Opened by accident a hacked email and noticed a new process in task manager

Status
Not open for further replies.

blocTore

New Member
Thread author
Nov 30, 2020
14
Like the title says, I've opened an hacked email by accident and after that, I've noticed this new process in task manger called "EpicWebHelper" this is might linked to epic games launcher since I have it installed, but doing some search says it possible it's a virus so I'm not sure anymore. I'd like to check if I'm infected or not.

Here are the logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by quoih (administrator) on DESKTOP-RGPP5SJ (Gigabyte Technology Co., Ltd. B450M DS3H) (20-12-2020 12:35:05)
Running from C:\Users\quoih\Downloads
Loaded Profiles: quoih
Platform: Windows 10 Pro Version 2004 19041.685 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> ) C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AUEPRyzenMasterAC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atiesrxx.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <3>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\quoih\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [100580600 2020-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\quoih\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32711056 2020-12-12] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP E311 Status Monitor: C:\Windows\system32\hpinkstsE311LM.dll [392200 2019-03-15] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-08] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {007F35CF-AFC3-448C-9F70-D81FA09761D4} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {033226A1-0425-4A5A-9924-673088A0E698} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {15766335-F02F-4FEE-8FC7-74D0D92883F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Task: {2E9037D5-053D-4741-ADB8-F16EBB611530} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {31675B9B-8D08-43C4-93F2-16FA130EEBE2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {3821916F-D607-4523-9DEB-B4E80A170B2A} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\quoih\Downloads\esetonlinescanner.exe
Task: {54DDEED7-5A02-4EA5-A686-67870474D117} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C7A1A5B-6556-423A-A90D-0BDA75671429} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3883136046-2417711927-3391061525-1001 => C:\Windows\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-11] (Microsoft Windows -> )
Task: {8212C32C-42D6-44AD-B557-EF7CBDE6C20A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {9319A3E0-AAC8-4602-9559-F3EEE9040A23} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {A46C4895-A5BE-40FE-BD70-8E4E84495756} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {C06D2C92-93E0-46C6-A885-7E4E39A09CBC} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {CC59EB1F-2A4B-4421-8B9F-294886AB4DEF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Task: {F0513F53-AA44-4C13-8308-41464276FB39} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {F695F650-B13C-48DF-9CCF-BA519E59248A} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {FDCD6882-568C-468F-A04B-CD505EA56F86} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1e8ea9cb-f807-4fb2-9c45-29d4a2e46527}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9123a897-e22e-4573-815d-dff3eabe552b}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-11]
Edge Extension: (Outlook) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-11-07]
Edge Extension: (Word) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-11-07]
Edge Extension: (Excel) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-11-07]
Edge Extension: (PowerPoint) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-11-07]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default [2020-12-20]
CHR DownloadDir: C:\Users\quoih\Downloads
CHR Extension: (Charcoal: Dark Mode for Messenger) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaekanoannlhnajolbijaoflfhikcgng [2020-11-23]
CHR Extension: (Slides) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-30]
CHR Extension: (Just Black) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2020-09-30]
CHR Extension: (Docs) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-30]
CHR Extension: (Google Drive) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-30]
CHR Extension: (uBlock Origin) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-12-03]
CHR Extension: (Timer) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2020-09-30]
CHR Extension: (Dark Reader) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2020-11-26]
CHR Extension: (Sheets) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-30]
CHR Extension: (Word Online) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2020-09-30]
CHR Extension: (Google Docs Offline) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Google Play) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2020-09-30]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2020-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-30]
