Computer acting weird (random crash happening, missing icons, etc.)

Status
Not open for further replies.

blocTore

New Member
Nov 30, 2020
14
Just as the title says, for the past few days, my computer has been acting weird. There's a chance that it is noting and that it's just hardware related problems, but I just want to be sure.

FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-11-2020
Ran by quoih (administrator) on DESKTOP-RGPP5SJ (Gigabyte Technology Co., Ltd. B450M DS3H) (30-11-2020 15:51:28)
Running from C:\Users\quoih\Downloads
Loaded Profiles: quoih
Platform: Windows 10 Pro Version 2004 19041.630 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atiesrxx.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\quoih\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\quoih\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\commsapps.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [100580600 2020-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\quoih\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33131408 2020-11-24] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3424032 2020-10-28] (Valve -> Valve Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP E311 Status Monitor: C:\Windows\system32\hpinkstsE311LM.dll [392200 2019-03-15] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-16] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15766335-F02F-4FEE-8FC7-74D0D92883F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Task: {2BCC60C7-3D44-47CC-B73A-3339721F38CF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {36A4A1A6-0DDD-4498-9F22-D12F84291FDD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3821916F-D607-4523-9DEB-B4E80A170B2A} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\quoih\Downloads\esetonlinescanner.exe
Task: {631E5E29-8502-4C50-961A-6DD1FC4EA222} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C7A1A5B-6556-423A-A90D-0BDA75671429} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3883136046-2417711927-3391061525-1001 => C:\Windows\System32\AgentActivationRuntimeStarter.exe [13312 2020-10-16] (Microsoft Windows -> )
Task: {7CDBA46C-EA57-4BE0-98E9-2CF992208565} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {98AD4DD4-C59D-4C19-A370-55F9DC0BCC3D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {9CC4A705-8657-4ED1-9835-D11238C3128D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {A27B9162-2127-4083-86E5-B3F52ED1886A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CC59EB1F-2A4B-4421-8B9F-294886AB4DEF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Task: {E9BBDDCE-1E0C-4CEE-940D-09A80C618650} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA1BF631-4EA5-4E40-AD88-2664A41DFA67} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F984BCC3-C502-4C3E-AFE1-7EA0C392C360} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1e8ea9cb-f807-4fb2-9c45-29d4a2e46527}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9123a897-e22e-4573-815d-dff3eabe552b}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-11]
Edge Extension: (Outlook) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-11-07]
Edge Extension: (Word) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-11-07]
Edge Extension: (Excel) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-11-07]
Edge Extension: (PowerPoint) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-11-07]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default [2020-11-30]
CHR DownloadDir: C:\Users\quoih\Downloads
CHR Extension: (Charcoal: Dark Mode for Messenger) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaekanoannlhnajolbijaoflfhikcgng [2020-11-23]
CHR Extension: (Slides) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-30]
CHR Extension: (Just Black) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2020-09-30]
CHR Extension: (Docs) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-30]
CHR Extension: (Google Drive) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-30]
CHR Extension: (uBlock Origin) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-11-29]
CHR Extension: (Timer) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2020-09-30]
CHR Extension: (Dark Reader) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2020-11-26]
CHR Extension: (Sheets) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-30]
CHR Extension: (Word Online) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2020-09-30]
CHR Extension: (Google Docs Offline) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Google Play) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2020-09-30]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2020-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-30]
CHR Extension: (Gmail) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8895512 2020-11-27] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-06] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5101992 2020-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217600 2020-11-06] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-30 15:51 - 2020-11-30 15:51 - 000015668 _____ C:\Users\quoih\Downloads\FRST.txt
2020-11-30 15:48 - 2020-11-30 15:51 - 000000000 ____D C:\FRST
2020-11-30 15:47 - 2020-11-30 15:47 - 002290176 _____ (Farbar) C:\Users\quoih\Downloads\FRST64.exe
2020-11-27 12:09 - 2020-11-27 12:09 - 002502037 _____ C:\Users\quoih\Downloads\RapportPhys.pdf
2020-11-26 13:52 - 2020-11-27 09:00 - 000844172 _____ C:\Users\quoih\Downloads\Soviet Invasion of Afghanistan (1979-1989).pptx
2020-11-25 13:07 - 2020-11-25 13:16 - 000284124 _____ C:\Users\quoih\Downloads\Anaglyphe- kenHo- Modifiable.xlsx
2020-11-25 12:44 - 2020-11-27 11:57 - 000032069 _____ C:\Users\quoih\Downloads\Physique.xlsx
2020-11-24 15:32 - 2020-11-24 15:32 - 000000112 ___SH C:\bootTel.dat
2020-11-21 16:44 - 2020-11-21 16:44 - 000000000 ____D C:\Users\quoih\AppData\Local\Frontier_Developments
2020-11-20 14:08 - 2020-11-20 14:08 - 000047786 _____ C:\Users\quoih\Downloads\questionnaire_interpretation_pensees_TOC.pdf
2020-11-18 14:08 - 2020-11-18 14:08 - 000000000 ____D C:\Users\quoih\Downloads\2020-11-18_140805
2020-11-18 14:07 - 2020-11-18 14:07 - 002690065 _____ C:\Users\quoih\Downloads\ken_MathExam.pdf
2020-11-17 12:39 - 2020-11-21 16:55 - 000001229 _____ C:\Users\quoih\Downloads\MaBylog.txt
2020-11-13 13:37 - 2020-11-13 13:37 - 000001229 _____ C:\Users\quoih\Downloads\MBblog.txt
2020-11-13 09:27 - 2020-11-13 09:27 - 000098012 _____ C:\Users\quoih\Downloads\texte_explicatif_TOC.pdf
2020-11-13 09:26 - 2020-11-13 09:26 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-13 09:26 - 2020-11-13 09:26 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-13 09:26 - 2020-11-13 09:26 - 000197632 _____ C:\Windows\system32\IHDS.dll
2020-11-13 09:26 - 2020-11-13 09:26 - 000152576 _____ C:\Windows\system32\EoAExperiences.exe
2020-11-13 09:26 - 2020-11-13 09:26 - 000009265 _____ C:\Windows\system32\DrtmAuthTxt.wim
2020-11-13 09:17 - 2020-11-13 09:17 - 000000000 _____ C:\Users\quoih\New
2020-11-13 09:11 - 2020-11-13 09:11 - 000430606 _____ C:\Users\quoih\Downloads\Chap9-NYC-a20.pdf
2020-11-12 15:00 - 2020-11-12 15:05 - 000000000 ____D C:\Users\quoih\AppData\Local\Textorcist
2020-11-12 15:00 - 2020-11-12 15:00 - 000000309 _____ C:\Users\quoih\Desktop\The Textorcist.url
2020-11-11 20:48 - 2020-11-11 20:48 - 000381057 _____ C:\Users\quoih\Downloads\Cahier-Elevedevoirpartie2.pdf
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\Roaming\Kalypso Media
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\Realmforge Studios GmbH
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\Local\Kalypso Media
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\Local\Epic Games
2020-11-11 10:17 - 2020-11-11 10:17 - 000000304 _____ C:\Users\quoih\Desktop\Dungeons 3.url
2020-11-11 09:52 - 2020-11-11 09:52 - 000000281 _____ C:\Users\quoih\Desktop\Into The Breach.url
2020-11-10 21:52 - 2020-11-10 21:52 - 000001229 _____ C:\Users\quoih\Downloads\mblog.txt
2020-11-10 18:42 - 2020-11-30 15:46 - 091226112 _____ C:\Windows\system32\config\SOFTWARE
2020-11-10 14:34 - 2020-11-10 14:34 - 000000000 ____D C:\Users\quoih\Documents\Escape from Tarkov
2020-11-10 14:34 - 2020-11-10 14:34 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\Battlestate Games
2020-11-10 11:48 - 2020-11-10 11:48 - 000000000 ____D C:\Users\quoih\.m2
2020-11-10 11:45 - 2020-11-10 11:45 - 000000000 ____D C:\Users\quoih\AppData\Roaming\Teams
2020-11-10 11:22 - 2020-11-26 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:25 - 000000000 ____D C:\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:22 - 000000000 ____D C:\Users\quoih\AppData\Roaming\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:22 - 000000000 ____D C:\Users\quoih\AppData\Local\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:22 - 000000000 ____D C:\ProgramData\Battlestate Games
2020-11-10 11:21 - 2020-11-10 11:21 - 073316360 _____ (Battlestate Games ) C:\Users\quoih\Downloads\BsgLauncher.10.4.1.1205.exe
2020-11-08 12:09 - 2020-11-08 12:09 - 000000000 ____D C:\Users\quoih\AppData\Local\ElevatedDiagnostics
2020-11-07 11:25 - 2020-11-08 13:47 - 000003804 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2020-11-07 10:37 - 2020-11-07 10:37 - 000002920 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-11-07 10:37 - 2020-11-07 10:37 - 000002914 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-11-07 10:37 - 2020-11-07 10:37 - 000002910 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-11-07 10:37 - 2020-11-07 10:37 - 000002908 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-11-07 10:36 - 2020-11-29 10:48 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-07 10:36 - 2020-11-29 10:48 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-07 10:36 - 2020-11-25 11:27 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-11-07 10:36 - 2020-11-25 11:27 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-11-07 10:36 - 2020-11-25 11:27 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-11-07 09:54 - 2020-11-07 09:54 - 000000000 ____D C:\Windows\system32\appmgmt
2020-11-06 09:57 - 2020-11-25 14:30 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-11-06 09:57 - 2020-11-06 09:56 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-11-03 10:34 - 2020-11-06 09:57 - 000217600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-10-31 09:00 - 2020-11-01 09:15 - 000000000 ____D C:\Users\quoih\AppData\Local\Steam

