Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2021
Ran by USER (03-11-2021 15:50:57)
Running from C:UsersUSERDownloads
Microsoft Windows 10 Home Single Language Version 1903 18362.1082 (X64) (2019-07-11 11:52:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1149163481-2367886812-1534622969-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-1149163481-2367886812-1534622969-503 – Limited – Disabled)
Guest (S-1-5-21-1149163481-2367886812-1534622969-501 – Limited – Disabled)
USER (S-1-5-21-1149163481-2367886812-1534622969-1001 – Administrator – Enabled) => C:UsersUSER
WDAGUtilityAccount (S-1-5-21-1149163481-2367886812-1534622969-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled – Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 32 NPAPI (HKLM-x32…Adobe Flash Player NPAPI) (Version: 32.0.0.371 – Adobe)
AIMP (HKLM-x32…AIMP) (Version: v4.60.2180, 25.03.2020 – AIMP DevTeam)
ArcSoft WebCam Companion 3 (HKLM-x32…{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 – ArcSoft)
AudioWizard (HKLM-x32…{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.16.4 – ICEpower a/s)
Canon G1010 series Printer Driver (HKLM…{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_G1010_series) (Version: – Canon Inc.)
Canon G2010 series MP Drivers (HKLM…{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_G2010_series) (Version: 1.00 – Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32…Canon IJ Printer Assistant Tool) (Version: 1.05.1.51 – Canon Inc.)
Canon IJ Scan Utility (HKLM-x32…Canon_IJ_Scan_Utility) (Version: 1.5.0.69 – Canon Inc.)
Canon iP2700 series Printer Driver (HKLM…{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: – )
Canon iX6700 series Printer Driver (HKLM…{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iX6700_series) (Version: – Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32…MP Navigator EX 4.0) (Version: – )
Canon MP280 series MP Drivers (HKLM…{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: – )
CanoScan LiDE 300 Scanner Driver (HKLM…{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2417S) (Version: 1.00 – Canon Inc.)
Cisco Webex Meetings (HKLM-x32…{6D33734D-9AD1-3E21-B536-EAE86B70A259}) (Version: 40.8.7.13 – Cisco Webex LLC)
Epson FAX Utility (HKLM-x32…{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.42.00 – Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32…EPSON PC-FAX Driver 2) (Version: – Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32…Epson Scan 2) (Version: – Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32…{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 – SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32…{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 – SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32…{ECB6223F-A57B-4BEE-88A5-AA91E002BA46}) (Version: 4.4.8 – Seiko Epson Corporation)
FormatFactory 5.2.1.0 (HKLM-x32…FormatFactory) (Version: 5.2.1.0 – Free Time)
Foxit Reader (HKLM-x32…Foxit Reader_is1) (Version: 9.7.0.29455 – Foxit Software Inc.)
GOM Player (HKLM-x32…GOM Player) (Version: 2.3.53.5317 – GOM & Company)
GOM Remote (HKLM-x32…GOM Remote) (Version: 2.1.1.9 – GOM & Company)
Google Chrome (HKLM-x32…Google Chrome) (Version: 95.0.4638.54 – Google LLC)
Intel® PROSet/Wireless Software (HKLM-x32…{7194a517-3ed1-424f-93f2-d95fe11843f5}) (Version: 21.0.0.0u – Intel Corporation)
Internet Download Manager (HKLM-x32…Internet Download Manager) (Version: 6.38.2 – Tonek Inc.)
K-Lite Mega Codec Pack 15.7.0 (HKLM-x32…KLiteCodecPack_is1) (Version: 15.7.0 – KLCP)
KMPlayer (remove only) (HKLM-x32…The KMPlayer) (Version: 4.2.2.40 – PandoraTV)
KMSpico (HKLM…{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: – )
LINE (HKUS-1-5-21-1149163481-2367886812-1534622969-1001…LINE) (Version: 7.3.1.2631 – LINE Corporation)
Mendeley Desktop 1.19.8 (HKLM-x32…Mendeley Desktop) (Version: 1.19.8 – Mendeley Ltd.)
