December 8, 2023
Headlines

Have Malware, Virus etc unsure what type

Amora R Jelo064 mins
Have Malware, Virus etc unsure what type

Hi

 

 

I have some sort of Virus Malware etc on my laptop.  I noticed after lending the laptop out to someone for 5 mins that she had downloaded a csv file with all my saved passwords on it.  I can see in Network devises there is an XBOX and something called a TwonkyWonky server which are definitely not mine.  As my son uses my old icloud account his phone was also hacked and his girlfriends also.  My neighbor is my best friend and my Microsoft account is on her computer her laptop and my phone seem to have something on it.  Even as I write this twice with no input from me my post is highlighted and deleted so I have had to copy and paste as I go. I have run every antiMalware, anti virus that I can think of and installed numerous clean Windows 10.  I have even changed the hard drive 4x to no avail.  I am hoping you can help please?  TIA I have run Farber see below thank u so much I was about to chuck this laptop away.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-07-2021
Ran by hotoo (administrator) on HELZCOMPUTER (LENOVO 3369A62) (03-07-2021 06:22:38)
Running from C:UsershotooDownloads
Loaded Profiles: hotoo
Platform: Windows 10 Home Version 21H1 19043.1081 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation – pGFX -> Intel Corporation) C:WindowsSystem32igfxCUIService.exe
(Intel Corporation – pGFX -> Intel Corporation) C:WindowsSystem32igfxEM.exe
(Intel Corporation – pGFX -> Intel Corporation) C:WindowsSystem32igfxHK.exe
(Intel Corporation – pGFX -> Intel Corporation) C:WindowsSystem32igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)Microsoft OneDrive21.109.0530.0001FileCoAuth.exe
(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowsstore_12104.1001.1.0_x64__8wekyb3d8bbweWinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32CloudExperienceHostBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32msinfo32.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:Program FilesWindows DefenderMsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:Program FilesWindows DefenderNisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:Program FilesMozilla Firefoxfirefox.exe <10>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKUS-1-5-21-289658593-2826232128-3048907409-1001…Run: [OneDrive] => C:Program Files (x86)Microsoft OneDriveOneDrive.exe [1976184 2021-07-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {83495084-EB43-44C6-AF0D-91FDEDFC676E} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [690616 2021-06-23] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip..Interfaces{9d9da3ca-fcce-4754-99e0-bcff502e81e6}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:UsershotooAppDataLocalMicrosoftEdgeUser DataDefault [2021-07-03]