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-30 15:49 - 2020-09-30 13:08 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-30 15:49 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
2020-11-30 15:47 - 2020-10-29 16:49 - 000000000 ____D C:\Program Files (x86)\Steam
2020-11-30 15:47 - 2020-10-06 10:04 - 000000000 ____D C:\Users\quoih\AppData\Local\CrashDumps
2020-11-30 15:46 - 2020-09-30 16:01 - 000008192 ___SH C:\DumpStack.log.tmp
2020-11-30 15:46 - 2020-09-30 16:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-30 15:46 - 2020-09-30 13:07 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-11-30 15:46 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-30 15:46 - 2019-12-07 04:03 - 000786432 _____ C:\Windows\system32\config\BBI
2020-11-30 08:55 - 2020-10-26 07:31 - 000000000 ____D C:\Users\quoih\git
2020-11-30 08:08 - 2020-10-04 11:23 - 000000000 ____D C:\Users\quoih\.p2
2020-11-29 14:50 - 2020-10-04 11:46 - 000000000 ____D C:\Users\quoih\eclipse-workspace
2020-11-27 11:42 - 2020-09-30 16:01 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-11-25 11:27 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-11-25 11:27 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
2020-11-24 15:37 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
2020-11-24 15:28 - 2020-09-30 13:05 - 000000000 ____D C:\Users\quoih
2020-11-23 13:25 - 2020-09-30 13:07 - 000000000 ____D C:\Users\quoih\AppData\Local\Packages
2020-11-22 11:57 - 2020-10-07 15:59 - 000002368 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-11-22 11:57 - 2020-10-07 15:59 - 000002360 _____ C:\Users\quoih\Desktop\Microsoft Teams.lnk
2020-11-21 16:49 - 2020-10-21 09:59 - 000000000 ____D C:\Program Files\Epic Games
2020-11-20 13:31 - 2020-09-30 13:07 - 000000000 ____D C:\Users\quoih\AppData\Local\D3DSCache
2020-11-18 17:47 - 2020-09-30 13:08 - 000000000 ____D C:\Program Files (x86)\Razer
2020-11-16 16:56 - 2020-09-30 21:48 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\miHoYo
2020-11-16 16:56 - 2020-09-30 17:41 - 000000000 ____D C:\Users\quoih\AppData\Local\miHoYo
2020-11-16 11:44 - 2020-09-30 13:20 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-16 11:44 - 2020-09-30 13:20 - 000002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-16 11:44 - 2020-09-30 13:20 - 000002166 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-14 13:12 - 2020-09-30 17:49 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-13 09:35 - 2020-09-30 16:01 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2020-11-13 09:34 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\setup
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\oobe
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellExperiences
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr
2020-11-13 09:26 - 2020-09-30 13:04 - 002876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-11-10 18:42 - 2020-09-30 18:24 - 000000000 ____D C:\Windows\Microsoft Antimalware
2020-11-09 17:11 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-11-08 12:08 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\NDF
2020-11-06 09:57 - 2020-09-30 16:34 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-06 09:57 - 2020-09-30 16:34 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-06 09:57 - 2020-09-30 16:34 - 000001981 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-06 09:56 - 2020-09-30 16:34 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-11-06 08:59 - 2020-09-30 16:01 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-10-31 09:00 - 2020-09-30 13:07 - 000000000 ____D C:\Users\quoih\AppData\Local\AMD

==================== Files in the root of some directories ========

2020-10-30 08:14 - 2020-10-30 08:14 - 000000116 _____ () C:\Users\quoih\AppData\Roaming\debug.log
2020-10-04 18:21 - 2020-10-04 18:21 - 000007602 _____ () C:\Users\quoih\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

blocTore

New Member
Nov 30, 2020
14
Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-11-2020
Ran by quoih (30-11-2020 15:52:16)
Running from C:\Users\quoih\Downloads
Windows 10 Pro Version 2004 19041.630 (X64) (2020-09-30 18:03:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3883136046-2417711927-3391061525-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3883136046-2417711927-3391061525-503 - Limited - Disabled)
Guest (S-1-5-21-3883136046-2417711927-3391061525-501 - Limited - Disabled)
quoih (S-1-5-21-3883136046-2417711927-3391061525-1001 - Administrator - Enabled) => C:\Users\quoih
WDAGUtilityAccount (S-1-5-21-3883136046-2417711927-3391061525-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Battlestate Games Launcher 10.4.3.1230 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 10.4.3.1230 - Battlestate Games)
draw.io 13.7.9 (HKLM\...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 13.7.9 - JGraph)
Epic Games Launcher (HKLM-x32\...\{B2081DA9-6C73-403B-BA23-DCE21015C0A1}) (Version: 1.1.293.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.12.8.9942 - Battlestate Games)
Excel (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Genshin Impact (HKLM\...\Genshin Impact Beta) (Version: 2.3.3.0 - miHoYo Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Java(TM) SE Development Kit 15 (64-bit) (HKLM\...\{E04E5624-3CF1-5E84-A439-4D8FAAA05C79}) (Version: 15.0.0.0 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.47 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Outlook (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
Word (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Zoom (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\ZoomUMX) (Version: 5.3.1 (52879.0927) - Zoom Video Communications, Inc.)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-04] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Studios) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2020-10-02] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0 [2020-11-18] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\quoih\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\quoih\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-30] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2020-10-21 09:52 - 2020-10-21 09:52 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2020-10-21 09:52 - 2020-10-21 09:52 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2020-10-21 09:52 - 2020-10-21 09:52 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2020-10-21 09:52 - 2020-10-21 09:52 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\sharepoint.com -> hxxps://cmaisonneuveqcca-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 04:14 - 2020-11-03 13:50 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{94826659-0591-4FFF-8F8B-2BD79A951065}] => (Allow) C:\Users\quoih\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AE8E41AD-3D2A-4030-A327-8B0ED1823736}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{959FD1C3-4CC7-44A3-B40C-55B3F6C585F4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{02FF7914-9E33-4BAA-9978-184DE03489DD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{621A2D51-69D4-4ED6-81E8-B019B5B708CD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF66F177-7688-482B-89FE-7B504EE2029F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6FDE5667-8622-43BB-BE19-4AC9B4FE7ED4}C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D6741FAC-9960-425C-93A8-67B80D70AB68}C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6EF08D96-E352-4877-94EE-FD4B3AEEF016}C:\program files\java\jdk-15\bin\javaw.exe] => (Block) C:\program files\java\jdk-15\bin\javaw.exe
FirewallRules: [UDP Query User{D9E0AB83-A537-499C-B177-AF143F5DB60A}C:\program files\java\jdk-15\bin\javaw.exe] => (Block) C:\program files\java\jdk-15\bin\javaw.exe
FirewallRules: [{8477323B-43AA-4AB7-8372-C1BC5C9D797D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A7BCF5F7-D080-40C1-82AE-EF138BCF8FF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{63926C6C-FEB9-4288-9DE7-4D164EF95193}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2408CA75-B0F5-42DF-8860-FF8A02490789}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D38DDE85-0388-4C30-8695-401C8C1896C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C4F5D9EA-43AB-4B63-A603-1B6B5BA8B501}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6102E59D-D70F-42A9-A151-36E76A7DAC5E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{02A5A1D8-B7EE-49FD-BA17-750D5AF971C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B267DD61-9E22-4A46-9295-EF7AC9A6C75B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FA8E5A62-0F85-4C20-8B0C-725B15B2271E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EBFD46CE-2C0E-4DBD-BAE0-D1813480C481}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DF960D43-C4FB-41E1-8C7F-52A5D2C69E66}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EEE05B79-3F7A-4202-80C0-BF8FAB2D1A91}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E0034AF1-7D68-4DBE-BE60-9C808728AB7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{653C7D2C-E057-4F5C-8A26-8E2418F28262}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A86D38E8-3B50-4BCA-9F61-445F144E4682}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [{D1D979FB-8B62-414A-9707-700E631A65CB}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)

==================== Restore Points =========================

20-11-2020 15:47:19 Scheduled Checkpoint
29-11-2020 12:11:13 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/30/2020 03:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 86.0.4240.198, time stamp: 0x5fab39a8
Faulting module name: SHELL32.dll_unloaded, version: 10.0.19041.610, time stamp: 0xd245a575
Exception code: 0xc0000005
Fault offset: 0x00000000002a76e1
Faulting process id: 0x2114
Faulting application start time: 0x01d6c75a1683584d
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: SHELL32.dll
Report Id: ad40d234-fac8-4236-8174-c9ea3fc0584a
Faulting package full name:
Faulting package-relative application ID:

Error: (11/21/2020 04:44:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (11/21/2020 04:40:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EscapeFromTarkov.exe version 0.12.8.9831 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3f80

Start Time: 01d6c03f4c269e95

Termination Time: 5

Application Path: C:\Battlestate Games\EFT\EscapeFromTarkov.exe

Report Id: aa606083-0f83-450e-b3a6-f51993a1b99b

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/17/2020 01:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.546, time stamp: 0xb850de5d
Faulting module name: combase.dll, version: 10.0.19041.572, time stamp: 0x3dacb7ed
Exception code: 0xc0000005
Fault offset: 0x000aa772
Faulting process id: 0x19a4
Faulting application start time: 0x01d6bd07f4a25a78
Faulting application path: C:\Windows\SysWOW64\DllHost.exe
Faulting module path: C:\Windows\System32\combase.dll
Report Id: 1c09c487-e73e-4f4c-accd-9c9a9faff5cd
Faulting package full name: Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c
Faulting package-relative application ID: App

Error: (11/17/2020 12:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.546, time stamp: 0xb850de5d
Faulting module name: combase.dll, version: 10.0.19041.572, time stamp: 0x3dacb7ed
Exception code: 0xc0000005
Fault offset: 0x000aa772
Faulting process id: 0x3c2c
Faulting application start time: 0x01d6bd0643bc78e5
Faulting application path: C:\Windows\SysWOW64\DllHost.exe
Faulting module path: C:\Windows\System32\combase.dll
Report Id: 5700dc63-0527-4994-833d-ce4daf77bcc8
Faulting package full name: Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c
Faulting package-relative application ID: App

Error: (11/15/2020 09:53:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x4fe0bcb3
Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x1183946c
Exception code: 0xc0000409
Fault offset: 0x000000000010b65c
Faulting process id: 0x2e50
Faulting application start time: 0x01d6bb5f1e158160
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 74507843-ac0a-4e61-904d-b0230f1d30ba
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (11/10/2020 09:45:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 86.0.4240.183, time stamp: 0x5f9f4e8b
Faulting module name: SHELL32.dll_unloaded, version: 10.0.19041.572, time stamp: 0x783ea12c
Exception code: 0xc0000005
Fault offset: 0x00000000002a6e01
Faulting process id: 0x2d7c
Faulting application start time: 0x01d6b7d4a8a6516b
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: SHELL32.dll
Report Id: 44870367-3de0-44b7-a35d-583d665d567e
Faulting package full name:
Faulting package-relative application ID:

Error: (11/09/2020 05:11:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet


System errors:
=============
Error: (11/30/2020 03:45:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RGPP5SJ)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.