CHR Extension: (Gmail) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [61832 2020-11-13] (Advanced Micro Devices, Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8895512 2020-11-27] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-10] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-12-10] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-10] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-12-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2020-12-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-12-10] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [139424 2020-12-20] (Malwarebytes Inc -> Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl0027349c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{861DC691-A16E-4C69-A0B8-347D28E6DFC0}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-20 10:43 - 2020-12-20 10:43 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-12-20 10:43 - 2020-12-20 10:43 - 000139424 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-12-20 10:43 - 2020-12-20 10:43 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-12-11 12:11 - 2020-12-11 12:11 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\Obsidian Entertainment
2020-12-11 11:19 - 2020-12-11 11:19 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-12-11 11:19 - 2020-12-11 11:19 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-12-11 11:19 - 2020-12-11 11:19 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2020-12-11 11:19 - 2020-12-11 11:19 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-12-11 11:19 - 2020-12-11 11:19 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-12-11 11:19 - 2020-12-11 11:19 - 001333248 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2020-12-11 11:19 - 2020-12-11 11:19 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-11 11:19 - 2020-12-11 11:19 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2020-12-11 11:19 - 2020-12-11 11:19 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-11 11:19 - 2020-12-11 11:19 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2020-12-11 11:19 - 2020-12-11 11:19 - 000165376 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2020-12-11 11:19 - 2020-12-11 11:19 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2020-12-11 11:19 - 2020-12-11 11:19 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2020-12-11 11:19 - 2020-12-11 11:19 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-11 11:19 - 2020-12-11 11:19 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-11 11:19 - 2020-12-11 11:19 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2020-12-11 11:19 - 2020-12-11 11:19 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2020-12-11 11:19 - 2020-12-11 11:19 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-12-11 11:19 - 2020-12-11 11:19 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2020-12-11 11:19 - 2020-12-11 11:19 - 000010912 _____ C:\Windows\system32\DrtmAuthTxt.wim
2020-12-11 11:19 - 2020-12-11 11:19 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2020-12-11 11:19 - 2020-12-11 11:19 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2020-12-10 13:01 - 2020-12-10 13:01 - 000000000 ____D C:\Users\quoih\AppData\Local\NVIDIA Corporation
2020-12-10 12:11 - 2020-12-10 12:11 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-12-10 12:11 - 2020-12-10 12:10 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-12-05 17:07 - 2020-12-19 09:25 - 000000000 ____D C:\Users\quoih\AppData\Local\AMD_Common
2020-12-04 14:27 - 2020-12-20 12:31 - 000000000 ____D C:\Users\quoih\Downloads\FRST-OlderVersion
2020-12-04 14:21 - 2020-12-04 14:21 - 000003304 _____ C:\Windows\system32\Tasks\StartCNBM
2020-12-04 14:21 - 2020-12-04 14:21 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\AMD
2020-12-04 14:21 - 2020-12-04 14:21 - 000000000 ____D C:\Users\quoih\AppData\Local\cache
2020-12-04 14:20 - 2020-12-20 10:45 - 000003126 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2020-12-04 14:18 - 2020-12-20 10:45 - 000003110 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2020-12-04 14:18 - 2020-12-04 14:21 - 000000000 ____D C:\Users\quoih\AppData\Local\AMD
2020-12-04 14:18 - 2020-12-04 14:18 - 000003488 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate
2020-12-04 14:18 - 2020-11-17 16:49 - 000107048 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2020-12-04 14:17 - 2020-12-04 14:21 - 000000000 ____D C:\ProgramData\AMD
2020-12-04 14:17 - 2020-12-04 14:21 - 000000000 ____D C:\Program Files\AMD
2020-12-04 14:17 - 2020-12-04 14:17 - 000003160 _____ C:\Windows\system32\Tasks\StartCN
2020-12-04 14:17 - 2020-12-04 14:17 - 000003080 _____ C:\Windows\system32\Tasks\StartDVR
2020-12-04 14:17 - 2020-12-04 14:17 - 000000000 ____D C:\Users\quoih\AppData\Local\RadeonInstaller
2020-12-04 14:17 - 2020-12-04 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2020-12-04 14:17 - 2020-12-04 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2020-12-04 14:16 - 2020-12-06 12:31 - 000000000 ____D C:\Users\quoih\AppData\Local\D3DSCache
2020-12-04 14:16 - 2020-12-04 14:16 - 000000000 ____D C:\AMD
2020-12-04 14:10 - 2020-12-04 14:15 - 000282732 _____ C:\Windows\ntbtlog.txt
2020-11-30 15:52 - 2020-12-20 12:34 - 000039607 _____ C:\Users\quoih\Downloads\Addition.txt
2020-11-30 15:51 - 2020-12-20 12:35 - 000017465 _____ C:\Users\quoih\Downloads\FRST.txt
2020-11-30 15:48 - 2020-12-20 12:35 - 000000000 ____D C:\FRST
2020-11-30 15:47 - 2020-12-20 12:31 - 002286592 _____ (Farbar) C:\Users\quoih\Downloads\FRST64.exe
2020-11-27 12:09 - 2020-11-27 12:09 - 002502037 _____ C:\Users\quoih\Downloads\RapportPhys.pdf
2020-11-26 13:52 - 2020-11-27 09:00 - 000844172 _____ C:\Users\quoih\Downloads\Soviet Invasion of Afghanistan (1979-1989).pptx