FireFox:
========
FF DefaultProfile: at99ql4x.default
FF ProfilePath: C:UsershotooAppDataRoamingMozillaFirefoxProfilesat99ql4x.default [2021-07-02]
FF ProfilePath: C:UsershotooAppDataRoamingMozillaFirefoxProfilesevtn2hlr.default-release [2021-07-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FileSyncHelper; C:Program Files (x86)Microsoft OneDrive21.109.0530.0001FileSyncHelper.exe [2262904 2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
S3 OneDrive Updater Service; C:Program Files (x86)Microsoft OneDrive21.109.0530.0001OneDriveUpdaterService.exe [2728312 2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
S3 VBoxSDS; C:Program FilesOracleVirtualBoxVBoxSDS.exe [746688 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 VBoxNetAdp; C:WINDOWSsystem32DRIVERSVBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:WINDOWSsystem32DRIVERSVBoxNetLwf.sys [249536 2021-04-28] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:WINDOWSSystem32driversWdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:WINDOWSSystem32driversWdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:WINDOWSSystem32DriversWdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-03 15:32 – 2021-07-03 05:03 – 072089600 _____ C:WINDOWSsystem32configSOFTWARE
2021-07-03 15:09 – 2021-07-03 15:09 – 000000000 ____D C:WINDOWSMicrosoft Antimalware
2021-07-03 14:01 – 2021-07-03 14:01 – 000000000 ___RD C:Usershotoo3D Objects
2021-07-03 14:01 – 2021-07-03 14:01 – 000000000 ____D C:UsershotooAppDataRoamingAdobe
2021-07-03 14:01 – 2021-07-03 14:01 – 000000000 ____D C:UsershotooAppDataLocalVirtualStore
2021-07-03 14:01 – 2021-07-03 14:01 – 000000000 ____D C:UsershotooAppDataLocalPublishers
2021-07-03 14:01 – 2021-07-03 05:26 – 000000000 __SHD C:UsershotooIntelGraphicsProfiles
2021-07-03 14:01 – 2021-07-02 23:34 – 000000000 ____D C:UsershotooAppDataLocalPackages
2021-07-03 14:01 – 2021-07-02 22:18 – 000000000 ____D C:ProgramDataPackages
2021-07-03 14:01 – 2021-07-02 21:04 – 000000000 __RHD C:UsersPublicAccountPictures
2021-07-03 14:00 – 2021-07-03 14:00 – 000000144 _____ C:WINDOWSsystem32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-07-03 14:00 – 2021-07-02 21:35 – 000000000 ____D C:UsershotooAppDataLocalConnectedDevicesPlatform
2021-07-03 13:57 – 2021-07-03 13:57 – 000000020 ___SH C:Usershotoontuser.ini
2021-07-03 13:57 – 2021-07-03 04:44 – 000000000 ____D C:Usershotoo
2021-07-03 12:37 – 2021-07-03 05:08 – 000795738 _____ C:WINDOWSsystem32PerfStringBackup.INI
2021-07-03 12:34 – 2021-07-03 12:34 – 000000451 _____ C:WINDOWSsystem32{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2021-07-03 12:32 – 2021-07-03 12:32 – 000000000 _SHDL C:UsersDefault User
2021-07-03 12:32 – 2021-07-03 12:32 – 000000000 _SHDL C:UsersAll Users
2021-07-03 12:32 – 2021-07-03 12:32 – 000000000 _SHDL C:Documents and Settings
2021-07-03 12:25 – 2021-07-02 22:21 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-07-03 12:25 – 2021-07-02 22:21 – 000002276 _____ C:UsersPublicDesktopMicrosoft Edge.lnk
2021-07-03 12:25 – 2021-07-02 22:21 – 000002276 _____ C:ProgramDataDesktopMicrosoft Edge.lnk
2021-07-03 12:24 – 2021-07-03 12:24 – 000000000 ____D C:Program FilesIntel
2021-07-03 12:24 – 2021-07-03 12:24 – 000000000 ____D C:Intel
2021-07-03 12:24 – 2015-07-30 22:45 – 000072688 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.DLL
2021-07-03 12:24 – 2015-07-30 22:45 – 000069104 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.DLL
2021-07-03 12:21 – 2021-07-03 12:21 – 000000000 ____D C:WINDOWSsystem32Driverswd
2021-07-03 12:21 – 2021-07-03 05:04 – 000000006 ____H C:WINDOWSTasksSA.DAT
2021-07-03 12:20 – 2021-07-03 12:20 – 000000000 ____D C:WINDOWSServiceProfiles
2021-07-03 12:20 – 2021-07-03 04:36 – 000258688 _____ C:WINDOWSsystem32FNTCACHE.DAT
2021-07-03 12:20 – 2021-07-03 04:12 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2021-07-03 12:20 – 2021-07-02 21:43 – 000008192 ___SH C:DumpStack.log.tmp
2021-07-03 06:17 – 2021-07-03 06:20 – 000020893 _____ C:UsershotooDownloadsAddition.txt
2021-07-03 06:07 – 2021-07-03 06:25 – 000005484 _____ C:UsershotooDownloadsFRST.txt
2021-07-03 06:05 – 2021-07-03 06:24 – 000000000 ____D C:FRST
2021-07-03 06:03 – 2021-07-03 06:03 – 000001149 _____ C:UsersPublicDesktopOracle VM VirtualBox.lnk
2021-07-03 06:03 – 2021-07-03 06:03 – 000001149 _____ C:ProgramDataDesktopOracle VM VirtualBox.lnk
2021-07-03 06:03 – 2021-07-03 06:03 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsOracle VM VirtualBox
2021-07-03 06:03 – 2021-07-03 06:03 – 000000000 ____D C:Program FilesOracle
2021-07-03 06:03 – 2021-04-28 14:27 – 000187648 _____ (Oracle Corporation) C:WINDOWSsystem32DriversVBoxUSBMon.sys
2021-07-03 06:03 – 2021-04-28 14:26 – 001038080 _____ (Oracle Corporation) C:WINDOWSsystem32DriversVBoxDrv.sys
2021-07-03 06:01 – 2021-07-03 06:02 – 002300416 _____ (Farbar) C:UsershotooDownloadsFRST64.exe
2021-07-03 05:52 – 2021-07-03 06:00 – 261515264 _____ C:UsershotooDownloadskali-linux-2021.2-installer-amd64.iso
2021-07-03 05:50 – 2021-07-03 05:50 – 108114104 _____ (Oracle Corporation) C:UsershotooDownloadsVirtualBox-6.1.22-144080-Win.exe
