Inactive Possible remote control virus

Status
Not open for further replies.
First
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2021 01
Ran by Nimzy (administrator) on DESKTOP-9R2Q9P3 (Micro-Star International Co., Ltd. MS-7C75) (09-05-2021 02:20:35)
Running from C:\Users\naiye\Downloads
Loaded Profiles: Nimzy
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.3.74.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.3.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.3.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.3.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.3.74.0_x86__nzyj5cx40ttqa\iCloud\secd.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14>
(JetBrains s.r.o. -> JetBrains s.r.o.) C:\Program Files\JetBrains\PyCharm 2021.1.1\bin\fsnotifier64.exe
(JetBrains s.r.o. -> JetBrains s.r.o.) C:\Program Files\JetBrains\PyCharm 2021.1.1\bin\pycharm64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe [1253232 2021-03-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [68822328 2021-03-16] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\Run: [Discord] => C:\Users\naiye\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe [2495672 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\Run: [utweb] => C:\Users\naiye\AppData\Roaming\uTorrent Web\utweb.exe [5649952 2021-02-03] (BitTorrent Inc -> BitTorrent Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-30] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26D42B54-7D73-440C-90F0-5B76A9954A9B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DBA6633-6659-49E3-947B-3F382B662C7C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3505D4A0-6F22-43F3-B531-135419ABD524} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3BAF3F94-188C-4A77-9443-827B894F2F5C} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {3E9E218E-5DC8-4511-AA35-42C17F812015} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-05-12] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {49586516-E9B2-4127-A5CE-2AD89C419D5A} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {4A202F1E-F5C9-4A6B-A0E2-4DF6A7B58C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-16] (Google LLC -> Google LLC)
Task: {4F2B870E-9304-45DD-B4BC-1EAA1BAD726C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {90600B12-898C-40FC-B583-54C4A3EA2A95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A18E4802-0BEF-414D-A7CF-009C0F7AA3C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-16] (Google LLC -> Google LLC)
Task: {C1359066-6EC6-450D-B9B8-0BC599FDAC31} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {FCD39338-F57C-4BCE-846D-3B28D6203ECE} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{e6bd7225-fe1c-45ec-a5ba-6aef0c55a44e}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:
=======
DownloadDir: C:\Users\naiye\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\naiye\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-08]
Edge Extension: (Outlook) - C:\Users\naiye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-03-19]
Edge Extension: (Word) - C:\Users\naiye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-03-19]
Edge Extension: (Excel) - C:\Users\naiye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-03-19]
Edge Extension: (PowerPoint) - C:\Users\naiye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-03-19]