Microsoft Edge (HKLM-x32…{775B4AAA-70D1-32DC-8D58-16A7DDB54BF5}) (Version: 95.0.1020.40 – Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32…Office14.PROPLUS) (Version: 14.0.4763.1000 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.4148 (HKLM…{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 – Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.21.27702 (HKLM-x32…{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.21.27702 (HKLM-x32…{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 – Microsoft Corporation)
Mozilla Firefox 80.0 (x86 id) (HKLM-x32…Mozilla Firefox 80.0 (x86 id)) (Version: 80.0 – Mozilla)
Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 80.0 – Mozilla)
NewProduct 1.00 (HKLM-x32…NewProduct 1.00) (Version: 1.00 – Company)
Nitro Pro (HKLM…{3B20FD38-F898-4B8E-A1B2-403280F1B944}) (Version: 12.1.0.195 – Nitro)
Notepad++ (64-bit x64) (HKLM…Notepad++) (Version: 8.1.5 – Notepad++ Team)
NoVirusThanks Win Update Stop v1.4 (HKLM…NoVirusThanks Win Update Stop_is1) (Version: 1.4.0.0 – NoVirusThanks Company Srl)
SMADAV versi 13.8.0 (HKLM-x32…{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 13.8.0 – Smadsoft)
Spotify (HKUS-1-5-21-1149163481-2367886812-1534622969-1001…Spotify) (Version: 1.1.71.560.gc21c3367 – Spotify AB)
StartIsBack++ (HKLM-x32…StartIsBack) (Version: 2.9.1 – startisback.com)
Windows Manager (HKLM-x32…{C845414C-903C-4218-9DE7-132AB97FDF62}) (Version: 1.0.0 – AW Manager) <==== ATTENTION
WinRAR 5.71 (64-bit) (HKLM…WinRAR archiver) (Version: 5.71.0 – win.rar GmbH)
Wondershare Filmora X(Build 10.1.20.16) (HKLM…Wondershare Filmora X_is1) (Version: – Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32…{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 – Wondershare)
Zoom (HKUS-1-5-21-1149163481-2367886812-1534622969-1001…ZoomUMX) (Version: 5.7.7 (1105) – Zoom Video Communications, Inc.)
Packages:
=========
AudioWizard -> C:Program FilesWindowsAppsICEpower.AudioWizard_1.5.23.0_x64__dxp88312j1fgj [2020-06-12] (ICEpower)
Facebook Watch -> C:Program FilesWindowsAppsFacebook.FacebookVideo_37.1.15.0_x64__8xx8rvfyw5nnt [2020-09-17] (Facebook Inc)
IDM Integration Module -> C:Program FilesWindowsAppsTonecInc.IDMIntegrationModule_6.38.2.0_neutral__e7b5mm5d3r6v2 [2020-09-17] (Tonec FZE)
Instagram -> C:Program FilesWindowsAppsFacebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-09-17] (Instagram)
Intel® Graphics Command Center -> C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.2765.0_x64__8j3eq9eme6ctt [2020-09-17] (INTEL CORP) [Startup Task]
LINE -> C:Program FilesWindowsAppsNAVER.LINEwin8_6.3.1.0_x86__8ptj331gd3tyt [2020-09-21] (LINE Corporation)
LinkedIn -> C:Program FilesWindowsApps7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2020-09-21] (LinkedIn)
Messenger -> C:Program FilesWindowsAppsFACEBOOK.317180B0BB486_620.8.119.0_x64__8xx8rvfyw5nnt [2020-09-17] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-06-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-09-17] (Microsoft Studios) [MS Ad]
MyASUS -> C:Program FilesWindowsAppsB9ECED6F.ASUSPCAssistant_2.2.38.0_x64__qmba6cd70vzyy [2020-09-17] (ASUSTeK COMPUTER INC.)
Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.2.171.0_x64__dt26b99r8h8gj [2019-05-24] (Realtek Semiconductor Corp)
Telegram Desktop -> C:Program FilesWindowsAppsTelegramMessengerLLP.TelegramDesktop_2.2.0.0_x64__t4vj0pshhgkwm [2020-09-17] (Telegram Messenger LLP)
WeChat For Windows -> C:Program FilesWindowsAppsTencentWeChatLimited.forWindows10_2.6.3.0_x86__sdtnhv12zgd7a [2020-09-17] (Tencent WeChat Limited)
WhatsApp Desktop -> C:Program FilesWindowsApps5319275A.WhatsAppDesktop_2.2035.14.0_x64__cv1g1gvanyjgm [2020-09-17] (WhatsApp Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-1149163481-2367886812-1534622969-1001_ClassesCLSID{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}InprocServer32 -> C:UsersUSERAppDataLocalMicrosoftOneDrive19.002.0107.0005amd64FileSyncShell64.dll => No File
CustomCLSID: HKUS-1-5-21-1149163481-2367886812-1534622969-1001_ClassesCLSID{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}InprocServer32 -> C:UsersUSERAppDataLocalMicrosoftOneDrive19.002.0107.0005amd64FileSyncShell64.dll => No File
CustomCLSID: HKUS-1-5-21-1149163481-2367886812-1534622969-1001_ClassesCLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}InprocServer32 -> C:UsersUSERAppDataLocalMicrosoftOneDrive19.002.0107.0005amd64FileSyncShell64.dll => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:Program Files (x86)Microsoft OfficeOffice14GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:Program Files (x86)Internet Download ManagerIDMShellExt64.dll [2020-04-16] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:Program Files (x86)AIMPSystemaimp_menu64.dll [2020-06-12] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:Program FilesNotepad++NppShell_06.dll [2021-09-26] (Notepad++ -> )
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:Program Files (x86)FormatFactoryShellEx_108.dll [2020-05-19] (Free Time) [File not signed]
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsConvertToPDFShellExtension_x64.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:Program FilesNitroPro12NPShellExtension.dll [2018-07-24] (Nitro Software, Inc. -> Nitro Software, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:Program Files (x86)SMADAVSmadExtMenu64.dll [2019-10-18] (Zainuddin Nafarin -> Smadsoft)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:Program Files (x86)AIMPSystemaimp_menu64.dll [2020-06-12] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:Program Files (x86)FormatFactoryShellEx_108.dll [2020-05-19] (Free Time) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WINDOWSSystem32DriverStoreFileRepositorynvami.inf_amd64_af6519e6e3300977nvshext.dll [2020-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsConvertToPDFShellExtension_x64.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:Program Files (x86)SMADAVSmadExtMenu64.dll [2019-10-18] (Zainuddin Nafarin -> Smadsoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Drivers32: [VIDC.X264] => C:Windowssystem32x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM…Drivers32: [VIDC.HFYU] => C:Windowssystem32huffyuv.dll [55296 2005-01-22] () [File not signed]
HKLM…Drivers32: [VIDC.LAGS] => C:Windowssystem32lagarith.dll [148992 2011-12-08] () [File not signed]
HKLM…Drivers32: [VIDC.XVID] => C:Windowssystem32xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM…Drivers32: [msacm.ac3acm] => C:Windowssystem32ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM…Drivers32: [VIDC.X264] => C:WindowsSysWOW64x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM…Drivers32: [VIDC.HFYU] => C:WindowsSysWOW64huffyuv.dll [39936 2004-05-19] (Disappearing Inc.) [File not signed]
HKLM…Drivers32: [VIDC.LAGS] => C:WindowsSysWOW64lagarith.dll [216064 2011-12-08] () [File not signed]
HKLM…Drivers32: [VIDC.XVID] => C:WindowsSysWOW64xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM…Drivers32: [msacm.ac3acm] => C:WindowsSysWOW64ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM…Drivers32: [msacm.lameacm] => C:WindowsSysWOW64lameACM.acm [473088 2015-02-26] (hxxp://www.mp3dev.org/) [File not signed]
HKLM…Drivers32: [VIDC.FFDS] => C:WindowsSysWOW64ff_vfw.dll [112128 2015-10-25] () [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:UsersUSERDesktopluqyana (Orang 1) – Chrome.lnk -> C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=”Default”
ShortcutWithArgument: C:UsersUSERAppDataRoamingMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk -> C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC) -> –load-extension=”C:UsersUSERAppDataRoamingSystemsrix14fk.gn1″
ShortcutWithArgument: C:UsersUSERAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarGoogle Chrome.lnk -> C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC) -> –load-extension=”C:UsersUSERAppDataRoamingSystemsrix14fk.gn1″