2021-07-03 04:38 – 2021-07-03 04:38 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2021-07-03 04:38 – 2021-07-03 04:38 – 000003356 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2021-07-03 04:10 – 2021-07-03 04:10 – 000000000 ____D C:UsershotooAppDataLocalSysinternals
2021-07-03 04:08 – 2021-07-03 04:08 – 001029520 _____ (Sysinternals – www.sysinternals.com) C:UsershotooDownloadsTcpview.exe
2021-07-03 04:07 – 2021-07-03 04:07 – 001801526 _____ C:UsershotooDownloadsTCPView.zip
2021-07-03 03:27 – 2021-07-03 03:27 – 000000000 ____D C:UsershotooAppDataLocalElevatedDiagnostics
2021-07-03 01:27 – 2021-07-03 01:27 – 001687040 _____ C:WINDOWSsystem32libcrypto.dll
2021-07-03 01:25 – 2021-07-03 01:25 – 000067584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wscui.cpl
2021-07-03 01:24 – 2021-07-03 01:24 – 002755584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.tlb
2021-07-03 01:24 – 2021-07-03 01:24 – 000452608 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl
2021-07-03 01:24 – 2021-07-03 01:24 – 000084992 _____ (Microsoft Corporation) C:WINDOWSsystem32wscui.cpl
2021-07-03 01:23 – 2021-07-03 01:23 – 002755584 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.tlb
2021-07-03 01:23 – 2021-07-03 01:23 – 002371072 _____ C:WINDOWSsystem32rdpnano.dll
2021-07-03 01:23 – 2021-07-03 01:23 – 000700928 _____ C:WINDOWSsystem32FsNVSDeviceSource.dll
2021-07-03 01:23 – 2021-07-03 01:23 – 000570880 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl
2021-07-03 01:22 – 2021-07-03 01:22 – 001314128 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi
2021-07-03 01:22 – 2021-07-03 01:22 – 000011333 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2021-07-03 01:20 – 2021-07-03 01:20 – 001864192 _____ (The ICU Project) C:WINDOWSSysWOW64icu.dll
2021-07-03 01:20 – 2021-07-03 01:20 – 000468440 _____ C:WINDOWSSysWOW64WindowManagementAPI.dll
2021-07-03 01:19 – 2021-07-03 01:19 – 001163776 _____ C:WINDOWSsystem32MBR2GPT.EXE
2021-07-03 01:19 – 2021-07-03 01:19 – 000423936 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv
2021-07-03 01:19 – 2021-07-03 01:19 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe
2021-07-03 01:16 – 2021-07-03 01:16 – 001823304 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi
2021-07-03 01:16 – 2021-07-03 01:16 – 001393504 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi
2021-07-03 01:16 – 2021-07-03 01:16 – 000060928 _____ C:WINDOWSsystem32runexehelper.exe
2021-07-03 01:15 – 2021-07-03 01:15 – 000097792 _____ C:WINDOWSsystem32Driverscimfs.sys
2021-07-03 01:14 – 2021-07-03 01:14 – 002260992 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll
2021-07-03 01:14 – 2021-07-03 01:14 – 002260480 _____ (The ICU Project) C:WINDOWSsystem32icu.dll
2021-07-03 01:14 – 2021-07-03 01:14 – 000657464 _____ C:WINDOWSsystem32WindowManagementAPI.dll
2021-07-03 01:13 – 2021-07-03 01:13 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe
2021-07-03 01:13 – 2021-07-03 01:13 – 000165888 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe
2021-07-03 01:12 – 2021-07-03 01:12 – 000563712 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv
2021-07-03 01:12 – 2021-07-03 01:12 – 000287232 _____ C:WINDOWSsystem32CoreMas.dll
2021-07-03 01:12 – 2021-07-03 01:12 – 000013312 _____ C:WINDOWSsystem32agentactivationruntimestarter.exe
2021-07-03 00:17 – 2021-07-03 00:17 – 000000000 ____D C:UsershotooDocumentsSecurity
2021-07-02 23:46 – 2021-07-02 23:46 – 000000164 _____ C:UsershotooDocumentsshare.txt
2021-07-02 23:36 – 2021-07-02 23:36 – 000000000 ____D C:UsershotooDocumentsVlcpVideoV1.0.1
2021-07-02 23:32 – 2021-07-02 23:32 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools
2021-07-02 23:22 – 2021-07-02 23:22 – 000000000 ____D C:UsershotooAppDataLocalComms
2021-07-02 22:50 – 2021-07-02 22:50 – 000002246 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2021-07-02 22:50 – 2021-07-02 22:50 – 000000000 ___RD C:UsersDefaultOneDrive
2021-07-02 22:50 – 2021-07-02 22:50 – 000000000 ____D C:Program Files (x86)Microsoft OneDrive
2021-07-02 22:30 – 2021-07-02 22:30 – 000000000 ____D C:UsershotooAppDataLocalOneDrive
2021-07-02 22:00 – 2021-07-02 22:03 – 000000000 ____D C:WINDOWSsystem32MRT
2021-07-02 21:55 – 2021-07-03 05:27 – 000000000 ____D C:UsershotooAppDataLocalLowMozilla
2021-07-02 21:55 – 2021-07-02 21:55 – 000000000 ____D C:UsershotooAppDataRoamingMozilla
2021-07-02 21:55 – 2021-07-02 21:55 – 000000000 ____D C:UsershotooAppDataLocalMozilla
2021-07-02 21:52 – 2021-07-03 05:28 – 000000000 ___RD C:UsershotooOneDrive
2021-07-02 21:51 – 2021-07-02 23:20 – 000000000 ____D C:UsershotooAppDataLocalPlaceholderTileLogoFolder
2021-07-02 21:51 – 2021-07-02 21:51 – 000001005 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk
2021-07-02 21:51 – 2021-07-02 21:51 – 000000993 _____ C:UsersPublicDesktopFirefox.lnk
2021-07-02 21:51 – 2021-07-02 21:51 – 000000993 _____ C:ProgramDataDesktopFirefox.lnk
2021-07-02 21:51 – 2021-07-02 21:51 – 000000000 ____D C:WINDOWSsystem32TasksMozilla
2021-07-02 21:50 – 2021-07-03 05:28 – 000000000 ____D C:ProgramDataMozilla
2021-07-02 21:50 – 2021-07-02 21:51 – 000000000 ____D C:Program FilesMozilla Firefox
2021-07-02 21:50 – 2021-07-02 21:50 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2021-07-02 21:49 – 2021-07-02 21:50 – 055526992 _____ (Mozilla) C:UsershotooDownloadsmozilla-firefox-89-0-2.exe