Chrome:
=======
CHR Profile: C:\Users\naiye\AppData\Local\Google\Chrome\User Data\Default [2021-05-09]
CHR HomePage: Default -> hxxp://my.ycp.edu/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Drive) - C:\Users\naiye\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-16]
CHR Extension: (AdGuard AdBlocker) - C:\Users\naiye\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2021-04-02]
CHR Extension: (YouTube) - C:\Users\naiye\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-16]
CHR Extension: (iCloud Bookmarks) - C:\Users\naiye\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2021-05-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\naiye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-16]
CHR Extension: (iCloud Passwords) - C:\Users\naiye\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2021-05-01]
CHR Extension: (Gmail) - C:\Users\naiye\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-16]
CHR Extension: (Chrome Media Router) - C:\Users\naiye\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-24]
CHR Profile: C:\Users\naiye\AppData\Local\Google\Chrome\User Data\System Profile [2021-03-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-03-31] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe [1253232 2021-03-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12849960 2021-03-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 e60MZ0380.X64; C:\WINDOWS\System32\drivers\e60MZ0380.X64.SYS [4268816 2021-02-25] (Corsair Memory, Inc. -> )
R3 MpKsl10aff54a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6685887A-A414-4E4B-894F-A21EB23788B4}\MpKslDrv.sys [107744 2021-05-09] (Microsoft Windows -> Microsoft Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [174968 2021-01-07] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsle2c317bb; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7999781-D385-4FAE-80F4-FBE810A10A8C}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-09 02:20 - 2021-05-09 02:20 - 000013603 _____ C:\Users\naiye\Downloads\FRST.txt
2021-05-09 02:20 - 2021-05-09 02:20 - 000000000 ____D C:\FRST
2021-05-09 02:19 - 2021-05-09 02:19 - 002298880 _____ (Farbar) C:\Users\naiye\Downloads\Unconfirmed 672512.crdownload
2021-05-09 02:17 - 2021-05-09 02:19 - 002298880 _____ (Farbar) C:\Users\naiye\Downloads\FRST64.exe
2021-05-05 08:13 - 2021-05-05 08:34 - 000001209 _____ C:\Users\naiye\Downloads\escape the room 2.py
2021-05-03 03:43 - 2021-05-03 03:43 - 000000000 _____ C:\Users\naiye\Downloads\May 03 3_43 AM.txt
2021-05-02 08:21 - 2021-05-02 08:21 - 000000000 ____D C:\Users\naiye\Downloads\x-science-v5.26
2021-05-02 08:21 - 2021-05-02 08:21 - 000000000 ____D C:\Users\naiye\Downloads\MechJeb2-2.12.0.0 (1)
2021-05-02 08:21 - 2021-05-02 08:21 - 000000000 ____D C:\Users\naiye\Downloads\KerbalEngineer-1.1.8.3 (1)
2021-05-02 08:21 - 2021-05-02 08:21 - 000000000 ____D C:\Users\naiye\Downloads\ForScience+v1.5.2
2021-05-02 08:20 - 2021-05-02 08:20 - 000000585 _____ C:\Users\naiye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
2021-05-02 07:59 - 2021-05-02 07:59 - 000009868 _____ C:\Users\naiye\Downloads\ForScience+v1.5.2.zip
2021-05-02 07:56 - 2021-05-02 07:56 - 000135586 _____ C:\Users\naiye\Downloads\x-science-v5.26.zip
2021-05-02 07:47 - 2021-05-02 07:47 - 000919094 _____ C:\Users\naiye\Downloads\KerbalEngineer-1.1.8.3 (1).zip
2021-05-02 07:43 - 2021-05-02 07:43 - 003772628 _____ C:\Users\naiye\Downloads\MechJeb2-2.12.0.0 (1).zip
2021-05-01 03:31 - 2021-05-01 03:45 - 000000000 ____D C:\Users\naiye\AppData\Roaming\JetBrains
2021-05-01 03:31 - 2021-05-01 03:31 - 000000000 ____D C:\Users\naiye\AppData\Local\JetBrains