Error: (11/30/2020 03:29:53 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (11/30/2020 01:29:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (11/30/2020 01:27:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RGPP5SJ)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (11/29/2020 05:16:21 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RGPP5SJ)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.423_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

Error: (11/24/2020 03:28:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RGPP5SJ)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (11/24/2020 03:07:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:00:35 PM on ‎2020-‎11-‎24 was unexpected.

Error: (11/23/2020 06:47:44 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-RGPP5SJ)
Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_63314 with arguments "Unavailable" in order to run the server:
Windows.Media.Capture.Internal.AppCaptureShell


Windows Defender:
===================================
Date: 2020-11-29 12:52:50.4470000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {1DC1FE73-C6E9-4A20-9F0C-45CF9C903976}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-18 11:32:06.0340000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {4669CFA2-22A0-43AB-A20D-24B6672A34FF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-15 11:17:40.3170000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B59C6A16-1664-42C1-BD11-CEE764F1C225}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-12 13:10:38.5050000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {29D9A823-8522-46C4-A96D-C3ADB4B1BB73}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-07 11:16:14.3160000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {EAF37497-3339-4DEC-9C84-BBD80589AF13}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-08 12:12:02.0090000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.527.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-10-09 14:38:29.4460000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.

Date: 2020-10-06 11:01:08.9290000Z
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2020-10-02 19:55:58.7890000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-02 19:55:51.1430000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:51.1360000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:51.1180000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:01.0040000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9950000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9850000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9670000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F50 11/27/2019
Motherboard: Gigabyte Technology Co., Ltd. B450M DS3H-CF
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 25%
Total physical RAM: 16332.58 MB
Available physical RAM: 12248.68 MB
Total Virtual: 22988.58 MB
Available Virtual: 15924.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.15 GB) (Free:371.56 GB) NTFS

\\?\Volume{fff3ad92-ff9c-46d5-8e73-d2d59222c1f2}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{e25367b3-d04f-4e4b-b458-3e93926054d6}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

blocTore

New Member
Nov 30, 2020
14
I think I didn't do the scan correctly so here are new logs.

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-11-2020
Ran by quoih (administrator) on DESKTOP-RGPP5SJ (Gigabyte Technology Co., Ltd. B450M DS3H) (01-12-2020 15:07:12)
Running from C:\Users\quoih\Downloads
Loaded Profiles: quoih
Platform: Windows 10 Pro Version 2004 19041.630 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atiesrxx.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\quoih\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\quoih\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\commsapps.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\quoih\AppData\Roaming\Zoom\bin\CptHost.exe
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\quoih\AppData\Roaming\Zoom\bin\Zoom.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [100580600 2020-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\quoih\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33131408 2020-11-24] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3424032 2020-10-28] (Valve -> Valve Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP E311 Status Monitor: C:\Windows\system32\hpinkstsE311LM.dll [392200 2019-03-15] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-16] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15766335-F02F-4FEE-8FC7-74D0D92883F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Task: {2BCC60C7-3D44-47CC-B73A-3339721F38CF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {36A4A1A6-0DDD-4498-9F22-D12F84291FDD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3821916F-D607-4523-9DEB-B4E80A170B2A} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\quoih\Downloads\esetonlinescanner.exe
Task: {631E5E29-8502-4C50-961A-6DD1FC4EA222} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C7A1A5B-6556-423A-A90D-0BDA75671429} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3883136046-2417711927-3391061525-1001 => C:\Windows\System32\AgentActivationRuntimeStarter.exe [13312 2020-10-16] (Microsoft Windows -> )
Task: {7CDBA46C-EA57-4BE0-98E9-2CF992208565} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {98AD4DD4-C59D-4C19-A370-55F9DC0BCC3D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {9CC4A705-8657-4ED1-9835-D11238C3128D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {A27B9162-2127-4083-86E5-B3F52ED1886A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CC59EB1F-2A4B-4421-8B9F-294886AB4DEF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Task: {E9BBDDCE-1E0C-4CEE-940D-09A80C618650} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA1BF631-4EA5-4E40-AD88-2664A41DFA67} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F984BCC3-C502-4C3E-AFE1-7EA0C392C360} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1e8ea9cb-f807-4fb2-9c45-29d4a2e46527}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9123a897-e22e-4573-815d-dff3eabe552b}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-11]
Edge Extension: (Outlook) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-11-07]
Edge Extension: (Word) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-11-07]
Edge Extension: (Excel) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-11-07]
Edge Extension: (PowerPoint) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-11-07]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default [2020-12-01]
CHR DownloadDir: C:\Users\quoih\Downloads
CHR Extension: (Charcoal: Dark Mode for Messenger) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaekanoannlhnajolbijaoflfhikcgng [2020-11-23]
CHR Extension: (Slides) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-30]
CHR Extension: (Just Black) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2020-09-30]
CHR Extension: (Docs) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-30]
CHR Extension: (Google Drive) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-30]
CHR Extension: (uBlock Origin) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-11-29]
CHR Extension: (Timer) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2020-09-30]
CHR Extension: (Dark Reader) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2020-11-26]
CHR Extension: (Sheets) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-30]
CHR Extension: (Word Online) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2020-09-30]
CHR Extension: (Google Docs Offline) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Google Play) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2020-09-30]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2020-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-30]
CHR Extension: (Gmail) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8895512 2020-11-27] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-06] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5101992 2020-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217600 2020-11-06] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 MpKslace7632d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C4C0BA8-5D5D-498A-A26C-7B2C873433D7}\MpKslDrv.sys [47336 2020-12-01] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-30 15:52 - 2020-11-30 15:52 - 000031018 _____ C:\Users\quoih\Downloads\Addition.txt
2020-11-30 15:51 - 2020-12-01 15:07 - 000016539 _____ C:\Users\quoih\Downloads\FRST.txt
2020-11-30 15:48 - 2020-12-01 15:07 - 000000000 ____D C:\FRST
2020-11-30 15:47 - 2020-11-30 15:47 - 002290176 _____ (Farbar) C:\Users\quoih\Downloads\FRST64.exe
2020-11-27 12:09 - 2020-11-27 12:09 - 002502037 _____ C:\Users\quoih\Downloads\RapportPhys.pdf
2020-11-26 13:52 - 2020-11-27 09:00 - 000844172 _____ C:\Users\quoih\Downloads\Soviet Invasion of Afghanistan (1979-1989).pptx
2020-11-25 13:07 - 2020-11-25 13:16 - 000284124 _____ C:\Users\quoih\Downloads\Anaglyphe- kenHo- Modifiable.xlsx
2020-11-25 12:44 - 2020-11-27 11:57 - 000032069 _____ C:\Users\quoih\Downloads\Physique.xlsx
2020-11-24 15:32 - 2020-11-24 15:32 - 000000112 ___SH C:\bootTel.dat
2020-11-21 16:44 - 2020-11-21 16:44 - 000000000 ____D C:\Users\quoih\AppData\Local\Frontier_Developments
2020-11-20 14:08 - 2020-11-20 14:08 - 000047786 _____ C:\Users\quoih\Downloads\questionnaire_interpretation_pensees_TOC.pdf
2020-11-18 14:08 - 2020-11-18 14:08 - 000000000 ____D C:\Users\quoih\Downloads\2020-11-18_140805
2020-11-18 14:07 - 2020-11-18 14:07 - 002690065 _____ C:\Users\quoih\Downloads\ken_MathExam.pdf
2020-11-17 12:39 - 2020-11-21 16:55 - 000001229 _____ C:\Users\quoih\Downloads\MaBylog.txt
2020-11-13 13:37 - 2020-11-13 13:37 - 000001229 _____ C:\Users\quoih\Downloads\MBblog.txt
2020-11-13 09:27 - 2020-11-13 09:27 - 000098012 _____ C:\Users\quoih\Downloads\texte_explicatif_TOC.pdf
2020-11-13 09:26 - 2020-11-13 09:26 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-13 09:26 - 2020-11-13 09:26 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-13 09:26 - 2020-11-13 09:26 - 000197632 _____ C:\Windows\system32\IHDS.dll
2020-11-13 09:26 - 2020-11-13 09:26 - 000152576 _____ C:\Windows\system32\EoAExperiences.exe
2020-11-13 09:26 - 2020-11-13 09:26 - 000009265 _____ C:\Windows\system32\DrtmAuthTxt.wim
2020-11-13 09:17 - 2020-11-13 09:17 - 000000000 _____ C:\Users\quoih\New
2020-11-13 09:11 - 2020-11-13 09:11 - 000430606 _____ C:\Users\quoih\Downloads\Chap9-NYC-a20.pdf
2020-11-12 15:00 - 2020-11-12 15:05 - 000000000 ____D C:\Users\quoih\AppData\Local\Textorcist
2020-11-12 15:00 - 2020-11-12 15:00 - 000000309 _____ C:\Users\quoih\Desktop\The Textorcist.url
2020-11-11 20:48 - 2020-11-11 20:48 - 000381057 _____ C:\Users\quoih\Downloads\Cahier-Elevedevoirpartie2.pdf
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\Roaming\Kalypso Media
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\Realmforge Studios GmbH
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\Local\Kalypso Media
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\Local\Epic Games
2020-11-11 10:17 - 2020-11-11 10:17 - 000000304 _____ C:\Users\quoih\Desktop\Dungeons 3.url
2020-11-11 09:52 - 2020-11-11 09:52 - 000000281 _____ C:\Users\quoih\Desktop\Into The Breach.url
2020-11-10 21:52 - 2020-11-10 21:52 - 000001229 _____ C:\Users\quoih\Downloads\mblog.txt
2020-11-10 18:42 - 2020-12-01 10:49 - 091226112 _____ C:\Windows\system32\config\SOFTWARE
2020-11-10 14:34 - 2020-11-10 14:34 - 000000000 ____D C:\Users\quoih\Documents\Escape from Tarkov
2020-11-10 14:34 - 2020-11-10 14:34 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\Battlestate Games
2020-11-10 11:48 - 2020-11-10 11:48 - 000000000 ____D C:\Users\quoih\.m2
2020-11-10 11:45 - 2020-11-10 11:45 - 000000000 ____D C:\Users\quoih\AppData\Roaming\Teams
2020-11-10 11:22 - 2020-11-26 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:25 - 000000000 ____D C:\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:22 - 000000000 ____D C:\Users\quoih\AppData\Roaming\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:22 - 000000000 ____D C:\Users\quoih\AppData\Local\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:22 - 000000000 ____D C:\ProgramData\Battlestate Games
2020-11-10 11:21 - 2020-11-10 11:21 - 073316360 _____ (Battlestate Games ) C:\Users\quoih\Downloads\BsgLauncher.10.4.1.1205.exe
2020-11-08 12:09 - 2020-11-08 12:09 - 000000000 ____D C:\Users\quoih\AppData\Local\ElevatedDiagnostics
2020-11-07 11:25 - 2020-11-08 13:47 - 000003804 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2020-11-07 10:37 - 2020-11-07 10:37 - 000002920 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-11-07 10:37 - 2020-11-07 10:37 - 000002914 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-11-07 10:37 - 2020-11-07 10:37 - 000002910 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-11-07 10:37 - 2020-11-07 10:37 - 000002908 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-11-07 10:36 - 2020-11-29 10:48 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-07 10:36 - 2020-11-29 10:48 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-07 10:36 - 2020-11-25 11:27 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-11-07 10:36 - 2020-11-25 11:27 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-11-07 10:36 - 2020-11-25 11:27 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-11-07 09:54 - 2020-11-07 09:54 - 000000000 ____D C:\Windows\system32\appmgmt
2020-11-06 09:57 - 2020-11-25 14:30 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-11-06 09:57 - 2020-11-06 09:56 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-11-03 10:34 - 2020-11-06 09:57 - 000217600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-01 14:11 - 2020-10-04 11:23 - 000000000 ____D C:\Users\quoih\.p2
2020-12-01 13:51 - 2020-09-30 16:01 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-12-01 11:22 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-01 10:54 - 2020-09-30 13:08 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-01 10:54 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
2020-12-01 10:51 - 2020-10-29 16:49 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-01 10:49 - 2020-09-30 16:01 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-01 10:49 - 2020-09-30 16:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-30 15:54 - 2020-09-30 13:07 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-11-30 15:54 - 2019-12-07 04:03 - 000786432 _____ C:\Windows\system32\config\BBI
2020-11-30 15:47 - 2020-10-06 10:04 - 000000000 ____D C:\Users\quoih\AppData\Local\CrashDumps
2020-11-30 08:55 - 2020-10-26 07:31 - 000000000 ____D C:\Users\quoih\git
2020-11-29 14:50 - 2020-10-04 11:46 - 000000000 ____D C:\Users\quoih\eclipse-workspace
2020-11-25 11:27 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-11-25 11:27 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
2020-11-24 15:37 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
2020-11-24 15:28 - 2020-09-30 13:05 - 000000000 ____D C:\Users\quoih
2020-11-23 13:25 - 2020-09-30 13:07 - 000000000 ____D C:\Users\quoih\AppData\Local\Packages
2020-11-22 11:57 - 2020-10-07 15:59 - 000002368 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-11-22 11:57 - 2020-10-07 15:59 - 000002360 _____ C:\Users\quoih\Desktop\Microsoft Teams.lnk
2020-11-21 16:49 - 2020-10-21 09:59 - 000000000 ____D C:\Program Files\Epic Games
2020-11-20 13:31 - 2020-09-30 13:07 - 000000000 ____D C:\Users\quoih\AppData\Local\D3DSCache
2020-11-18 17:47 - 2020-09-30 13:08 - 000000000 ____D C:\Program Files (x86)\Razer
2020-11-16 16:56 - 2020-09-30 21:48 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\miHoYo
2020-11-16 16:56 - 2020-09-30 17:41 - 000000000 ____D C:\Users\quoih\AppData\Local\miHoYo
2020-11-16 11:44 - 2020-09-30 13:20 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-16 11:44 - 2020-09-30 13:20 - 000002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-16 11:44 - 2020-09-30 13:20 - 000002166 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-14 13:12 - 2020-09-30 17:49 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-13 09:35 - 2020-09-30 16:01 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2020-11-13 09:34 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\setup
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\oobe
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellExperiences
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr
2020-11-13 09:26 - 2020-09-30 13:04 - 002876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-11-10 18:42 - 2020-09-30 18:24 - 000000000 ____D C:\Windows\Microsoft Antimalware
2020-11-09 17:11 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-11-08 12:08 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\NDF
2020-11-06 09:57 - 2020-09-30 16:34 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-06 09:57 - 2020-09-30 16:34 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-06 09:57 - 2020-09-30 16:34 - 000001981 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-06 09:56 - 2020-09-30 16:34 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-11-06 08:59 - 2020-09-30 16:01 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-11-01 09:15 - 2020-10-31 09:00 - 000000000 ____D C:\Users\quoih\AppData\Local\Steam