2021-07-02 21:39 – 2021-07-02 21:39 – 000000000 ___HD C:$WinREAgent
2021-07-02 21:07 – 2021-07-02 21:07 – 000000000 ____D C:UsershotooDocumentsFeedbackHub
2021-07-02 21:06 – 2021-07-02 21:06 – 000000000 ____D C:UsersPublicDocumentsMDMDiagnostics
2021-07-02 21:06 – 2021-07-02 21:06 – 000000000 ____D C:ProgramDataDocumentsMDMDiagnostics
2021-07-02 21:04 – 2021-07-02 21:04 – 000000000 ____D C:ProgramDataMicrosoft OneDrive
2021-06-22 00:38 – 2021-07-03 12:34 – 000000000 ____D C:WINDOWSPanther
2021-06-22 00:36 – 2021-06-22 00:36 – 000008192 _____ C:WINDOWSsystem32configuserdiff
2021-06-22 00:35 – 2021-07-03 12:35 – 000000000 ____D C:WINDOWSsystem32FxsTmp
2021-06-22 00:35 – 2021-07-03 04:20 – 000000000 ____D C:WINDOWSsystem32OpenSSH
2021-06-22 00:35 – 2021-06-22 00:35 – 000000000 ____D C:WINDOWSSysWOW64MailContactsCalendarSync
2021-06-22 00:35 – 2021-06-22 00:35 – 000000000 ____D C:WINDOWSSysWOW64FxsTmp
2021-06-22 00:35 – 2021-06-22 00:35 – 000000000 ____D C:WINDOWSsystem32MailContactsCalendarSync
2021-06-22 00:35 – 2021-06-22 00:35 – 000000000 ____D C:WINDOWSSetup
2021-06-22 00:35 – 2021-06-22 00:35 – 000000000 ____D C:WINDOWSOCR
2021-06-22 00:35 – 2021-06-22 00:35 – 000000000 ____D C:WINDOWSaddins
2021-06-22 00:35 – 2021-06-22 00:35 – 000000000 ____D C:ProgramDatassh
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSSysWOW64winrm
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSSysWOW64WCN
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSSysWOW64sysprep
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSSysWOW64slmgr
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSSysWOW64Printing_Admin_Scripts
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSSysWOW64409
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSsystem32winrm
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSsystem32WCN
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSsystem32slmgr
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSsystem32Printing_Admin_Scripts
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSsystem32409
2021-06-22 00:34 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSDigitalLocker
2021-06-22 00:28 – 2021-07-03 13:53 – 000000000 ____D C:ProgramDataUSOPrivate
2021-06-22 00:28 – 2021-07-03 12:35 – 000000000 ____D C:WINDOWSsystem32spool
2021-06-22 00:28 – 2021-07-03 12:23 – 000000000 ____D C:WINDOWSappcompat
2021-06-22 00:28 – 2021-07-03 05:33 – 000000000 ____D C:WINDOWSAppReadiness
2021-06-22 00:28 – 2021-07-03 05:27 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2021-06-22 00:28 – 2021-07-03 05:26 – 000000000 ____D C:WINDOWSsystem32WinBioDatabase
2021-06-22 00:28 – 2021-07-03 05:24 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-06-22 00:28 – 2021-07-03 04:24 – 000000000 ____D C:WINDOWSSysWOW64WinMetadata
2021-06-22 00:28 – 2021-07-03 04:24 – 000000000 ____D C:WINDOWSSysWOW64setup
2021-06-22 00:28 – 2021-07-03 04:24 – 000000000 ____D C:WINDOWSSysWOW64oobe
2021-06-22 00:28 – 2021-07-03 04:24 – 000000000 ____D C:WINDOWSSysWOW64Dism
2021-06-22 00:28 – 2021-07-03 04:22 – 000000000 ____D C:WINDOWSLiveKernelReports
2021-06-22 00:28 – 2021-07-03 04:21 – 000000000 ____D C:WINDOWSSystemResources
2021-06-22 00:28 – 2021-07-03 04:21 – 000000000 ____D C:WINDOWSsystem32WinMetadata
2021-06-22 00:28 – 2021-07-03 04:21 – 000000000 ____D C:WINDOWSsystem32SystemResetPlatform
2021-06-22 00:28 – 2021-07-03 04:20 – 000000000 ____D C:WINDOWSsystem32setup
2021-06-22 00:28 – 2021-07-03 04:20 – 000000000 ____D C:WINDOWSsystem32oobe
2021-06-22 00:28 – 2021-07-03 04:20 – 000000000 ____D C:WINDOWSsystem32migwiz
2021-06-22 00:28 – 2021-07-03 04:20 – 000000000 ____D C:WINDOWSsystem32Dism
2021-06-22 00:28 – 2021-07-03 04:17 – 000000000 ___RD C:WINDOWSPrintDialog
2021-06-22 00:28 – 2021-07-03 04:17 – 000000000 ____D C:WINDOWSProvisioning
2021-06-22 00:28 – 2021-07-03 04:17 – 000000000 ____D C:WINDOWSPolicyDefinitions
2021-06-22 00:28 – 2021-07-03 04:17 – 000000000 ____D C:WINDOWSDiagTrack
2021-06-22 00:28 – 2021-07-03 04:17 – 000000000 ____D C:WINDOWSbcastdvr
2021-06-22 00:28 – 2021-07-02 23:34 – 000000000 ___HD C:Program FilesWindowsApps
2021-06-22 00:28 – 2021-07-02 22:50 – 000000000 ___RD C:Program Files (x86)
2021-06-22 00:28 – 2021-07-02 22:20 – 000000000 ____D C:WINDOWSServiceState
2021-06-22 00:28 – 2021-06-22 00:38 – 000028672 _____ C:WINDOWSsystem32configBCD-Template
2021-06-22 00:28 – 2021-06-22 00:35 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ___SD C:WINDOWSSysWOW64F12
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ___SD C:WINDOWSSysWOW64DiagSvcs
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ___SD C:WINDOWSsystem32F12
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ___SD C:WINDOWSsystem32dsc
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ___SD C:WINDOWSsystem32DiagSvcs
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSSysWOW64MUI
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSSysWOW64Com
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSsystem32Sysprep
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSsystem32PerceptionSimulation
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSsystem32MUI