2021-05-01 03:13 - 2021-05-01 03:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2021-05-01 03:12 - 2021-05-01 03:12 - 000000753 _____ C:\Users\Public\Desktop\PyCharm 2021.1.1 x64.lnk
2021-05-01 03:12 - 2021-05-01 03:12 - 000000753 _____ C:\ProgramData\Desktop\PyCharm 2021.1.1 x64.lnk
2021-05-01 03:12 - 2021-05-01 03:12 - 000000000 ____D C:\Program Files\JetBrains
2021-05-01 03:08 - 2021-05-01 03:08 - 466773176 _____ C:\Users\naiye\Downloads\pycharm-professional-2021.1.1.exe
2021-05-01 02:26 - 2021-05-01 03:25 - 000000000 ____D C:\Users\naiye\.idlerc
2021-05-01 02:07 - 2021-05-01 02:07 - 000000000 ____D C:\Users\naiye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.9
2021-05-01 02:06 - 2021-05-01 02:07 - 028323440 _____ (Python Software Foundation) C:\Users\naiye\Downloads\python-3.9.4-amd64.exe
2021-05-01 01:12 - 2021-05-09 02:03 - 000000000 ___RD C:\Users\naiye\iCloudDrive
2021-05-01 01:06 - 2021-05-01 01:06 - 000000000 ____D C:\Users\naiye\AppData\Local\OneDrive
2021-05-01 00:57 - 2021-05-01 01:12 - 000000000 ____D C:\Users\naiye\iCloud Drive Archive
2021-05-01 00:53 - 2021-05-01 00:53 - 000000000 ____D C:\ProgramData\Apple Computer
2021-05-01 00:52 - 2021-05-01 00:52 - 000000000 ____D C:\ProgramData\Apple Inc
2021-05-01 00:52 - 2021-05-01 00:52 - 000000000 ____D C:\ProgramData\Apple
2021-05-01 00:30 - 2021-05-01 00:30 - 161146680 _____ (Apple Inc.) C:\Users\naiye\Downloads\iCloudSetup.exe
2021-05-01 00:15 - 2021-05-01 01:11 - 000000000 ____D C:\Users\naiye\AppData\Local\PlaceholderTileLogoFolder
2021-04-21 04:36 - 2021-04-21 04:36 - 000001650 _____ C:\Users\naiye\Desktop\Kerbal Space Program - Shortcut.lnk
2021-04-21 04:32 - 2021-04-21 04:32 - 000013130 _____ C:\Users\naiye\Downloads\ExperimentTracker_1.3.1.zip
2021-04-21 04:30 - 2021-04-21 04:30 - 000243608 _____ C:\Users\naiye\Downloads\ScienceAlert.zip
2021-04-20 23:59 - 2021-04-21 00:02 - 000000000 ____D C:\Users\naiye\Documents\Kerbal Space Program
2021-04-19 06:50 - 2021-05-02 11:45 - 000000042 _____ C:\Users\naiye\Desktop\kerbalscience.txt
2021-04-18 10:51 - 2021-04-18 10:51 - 000919094 _____ C:\Users\naiye\Downloads\KerbalEngineer-1.1.8.3.zip
2021-04-18 10:48 - 2021-04-18 10:48 - 003772628 _____ C:\Users\naiye\Downloads\MechJeb2-2.12.0.0.zip
2021-04-18 10:37 - 2021-04-18 10:37 - 000018680 _____ C:\Users\naiye\Downloads\Basic Aircraft Design - Simple Designs.zip
2021-04-18 10:35 - 2021-04-18 10:35 - 000004881 _____ C:\Users\naiye\Downloads\EZ Trainer Mk7.zip
2021-04-17 06:31 - 2021-04-17 06:31 - 000000000 ____D C:\Users\naiye\AppData\Local\Cockatrice
2021-04-17 06:31 - 2021-04-17 06:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cockatrice
2021-04-17 06:30 - 2021-04-17 06:31 - 000000000 ____D C:\Program Files\Cockatrice
2021-04-17 06:30 - 2021-04-17 06:30 - 031917280 _____ C:\Users\naiye\Downloads\Cockatrice-Prismatic.Bridge-2.8.0-win64.exe
2021-04-17 06:29 - 2021-04-17 06:30 - 008804030 _____ C:\Users\naiye\Downloads\XMageLauncher-0.3.8.jar
2021-04-17 00:36 - 2021-05-03 00:07 - 000007612 _____ C:\Users\naiye\AppData\Local\Resmon.ResmonCfg
2021-04-16 23:40 - 2021-04-16 23:40 - 000696889 _____ C:\Users\naiye\Downloads\2019_TaxReturn.pdf
2021-04-15 08:38 - 2021-04-15 08:38 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-15 08:37 - 2021-04-15 08:37 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-15 08:37 - 2021-04-15 08:37 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-09 02:09 - 2021-04-04 21:23 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-09 02:09 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-09 02:03 - 2021-04-04 09:00 - 000003126 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2021-05-09 02:03 - 2021-04-04 09:00 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-05-09 02:03 - 2021-04-04 08:57 - 000000000 ____D C:\Users\naiye