==================== Files in the root of some directories ========

2020-10-30 08:14 - 2020-10-30 08:14 - 000000116 _____ () C:\Users\quoih\AppData\Roaming\debug.log
2020-10-04 18:21 - 2020-10-04 18:21 - 000007602 _____ () C:\Users\quoih\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

blocTore

New Member
Nov 30, 2020
14
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-11-2020
Ran by quoih (01-12-2020 15:07:59)
Running from C:\Users\quoih\Downloads
Windows 10 Pro Version 2004 19041.630 (X64) (2020-09-30 18:03:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3883136046-2417711927-3391061525-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3883136046-2417711927-3391061525-503 - Limited - Disabled)
Guest (S-1-5-21-3883136046-2417711927-3391061525-501 - Limited - Disabled)
quoih (S-1-5-21-3883136046-2417711927-3391061525-1001 - Administrator - Enabled) => C:\Users\quoih
WDAGUtilityAccount (S-1-5-21-3883136046-2417711927-3391061525-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Battlestate Games Launcher 10.4.3.1230 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 10.4.3.1230 - Battlestate Games)
draw.io 13.7.9 (HKLM\...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 13.7.9 - JGraph)
Epic Games Launcher (HKLM-x32\...\{B2081DA9-6C73-403B-BA23-DCE21015C0A1}) (Version: 1.1.293.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.12.8.9978 - Battlestate Games)
Excel (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Genshin Impact (HKLM\...\Genshin Impact Beta) (Version: 2.3.3.0 - miHoYo Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Java(TM) SE Development Kit 15 (64-bit) (HKLM\...\{E04E5624-3CF1-5E84-A439-4D8FAAA05C79}) (Version: 15.0.0.0 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.47 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Outlook (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
Word (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Zoom (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\ZoomUMX) (Version: 5.3.1 (52879.0927) - Zoom Video Communications, Inc.)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-04] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Studios) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2020-10-02] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0 [2020-11-18] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\quoih\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\quoih\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-30] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2020-10-21 09:52 - 2020-10-21 09:52 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2020-10-21 09:52 - 2020-10-21 09:52 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2020-10-21 09:52 - 2020-10-21 09:52 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2020-10-21 09:52 - 2020-10-21 09:52 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\sharepoint.com -> hxxps://cmaisonneuveqcca-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 04:14 - 2020-11-03 13:50 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{94826659-0591-4FFF-8F8B-2BD79A951065}] => (Allow) C:\Users\quoih\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AE8E41AD-3D2A-4030-A327-8B0ED1823736}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{959FD1C3-4CC7-44A3-B40C-55B3F6C585F4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{02FF7914-9E33-4BAA-9978-184DE03489DD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{621A2D51-69D4-4ED6-81E8-B019B5B708CD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF66F177-7688-482B-89FE-7B504EE2029F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6FDE5667-8622-43BB-BE19-4AC9B4FE7ED4}C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D6741FAC-9960-425C-93A8-67B80D70AB68}C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6EF08D96-E352-4877-94EE-FD4B3AEEF016}C:\program files\java\jdk-15\bin\javaw.exe] => (Block) C:\program files\java\jdk-15\bin\javaw.exe
FirewallRules: [UDP Query User{D9E0AB83-A537-499C-B177-AF143F5DB60A}C:\program files\java\jdk-15\bin\javaw.exe] => (Block) C:\program files\java\jdk-15\bin\javaw.exe
FirewallRules: [{8477323B-43AA-4AB7-8372-C1BC5C9D797D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A7BCF5F7-D080-40C1-82AE-EF138BCF8FF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{63926C6C-FEB9-4288-9DE7-4D164EF95193}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2408CA75-B0F5-42DF-8860-FF8A02490789}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D38DDE85-0388-4C30-8695-401C8C1896C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C4F5D9EA-43AB-4B63-A603-1B6B5BA8B501}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6102E59D-D70F-42A9-A151-36E76A7DAC5E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{02A5A1D8-B7EE-49FD-BA17-750D5AF971C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B267DD61-9E22-4A46-9295-EF7AC9A6C75B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FA8E5A62-0F85-4C20-8B0C-725B15B2271E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EBFD46CE-2C0E-4DBD-BAE0-D1813480C481}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DF960D43-C4FB-41E1-8C7F-52A5D2C69E66}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EEE05B79-3F7A-4202-80C0-BF8FAB2D1A91}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E0034AF1-7D68-4DBE-BE60-9C808728AB7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{653C7D2C-E057-4F5C-8A26-8E2418F28262}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A86D38E8-3B50-4BCA-9F61-445F144E4682}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [{D1D979FB-8B62-414A-9707-700E631A65CB}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)