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSsystem32Com
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSIME
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:WINDOWSHelp
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:Program FilesWindows Photo Viewer
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:Program FilesWindows NT
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:Program FilesWindows Defender
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:Program FilesCommon FilesSystem
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:Program Files (x86)Windows Photo Viewer
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:Program Files (x86)Windows NT
2021-06-22 00:28 – 2021-06-22 00:34 – 000000000 ____D C:Program Files (x86)Windows Defender
2021-06-22 00:28 – 2021-06-22 00:29 – 000000000 ___SD C:WINDOWSSysWOW64Nui
2021-06-22 00:28 – 2021-06-22 00:29 – 000000000 ____D C:WINDOWSSysWOW64PerceptionSimulation
2021-06-22 00:28 – 2021-06-22 00:29 – 000000000 ____D C:WINDOWSSysWOW64migwiz
2021-06-22 00:28 – 2021-06-22 00:29 – 000000000 ____D C:WINDOWSSysWOW64Keywords
2021-06-22 00:28 – 2021-06-22 00:29 – 000000000 ____D C:WINDOWSSysWOW64icsxml
2021-06-22 00:28 – 2021-06-22 00:29 – 000000000 ____D C:WINDOWSSysWOW64downlevel
2021-06-22 00:28 – 2021-06-22 00:29 – 000000000 ____D C:WINDOWSSysWOW64Bthprops
2021-06-22 00:28 – 2021-06-22 00:29 – 000000000 ____D C:WINDOWSSysWOW64AdvancedInstallers
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 __SHD C:Program FilesWindows Sidebar
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 __SHD C:Program Files (x86)Windows Sidebar
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 __RSD C:WINDOWSMedia
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 __RHD C:UsersPublicLibraries
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ___SD C:WINDOWSSysWOW64Configuration
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ___SD C:WINDOWSsystem32UNP
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ___SD C:WINDOWSsystem32Nui
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ___SD C:WINDOWSsystem32Configuration
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ___SD C:WINDOWSDownloaded Program Files
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ___RD C:WINDOWSOffline Web Pages
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ___HD C:WINDOWSLanguageOverlayCache
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSWeb
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSWaaS
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSVss
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWStracing
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSTAPI
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSysWOW64SMI
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSysWOW64ras
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSysWOW64NDF
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSysWOW64Msdtc
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSysWOW64Ipmi
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSysWOW64InputMethod
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSysWOW64inetsrv
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSysWOW64IME
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSysWOW64GroupPolicyUsers
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSysWOW64GroupPolicy
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSysWOW64AppLocker
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSystemApps
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32winevt
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32ti-et
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32ta-lk
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32ta-in
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32si-lk
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32ShellExperiences
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32Sgrm
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32SecureBootUpdates
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32ras
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32ProximityToast
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32PointOfService
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32osa-Osge-001
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32NDF
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32my-mm
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32MsDtc
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32Keywords
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32Ipmi
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32InputMethod
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32inetsrv
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32IME
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32icsxml
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32ias
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32Hydrogen
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32GroupPolicyUsers
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32GroupPolicy
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32ff-Adlm-SN