2021-05-09 02:03 - 2020-11-19 03:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-09 02:03 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-09 02:03 - 2020-09-24 00:57 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-09 02:03 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-08 06:51 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-08 06:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-08 06:47 - 2020-11-19 03:32 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-08 06:47 - 2020-11-19 03:32 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-08 06:47 - 2020-11-19 03:32 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-03 04:20 - 2021-03-16 05:59 - 000000000 ____D C:\Users\naiye\AppData\Local\D3DSCache
2021-05-02 08:17 - 2021-03-16 06:20 - 000000000 ____D C:\Program Files (x86)\Steam
2021-05-01 09:47 - 2021-03-16 06:20 - 000000000 ____D C:\Users\naiye\AppData\Roaming\Notepad++
2021-05-01 03:26 - 2021-03-16 06:20 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-05-01 03:26 - 2020-09-23 22:10 - 000000000 ____D C:\Intel
2021-05-01 03:25 - 2019-12-07 05:03 - 000131072 _____ C:\WINDOWS\system32\config\BBI
2021-05-01 02:07 - 2021-03-16 06:19 - 000000000 ____D C:\Users\naiye\AppData\Local\Package Cache
2021-05-01 02:07 - 2021-03-16 06:18 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-01 01:11 - 2021-03-16 05:59 - 000000000 ____D C:\Users\naiye\AppData\Local\Packages
2021-05-01 01:06 - 2020-09-23 22:15 - 000000000 ___RD C:\Users\naiye\OneDrive
2021-04-30 23:59 - 2021-03-21 05:49 - 000000000 ____D C:\Users\naiye\AppData\Local\ElevatedDiagnostics
2021-04-30 23:54 - 2021-03-16 06:14 - 000000000 ____D C:\Users\naiye\AppData\Local\AMD_Common
2021-04-30 23:51 - 2021-04-04 09:00 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-620613449-1271178405-2643457712-1001
2021-04-30 23:51 - 2021-04-04 08:57 - 000002363 _____ C:\Users\naiye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-30 23:49 - 2021-03-16 06:19 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-30 23:49 - 2021-03-16 06:19 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-30 23:49 - 2021-03-16 06:19 - 000002206 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-30 23:49 - 2020-11-19 03:32 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-30 23:49 - 2020-11-19 03:32 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-24 12:16 - 2021-03-16 06:16 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-20 23:15 - 2021-04-04 09:00 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 23:15 - 2021-04-04 09:00 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-17 06:26 - 2021-04-04 07:48 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-17 02:00 - 2020-11-19 03:30 - 000257904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-17 01:59 - 2021-04-04 12:39 - 000000000 ____D C:\WINDOWS\HoloShell
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-17 01:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-15 08:39 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-15 08:39 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-15 08:34 - 2021-03-16 06:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-15 08:33 - 2021-03-16 06:15 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-11 04:12 - 2021-03-16 06:20 - 000000000 ____D C:\Users\naiye\AppData\Roaming\TeamViewer
2021-04-11 01:30 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-11 00:54 - 2021-03-16 06:20 - 000000000 ____D C:\Users\naiye\AppData\Roaming\discord