ShortcutWithArgument: C:UsersUSERAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts9501e18d7c2ab92eGarjezz – Chrome.lnk -> C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=”Profile 2″
ShortcutWithArgument: C:UsersPublicDesktopGoogle Chrome.lnk -> C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC) -> –load-extension=”C:UsersUSERAppDataRoamingSystemsrix14fk.gn1″
==================== Loaded Modules (Whitelisted) =============
2021-11-03 12:36 – 2016-07-21 10:54 – 000137728 _____ () [File not signed] C:Program Files (x86)Common FilesWondershareWondershare Helper CompactCBSCreateVC.dll
2021-11-03 12:36 – 2017-09-12 10:34 – 001506304 _____ () [File not signed] C:Program Files (x86)Common FilesWondershareWondershare Helper CompactDAQExp.dll
2020-01-05 19:18 – 2020-01-05 19:20 – 000004096 _____ () [File not signed] C:[email protected]
2020-09-17 17:28 – 2020-09-17 17:29 – 040592896 _____ (Intel) [File not signed] C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.2765.0_x64__8j3eq9eme6cttIGCC.dll
2021-11-03 12:36 – 2017-09-12 10:36 – 000708608 _____ (Wondershare) [File not signed] C:Program Files (x86)Common FilesWondershareWondershare Helper CompactCBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:Windows:nlsPreferences [386]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMCODS => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMcMPFSvc => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMCODS => “”=”Service”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKUS-1-5-21-1149163481-2367886812-1534622969-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKUS-1-5-21-1149163481-2367886812-1534622969-1001SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKUS-1-5-21-1149163481-2367886812-1534622969-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKUS-1-5-21-1149163481-2367886812-1534622969-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:Program Files (x86)Internet Download ManagerIDMIECC64.dll [2020-08-01] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:Program Files (x86)Internet Download ManagerIDMIECC.dll [2020-08-01] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program Files (x86)Microsoft OfficeOffice14GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program Files (x86)Microsoft OfficeOffice14URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 15:31 – 2021-11-03 13:45 – 000000000 _____ C:WINDOWSsystem32driversetchosts
2021-08-12 16:08 – 2021-08-12 16:13 – 000000443 _____ C:WINDOWSsystem32driversetchosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKUS-1-5-21-1149163481-2367886812-1534622969-1001Control PanelDesktop\Wallpaper -> C:UsersUSERAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper
DNS Servers: 118.98.44.100 – 118.98.44.10
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM…StartupApprovedRun32: => “BCSSync”
HKLM…StartupApprovedRun32: => “Nero BackItUp”
HKLM…StartupApprovedRun32: => “FUFAXRCV”
HKLM…StartupApprovedRun32: => “FUFAXSTM”
HKUS-1-5-21-1149163481-2367886812-1534622969-1001…StartupApprovedRun: => “OneDrive”
HKUS-1-5-21-1149163481-2367886812-1534622969-1001…StartupApprovedRun: => “IDMan”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3D56DE60-9D0B-4354-9AAA-486C577B05FD}] => (Allow) C:Program FilesCommon FilesMcAfeeMMSSHostMMSSHost.exe => No File
FirewallRules: [{ADCCED67-CF6B-4376-B74A-637DC41FA642}] => (Allow) C:Program Files (x86)Common FilesMcafeeMMSSHostMMSSHost.exe => No File
FirewallRules: [{5A0473A9-BAA8-483E-944E-C87BF49453DD}] => (Allow) C:Program FilesIntelWiFibinPanDhcpDns.exe => No File
FirewallRules: [{9764AF7D-4D33-4824-BB46-58525F612CF6}] => (Allow) C:Program FilesWindowsAppsMicrosoft.Office.Desktop.Outlook_16040.10730.20103.0_x86__8wekyb3d8bbweOffice16OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{91D7FB9D-3BB9-4193-B5D7-01DBE0F955EF}] => (Allow) C:Program Files (x86)FormatFactoryFormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{4D671B5E-DD9A-4DF4-B8F8-5EFBE33A6591}] => (Allow) C:Program Files (x86)FormatFactoryFFModulesEncoderDocEBookCodec.exe => No File
FirewallRules: [{A79FEC79-2B16-46FC-9B77-4BC2EACE5D37}] => (Allow) C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B7AE2E3A-A62A-4D78-81A3-A65F47CB5678}] => (Allow) C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{020B52D0-F0FB-4C1E-AABB-00A739D330AD}] => (Allow) C:Program Files (x86)GRETECHGOMRemote2GomRemote2.exe (GRETECH -> GOM & Company)
FirewallRules: [{CD600C4A-95CA-4BFA-8275-55AA5D1FCE36}] => (Allow) C:Program Files (x86)NeroNero 2019Nero BackItupBackItUp.exe => No File
FirewallRules: [{1AEC7D18-AC66-4941-9188-936594410C31}] => (Allow) C:Program Files (x86)NeroNero 2019Nero BackItupNBService.exe => No File
FirewallRules: [{9C57F818-910D-440B-81BE-FB5CADE9891D}] => (Allow) C:Program Files (x86)NeroTransferTransfer.exe => No File
