Can not access google.com (Private Network Error) and Can not use keyboard keys - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer.com
2021-10-06T12:00:00.000Z -
Posted 06 October 2021 - 06:56 PM
I'm victim of some kind of Virus recently.
https://www.bleepingcomputer.com/forums/t/749865/proxy-script-address-http12700186-is-still-on-after-restarting/page-2
I have same issue which is in the above thread. I followed steps which helped that guy to fix the issue but it did not worked for me. I can't even use my keyboard keys in start menu search bar.
I'm attaching logs from FRST, which I scanned just now.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2021
Ran by Muzammil (administrator) on DESKTOP-L9D27TS (Hewlett-Packard HP Pavilion 15 Notebook PC) (07-10-2021 04:48:28)
Running from D:\softwares\frsb
Loaded Profiles: Muzammil
Platform: Windows 10 Home Version 21H1 19043.1237 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <15>
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(KMSpico ByELDI LTD -> @ByELDI) C:\Program Files\KMSpico\KMSUPD.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_ac9145dd41fecd4e\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) D:\softwares\SoftEther VPN Client\vpnclient_x64.exe <2>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8506112 2015-07-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => D:\softwares\SoftEther VPN Client\vpnclient_x64.exe [6018112 2021-09-28] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3180256 2021-08-31] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-07-19] (Adobe Inc. -> )
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Run: [Discord] => C:\Users\Muzammil\AppData\Local\Discord\Update.exe [1512040 2021-03-18] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Run: [Steam] => D:\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Run: [NZXT.CAM] => C:\Program Files\NZXT CAM\NZXT CAM.exe [110721216 2021-06-02] (NZXT, Inc. -> NZXT, Inc.)
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Run: [ut] => "C:\Users\Muzammil\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\94.0.4606.71\Installer\chrmstp.exe [2021-10-06] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2021-09-28]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> D:\softwares\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2AD19B80-945B-4E7B-8D65-FEE3F6D5EDC0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {609CEFCB-4802-4C2A-8AAE-4D57AEC2C0CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6D9B5029-E878-4EB0-A92B-5A203963C3DC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {86242AE4-77A5-4D03-B307-6F887AC85D48} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [817472 2017-11-17] (Intel® Trust Services -> Intel® Corporation)
Task: {91C0E28E-7E65-4062-98F1-CEFDD50D7D9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A43D2DB9-C6B5-4064-B776-4D7FACAAEA0D} - \Optimize Thumbnail Cache -> No File <==== ATTENTION
Task: {FA0CA2BD-C9C4-4205-AB3B-D681EA133EA0} - System32\Tasks\KMSpico Automatic Update Scheduler => C:\Program Files\KMSpico\KMSUPD.exe [89272 2021-02-11] (KMSpico ByELDI LTD -> @ByELDI)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/
AutoConfigURL: [{5BA52DA9-A8A1-431D-9C78-C4DCB411B49E}] => hxxp://127.0.0.1:86/
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{30f818e7-7ed2-453d-af02-e56935c744c3}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{35c94487-0ddc-47cc-a4f4-30ef87189775}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{7735d3a4-d923-46ef-8cba-b97c761362d6}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{aefed0e8-3f1f-4166-8585-5b2258855750}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{d775b6fb-0371-4877-9ea5-0207334d0985}: [DhcpNameServer] 192.168.42.129
ManualProxies: 0hxxp://127.0.0.1:86/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
DownloadDir: C:\Users\Muzammil\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-06]
Edge Extension: (Outlook) - C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-04-14]
Edge Extension: (Word) - C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-04-14]
Edge Extension: (Excel) - C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-04-14]
Edge Extension: (IDM Integration Module) - C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2021-09-18]
Edge Extension: (PowerPoint) - C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-04-14]
Edge HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx <not found>