==================== Files in the root of some directories ========

2021-04-17 00:36 - 2021-05-03 00:07 - 000007612 _____ () C:\Users\naiye\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2021 01
Ran by Nimzy (09-05-2021 02:21:31)
Running from C:\Users\naiye\Downloads
Windows 10 Home Version 20H2 19042.928 (X64) (2021-04-04 13:00:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-620613449-1271178405-2643457712-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-620613449-1271178405-2643457712-503 - Limited - Disabled)
Guest (S-1-5-21-620613449-1271178405-2643457712-501 - Limited - Disabled)
Nimzy (S-1-5-21-620613449-1271178405-2643457712-1001 - Administrator - Enabled) => C:\Users\naiye
WDAGUtilityAccount (S-1-5-21-620613449-1271178405-2643457712-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Cockatrice (HKLM\...\Cockatrice) (Version: 2.8.0 - Cockatrice team)
Discord (HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Excel (HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Google Chrome (HKLM\...\{F895F44D-9DFF-303A-80EC-966122E67583}) (Version: 90.0.4430.93 - Google LLC)
iCloud Outlook (HKLM\...\{BB643BEA-A6B4-4E25-9BA5-70104A9AB131}) (Version: 12.3.0.74 - Apple Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.4 - Notepad++ Team)
Outlook (HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
PyCharm 2021.1.1 (HKLM-x32\...\PyCharm 2021.1.1) (Version: 211.7142.13 - JetBrains s.r.o.)
Python 3.9.2 (32-bit) (HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\{098b313d-63a8-4636-a606-80a5c3686ad1}) (Version: 3.9.2150.0 - Python Software Foundation)
Python 3.9.2 Core Interpreter (32-bit) (HKLM-x32\...\{FA6C361A-7AE5-409A-B56B-AAC46281D9E7}) (Version: 3.9.2150.0 - Python Software Foundation) Hidden
Python 3.9.2 Development Libraries (32-bit) (HKLM-x32\...\{DCF8BF68-3CB1-49C5-9718-9847F952E1E8}) (Version: 3.9.2150.0 - Python Software Foundation) Hidden
Python 3.9.2 Documentation (32-bit) (HKLM-x32\...\{87EE4BDB-AAA3-49CE-8B52-097D74C29EB0}) (Version: 3.9.2150.0 - Python Software Foundation) Hidden
Python 3.9.2 Executables (32-bit) (HKLM-x32\...\{E65A44FF-1991-4229-850D-E99F6F9ADB0C}) (Version: 3.9.2150.0 - Python Software Foundation) Hidden
Python 3.9.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9CBA7775-2257-4A8F-B943-FDF33A10CA53}) (Version: 3.9.2150.0 - Python Software Foundation) Hidden
Python 3.9.2 Standard Library (32-bit) (HKLM-x32\...\{1530D4D5-305F-467F-B7B5-27339FAACE3A}) (Version: 3.9.2150.0 - Python Software Foundation) Hidden
Python 3.9.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{33641408-377F-4AC1-99B8-90DA3257205B}) (Version: 3.9.2150.0 - Python Software Foundation) Hidden
Python 3.9.2 Test Suite (32-bit) (HKLM-x32\...\{FBFC71DA-0A0D-4CD8-91ED-F77D0DCFCC84}) (Version: 3.9.2150.0 - Python Software Foundation) Hidden
Python 3.9.2 Utility Scripts (32-bit) (HKLM-x32\...\{B4358CF3-DDDD-4A8B-BE09-F7A7BB057A49}) (Version: 3.9.2150.0 - Python Software Foundation) Hidden
Python 3.9.4 (64-bit) (HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\{8a52f2bf-c3d0-4872-bc3d-61f6eab0cbf2}) (Version: 3.9.4150.0 - Python Software Foundation)
Python 3.9.4 Core Interpreter (64-bit) (HKLM\...\{1C17C2CE-B315-4C1C-885A-E37181C7368E}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Development Libraries (64-bit) (HKLM\...\{CB856DD1-55A4-42B3-B676-73DDE515A589}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Documentation (64-bit) (HKLM\...\{73524E2A-5D97-4CB8-8438-5FE8F9653F1C}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Executables (64-bit) (HKLM\...\{EDBB67F1-B275-4AC6-9D32-0A033570A705}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 pip Bootstrap (64-bit) (HKLM\...\{1FDC7BC3-4CE5-4236-A8C2-0C4A7AFFDFA4}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Standard Library (64-bit) (HKLM\...\{91ED5736-9D50-4991-87DC-CFB0492D1A22}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Tcl/Tk Support (64-bit) (HKLM\...\{4E0E4F08-ECD0-4737-ABFC-030B702AC2BF}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Test Suite (64-bit) (HKLM\...\{F12FD64B-8964-4F40-8448-7FA3955C5AD6}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Utility Scripts (64-bit) (HKLM\...\{BBCC595F-93C2-4054-9565-8F4F19B3D706}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{BDD80906-41E0-43DB-8C65-D8BCCEB3A3F8}) (Version: 3.9.7400.0 - Python Software Foundation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.16.8 - TeamViewer)
uTorrent Web (HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\utweb) (Version: 1.1.4 - BitTorrent, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Word (HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_12.3.74.0_x86__nzyj5cx40ttqa [2021-05-01] (Apple Inc.) [Startup Task]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-05-08] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4213.0_x64__8wekyb3d8bbwe [2021-05-02] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-05-01] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.25.245.0_x64__dt26b99r8h8gj [2021-05-02] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-620613449-1271178405-2643457712-1001_Classes\CLSID\{051B6410-428D-4BAB-AF6D-287BB011F41D} -> [iCloud Photos] => C:\Users\naiye\Pictures\iCloud Photos\Photos [2021-01-17 10:53]
CustomCLSID: HKU\S-1-5-21-620613449-1271178405-2643457712-1001_Classes\CLSID\{E9078265-1516-496F-9A68-17B0CC752BFB} -> [iCloud Drive] => C:\Users\naiye\iCloudDrive [2021-05-01 01:12]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2021-03-14] (Notepad++ -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\naiye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\naiye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\naiye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\naiye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2020-07-27 14:14 - 2020-07-27 14:14 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-11-13 14:48 - 2020-11-13 14:48 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2021-05-09 02:03 - 2021-05-09 02:03 - 000254464 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\naiye\AppData\Local\JetBrains\PyCharm2021.1\tmp\jna10200330477991681758.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-11-13 15:00 - 2020-11-13 15:00 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-620613449-1271178405-2643457712-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-03-16 09:38 - 2021-03-16 09:37 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-620613449-1271178405-2643457712-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.
 