FirewallRules: [{2221D781-AF38-479A-9B35-A240AECA6F75}] => (Allow) C:Program Files (x86)FormatFactoryFFModulesEncoderDocEBookCodec.exe => No File
FirewallRules: [{24791EDF-2C8C-42EF-8D4D-CF81E971A7C1}] => (Allow) C:Program Files (x86)FormatFactoryFormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{2B47EC31-8A94-4DF7-A3F3-14B120D910C1}] => (Allow) C:[email protected] => No File
FirewallRules: [{4CCE0F38-F8AF-4BBA-8AB9-EEC5EF10291C}] => (Allow) C:[email protected] => No File
FirewallRules: [TCP Query User{87416E2E-FB63-4ED9-A630-FB5896EBC8BD}F:driversnapy driver 2019snappydriver_download.idsdi_x64_r1811.exe] => (Block) F:driversnapy driver 2019snappydriver_download.idsdi_x64_r1811.exe => No File
FirewallRules: [UDP Query User{12BEB8FE-1CDE-4AE0-BCC0-D2A68AEAB580}F:driversnapy driver 2019snappydriver_download.idsdi_x64_r1811.exe] => (Block) F:driversnapy driver 2019snappydriver_download.idsdi_x64_r1811.exe => No File
FirewallRules: [TCP Query User{EDE714A1-B025-4871-8273-49698A472241}F:driversnappydriver_download.idsnappydriver_download.idsdi_x64_r1800.exe] => (Block) F:driversnappydriver_download.idsnappydriver_download.idsdi_x64_r1800.exe => No File
FirewallRules: [UDP Query User{3F6B8600-6CD8-478F-9C6A-3373F2FA9B1F}F:driversnappydriver_download.idsnappydriver_download.idsdi_x64_r1800.exe] => (Block) F:driversnappydriver_download.idsnappydriver_download.idsdi_x64_r1800.exe => No File
FirewallRules: [{F2A5D7F3-0144-4C4A-BDE3-8030AE654778}] => (Allow) C:Program Files (x86)FormatFactoryFormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [TCP Query User{D1F3D42D-7452-49ED-B716-EF748B9AE71E}D:gudang driversnappydriver_download.idsnappydriver_download.idsdi_x64_r2000.exe] => (Block) D:gudang driversnappydriver_download.idsnappydriver_download.idsdi_x64_r2000.exe => No File
FirewallRules: [UDP Query User{5C2E4F19-317D-4EEF-B702-E03473D39AA8}D:gudang driversnappydriver_download.idsnappydriver_download.idsdi_x64_r2000.exe] => (Block) D:gudang driversnappydriver_download.idsnappydriver_download.idsdi_x64_r2000.exe => No File
FirewallRules: [{EB4094A2-7CE0-4724-A5B4-0C43F3CCE346}] => (Allow) C:UsersUSERAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{55783A3D-D8AD-4AB8-A7FF-EBF7C67EA3FA}] => (Allow) C:UsersUSERAppDataRoamingZoombinairhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{17BDD027-B348-4BED-8C8C-174540066817}] => (Allow) C:UsersUSERAppDataRoamingZoombinairhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D344934D-14CD-4581-BE25-79AABA9CD93E}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5C865F9C-C55E-4EAD-A665-CEA58A494E25}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D31D8124-780A-4C59-863F-A350FC85EAF9}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61D69902-0997-415E-B17B-AA16BAD67FC4}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{F79839AB-77EB-44C4-912D-B535385B4E14}C:usersuserappdataroamingspotifyspotify.exe] => (Allow) C:usersuserappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{A9E71A7A-E65E-46A2-9498-F95056769DCE}C:usersuserappdataroamingspotifyspotify.exe] => (Allow) C:usersuserappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B952F717-11F4-4EB5-A05F-76C44D16A579}] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8A8B4E77-FE1F-43C6-9347-22030214DDAF}] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1B8B5483-9DC9-43EA-8BE5-0A97F10DAED6}] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9A75EE70-E7D5-4C23-AE32-89C7BACE35A3}] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D70A6817-F0FA-49A7-BE4E-14E89C190394}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{55395587-6B40-462F-A27D-30895F586FD3}C:program files (x86)companynewproductjg1_1faf.exe] => (Block) C:program files (x86)companynewproductjg1_1faf.exe () [File not signed]
FirewallRules: [UDP Query User{CA586E1D-0A45-41BB-A80E-F1793EDDCD27}C:program files (x86)companynewproductjg1_1faf.exe] => (Block) C:program files (x86)companynewproductjg1_1faf.exe () [File not signed]
FirewallRules: [{91316421-D157-4F59-94D7-536340CCF968}] => (Allow) C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_38716246a7897090ASUSLinkRemoteAsusLinkRemoteAgent.exe (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{45F08000-8D6D-4D1D-B929-EA1C6B2AA60B}] => (Allow) C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_38716246a7897090ASUSLinkRemoteAsusLinkRemoteAgent.exe (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{3C018DDA-5968-47E4-A1E4-5EFAE567A84A}] => (Allow) C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_38716246a7897090ASUSLinkNearAsusLinkNear.exe (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/03/2021 03:10:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14592,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.