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default [2021-10-07]
CHR Notifications: Default -> hxxps://app.airtm.com; hxxps://meet.google.com; hxxps://www.facebook.com; hxxps://www.upwork.com
CHR Extension: (Easy Auto Refresh) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2021-04-12]
CHR Extension: (Slides) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-01]
CHR Extension: (Docs) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-01]
CHR Extension: (Google Drive) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-19]
CHR Extension: (YouTube) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-01]
CHR Extension: (Sheets) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-01]
CHR Extension: (Google Docs Offline) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-26]
CHR Extension: (Grammarly for Chrome) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-10-01]
CHR Extension: (Copy Link Text) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\loeniidbmeohdlmipbpkfmiogbcncibh [2021-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Instant Data Scraper) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaokhiedipichpaobibbnahnkdoiiah [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Profile: C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\System Profile [2021-10-06]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 CAMService; C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe [538304 2021-06-02] (NZXT, Inc. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
R2 SEVPNCLIENT; D:\softwares\SoftEther VPN Client\vpnclient_x64.exe [6018112 2021-09-28] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12849960 2021-03-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10202040 2021-08-31] (Riot Games, Inc. -> Riot Games, Inc.)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_ac9145dd41fecd4e\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_ac9145dd41fecd4e\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ANVSOFT_WaveExtensible; C:\Windows\system32\drivers\ammvrtaudio.sys [38048 2019-12-24] (深圳市安韦尔软件技术有限公司 -> )
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 Neo_VPN; C:\Windows\System32\drivers\Neo6_x64_VPN.sys [37824 2020-11-24] (SoftEther Corporation -> SoftEther Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [83728 2020-08-25] (Insecure.Com LLC -> Insecure.Com LLC.)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [50624 2021-09-28] (SoftEther Corporation -> SoftEther Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8234240 2021-08-30] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48520 2021-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [434424 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-12] (HP Inc. -> HP)
S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X]
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-07 04:28 - 2021-10-07 04:48 - 000000000 ____D C:\FRST
2021-10-06 17:31 - 2021-10-06 17:31 - 000000605 _____ C:\Users\Muzammil\Desktop\Riot Client.lnk
2021-10-06 17:24 - 2021-10-06 17:25 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-06 17:24 - 2021-10-06 17:25 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-06 17:23 - 2021-10-06 17:23 - 000003794 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification
2021-10-02 15:49 - 2021-10-02 16:31 - 000000000 ____D C:\Users\Muzammil\Desktop\Daves Python
2021-10-01 16:09 - 2021-10-01 16:11 - 000003366 _____ C:\Windows\system32\Tasks\KMSpico Automatic Update Scheduler
2021-09-28 19:53 - 2021-09-28 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2021-09-28 19:33 - 2021-06-29 05:43 - 000159864 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus2.sys
2021-09-28 13:30 - 2021-09-28 13:30 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-09-28 13:30 - 2021-09-28 13:30 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-09-28 13:30 - 2021-09-28 13:30 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-09-28 13:30 - 2021-09-28 13:30 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-09-28 13:30 - 2021-09-28 13:30 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2021-09-28 13:30 - 2021-09-28 13:30 - 000011355 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-09-28 13:29 - 2021-09-28 13:29 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll
2021-09-28 13:29 - 2021-09-28 13:29 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-09-28 13:29 - 2021-09-28 13:29 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll
2021-09-28 13:29 - 2021-09-28 13:29 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-09-28 13:29 - 2021-09-28 13:29 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-09-28 13:29 - 2021-09-28 13:29 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-09-28 13:29 - 2021-09-28 13:29 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE
2021-09-28 13:29 - 2021-09-28 13:29 - 000426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-09-28 13:29 - 2021-09-28 13:29 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-09-28 13:29 - 2021-09-28 13:29 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2021-09-28 13:29 - 2021-09-28 13:29 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-09-28 13:28 - 2021-09-28 13:28 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-09-28 13:28 - 2021-09-28 13:28 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-09-28 13:28 - 2021-09-28 13:28 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-09-28 13:17 - 2021-09-28 13:17 - 000000000 ___HD C:\$WinREAgent
2021-09-26 05:53 - 2021-09-26 06:27 - 000000000 ____D C:\Users\Muzammil\Desktop\test
2021-09-26 05:46 - 2021-09-26 05:46 - 000001390 _____ C:\Users\Muzammil\Desktop\test2.py
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-07 04:44 - 2020-10-01 04:32 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-10-07 04:44 - 2019-12-07 14:13 - 000000000 ____D C:\Windows\INF
2021-10-07 04:42 - 2021-07-30 18:55 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2021-10-07 04:42 - 2020-10-01 09:57 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-07 04:42 - 2019-12-07 14:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-07 04:40 - 2021-08-20 19:51 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-07 04:40 - 2020-10-01 23:41 - 000000000 __SHD C:\Users\Muzammil\IntelGraphicsProfiles
2021-10-07 04:40 - 2020-10-01 23:32 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-10-07 04:40 - 2020-10-01 04:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-07 04:39 - 2020-10-01 04:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-07 04:39 - 2019-12-07 14:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-10-07 01:31 - 2021-07-30 02:17 - 000000000 ____D C:\ProgramData\Riot Games
2021-10-07 01:29 - 2020-10-01 04:25 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-10-06 21:54 - 2019-12-07 14:03 - 000000000 ____D C:\Windows\CbsTemp
2021-10-06 21:28 - 2020-10-01 12:26 - 000000000 ____D C:\Users\Muzammil\AppData\Local\ElevatedDiagnostics
2021-10-06 17:32 - 2021-04-14 19:24 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-06 17:32 - 2021-04-14 19:24 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-06 17:32 - 2019-12-07 14:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-06 17:32 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\AppReadiness
2021-10-06 17:31 - 2021-07-30 02:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-10-06 17:25 - 2020-10-01 04:26 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-10-06 01:14 - 2020-10-01 09:59 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-06 01:14 - 2020-10-01 09:59 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-05 23:05 - 2020-10-01 04:32 - 000000000 ____D C:\Users\Muzammil\AppData\Local\Packages
2021-10-05 20:32 - 2021-02-16 01:34 - 000004440 _____ C:\Users\Muzammil\Desktop\Upwork.txt
2021-10-01 16:19 - 2020-12-18 01:42 - 000000000 ____D C:\Users\Muzammil\AppData\Local\CrashDumps
2021-10-01 16:18 - 2021-04-02 21:15 - 000000000 ____D C:\ProgramData\q2w6s3x7v6w6s3x7v6
2021-10-01 16:11 - 2020-10-02 00:25 - 000000000 ____D C:\Program Files\KMSpico
2021-10-01 16:09 - 2021-07-19 11:42 - 000000000 ____D C:\Windows\system32\Tasks\Apple
2021-10-01 16:09 - 2021-04-12 15:23 - 000000000 ____D C:\Windows\system32\Tasks\Agent Activation Runtime
2021-09-28 22:55 - 2020-10-01 04:31 - 000000000 ____D C:\Users\Muzammil
2021-09-28 21:05 - 2020-10-01 04:25 - 000436968 _____ C:\Windows\system32\FNTCACHE.DAT
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\SystemResources
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\oobe
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\Dism
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\DDFs
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\appraiser
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\ShellComponents
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\Provisioning
2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\bcastdvr