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32DriverState
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32DriversDriverData
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32downlevel
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32DDFs
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32ContainerSettingsProviders
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32configTxR
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32configsystemprofile
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32configRegBack
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32configJournal
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32Bthprops
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32appraiser
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32AppLocker
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32am-et
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32AdvancedInstallers
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSystem
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSKB
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSShellExperiences
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSShellComponents
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsecurity
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSschemas
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSSchCache
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSResources
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSrescache
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSRegistration
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSPLA
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSPerformance
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSModemLogs
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSL2Schemas
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSInputMethod
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSIdentityCRL
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSGlobalization
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSGameBarPresenceWriter
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSELAMBKUP
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSCursors
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSContainers
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSBranding
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:ProgramDataWindowsHolographicDevices
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:ProgramDataUSOShared
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:Program FilesWindows Security
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:Program FilesWindows Portable Devices
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:Program FilesWindows Multimedia Platform
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:Program FilesModifiableWindowsApps
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:Program FilesCommon FilesServices
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:Program Files (x86)Windows Portable Devices
2021-06-22 00:28 – 2021-06-22 00:28 – 000000000 ____D C:Program Files (x86)Windows Multimedia Platform
2021-06-22 00:28 – 2021-06-22 00:24 – 000215943 _____ C:WINDOWSSysWOW64dssec.dat
2021-06-22 00:28 – 2021-06-22 00:24 – 000215943 _____ C:WINDOWSsystem32dssec.dat
2021-06-22 00:28 – 2021-06-22 00:24 – 000020908 _____ C:WINDOWSsystem32OEMDefaultAssociations.xml
2021-06-22 00:28 – 2021-06-22 00:24 – 000017635 _____ C:WINDOWSsystem32Driversetcservices
2021-06-22 00:28 – 2021-06-22 00:24 – 000003683 _____ C:WINDOWSsystem32Driversetclmhosts.sam
2021-06-22 00:28 – 2021-06-22 00:24 – 000003103 _____ C:WINDOWSSysWOW64mmc.exe.config
2021-06-22 00:28 – 2021-06-22 00:24 – 000003103 _____ C:WINDOWSsystem32mmc.exe.config
2021-06-22 00:28 – 2021-06-22 00:24 – 000001358 _____ C:WINDOWSsystem32Driversetcprotocol
2021-06-22 00:28 – 2021-06-22 00:24 – 000000858 _____ C:WINDOWSsystem32DefaultQuestions.json
2021-06-22 00:28 – 2021-06-22 00:24 – 000000741 _____ C:WINDOWSSysWOW64NOISE.DAT
2021-06-22 00:28 – 2021-06-22 00:24 – 000000741 _____ C:WINDOWSsystem32NOISE.DAT
2021-06-22 00:28 – 2021-06-22 00:24 – 000000407 _____ C:WINDOWSsystem32Driversetcnetworks
2021-06-22 00:28 – 2021-06-22 00:24 – 000000219 _____ C:WINDOWSsystem.ini
2021-06-22 00:28 – 2021-06-22 00:24 – 000000092 _____ C:WINDOWSwin.ini
2021-06-22 00:26 – 2021-07-03 06:20 – 000000000 ____D C:WINDOWSINF
2021-06-22 00:18 – 2021-07-03 02:03 – 000000000 ____D C:WINDOWSCbsTemp
2021-06-22 00:15 – 2021-07-03 12:22 – 000032768 _____ C:WINDOWSsystem32configELAM
2021-06-22 00:15 – 2021-07-03 05:03 – 011796480 _____ C:WINDOWSsystem32configSYSTEM
2021-06-22 00:15 – 2021-07-03 05:03 – 000524288 _____ C:WINDOWSsystem32configDEFAULT
2021-06-22 00:15 – 2021-07-03 05:03 – 000524288 _____ C:WINDOWSsystem32configBBI
2021-06-22 00:15 – 2021-07-03 05:03 – 000131072 _____ C:WINDOWSsystem32configSAM
2021-06-22 00:15 – 2021-07-03 05:03 – 000065536 _____ C:WINDOWSsystem32configSECURITY
2021-06-22 00:15 – 2021-07-03 01:48 – 000000000 ____D C:WINDOWSservicing
2021-06-22 00:15 – 2021-06-22 00:28 – 000000000 ____D C:WINDOWSsystem32SMI
2021-06-22 00:13 – 2021-06-22 00:39 – 000000000 ___HD C:$SysReset