Error: (11/03/2021 03:02:46 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3404,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.
Error: (11/03/2021 02:21:53 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3360,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.
Error: (11/03/2021 02:07:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: autosubplayer.exe, version: 0.0.0.0, time stamp: 0x569785c5
Faulting module name: KERNELBASE.dll, version: 10.0.18362.1049, time stamp: 0xc4675baa
Exception code: 0xc0000005
Fault offset: 0x000f5cc6
Faulting process ID: 0x276c
Faulting application start time: 0x01d7d077c853c675
Faulting application path: C:UsersUSERAppDataLocalTemprbv5kcll.kb0autosubplayer.exe
Faulting module path: C:WINDOWSSystem32KERNELBASE.dll
Report ID: 7170e9cd-b89d-47a3-aa96-3115bb606f41
Faulting package full name:
Faulting package-relative application ID:
Error: (11/03/2021 02:00:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12356,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.
Error: (11/03/2021 01:56:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome1.exe, version: 1.0.0.0, time stamp: 0x6181316b
Faulting module name: KERNELBASE.dll, version: 10.0.18362.1049, time stamp: 0x1b835a75
Exception code: 0xe0434352
Fault offset: 0x0000000000043b29
Faulting process ID: 0x17e8
Faulting application start time: 0x01d7d075b20c7e06
Faulting application path: C:UsersUSERAppDataLocalTempchrome1.exe
Faulting module path: C:WINDOWSSystem32KERNELBASE.dll
Report ID: 0f8e10e0-6aa7-4a35-bd7e-52a800ebcce7
Faulting package full name:
Faulting package-relative application ID:
Error: (11/03/2021 01:56:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome5.exe, version: 1.0.0.0, time stamp: 0x61813199
Faulting module name: KERNELBASE.dll, version: 10.0.18362.1049, time stamp: 0x1b835a75
Exception code: 0xe0434352
Fault offset: 0x0000000000043b29
Faulting process ID: 0xb3c
Faulting application start time: 0x01d7d075b377f21d
Faulting application path: C:UsersUSERAppDataLocalTempchrome5.exe
Faulting module path: C:WINDOWSSystem32KERNELBASE.dll
Report ID: cc99ee6b-a911-477d-83e4-e27c56d4feb2
Faulting package full name:
Faulting package-relative application ID:
Error: (11/03/2021 01:56:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome3.exe, version: 1.0.0.0, time stamp: 0x61813186
Faulting module name: KERNELBASE.dll, version: 10.0.18362.1049, time stamp: 0x1b835a75
Exception code: 0xe0434352
Fault offset: 0x0000000000043b29
Faulting process ID: 0x2650
Faulting application start time: 0x01d7d075b37180cc
Faulting application path: C:UsersUSERAppDataLocalTempchrome3.exe
Faulting module path: C:WINDOWSSystem32KERNELBASE.dll
Report ID: 53761e8f-f975-4eb4-9f1a-114b148371c8
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (11/03/2021 03:16:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-6HO4KJGN)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (11/03/2021 03:01:12 PM) (Source: RemoteAccess) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Protocol engine [IKEv2] failed to initialize. The request is not supported.