2021-09-28 21:04 - 2019-12-07 14:03 - 000000000 ____D C:\Windows\servicing
2021-09-28 19:53 - 2020-12-29 01:33 - 000001012 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
2021-09-28 19:53 - 2020-12-29 01:33 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2021-09-28 19:52 - 2020-11-24 00:57 - 000050624 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys
2021-09-28 12:55 - 2021-02-11 19:23 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-28 12:55 - 2020-10-01 23:48 - 000000000 ____D C:\Windows\system32\MRT
2021-09-28 11:12 - 2020-10-01 23:48 - 135637312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-25 22:47 - 2020-10-01 04:31 - 000002392 _____ C:\Users\Muzammil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-20 23:08 - 2020-11-24 00:57 - 000050624 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys.old1
2021-09-20 00:25 - 2020-10-02 00:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-09-12 12:40 - 2021-07-30 02:25 - 000000000 ____D C:\Program Files\Riot Vanguard
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2021
Ran by Muzammil (07-10-2021 04:49:55)
Running from D:\softwares\frsb
Windows 10 Home Version 21H1 19043.1237 (X64) (2020-09-30 23:28:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3836129735-2377953987-2542582878-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3836129735-2377953987-2542582878-503 - Limited - Disabled)
Guest (S-1-5-21-3836129735-2377953987-2542582878-501 - Limited - Disabled)
Muzammil (S-1-5-21-3836129735-2377953987-2542582878-1001 - Administrator - Enabled) => C:\Users\Muzammil
WDAGUtilityAccount (S-1-5-21-3836129735-2377953987-2542582878-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_7) (Version: 17.7 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_2) (Version: 22.2.0.183 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_9) (Version: 14.9 - Adobe Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 4.1 - Google LLC)
Apowersoft Online Launcher version 1.8.1 (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.1 - APOWERSOFT LIMITED)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Automatic Mouse and Keyboard 5.2.9.2 (HKLM-x32\...\{BFD646B6-E892-4B00-B6E2-71545D92BAEA}_is1) (Version: - Robot-Soft.com, Inc.)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Discord) (Version: 1.0.9001 - Discord Inc.)
Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
Excel (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.71 - Google LLC)
Grammarly (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\GrammarlyForWindows) (Version: 1.5.68 - Grammarly)
icecap_collection_neutral (HKLM-x32\...\{7C703135-98AC-4EB9-86C0-0C3169C99649}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{7C914878-C64B-4CA6-8E41-91308877A586}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{CDD0EC5B-EBEE-4822-B994-78AD30D90874}) (Version: 16.8.30607 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{8A64881A-8735-4C75-91BE-BCE0A45BCDB0}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
IDM Patch 6.33 build 3 (HKLM-x32\...\IDM Patch 6.33 build 3) (Version: build 3 - Crackingpatching.com Team)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1065 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{7563302D-BD6B-4153-BA7D-3E3432E7C22D}) (Version: 7.5.6 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
KMS (HKLM-x32\...\{27D67EB5-ABE3-4084-A34B-6A3D198B4659}) (Version: 1.2.4 - KMSKEY)
MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Ltd.)
Microsoft .NET SDK 5.0.100 (x64) (HKLM-x32\...\{c0d1830b-4a91-46dc-981e-ebf607e87cfc}) (Version: 5.1.20.52605 - Microsoft Corporation)
Microsoft .NET SDK 5.0.101 (x64) from Visual Studio (HKLM\...\{D623A466-38A7-4E39-9D69-7B07951D3406}) (Version: 5.1.120.60105 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.38 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\OneDriveSetup.exe) (Version: 21.170.0822.0002 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.8.3074.1022 - Microsoft Corporation)
Npcap (HKLM-x32\...\NpcapInst) (Version: 0.9997 - Nmap Project)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.68 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NZXT CAM 4.25.0 (HKLM\...\ac0666ae-ee66-5310-ac01-9d6348133b2d) (Version: 4.25.0 - NZXT, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Outlook (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
PyCharm Community Edition 2020.2.2 (HKLM-x32\...\PyCharm Community Edition 2020.2.2) (Version: 202.7319.64 - JetBrains s.r.o.)