2020-11-25 13:07 - 2020-11-25 13:16 - 000284124 _____ C:\Users\quoih\Downloads\Anaglyphe- kenHo- Modifiable.xlsx
2020-11-25 12:44 - 2020-11-27 11:57 - 000032069 _____ C:\Users\quoih\Downloads\Physique.xlsx
2020-11-24 15:32 - 2020-11-24 15:32 - 000000112 ___SH C:\bootTel.dat
2020-11-21 16:44 - 2020-11-21 16:44 - 000000000 ____D C:\Users\quoih\AppData\Local\Frontier_Developments
2020-11-20 14:08 - 2020-11-20 14:08 - 000047786 _____ C:\Users\quoih\Downloads\questionnaire_interpretation_pensees_TOC.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-20 12:23 - 2020-09-30 13:07 - 000000000 ____D C:\Users\quoih\AppData\Local\Packages
2020-12-20 11:18 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-20 10:47 - 2020-09-30 13:08 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-20 10:47 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
2020-12-20 10:46 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-20 10:46 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
2020-12-20 10:45 - 2020-10-29 16:49 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-20 10:43 - 2020-09-30 16:01 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-20 10:43 - 2020-09-30 16:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-19 12:58 - 2020-09-30 13:07 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-12-19 12:58 - 2019-12-07 04:03 - 000786432 _____ C:\Windows\system32\config\BBI
2020-12-19 09:24 - 2020-11-07 10:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-19 09:24 - 2020-11-07 10:36 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-19 09:24 - 2020-11-07 10:36 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-17 14:06 - 2020-09-30 17:49 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-16 09:42 - 2020-09-30 16:01 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-12-14 13:02 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\LiveKernelReports
2020-12-13 11:24 - 2020-09-30 16:44 - 000000000 ____D C:\Windows\system32\MRT
2020-12-13 11:23 - 2020-09-30 16:44 - 133736600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-12-11 12:09 - 2020-09-30 16:01 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2020-12-11 12:08 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-11 12:08 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-12-11 12:08 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources
2020-12-11 12:08 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-12-11 12:08 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Dism
2020-12-11 12:08 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-12-11 12:08 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr
2020-12-11 12:08 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-11 12:08 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-11 11:21 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
2020-12-11 11:19 - 2020-10-21 09:59 - 000000000 ____D C:\Program Files\Epic Games
2020-12-10 18:39 - 2019-12-07 04:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-12-10 12:11 - 2020-11-03 10:34 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-12-10 12:11 - 2020-09-30 16:34 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-10 12:11 - 2020-09-30 16:34 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-10 12:11 - 2020-09-30 16:34 - 000001981 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-10 12:11 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-12-10 12:10 - 2020-09-30 16:34 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-12-09 17:40 - 2020-09-30 13:05 - 000000000 ____D C:\Users\quoih
2020-12-08 16:37 - 2020-11-08 12:09 - 000000000 ____D C:\Users\quoih\AppData\Local\ElevatedDiagnostics
2020-12-08 14:43 - 2020-10-04 11:23 - 000000000 ____D C:\Users\quoih\.p2
2020-12-08 11:19 - 2020-10-04 11:46 - 000000000 ____D C:\Users\quoih\eclipse-workspace
2020-12-08 10:48 - 2020-09-30 13:20 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-08 10:48 - 2020-09-30 13:20 - 000002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-08 10:48 - 2020-09-30 13:20 - 000002166 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-08 10:04 - 2020-09-30 13:08 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3883136046-2417711927-3391061525-1001
2020-12-08 10:04 - 2020-09-30 13:08 - 000000000 ___RD C:\Users\quoih\OneDrive
2020-12-08 10:04 - 2020-09-30 13:05 - 000002367 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-04 14:15 - 2020-10-06 10:01 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2020-12-04 10:42 - 2020-09-30 13:20 - 000003418 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-04 10:42 - 2020-09-30 13:20 - 000003294 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-04 10:41 - 2020-09-30 16:01 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-11-30 15:47 - 2020-10-06 10:04 - 000000000 ____D C:\Users\quoih\AppData\Local\CrashDumps
2020-11-30 08:55 - 2020-10-26 07:31 - 000000000 ____D C:\Users\quoih\git
2020-11-29 10:48 - 2020-11-07 10:36 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-29 10:48 - 2020-11-07 10:36 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-26 14:15 - 2020-11-10 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlestate Games
2020-11-22 11:57 - 2020-10-07 15:59 - 000002368 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-11-22 11:57 - 2020-10-07 15:59 - 000002360 _____ C:\Users\quoih\Desktop\Microsoft Teams.lnk
2020-11-21 16:55 - 2020-11-17 12:39 - 000001229 _____ C:\Users\quoih\Downloads\MaBylog.txt