==================== Restore Points =========================

29-11-2020 12:11:13 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/30/2020 03:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 86.0.4240.198, time stamp: 0x5fab39a8
Faulting module name: SHELL32.dll_unloaded, version: 10.0.19041.610, time stamp: 0xd245a575
Exception code: 0xc0000005
Fault offset: 0x00000000002a76e1
Faulting process id: 0x2114
Faulting application start time: 0x01d6c75a1683584d
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: SHELL32.dll
Report Id: ad40d234-fac8-4236-8174-c9ea3fc0584a
Faulting package full name:
Faulting package-relative application ID:

Error: (11/21/2020 04:44:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (11/21/2020 04:40:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EscapeFromTarkov.exe version 0.12.8.9831 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3f80

Start Time: 01d6c03f4c269e95

Termination Time: 5

Application Path: C:\Battlestate Games\EFT\EscapeFromTarkov.exe

Report Id: aa606083-0f83-450e-b3a6-f51993a1b99b

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/17/2020 01:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.546, time stamp: 0xb850de5d
Faulting module name: combase.dll, version: 10.0.19041.572, time stamp: 0x3dacb7ed
Exception code: 0xc0000005
Fault offset: 0x000aa772
Faulting process id: 0x19a4
Faulting application start time: 0x01d6bd07f4a25a78
Faulting application path: C:\Windows\SysWOW64\DllHost.exe
Faulting module path: C:\Windows\System32\combase.dll
Report Id: 1c09c487-e73e-4f4c-accd-9c9a9faff5cd
Faulting package full name: Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c
Faulting package-relative application ID: App

Error: (11/17/2020 12:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.546, time stamp: 0xb850de5d
Faulting module name: combase.dll, version: 10.0.19041.572, time stamp: 0x3dacb7ed
Exception code: 0xc0000005
Fault offset: 0x000aa772
Faulting process id: 0x3c2c
Faulting application start time: 0x01d6bd0643bc78e5
Faulting application path: C:\Windows\SysWOW64\DllHost.exe
Faulting module path: C:\Windows\System32\combase.dll
Report Id: 5700dc63-0527-4994-833d-ce4daf77bcc8
Faulting package full name: Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c
Faulting package-relative application ID: App

Error: (11/15/2020 09:53:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x4fe0bcb3
Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x1183946c
Exception code: 0xc0000409
Fault offset: 0x000000000010b65c
Faulting process id: 0x2e50
Faulting application start time: 0x01d6bb5f1e158160
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 74507843-ac0a-4e61-904d-b0230f1d30ba
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (11/10/2020 09:45:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 86.0.4240.183, time stamp: 0x5f9f4e8b
Faulting module name: SHELL32.dll_unloaded, version: 10.0.19041.572, time stamp: 0x783ea12c
Exception code: 0xc0000005
Fault offset: 0x00000000002a6e01
Faulting process id: 0x2d7c
Faulting application start time: 0x01d6b7d4a8a6516b
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: SHELL32.dll
Report Id: 44870367-3de0-44b7-a35d-583d665d567e
Faulting package full name:
Faulting package-relative application ID:

Error: (11/09/2020 05:11:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet


System errors:
=============
Error: (11/30/2020 03:45:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RGPP5SJ)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.

Error: (11/30/2020 03:29:53 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (11/30/2020 01:29:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (11/30/2020 01:27:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RGPP5SJ)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (11/29/2020 05:16:21 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RGPP5SJ)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.423_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

Error: (11/24/2020 03:28:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RGPP5SJ)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (11/24/2020 03:07:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:00:35 PM on ‎2020-‎11-‎24 was unexpected.

Error: (11/23/2020 06:47:44 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-RGPP5SJ)
Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_63314 with arguments "Unavailable" in order to run the server:
Windows.Media.Capture.Internal.AppCaptureShell


Windows Defender:
===================================
Date: 2020-12-01 13:12:14.9370000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {351F24F4-668A-4B2E-AEF2-833B66181492}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-29 12:52:50.4470000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {1DC1FE73-C6E9-4A20-9F0C-45CF9C903976}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-18 11:32:06.0340000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {4669CFA2-22A0-43AB-A20D-24B6672A34FF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-15 11:17:40.3170000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B59C6A16-1664-42C1-BD11-CEE764F1C225}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-12 13:10:38.5050000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {29D9A823-8522-46C4-A96D-C3ADB4B1BB73}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-08 12:12:02.0090000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.527.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-10-09 14:38:29.4460000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.

Date: 2020-10-06 11:01:08.9290000Z
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2020-10-02 19:55:58.7890000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-02 19:55:51.1430000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:51.1360000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:51.1180000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:01.0040000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9950000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9850000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9670000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F50 11/27/2019
Motherboard: Gigabyte Technology Co., Ltd. B450M DS3H-CF
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 16332.58 MB
Available physical RAM: 11131.32 MB
Total Virtual: 22988.58 MB
Available Virtual: 13811.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.15 GB) (Free:374.37 GB) NTFS

\\?\Volume{fff3ad92-ff9c-46d5-8e73-d2d59222c1f2}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{e25367b3-d04f-4e4b-b458-3e93926054d6}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
472
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean of malware.

What exactly are the problems you are currently having?
 

blocTore

New Member
Nov 30, 2020
14
Well they are many bugs that are happenings most of them are minors, but the most critical one are the random crashes. I search it a bit more and the crashes were because of "kernel power critical" by looking in the event logs. I suspected it to be related to my hardware (probably my psu), but I just wanted to be sure if it wasn't cause by any infection.
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
472
Hi,

Is the problem the same if you boot to Safe Mode with networking?
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
472
Hi,

This fix may take sometime. Let it finish.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.
 