Error: (11/03/2021 03:01:12 PM) (Source: RemoteAccess) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Protocol engine [rasgreeng.dll] failed to initialize. The specified module could not be found.
Error: (11/03/2021 02:46:47 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: LAPTOP-6HO4KJGN)
Description: 0x8000002a132??C:ProgramDataMicrosoftWindowsAppRepositoryPackagesMicrosoft.YourPhone_1.20082.141.0_x64__8wekyb3d8bbweActivationStore.dat
Error: (11/03/2021 02:46:36 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: LAPTOP-6HO4KJGN)
Description: 0x8000002a132??C:ProgramDataMicrosoftWindowsAppRepositoryPackagesMicrosoft.YourPhone_1.20082.141.0_x64__8wekyb3d8bbweActivationStore.dat
Error: (11/03/2021 02:41:41 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: LAPTOP-6HO4KJGN)
Description: 0x8000002a132??C:ProgramDataMicrosoftWindowsAppRepositoryPackagesMicrosoft.YourPhone_1.20082.141.0_x64__8wekyb3d8bbweActivationStore.dat
Error: (11/03/2021 02:41:41 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: LAPTOP-6HO4KJGN)
Description: 0x8000002a132??C:ProgramDataMicrosoftWindowsAppRepositoryPackagesMicrosoft.YourPhone_1.20082.141.0_x64__8wekyb3d8bbweActivationStore.dat
Error: (11/03/2021 02:41:13 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with the following service-specific error:
The requested name is valid, but no data of the requested type was found.
Windows Defender:
================
Date: 2021-11-03 16:08:36.356
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Sabsik.FL.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:Program Files (x86)CompanyNewProductjg1_1faf.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:UsersUSERDownloadsFRST64.exe
Security intelligence Version: AV: 1.353.314.0, AS: 1.353.314.0, NIS: 1.353.314.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 14:52:18.030
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!rfn
Severity: Severe
Category: Trojan
Path: file:_C:WINDOWSsystem32K7UU760KN2.tmp; service:_AppServicea; service:_AppServiced; service:_AppServiceg
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.353.314.0, AS: 1.353.314.0, NIS: 1.353.314.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 14:46:25.242
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Casdet!rfn
Severity: Severe
Category: Trojan
Path: file:_C:Program Files (x86)PowerControlPowerControl_Svc.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:WindowsSystem32svchost.exe
Security intelligence Version: AV: 1.353.314.0, AS: 1.353.314.0, NIS: 1.353.314.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 14:37:48.803
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS.SA!MSR
Severity: High
Category: Tool
Path: file:_C:[email protected]; process:_pid:4004,ProcessStart:132803936042762396; service:_KMS-R@1n
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.353.314.0, AS: 1.353.314.0, NIS: 1.353.314.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 14:33:48.543
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS.SA!MSR
Severity: High
Category: Tool
Path: file:_C:[email protected]; process:_pid:4004,ProcessStart:132803936042762396; service:_KMS-R@1n
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:[email protected]
Security intelligence Version: AV: 1.353.314.0, AS: 1.353.314.0, NIS: 1.353.314.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 14:30:07.122
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.293.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-10-26 12:51:19.119
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.351.1000.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18600.4
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-10-23 12:59:14.758
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.351.776.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18600.4
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-10-21 15:57:56.482
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.351.769.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18600.4
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-10-21 12:53:24.943
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.351.679.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18600.4
Error code: 0x80070102
Error description: The wait operation timed out.
==================== Memory info ===========================
BIOS: American Megatrends Inc. X409JA.303 05/25/2020
Motherboard: ASUSTeK COMPUTER INC. X409JA
Processor: Intel® Core i3-1005G1 CPU @ 1.20GHz
Percentage of memory in use: 86%
Total physical RAM: 3902.02 MB
Available physical RAM: 530.35 MB
Total Virtual: 8510.02 MB
Available Virtual: 3447.67 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:238.22 GB) (Free:112.69 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:346.51 GB) (Free:338.59 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:346.51 GB) (Free:346.41 GB) NTFS
\?Volume{52c9fe23-5bba-4a82-bf8a-3007cab5e1d5} (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 02D693D5)
Partition: GPT.
==================== End of Addition.txt =======================