==================== Files in the root of some directories ========

2020-10-30 08:14 - 2020-10-30 08:14 - 000000116 _____ () C:\Users\quoih\AppData\Roaming\debug.log
2020-10-04 18:21 - 2020-10-04 18:21 - 000007602 _____ () C:\Users\quoih\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by quoih (20-12-2020 12:35:55)
Running from C:\Users\quoih\Downloads
Windows 10 Pro Version 2004 19041.685 (X64) (2020-09-30 18:03:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3883136046-2417711927-3391061525-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3883136046-2417711927-3391061525-503 - Limited - Disabled)
Guest (S-1-5-21-3883136046-2417711927-3391061525-501 - Limited - Disabled)
quoih (S-1-5-21-3883136046-2417711927-3391061525-1001 - Administrator - Enabled) => C:\Users\quoih
WDAGUtilityAccount (S-1-5-21-3883136046-2417711927-3391061525-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
Battlestate Games Launcher 10.4.3.1230 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 10.4.3.1230 - Battlestate Games)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
draw.io 13.7.9 (HKLM\...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 13.7.9 - JGraph)
Epic Games Launcher (HKLM-x32\...\{B2081DA9-6C73-403B-BA23-DCE21015C0A1}) (Version: 1.1.293.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.12.8.10268 - Battlestate Games)
Excel (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Genshin Impact (HKLM\...\Genshin Impact Beta) (Version: 2.3.3.0 - miHoYo Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Java(TM) SE Development Kit 15 (64-bit) (HKLM\...\{E04E5624-3CF1-5E84-A439-4D8FAAA05C79}) (Version: 15.0.0.0 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Outlook (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
Word (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Zoom (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\ZoomUMX) (Version: 5.3.1 (52879.0927) - Zoom Video Communications, Inc.)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-20] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Studios) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2020-10-02] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-13] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\quoih\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\quoih\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-30] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2020-07-27 14:14 - 2020-07-27 14:14 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2020-11-13 14:48 - 2020-11-13 14:48 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-11-13 15:00 - 2020-11-13 15:00 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\sharepoint.com -> hxxps://cmaisonneuveqcca-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 04:14 - 2020-11-03 13:50 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{94826659-0591-4FFF-8F8B-2BD79A951065}] => (Allow) C:\Users\quoih\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{959FD1C3-4CC7-44A3-B40C-55B3F6C585F4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{02FF7914-9E33-4BAA-9978-184DE03489DD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{621A2D51-69D4-4ED6-81E8-B019B5B708CD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF66F177-7688-482B-89FE-7B504EE2029F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6FDE5667-8622-43BB-BE19-4AC9B4FE7ED4}C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D6741FAC-9960-425C-93A8-67B80D70AB68}C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6EF08D96-E352-4877-94EE-FD4B3AEEF016}C:\program files\java\jdk-15\bin\javaw.exe] => (Block) C:\program files\java\jdk-15\bin\javaw.exe