Part 2:

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 2
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iaStorAfsService => 3
MSCONFIG\Services: igccservice => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: RstMwService => 2
MSCONFIG\Services: RtkAudioUniversalService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\StartupApproved\Run: => "AMDDVR"
HKU\S-1-5-21-620613449-1271178405-2643457712-1001\...\StartupApproved\Run: => "utweb"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{51D62294-8D80-455D-99A9-14036E321346}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2C20E91C-2CA8-4447-BBA2-8CEA4A21CCA6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{91187138-C983-4389-8188-5B4B9ED23E2A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2B588850-39C6-485B-B640-7CD6C66F36D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{61BD063E-5E34-414C-88E8-4E461E9C30BB}] => (Allow) C:\Users\naiye\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{76EDBE09-2400-4EA9-B096-487EF6C8A82D}] => (Allow) C:\Users\naiye\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5C28C7EC-1893-4F47-962E-D5C21C5445BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{EB6E8EE7-C26B-476F-AA6D-F856A124945A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{F10E01D7-6B53-4DD3-9325-5C1D01CA6E3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [{1F435788-E275-4161-8750-CB7BE37F55AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [{D866D394-2741-4316-8D6B-6B7F71955241}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{70B7BBEE-235C-4CD6-BEBF-FA30CAD14DD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{D8955E74-C9CD-4A93-8538-D84419CBA1CC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7DC58243-6182-4B63-AF27-839042195287}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5931EA6B-2DC1-4609-A5D3-6E5665B8067F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6744EE85-C18D-4CA7-9B9B-AFE485935F9B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{95871658-DBAC-42F6-81FE-4CFAF0E55008}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{69637A99-35E4-4360-92F6-A0C4C37C4A23}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{79FF7AC6-B6CC-4BEC-A335-AF7BA3437914}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6203C9EB-6B54-4C8B-B2C6-DC011181A82E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E9FEA813-10CC-45ED-B1F1-DD7C8DFC308D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-04-2021 03:53:36 Scheduled Checkpoint
01-05-2021 02:07:16 Python 3.9.4 (64-bit)
08-05-2021 22:06:01 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/03/2021 01:43:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KSP_x64.exe version 2019.2.2.4392 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: d28

Start Time: 01d73fd68151d1bc

Termination Time: 3

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe

Report Id: eed5615a-ce67-4f50-a91d-bbb70d116bfd

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (05/03/2021 12:40:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KSP_x64.exe version 2019.2.2.4392 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 580

