-B1BD-4608-8198-D72E155020F7}

 

Error: (12/08/2021 01:05:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error “1084” attempting to start the service UsoSvc with arguments “Unavailable” in order to run the server:

{B91D5831-B1BD-4608-8198-D72E155020F7}

 

Error: (12/08/2021 01:05:01 PM) (Source: DCOM) (EventID: 10010) (User: KATIELAPTOP)

Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

 

Error: (12/08/2021 01:05:01 PM) (Source: DCOM) (EventID: 10010) (User: KATIELAPTOP)

Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

 

Error: (12/08/2021 01:05:01 PM) (Source: DCOM) (EventID: 10005) (User: KATIELAPTOP)

Description: DCOM got error “1084” attempting to start the service UsoSvc with arguments “Unavailable” in order to run the server:

{B91D5831-B1BD-4608-8198-D72E155020F7}

 

 

Windows Defender:

================

Date: 2021-12-08 15:56:19

Description: 

Controlled Folder Access blocked C:WindowsSystem32svchost.exe from making changes to memory.

Detection time: 2021-12-08T21:56:19.114Z

Path: DeviceHarddiskVolume1

Process Name: C:WindowsSystem32svchost.exe

Security intelligence Version: 1.353.2283.0

Engine Version: 1.1.18700.4

Product Version: 4.18.2110.6

 

Date: 2021-12-08 11:15:40

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Full Scan

 

Date: 2021-12-08 11:06:31

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Trojan:Script/Sabsik.TE.A!ml

Severity: Severe

Category: Trojan

Path: containerfile:_C:UsersUserDesktopFRST64.exe; file:_C:UsersUserDesktopFRST64.exe->(AutoIT)

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:Windowsexplorer.exe

Security intelligence Version: AV: 1.353.2277.0, AS: 1.353.2277.0, NIS: 1.353.2277.0

Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

 

Date: 2021-12-08 11:06:06

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Trojan:Script/Sabsik.TE.A!ml

Severity: Severe

Category: Trojan

Path: containerfile:_C:UsersUserDesktopFRST64.exe; file:_C:UsersUserDesktopFRST64.exe->(AutoIT)

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:Windowsexplorer.exe

Security intelligence Version: AV: 1.353.2277.0, AS: 1.353.2277.0, NIS: 1.353.2277.0

Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

 

Date: 2021-12-08 11:05:51

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Trojan:Script/Sabsik.TE.A!ml

Severity: Severe

Category: Trojan

Path: containerfile:_C:UsersUserDesktopFRST64.exe; file:_C:UsersUserDesktopFRST64.exe->(AutoIT)

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:Windowsexplorer.exe

Security intelligence Version: AV: 1.353.2277.0, AS: 1.353.2277.0, NIS: 1.353.2277.0

Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Event[0]:

 

Date: 2021-12-08 12:04:55

Description: 

Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode 

Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

Date: 2021-11-11 11:30:13

Description: 

Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode 

Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

Date: 2021-11-10 23:03:54

Description: 

Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode 

Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

Date: 2021-11-10 22:44:50

Description: 

Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode 

Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

Date: 2021-11-10 22:17:18

Description: 

Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode 

Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

CodeIntegrity:

===============

Date: 2021-11-08 16:46:37

Description: 

Code Integrity determined that a process (DeviceHarddiskVolume3Program FilesWindows DefenderMpCmdRun.exe) attempted to load DeviceHarddiskVolume3Program FilesEmsisoft Anti-Malwareeppcom64.dll that did not meet the Microsoft signing level requirements.

 

Date: 2021-11-08 16:46:27

Description: 

Code Integrity determined that a process (DeviceHarddiskVolume3Program FilesEmsisoft Anti-Malwareeppwsc.exe) attempted to load DeviceHarddiskVolume3Program FilesEmsisoft Anti-Malwareeppcom64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

BIOS: LENOVO 5GCN27WW 06/27/2018

Motherboard: LENOVO LNVNB161216

Processor: Intel® Core™ i3-7100U CPU @ 2.40GHz

Percentage of memory in use: 86%

Total physical RAM: 3999.54 MB

Available physical RAM: 541.66 MB

Total Virtual: 6815.54 MB

Available Virtual: 3064.21 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:118 GB) (Free:72.53 GB) NTFS

 

\?Volume{190ff9cd-5249-4d50-a847-15e27e118231} (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS

\?Volume{e57713e7-92d2-4f11-8ef4-d300cc742644} (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (Size: 119.2 GB) (Disk ID: CB67F968)

 

Partition: GPT.

 

==================== End of Addition.txt =======================


https://www.bleepingcomputer.com/forums/t/765044/sabsik-trojan-virus/

Erlando F Rasatro

Next Post

Update those tech gifts before putting them under the tree. Here's how

Wed Apr 13 , 2022
Lengthy setup can put a real damper on the joy of a cool gift—both on the giving and receiving end. Immediately running into updates after turning on a new tech toy can be a real bummer, and downloading files instead of participating in a holiday gathering isn’t so fun, either. […]