FirewallRules: [UDP Query User{D9E0AB83-A537-499C-B177-AF143F5DB60A}C:\program files\java\jdk-15\bin\javaw.exe] => (Block) C:\program files\java\jdk-15\bin\javaw.exe
FirewallRules: [{8477323B-43AA-4AB7-8372-C1BC5C9D797D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A7BCF5F7-D080-40C1-82AE-EF138BCF8FF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A86D38E8-3B50-4BCA-9F61-445F144E4682}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [{D1D979FB-8B62-414A-9707-700E631A65CB}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [{9169E988-1916-4F3C-AA42-6B5514DAF588}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D721A5C9-A6BB-4E3D-80B7-97C59CA622C4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{32B380D8-3F91-4CDF-8532-2810DF2E95D8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FEDC4F8F-4190-4F8A-9912-27020DADE768}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6AAEF114-855D-4B3B-A259-01FA8F14F160}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E11F0594-BEE4-4E93-95AD-6DC14C99C317}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{32477FBD-E100-4CEE-A967-B55A9BB38109}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{300FD3F5-AA27-4678-86F2-626C5E067359}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{348BC0D2-C2A9-4E57-BB5A-C173A59F2682}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CB6576E5-4823-4487-B06F-56D461F0B860}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3437E723-D22D-440B-AF69-BE8047DA2129}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FF187012-569E-4D83-8787-7FA61468A114}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FA5314F9-03DB-4EC0-A990-08E76B60BD10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{333CD4F8-C45C-4F51-85E6-A84339831DE0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

06-12-2020 12:36:38 Scheduled Checkpoint
11-12-2020 11:12:38 Windows Modules Installer
11-12-2020 11:13:51 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/05/2020 06:50:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EscapeFromTarkov.exe version 0.12.8.9978 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 34d8

Start Time: 01d6cb530872489a

Termination Time: 8

Application Path: C:\Battlestate Games\EFT\EscapeFromTarkov.exe

Report Id: fc735911-cc9c-4506-8f62-9cddbeece55c

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (12/04/2020 01:37:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Teams.exe version 1.3.0.30866 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 25f4

Start Time: 01d6ca6c6b552d01

Termination Time: 4294967295

Application Path: C:\Users\quoih\AppData\Local\Microsoft\Teams\current\Teams.exe

Report Id: 15a6205e-bf59-4e2c-937a-a036fb2b0f01

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (12/04/2020 01:34:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Teams.exe version 1.3.0.30866 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2100

Start Time: 01d6ca6c00917484

Termination Time: 4294967295

Application Path: C:\Users\quoih\AppData\Local\Microsoft\Teams\current\Teams.exe

Report Id: 8fd3e7a1-f863-43f3-b9a6-74ccdf16130c

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (11/30/2020 03:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 86.0.4240.198, time stamp: 0x5fab39a8
Faulting module name: SHELL32.dll_unloaded, version: 10.0.19041.610, time stamp: 0xd245a575
Exception code: 0xc0000005
Fault offset: 0x00000000002a76e1
Faulting process id: 0x2114
Faulting application start time: 0x01d6c75a1683584d
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: SHELL32.dll
Report Id: ad40d234-fac8-4236-8174-c9ea3fc0584a
Faulting package full name:
Faulting package-relative application ID:

Error: (11/21/2020 04:44:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (11/21/2020 04:40:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EscapeFromTarkov.exe version 0.12.8.9831 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3f80

Start Time: 01d6c03f4c269e95

Termination Time: 5

Application Path: C:\Battlestate Games\EFT\EscapeFromTarkov.exe

Report Id: aa606083-0f83-450e-b3a6-f51993a1b99b

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/17/2020 01:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.546, time stamp: 0xb850de5d
Faulting module name: combase.dll, version: 10.0.19041.572, time stamp: 0x3dacb7ed
Exception code: 0xc0000005
Fault offset: 0x000aa772
Faulting process id: 0x19a4
Faulting application start time: 0x01d6bd07f4a25a78
Faulting application path: C:\Windows\SysWOW64\DllHost.exe
Faulting module path: C:\Windows\System32\combase.dll
Report Id: 1c09c487-e73e-4f4c-accd-9c9a9faff5cd
Faulting package full name: Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c
Faulting package-relative application ID: App

Error: (11/17/2020 12:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.546, time stamp: 0xb850de5d
Faulting module name: combase.dll, version: 10.0.19041.572, time stamp: 0x3dacb7ed
Exception code: 0xc0000005
Fault offset: 0x000aa772
Faulting process id: 0x3c2c
Faulting application start time: 0x01d6bd0643bc78e5
Faulting application path: C:\Windows\SysWOW64\DllHost.exe
Faulting module path: C:\Windows\System32\combase.dll
Report Id: 5700dc63-0527-4994-833d-ce4daf77bcc8
Faulting package full name: Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c
Faulting package-relative application ID: App


System errors:
=============
Error: (12/19/2020 12:58:41 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/19/2020 12:58:41 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/18/2020 10:14:16 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/18/2020 10:14:16 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/18/2020 10:14:16 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/18/2020 10:14:14 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RGPP5SJ)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (12/17/2020 02:30:29 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/17/2020 02:30:29 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Windows Defender:
===================================
Date: 2020-12-01 13:12:14.9370000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {351F24F4-668A-4B2E-AEF2-833B66181492}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-29 12:52:50.4470000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {1DC1FE73-C6E9-4A20-9F0C-45CF9C903976}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-18 11:32:06.0340000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {4669CFA2-22A0-43AB-A20D-24B6672A34FF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-15 11:17:40.3170000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B59C6A16-1664-42C1-BD11-CEE764F1C225}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-12 13:10:38.5050000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {29D9A823-8522-46C4-A96D-C3ADB4B1BB73}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-18 10:14:16.9760000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.160.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8007045b
Error description: A system shutdown is in progress.

Date: 2020-12-18 09:56:23.7300000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.160.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-12-18 09:56:23.7280000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.160.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-12-18 09:56:23.7280000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.160.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-12-18 09:56:23.7190000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.160.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-10-02 19:55:58.7890000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-02 19:55:51.1430000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:51.1360000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:51.1180000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:01.0040000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9950000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9850000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9670000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F50 11/27/2019
Motherboard: Gigabyte Technology Co., Ltd. B450M DS3H-CF
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 34%
Total physical RAM: 16332.58 MB
Available physical RAM: 10698.59 MB
Total Virtual: 26572.58 MB
Available Virtual: 17364.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.15 GB) (Free:343.64 GB) NTFS

\\?\Volume{fff3ad92-ff9c-46d5-8e73-d2d59222c1f2}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{e25367b3-d04f-4e4b-b458-3e93926054d6}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,595
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Enable Windows Defender.
How To:
<<<>>>


Yes EpicWebHelper.exe is good. It's linked to epic games launcher.
===

Your logs are clean.

If any issues please let me know what you are dealing with.
 

blocTore

New Member
Thread author
Nov 30, 2020
14
Ahh ok, thank you for clarifying.

Windows Defender is off since RTP is on with Malwarebytes.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top