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2021
Ran by hotoo (03-07-2021 06:27:53)
Running from C:UsershotooDownloads
Windows 10 Home Version 21H1 19043.1081 (X64) (2021-07-03 02:34:23)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-289658593-2826232128-3048907409-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-289658593-2826232128-3048907409-503 – Limited – Disabled)
defaultuser100000 (S-1-5-21-289658593-2826232128-3048907409-1006 – Limited – Enabled)
Guest (S-1-5-21-289658593-2826232128-3048907409-501 – Limited – Disabled)
hotoo (S-1-5-21-289658593-2826232128-3048907409-1001 – Administrator – Enabled) => C:Usershotoo
WDAGUtilityAccount (S-1-5-21-289658593-2826232128-3048907409-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 91.0.864.59 – Microsoft Corporation)
Microsoft OneDrive (HKLM-x32…OneDriveSetup.exe) (Version: 21.109.0530.0001 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 – Microsoft Corporation)
Mozilla Firefox 89.0.2 (x64 en-US) (HKLM…Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 – Mozilla)
Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 89.0.2 – Mozilla)
Oracle VM VirtualBox 6.1.22 (HKLM…{573CC601-ED8D-450F-BE6F-A313DD77A4A0}) (Version: 6.1.22 – Oracle Corporation)

Packages:
=========
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-02] (Microsoft Corporation)
TranslucentTB -> C:Program FilesWindowsApps28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj [2021-07-02] (Charles Milette) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:Program Files (x86)Microsoft OneDrive21.109.0530.0001amd64FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:WINDOWSsystem32igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-22 00:28 – 2021-06-22 00:24 – 000000824 _____ C:WINDOWSsystem32driversetchosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKUS-1-5-21-289658593-2826232128-3048907409-1001Control PanelDesktopWallpaper -> C:UsershotooAppDataLocalMicrosoftWindowsThemesRoamedThemeFilesDesktopBackgroundlogo.png
DNS Servers: 192.168.0.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{22A7707C-3248-4563-B12A-1FB928118D85}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{371D2680-E67B-4C15-A896-C553036FFBD2}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{182EE3A6-23AA-42FC-B360-EA4B924569E2}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2CAD70D4-0DD4-4123-9143-85A043749E01}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5478D4B6-4F48-4E2A-BAD9-920895D3D274}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{28E86BF1-668E-4916-8917-C5FB5B23AA18}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