Attachments

  • fixlist.txt
    178 bytes · Views: 1

blocTore

New Member
Nov 30, 2020
14
Hello,

Actually, I did some tweaking by re-installing my GPU drivers and now it doesn't crash anymore. But for one last check could you check my logs again?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2020
Ran by quoih (administrator) on DESKTOP-RGPP5SJ (Gigabyte Technology Co., Ltd. B450M DS3H) (04-12-2020 14:27:31)
Running from C:\Users\quoih\Downloads
Loaded Profiles: quoih
Platform: Windows 10 Pro Version 2004 19041.630 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atiesrxx.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\quoih\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [100580600 2020-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\quoih\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33131408 2020-11-24] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3424032 2020-10-28] (Valve -> Valve Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP E311 Status Monitor: C:\Windows\system32\hpinkstsE311LM.dll [392200 2019-03-15] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-16] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {007F35CF-AFC3-448C-9F70-D81FA09761D4} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {15766335-F02F-4FEE-8FC7-74D0D92883F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Task: {245CE16D-50FC-491F-AD74-B1D84697DE94} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2BCC60C7-3D44-47CC-B73A-3339721F38CF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {3821916F-D607-4523-9DEB-B4E80A170B2A} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\quoih\Downloads\esetonlinescanner.exe
Task: {383248F8-52CA-4027-A2D9-D9E79871F8C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {43AC0011-0718-445A-A1EE-9F4137DB57DD} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {5CCD90F6-9C90-4CD2-B19F-3A20B7A57CB7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {631E5E29-8502-4C50-961A-6DD1FC4EA222} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C7A1A5B-6556-423A-A90D-0BDA75671429} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3883136046-2417711927-3391061525-1001 => C:\Windows\System32\AgentActivationRuntimeStarter.exe [13312 2020-10-16] (Microsoft Windows -> )
Task: {711C6AEA-395A-4509-A01E-D3FC8F9CCF54} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7BDE9751-9579-4707-95BE-DD16F4277A31} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe [2356736 2019-10-22] () [File not signed]
Task: {7CDBA46C-EA57-4BE0-98E9-2CF992208565} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {9319A3E0-AAC8-4602-9559-F3EEE9040A23} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {98AD4DD4-C59D-4C19-A370-55F9DC0BCC3D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {9CC4A705-8657-4ED1-9835-D11238C3128D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {9CDA8A7D-B829-459E-8DF1-64EE5E3FC50E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A46C4895-A5BE-40FE-BD70-8E4E84495756} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {CC59EB1F-2A4B-4421-8B9F-294886AB4DEF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Task: {E9BBDDCE-1E0C-4CEE-940D-09A80C618650} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {FDCD6882-568C-468F-A04B-CD505EA56F86} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1e8ea9cb-f807-4fb2-9c45-29d4a2e46527}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9123a897-e22e-4573-815d-dff3eabe552b}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-11]
Edge Extension: (Outlook) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-11-07]
Edge Extension: (Word) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-11-07]
Edge Extension: (Excel) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-11-07]
Edge Extension: (PowerPoint) - C:\Users\quoih\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-11-07]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default [2020-12-04]
CHR DownloadDir: C:\Users\quoih\Downloads
CHR Extension: (Charcoal: Dark Mode for Messenger) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaekanoannlhnajolbijaoflfhikcgng [2020-11-23]
CHR Extension: (Slides) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-30]
CHR Extension: (Just Black) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2020-09-30]
CHR Extension: (Docs) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-30]
CHR Extension: (Google Drive) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-30]
CHR Extension: (uBlock Origin) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-12-03]
CHR Extension: (Timer) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2020-09-30]
CHR Extension: (Dark Reader) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2020-11-26]
CHR Extension: (Sheets) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-30]
CHR Extension: (Word Online) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2020-09-30]
CHR Extension: (Google Docs Offline) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Google Play) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2020-09-30]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2020-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-30]
CHR Extension: (Gmail) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\quoih\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [61832 2020-11-13] (Advanced Micro Devices, Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8895512 2020-11-27] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-06] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5101992 2020-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-04] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-12-04] (Malwarebytes Inc -> Malwarebytes)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslc7f99eb3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFCFDEB1-2C86-41D2-AC54-8972CA6C0DA6}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-04 14:27 - 2020-12-04 14:27 - 000000000 ____D C:\Users\quoih\Downloads\FRST-OlderVersion
2020-12-04 14:21 - 2020-12-04 14:21 - 000003304 _____ C:\Windows\system32\Tasks\StartCNBM
2020-12-04 14:21 - 2020-12-04 14:21 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\AMD
2020-12-04 14:21 - 2020-12-04 14:21 - 000000000 ____D C:\Users\quoih\AppData\Local\cache
2020-12-04 14:20 - 2020-12-04 14:25 - 000003126 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2020-12-04 14:18 - 2020-12-04 14:25 - 000003110 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2020-12-04 14:18 - 2020-12-04 14:21 - 000000000 ____D C:\Users\quoih\AppData\Local\AMD
2020-12-04 14:18 - 2020-12-04 14:18 - 000003488 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate
2020-12-04 14:18 - 2020-11-17 16:49 - 000107048 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2020-12-04 14:17 - 2020-12-04 14:21 - 000000000 ____D C:\ProgramData\AMD
2020-12-04 14:17 - 2020-12-04 14:21 - 000000000 ____D C:\Program Files\AMD
2020-12-04 14:17 - 2020-12-04 14:17 - 000003160 _____ C:\Windows\system32\Tasks\StartCN
2020-12-04 14:17 - 2020-12-04 14:17 - 000003080 _____ C:\Windows\system32\Tasks\StartDVR
2020-12-04 14:17 - 2020-12-04 14:17 - 000000000 ____D C:\Users\quoih\AppData\Local\RadeonInstaller
2020-12-04 14:17 - 2020-12-04 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2020-12-04 14:17 - 2020-12-04 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2020-12-04 14:16 - 2020-12-04 14:26 - 000000000 ____D C:\Users\quoih\AppData\Local\D3DSCache
2020-12-04 14:16 - 2020-12-04 14:16 - 000000000 ____D C:\AMD
2020-12-04 14:10 - 2020-12-04 14:15 - 000282732 _____ C:\Windows\ntbtlog.txt
2020-11-30 15:52 - 2020-12-01 15:08 - 000030977 _____ C:\Users\quoih\Downloads\Addition.txt
2020-11-30 15:51 - 2020-12-04 14:27 - 000017556 _____ C:\Users\quoih\Downloads\FRST.txt
2020-11-30 15:48 - 2020-12-04 14:27 - 000000000 ____D C:\FRST
2020-11-30 15:47 - 2020-12-04 14:27 - 002288640 _____ (Farbar) C:\Users\quoih\Downloads\FRST64.exe
2020-11-27 12:09 - 2020-11-27 12:09 - 002502037 _____ C:\Users\quoih\Downloads\RapportPhys.pdf
2020-11-26 13:52 - 2020-11-27 09:00 - 000844172 _____ C:\Users\quoih\Downloads\Soviet Invasion of Afghanistan (1979-1989).pptx
2020-11-25 13:07 - 2020-11-25 13:16 - 000284124 _____ C:\Users\quoih\Downloads\Anaglyphe- kenHo- Modifiable.xlsx
2020-11-25 12:44 - 2020-11-27 11:57 - 000032069 _____ C:\Users\quoih\Downloads\Physique.xlsx
2020-11-24 15:32 - 2020-11-24 15:32 - 000000112 ___SH C:\bootTel.dat
2020-11-21 16:44 - 2020-11-21 16:44 - 000000000 ____D C:\Users\quoih\AppData\Local\Frontier_Developments
2020-11-20 14:08 - 2020-11-20 14:08 - 000047786 _____ C:\Users\quoih\Downloads\questionnaire_interpretation_pensees_TOC.pdf
2020-11-18 14:08 - 2020-11-18 14:08 - 000000000 ____D C:\Users\quoih\Downloads\2020-11-18_140805
2020-11-18 14:07 - 2020-11-18 14:07 - 002690065 _____ C:\Users\quoih\Downloads\ken_MathExam.pdf
2020-11-17 16:52 - 2020-11-17 16:52 - 001753912 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-11-17 16:52 - 2020-11-17 16:52 - 001753912 _____ C:\Windows\system32\vulkaninfo.exe
2020-11-17 16:52 - 2020-11-17 16:52 - 001359680 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-11-17 16:52 - 2020-11-17 16:52 - 001359680 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-11-17 16:52 - 2020-11-17 16:52 - 001047992 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-11-17 16:52 - 2020-11-17 16:52 - 001047992 _____ C:\Windows\system32\vulkan-1.dll
2020-11-17 16:52 - 2020-11-17 16:52 - 000910456 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-11-17 16:52 - 2020-11-17 16:52 - 000910456 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000737080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000621376 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000496960 _____ C:\Windows\system32\GameManager64.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000493368 _____ C:\Windows\system32\dgtrayicon.exe
2020-11-17 16:51 - 2020-11-17 16:51 - 000432960 _____ C:\Windows\system32\EEURestart.exe
2020-11-17 16:51 - 2020-11-17 16:51 - 000380224 _____ C:\Windows\SysWOW64\GameManager32.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000339776 _____ C:\Windows\system32\clinfo.exe
2020-11-17 16:51 - 2020-11-17 16:51 - 000187200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000167232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000166720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000156992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000142656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000141120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000090944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000075576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000046904 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000043832 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000019984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2020-11-17 16:51 - 2020-11-17 16:51 - 000019984 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 079762240 _____ C:\Windows\system32\amd_comgr.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 065448248 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 004919616 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 004624704 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 001798464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 001490752 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiacm64.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 001356096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 001356096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 000793920 _____ (AMD) C:\Windows\system32\atieclxx.exe
2020-11-17 16:50 - 2020-11-17 16:50 - 000468800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 000456512 _____ C:\Windows\system32\atieah64.exe
2020-11-17 16:50 - 2020-11-17 16:50 - 000352064 _____ C:\Windows\SysWOW64\atieah32.exe