Start Time: 01d73fd4c9fbeef1

Termination Time: 2

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe

Report Id: 765de4f0-403e-4fd0-b2a4-6f06ffd73a58

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (05/03/2021 12:07:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KSP_x64.exe version 2019.2.2.4392 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2018

Start Time: 01d73fb78340ab95

Termination Time: 2

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe

Report Id: 4f6bcc72-a55f-4869-94a9-bb9b113e4695

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (05/02/2021 01:43:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.928 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1458

Start Time: 01d73f3c20169d2f

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: b089c837-aa2f-41c8-bace-7afb5ffc4607

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (05/02/2021 09:03:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KSP_x64.exe version 2019.2.2.4392 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: b04

Start Time: 01d73f4e77a4c674

Termination Time: 4

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe

Report Id: fe8e1a65-219a-4e28-af72-d0ce0b331c8f

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (05/01/2021 03:25:32 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account.

DETAIL - Access is denied.

Error: (05/01/2021 03:25:32 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account.

DETAIL - Access is denied.

Error: (05/01/2021 02:05:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iCloudPhotos.exe, version: 357.0.0.11, time stamp: 0x6080104a
Faulting module name: VCRUNTIME140.dll, version: 14.28.29231.0, time stamp: 0x5f4c66d6
Exception code: 0xc0000005
Fault offset: 0x00003ccc
Faulting process id: 0x2acc
Faulting application start time: 0x01d73e4b10ac0e57
Faulting application path: C:\Program Files\WindowsApps\AppleInc.iCloud_12.3.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
Faulting module path: C:\Program Files\WindowsApps\microsoft.vclibs.140.00.uwpdesktop_14.0.29231.0_x86__8wekyb3d8bbwe\VCRUNTIME140.dll
Report Id: 7c21b2bf-0a94-47a5-9398-cda03705d601
Faulting package full name: AppleInc.iCloud_12.3.74.0_x86__nzyj5cx40ttqa
Faulting package-relative application ID: iCloudPhotos


System errors:
=============
Error: (05/09/2021 02:02:50 AM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (05/09/2021 02:03:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:50:25 AM on ‎5/‎9/‎2021 was unexpected.

Error: (05/08/2021 07:00:03 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9R2Q9P3)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (05/08/2021 06:51:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706d9: 9WZDNCRFHVJL-MICROSOFT.OFFICE.ONENOTE.

Error: (05/06/2021 08:42:24 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9R2Q9P3)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (05/06/2021 08:05:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.61.0).

Error: (05/05/2021 09:20:16 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9R2Q9P3)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (05/03/2021 07:03:15 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9R2Q9P3)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-05-08 19:58:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-05 06:37:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-30 23:59:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-25 03:41:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-21 05:10:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-06 08:05:37
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.61.0
Previous security intelligence Version: 1.337.654.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-05-06 08:05:37
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.61.0
Previous security intelligence Version: 1.337.654.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-05-06 08:05:37
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-04-30 23:51:52
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.337.314.0
Previous security intelligence Version: 1.335.1579.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.5
Previous Engine Version: 1.1.18000.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-04-30 23:51:52
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.337.314.0
Previous security intelligence Version: 1.335.1579.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.5
Previous Engine Version: 1.1.18000.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: American Megatrends Inc. A.20 07/22/2020
Motherboard: Micro-Star International Co., Ltd. MPG Z490 GAMING PLUS (MS-7C75)
Processor: Intel(R) Core(TM) i5-10400 CPU @ 2.90GHz
Percentage of memory in use: 35%
Total physical RAM: 16231.64 MB
Available physical RAM: 10508.4 MB
Total Virtual: 19559.64 MB
Available Virtual: 11602.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:893.64 GB) (Free:695.96 GB) NTFS

\\?\Volume{61214509-4851-4076-b484-70c797b978bb}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{37faa3bb-044a-4d77-a49f-5123e298ea73}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A5422F21)

==========================================================
Disk: 1 (Protective MBR) (Size: 894.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 
What do you mean by:
"Possible remote control virus"

==================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Status
Not open for further replies.
Back