03-07-2021 03:28:22 3jul

==================== Faulty Device Manager Devices ============

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name: BCM20702A0
Description: BCM20702A0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (07/03/2021 05:04:39 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for bleepHELZCOMPUTER$ via https://STM-KeyId-571f806b47cce79bfa35947ced88b8d1005ae09e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(78ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/03/2021 04:45:33 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for bleepHELZCOMPUTER$ via https://STM-KeyId-571f806b47cce79bfa35947ced88b8d1005ae09e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(78ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/03/2021 04:37:21 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for bleepHELZCOMPUTER$ via https://STM-KeyId-571f806b47cce79bfa35947ced88b8d1005ae09e.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(1812ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/03/2021 03:28:14 AM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer Shadow Copy Optimization Writer experienced retryable error during shadow copy creation. Retrying…

More info: .

Error: (07/03/2021 03:21:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.19041.1, time stamp: 0x95286d96
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x26452a2a
Exception code: 0x8007000e
Fault offset: 0x0012a6e2
Faulting process id: 0x19b0
Faulting application start time: 0x01d76f37e5a45734
Faulting application path: C:Program Files (x86)Internet ExplorerIEXPLORE.EXE
Faulting module path: C:WINDOWSSystem32KERNELBASE.dll
Report Id: 7860e2be-e6d5-4980-9950-a969f0de6b4e
Faulting package full name:
Faulting package-relative application ID:

Error: (07/03/2021 01:43:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn’t complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/03/2021 01:09:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinStore.App.exe version 12104.1001.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1094

Start Time: 01d76f466c1ef2b0

Termination Time: 4294967295

Application Path: C:Program FilesWindowsAppsmicrosoft.windowsstore_12104.1001.1.0_x64__8wekyb3d8bbweWinStore.App.exe

Report Id: 19509656-00b6-47fc-8b27-c63befb45876

Faulting package full name: Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Navigation

Error: (07/03/2021 01:56:07 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUPWIN-DF1G16I36EQ$ via https://STM-KeyId-571f806b47cce79bfa35947ced88b8d1005ae09e.microsoftaik.azure.net/templates/Aik/scep failed:

SubmitDone
Submit(Request): Bad Request
{“Message”:”Failed to parse SCEP request.”}
HTTP/1.1 400 Bad Request
Date: Fri, 02 Jul 2021 10:56:19 GMT
Content-Length: 43
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 45c52591-abce-4cc0-8e0d-8e3917f57601

Method: POST(9438ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

System errors:
=============
Error: (07/03/2021 06:04:30 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on DeviceVBoxNetLwf.

Error: (07/03/2021 06:04:30 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on DeviceVBoxNetLwf.

Error: (07/03/2021 06:04:30 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on DeviceVBoxNetLwf.

Error: (07/03/2021 05:07:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo – Extension – 10/24/2018 12:00:00 AM – 1.0.1.0.

Error: (07/03/2021 04:34:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server Windows.Internal.StateRepository.ApplicationExtension did not register with DCOM within the required timeout.

Error: (07/03/2021 04:33:59 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 809) (User: NT AUTHORITY)
Description: Maintenance Scheduler Group Policy Settings are not properly specified for “Invalid registry keys”. Default settings are being used.

Error: (07/03/2021 04:33:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:38:49 AM on ‎3/‎07/‎2021 was unexpected.

Error: (07/03/2021 02:15:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Encryption Provider Host Service service terminated with the following error:
An exception occurred in the service when handling the control request.

Windows Defender:
================
Date: 2021-07-02 23:40:17
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0
Name: Trojan:Win32/Vigorf.A
Severity: Severe
Category: Trojan
Path: file:_C:UsershotooOneDriveDocumentsVlcpVideoV1.0.1jg6_6asg.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:WindowsSystem32svchost.exe
Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-02 23:40:14
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0
Name: Trojan:Win32/Vigorf.A
Severity: Severe
Category: Trojan
Path: file:_C:UsershotooOneDriveDocumentsVlcpVideoV1.0.1jg6_6asg.exe; process:_pid:6500,ProcessStart:132697066144892195
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:Windowsexplorer.exe
Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-02 23:39:00
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0
Name: Trojan:Win32/Vigorf.A
Severity: Severe
Category: Trojan
Path: file:_C:UsershotooOneDriveDocumentsVlcpVideoV1.0.1jg6_6asg.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:WindowsSystem32svchost.exe
Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-02 23:37:08
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0
Name: Trojan:Win32/Vigorf.A
Severity: Severe
Category: Trojan
Path: file:_C:UsershotooOneDriveDocumentsVlcpVideoV1.0.1jg6_6asg.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:Windowsexplorer.exe
Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-02 21:07:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: LENOVO G8ET90WW (2.50 ) 12/26/2012
Motherboard: LENOVO 3369A62
Processor: Intel® Core™ i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 68%
Total physical RAM: 5988.22 MB
Available physical RAM: 1900.52 MB
Total Virtual: 7652.22 MB
Available Virtual: 3016.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.56 GB) (Free:563.16 GB) NTFS

?Volume{505ee7a1-ad29-49cb-9827-7da3c113f39d} () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
?Volume{ce443e91-658d-4cae-84ed-b1508e4251c2} () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 72129270)

Partition: GPT.

==================== End of Addition.txt =======================

 

 

 

 

 

Attached File
 FRST.txt   32.61KB
  0 downloads

Attached File
 Addition.txt   20.4KB
  0 downloads

Edited by Chris Cosgrove, 02 July 2021 – 05:10 PM.

Duplicated topic deleted

Related News