2020-11-17 16:50 - 2020-11-17 16:50 - 000245568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 000213312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 000182600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 000158856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 000150336 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 000136000 _____ (AMD) C:\Windows\system32\atimuixx.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 000130880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 000125760 _____ C:\Windows\system32\atidxx64.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 000107840 _____ C:\Windows\SysWOW64\atidxx32.dll
2020-11-17 16:50 - 2020-11-17 16:50 - 000070464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2020-11-17 16:49 - 2020-11-17 16:49 - 000941376 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2020-11-17 16:49 - 2020-11-17 16:49 - 000768832 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2020-11-17 16:49 - 2020-11-17 16:49 - 000466752 _____ C:\Windows\system32\amdlogum.exe
2020-11-17 16:49 - 2020-11-17 16:49 - 000122688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2020-11-17 16:49 - 2020-11-17 16:49 - 000107328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2020-11-17 16:48 - 2020-11-17 16:48 - 073048384 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2020-11-17 16:48 - 2020-11-17 16:48 - 001686216 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2020-11-17 16:48 - 2020-11-17 16:48 - 001365568 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2020-11-17 16:48 - 2020-11-17 16:48 - 000489792 _____ C:\Windows\system32\amdgfxinfo64.dll
2020-11-17 16:48 - 2020-11-17 16:48 - 000380224 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2020-11-17 16:48 - 2020-11-17 16:48 - 000202640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2020-11-17 16:48 - 2020-11-17 16:48 - 000170192 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2020-11-17 16:48 - 2020-11-17 16:48 - 000130432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2020-11-17 16:48 - 2020-11-17 16:48 - 000130432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2020-11-17 16:48 - 2020-11-17 16:48 - 000108448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2020-11-17 16:48 - 2020-11-17 16:48 - 000108448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2020-11-17 16:47 - 2020-11-17 16:47 - 000547000 _____ C:\Windows\system32\amdmiracast.dll
2020-11-17 16:47 - 2020-11-17 16:47 - 000136128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2020-11-17 16:47 - 2020-11-17 16:47 - 000120464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2020-11-17 15:15 - 2020-11-17 15:15 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2020-11-17 15:15 - 2020-11-17 15:15 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2020-11-17 15:15 - 2020-11-17 15:15 - 000553096 _____ C:\Windows\SysWOW64\atiapfxx.blb
2020-11-17 15:15 - 2020-11-17 15:15 - 000553096 _____ C:\Windows\system32\atiapfxx.blb
2020-11-17 15:15 - 2020-11-17 15:15 - 000204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2020-11-17 15:15 - 2020-11-17 15:15 - 000204952 _____ C:\Windows\system32\ativvsvl.dat
2020-11-17 15:15 - 2020-11-17 15:15 - 000157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2020-11-17 15:15 - 2020-11-17 15:15 - 000157144 _____ C:\Windows\system32\ativvsva.dat
2020-11-17 15:15 - 2020-11-17 15:15 - 000154384 _____ C:\Windows\system32\samu_krnl_ci.sbin
2020-11-17 15:15 - 2020-11-17 15:15 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin
2020-11-17 15:15 - 2020-11-17 15:15 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin
2020-11-17 15:15 - 2020-11-17 15:15 - 000121168 _____ C:\Windows\system32\kapp_si.sbin
2020-11-17 15:15 - 2020-11-17 15:15 - 000076237 _____ C:\Windows\system32\AMDKernelEvents.man
2020-11-17 15:15 - 2020-11-17 15:15 - 000012344 _____ C:\Windows\system32\brandingWS_RSX.bmp
2020-11-17 15:15 - 2020-11-17 15:15 - 000012344 _____ C:\Windows\system32\brandingRSX.bmp
2020-11-17 15:15 - 2020-11-17 15:15 - 000011014 _____ C:\Windows\system32\atiacmLocalisation.ini
2020-11-17 15:15 - 2020-11-17 15:15 - 000000822 _____ C:\Windows\system32\branding.bmp
2020-11-17 12:39 - 2020-11-21 16:55 - 000001229 _____ C:\Users\quoih\Downloads\MaBylog.txt
2020-11-13 13:37 - 2020-11-13 13:37 - 000001229 _____ C:\Users\quoih\Downloads\MBblog.txt
2020-11-13 09:27 - 2020-11-13 09:27 - 000098012 _____ C:\Users\quoih\Downloads\texte_explicatif_TOC.pdf
2020-11-13 09:26 - 2020-11-13 09:26 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-13 09:26 - 2020-11-13 09:26 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-13 09:26 - 2020-11-13 09:26 - 000197632 _____ C:\Windows\system32\IHDS.dll
2020-11-13 09:26 - 2020-11-13 09:26 - 000152576 _____ C:\Windows\system32\EoAExperiences.exe
2020-11-13 09:26 - 2020-11-13 09:26 - 000009265 _____ C:\Windows\system32\DrtmAuthTxt.wim
2020-11-13 09:17 - 2020-11-13 09:17 - 000000000 _____ C:\Users\quoih\New
2020-11-13 09:11 - 2020-11-13 09:11 - 000430606 _____ C:\Users\quoih\Downloads\Chap9-NYC-a20.pdf
2020-11-12 15:00 - 2020-11-12 15:05 - 000000000 ____D C:\Users\quoih\AppData\Local\Textorcist
2020-11-12 15:00 - 2020-11-12 15:00 - 000000309 _____ C:\Users\quoih\Desktop\The Textorcist.url
2020-11-11 20:48 - 2020-11-11 20:48 - 000381057 _____ C:\Users\quoih\Downloads\Cahier-Elevedevoirpartie2.pdf
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\Roaming\Kalypso Media
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\Realmforge Studios GmbH
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\Local\Kalypso Media
2020-11-11 10:20 - 2020-11-11 10:20 - 000000000 ____D C:\Users\quoih\AppData\Local\Epic Games
2020-11-11 10:17 - 2020-11-11 10:17 - 000000304 _____ C:\Users\quoih\Desktop\Dungeons 3.url
2020-11-11 09:52 - 2020-11-11 09:52 - 000000281 _____ C:\Users\quoih\Desktop\Into The Breach.url
2020-11-10 21:52 - 2020-11-10 21:52 - 000001229 _____ C:\Users\quoih\Downloads\mblog.txt
2020-11-10 18:42 - 2020-12-04 14:25 - 091226112 _____ C:\Windows\system32\config\SOFTWARE
2020-11-10 14:34 - 2020-11-10 14:34 - 000000000 ____D C:\Users\quoih\Documents\Escape from Tarkov
2020-11-10 14:34 - 2020-11-10 14:34 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\Battlestate Games
2020-11-10 11:48 - 2020-11-10 11:48 - 000000000 ____D C:\Users\quoih\.m2
2020-11-10 11:45 - 2020-11-10 11:45 - 000000000 ____D C:\Users\quoih\AppData\Roaming\Teams
2020-11-10 11:22 - 2020-11-26 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:25 - 000000000 ____D C:\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:22 - 000000000 ____D C:\Users\quoih\AppData\Roaming\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:22 - 000000000 ____D C:\Users\quoih\AppData\Local\Battlestate Games
2020-11-10 11:22 - 2020-11-10 11:22 - 000000000 ____D C:\ProgramData\Battlestate Games
2020-11-10 11:21 - 2020-11-10 11:21 - 073316360 _____ (Battlestate Games ) C:\Users\quoih\Downloads\BsgLauncher.10.4.1.1205.exe
2020-11-08 12:09 - 2020-11-08 12:09 - 000000000 ____D C:\Users\quoih\AppData\Local\ElevatedDiagnostics
2020-11-07 11:25 - 2020-11-08 13:47 - 000003804 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2020-11-07 10:37 - 2020-11-07 10:37 - 000002920 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-11-07 10:37 - 2020-11-07 10:37 - 000002914 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-11-07 10:37 - 2020-11-07 10:37 - 000002910 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-11-07 10:37 - 2020-11-07 10:37 - 000002908 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-11-07 10:36 - 2020-12-02 10:25 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-11-07 10:36 - 2020-12-02 10:25 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-11-07 10:36 - 2020-12-02 10:25 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-11-07 10:36 - 2020-11-29 10:48 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-07 10:36 - 2020-11-29 10:48 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-07 09:54 - 2020-11-07 09:54 - 000000000 ____D C:\Windows\system32\appmgmt
2020-11-06 09:57 - 2020-12-04 14:15 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-11-06 09:57 - 2020-11-06 09:56 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-04 14:26 - 2020-10-29 16:49 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-04 14:26 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-04 14:25 - 2020-09-30 16:01 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-04 14:25 - 2020-09-30 16:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-04 14:25 - 2020-09-30 13:07 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-12-04 14:25 - 2019-12-07 04:03 - 000786432 _____ C:\Windows\system32\config\BBI
2020-12-04 14:19 - 2020-09-30 13:08 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-04 14:19 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
2020-12-04 14:15 - 2020-10-06 10:01 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2020-12-04 14:10 - 2020-11-03 10:34 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-12-04 13:35 - 2020-09-30 13:05 - 000000000 ____D C:\Users\quoih
2020-12-04 13:33 - 2020-09-30 16:01 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-12-04 10:43 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-04 10:43 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
2020-12-04 10:42 - 2020-09-30 13:20 - 000003418 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-04 10:42 - 2020-09-30 13:20 - 000003294 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-04 10:41 - 2020-09-30 16:01 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-12-03 11:31 - 2020-10-04 11:23 - 000000000 ____D C:\Users\quoih\.p2
2020-11-30 15:47 - 2020-10-06 10:04 - 000000000 ____D C:\Users\quoih\AppData\Local\CrashDumps
2020-11-30 08:55 - 2020-10-26 07:31 - 000000000 ____D C:\Users\quoih\git
2020-11-29 14:50 - 2020-10-04 11:46 - 000000000 ____D C:\Users\quoih\eclipse-workspace
2020-11-24 15:37 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
2020-11-23 13:25 - 2020-09-30 13:07 - 000000000 ____D C:\Users\quoih\AppData\Local\Packages
2020-11-22 11:57 - 2020-10-07 15:59 - 000002368 _____ C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-11-22 11:57 - 2020-10-07 15:59 - 000002360 _____ C:\Users\quoih\Desktop\Microsoft Teams.lnk
2020-11-21 16:49 - 2020-10-21 09:59 - 000000000 ____D C:\Program Files\Epic Games
2020-11-18 17:47 - 2020-09-30 13:08 - 000000000 ____D C:\Program Files (x86)\Razer
2020-11-16 16:56 - 2020-09-30 21:48 - 000000000 ____D C:\Users\quoih\AppData\LocalLow\miHoYo
2020-11-16 16:56 - 2020-09-30 17:41 - 000000000 ____D C:\Users\quoih\AppData\Local\miHoYo
2020-11-16 11:44 - 2020-09-30 13:20 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-16 11:44 - 2020-09-30 13:20 - 000002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-16 11:44 - 2020-09-30 13:20 - 000002166 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-14 13:12 - 2020-09-30 17:49 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-13 09:35 - 2020-09-30 16:01 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2020-11-13 09:34 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\setup
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\oobe
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellExperiences
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-11-13 09:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr
2020-11-13 09:26 - 2020-09-30 13:04 - 002876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-11-10 18:42 - 2020-09-30 18:24 - 000000000 ____D C:\Windows\Microsoft Antimalware
2020-11-09 17:11 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-11-08 12:08 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\NDF
2020-11-06 09:57 - 2020-09-30 16:34 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-06 09:57 - 2020-09-30 16:34 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-06 09:57 - 2020-09-30 16:34 - 000001981 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-06 09:56 - 2020-09-30 16:34 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys

==================== Files in the root of some directories ========

2020-10-30 08:14 - 2020-10-30 08:14 - 000000116 _____ () C:\Users\quoih\AppData\Roaming\debug.log
2020-10-04 18:21 - 2020-10-04 18:21 - 000007602 _____ () C:\Users\quoih\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

blocTore

New Member
Nov 30, 2020
14
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2020
Ran by quoih (04-12-2020 14:28:27)
Running from C:\Users\quoih\Downloads
Windows 10 Pro Version 2004 19041.630 (X64) (2020-09-30 18:03:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3883136046-2417711927-3391061525-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3883136046-2417711927-3391061525-503 - Limited - Disabled)
Guest (S-1-5-21-3883136046-2417711927-3391061525-501 - Limited - Disabled)
quoih (S-1-5-21-3883136046-2417711927-3391061525-1001 - Administrator - Enabled) => C:\Users\quoih
WDAGUtilityAccount (S-1-5-21-3883136046-2417711927-3391061525-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
Battlestate Games Launcher 10.4.3.1230 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 10.4.3.1230 - Battlestate Games)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
draw.io 13.7.9 (HKLM\...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 13.7.9 - JGraph)
Epic Games Launcher (HKLM-x32\...\{B2081DA9-6C73-403B-BA23-DCE21015C0A1}) (Version: 1.1.293.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.12.8.9978 - Battlestate Games)
Excel (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Genshin Impact (HKLM\...\Genshin Impact Beta) (Version: 2.3.3.0 - miHoYo Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Java(TM) SE Development Kit 15 (64-bit) (HKLM\...\{E04E5624-3CF1-5E84-A439-4D8FAAA05C79}) (Version: 15.0.0.0 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Outlook (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
Word (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Zoom (HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\ZoomUMX) (Version: 5.3.1 (52879.0927) - Zoom Video Communications, Inc.)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-04] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Studios) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2020-10-02] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.147.684.0_x86__zpdnekdrzrea0 [2020-12-04] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\quoih\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\quoih\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-30] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\quoih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2020-10-21 09:52 - 2020-10-21 09:52 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2020-10-21 09:52 - 2020-10-21 09:52 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2020-10-21 09:52 - 2020-10-21 09:52 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2020-11-13 14:48 - 2020-11-13 14:48 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-11-04 10:47 - 2020-11-04 10:48 - 088096256 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6\HP.Smart.dll
2020-10-21 09:52 - 2020-10-21 09:52 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000058880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-11-13 15:00 - 2020-11-13 15:00 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\...\sharepoint.com -> hxxps://cmaisonneuveqcca-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 04:14 - 2020-11-03 13:50 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3883136046-2417711927-3391061525-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{94826659-0591-4FFF-8F8B-2BD79A951065}] => (Allow) C:\Users\quoih\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AE8E41AD-3D2A-4030-A327-8B0ED1823736}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{959FD1C3-4CC7-44A3-B40C-55B3F6C585F4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{02FF7914-9E33-4BAA-9978-184DE03489DD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{621A2D51-69D4-4ED6-81E8-B019B5B708CD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF66F177-7688-482B-89FE-7B504EE2029F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6FDE5667-8622-43BB-BE19-4AC9B4FE7ED4}C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D6741FAC-9960-425C-93A8-67B80D70AB68}C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\quoih\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6EF08D96-E352-4877-94EE-FD4B3AEEF016}C:\program files\java\jdk-15\bin\javaw.exe] => (Block) C:\program files\java\jdk-15\bin\javaw.exe
FirewallRules: [UDP Query User{D9E0AB83-A537-499C-B177-AF143F5DB60A}C:\program files\java\jdk-15\bin\javaw.exe] => (Block) C:\program files\java\jdk-15\bin\javaw.exe
FirewallRules: [{8477323B-43AA-4AB7-8372-C1BC5C9D797D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A7BCF5F7-D080-40C1-82AE-EF138BCF8FF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{63926C6C-FEB9-4288-9DE7-4D164EF95193}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DF960D43-C4FB-41E1-8C7F-52A5D2C69E66}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EEE05B79-3F7A-4202-80C0-BF8FAB2D1A91}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E0034AF1-7D68-4DBE-BE60-9C808728AB7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{653C7D2C-E057-4F5C-8A26-8E2418F28262}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A86D38E8-3B50-4BCA-9F61-445F144E4682}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [{D1D979FB-8B62-414A-9707-700E631A65CB}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [{CAE9106A-F003-4026-B408-AC6B85F0872E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.147.684.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2D106AE7-9147-46FB-B0E6-1ACBAAD7B05C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.147.684.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0F98BDB9-73BB-42EC-AF3A-E72EFA247EE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.147.684.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{379F7377-5E7E-4ACC-AB76-5E7EC70DD81F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.147.684.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FA5D76F5-0A24-4468-B4BE-E5A18B8E77CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.147.684.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C0C9F7D3-86A9-4885-9EFD-B300387B66C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.147.684.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9B889F8D-BBB6-41DC-8F76-B44B1D4CB5F5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.147.684.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AE52A394-593F-4BD5-A908-F18D07B99F02}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.147.684.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

29-11-2020 12:11:13 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/04/2020 01:37:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Teams.exe version 1.3.0.30866 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 25f4

Start Time: 01d6ca6c6b552d01

Termination Time: 4294967295

Application Path: C:\Users\quoih\AppData\Local\Microsoft\Teams\current\Teams.exe

Report Id: 15a6205e-bf59-4e2c-937a-a036fb2b0f01

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (12/04/2020 01:34:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Teams.exe version 1.3.0.30866 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2100

Start Time: 01d6ca6c00917484

Termination Time: 4294967295

Application Path: C:\Users\quoih\AppData\Local\Microsoft\Teams\current\Teams.exe

Report Id: 8fd3e7a1-f863-43f3-b9a6-74ccdf16130c

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (11/30/2020 03:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 86.0.4240.198, time stamp: 0x5fab39a8
Faulting module name: SHELL32.dll_unloaded, version: 10.0.19041.610, time stamp: 0xd245a575
Exception code: 0xc0000005
Fault offset: 0x00000000002a76e1
Faulting process id: 0x2114
Faulting application start time: 0x01d6c75a1683584d
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: SHELL32.dll
Report Id: ad40d234-fac8-4236-8174-c9ea3fc0584a
Faulting package full name:
Faulting package-relative application ID:

Error: (11/21/2020 04:44:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (11/21/2020 04:40:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EscapeFromTarkov.exe version 0.12.8.9831 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3f80

Start Time: 01d6c03f4c269e95

Termination Time: 5

Application Path: C:\Battlestate Games\EFT\EscapeFromTarkov.exe

Report Id: aa606083-0f83-450e-b3a6-f51993a1b99b

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/17/2020 01:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.546, time stamp: 0xb850de5d
Faulting module name: combase.dll, version: 10.0.19041.572, time stamp: 0x3dacb7ed
Exception code: 0xc0000005
Fault offset: 0x000aa772
Faulting process id: 0x19a4
Faulting application start time: 0x01d6bd07f4a25a78
Faulting application path: C:\Windows\SysWOW64\DllHost.exe
Faulting module path: C:\Windows\System32\combase.dll
Report Id: 1c09c487-e73e-4f4c-accd-9c9a9faff5cd
Faulting package full name: Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c
Faulting package-relative application ID: App

Error: (11/17/2020 12:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.19041.546, time stamp: 0xb850de5d
Faulting module name: combase.dll, version: 10.0.19041.572, time stamp: 0x3dacb7ed
Exception code: 0xc0000005
Fault offset: 0x000aa772
Faulting process id: 0x3c2c
Faulting application start time: 0x01d6bd0643bc78e5
Faulting application path: C:\Windows\SysWOW64\DllHost.exe
Faulting module path: C:\Windows\System32\combase.dll
Report Id: 5700dc63-0527-4994-833d-ce4daf77bcc8
Faulting package full name: Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c
Faulting package-relative application ID: App

Error: (11/15/2020 09:53:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x4fe0bcb3
Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x1183946c
Exception code: 0xc0000409
Fault offset: 0x000000000010b65c
Faulting process id: 0x2e50
Faulting application start time: 0x01d6bb5f1e158160
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 74507843-ac0a-4e61-904d-b0230f1d30ba
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App


System errors:
=============
Error: (12/04/2020 02:21:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The AMD User Experience Program Launcher service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/04/2020 02:15:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-RGPP5SJ)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{E48EDA45-43C6-48E0-9323-A7B2067D9CD5}

Error: (12/04/2020 02:15:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-RGPP5SJ)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/04/2020 02:15:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-RGPP5SJ)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{E48EDA45-43C6-48E0-9323-A7B2067D9CD5}

Error: (12/04/2020 02:15:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-RGPP5SJ)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/04/2020 02:15:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-RGPP5SJ)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{E48EDA45-43C6-48E0-9323-A7B2067D9CD5}

Error: (12/04/2020 02:15:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-RGPP5SJ)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/04/2020 02:15:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-RGPP5SJ)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{E48EDA45-43C6-48E0-9323-A7B2067D9CD5}


Windows Defender:
===================================
Date: 2020-12-01 13:12:14.9370000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {351F24F4-668A-4B2E-AEF2-833B66181492}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-29 12:52:50.4470000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {1DC1FE73-C6E9-4A20-9F0C-45CF9C903976}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-18 11:32:06.0340000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {4669CFA2-22A0-43AB-A20D-24B6672A34FF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-15 11:17:40.3170000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B59C6A16-1664-42C1-BD11-CEE764F1C225}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-12 13:10:38.5050000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {29D9A823-8522-46C4-A96D-C3ADB4B1BB73}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-04 14:10:08.9710000Z
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-11-08 12:12:02.0090000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.527.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-10-09 14:38:29.4460000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.

Date: 2020-10-06 11:01:08.9290000Z
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2020-10-02 19:55:58.7890000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-02 19:55:51.1430000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:51.1360000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:51.1180000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:01.0040000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9950000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9850000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-02 19:55:00.9670000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F50 11/27/2019
Motherboard: Gigabyte Technology Co., Ltd. B450M DS3H-CF
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 16332.58 MB
Available physical RAM: 12057.41 MB
Total Virtual: 22732.58 MB
Available Virtual: 14492.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.15 GB) (Free:367.52 GB) NTFS

\\?\Volume{fff3ad92-ff9c-46d5-8e73-d2d59222c1f2}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{e25367b3-d04f-4e4b-b458-3e93926054d6}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
472
Hi,

Good work.

Your logs are cleaned of malware.

Stay safe.
 
Status
Not open for further replies.
Top