Python 3.8.6 (32-bit) (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\{8aab1ce3-aa99-4e1d-bc4f-6d3aad0a0284}) (Version: 3.8.6150.0 - Python Software Foundation)
Python 3.8.6 Add to Path (32-bit) (HKLM-x32\...\{ECA9C4A7-B247-43D5-8596-622B13DFAC91}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden
Python 3.8.6 Core Interpreter (32-bit) (HKLM-x32\...\{1DE69ED8-D5CF-4F1F-8285-0D666D51183A}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden
Python 3.8.6 Development Libraries (32-bit) (HKLM-x32\...\{DBB71382-9F82-4A85-8419-DBB8D42DAFFE}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden
Python 3.8.6 Documentation (32-bit) (HKLM-x32\...\{03B01321-EE9C-4266-BCA3-EC2B4790D79F}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden
Python 3.8.6 Executables (32-bit) (HKLM-x32\...\{B1C5BBFC-69A5-49B7-A613-A69277B5788F}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden
Python 3.8.6 pip Bootstrap (32-bit) (HKLM-x32\...\{A008A19F-258D-4B50-8BB8-043A4A611376}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden
Python 3.8.6 Standard Library (32-bit) (HKLM-x32\...\{F9A958E5-FB7D-443C-9E13-74E691793CDA}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden
Python 3.8.6 Tcl/Tk Support (32-bit) (HKLM-x32\...\{3EADBBD8-68E1-4A6D-BF70-8B73CFFEBF09}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden
Python 3.8.6 Test Suite (32-bit) (HKLM-x32\...\{288B3426-B8B4-45EB-B0FF-C8E864545462}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden
Python 3.8.6 Utility Scripts (32-bit) (HKLM-x32\...\{023939DF-F5BD-42A1-9388-F1FC607129E4}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{3B82A91D-DB48-4160-94D2-0B8C6D2B1710}) (Version: 3.8.7205.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Riot Repair Tool 1.1.3 (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\980795d3-660d-5bf1-af59-4286bb5d9647) (Version: 1.1.3 - Riot Games Inc.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.38.9760 - SoftEther VPN Project)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.16.8 - TeamViewer)
Telegram Desktop version 2.9.2 (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.9.2 - Telegram FZ-LLC)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)
VALORANT (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
vcpp_crt.redist.clickonce (HKLM-x32\...\{10D9FDCA-0D16-4C80-91DD-EDDA62A0F29D}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\...\993f0216) (Version: 16.8.30804.86 - Microsoft Corporation)
VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{78696386-A4B6-4F69-B558-2667CD3A579D}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{DEB11EB7-B61A-4883-8CB0-99013A4873AB}) (Version: 16.8.30608 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{E9439DB7-BF01-4820-8CB1-80957150AB86}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{8990F1B6-F880-4E73-A2D9-7A611F4C38A1}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{3C4B2ED3-2296-4203-A420-AC042BE8484D}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{08AF5DA9-F3BD-4B59-8D99-C47CC4D53CAD}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{DE982ACB-A44E-44A5-BEA5-F0816490312C}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{E1FD1D9D-0611-4DE5-826F-37FAC17706AC}) (Version: 16.8.30615 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{BEEB2E56-91DB-4AFB-AC88-8E98B18DD889}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Wireshark 3.2.7 64-bit (HKLM-x32\...\Wireshark) (Version: 3.2.7 - The Wireshark developer community, hxxps://www.wireshark.org)
Word (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-08] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-20] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-06-29] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3836129735-2377953987-2542582878-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-19] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-19] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-19] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-19] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_ac9145dd41fecd4e\nvshext.dll [2021-08-06] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-19] (Adobe Inc. -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Muzammil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Muzammil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Muzammil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Muzammil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi
==================== Loaded Modules (Whitelisted) =============
2021-09-01 22:31 - 2021-09-28 19:52 - 005964800 _____ (University of Tsukuba) [File not signed] D:\softwares\SoftEther VPN Client\VpnGatePlugin_x64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2021-07-19 05:35:32&iid=271c2675-8e59-4061-8888-c2807f97cf73&bName=
SearchScopes: HKU\S-1-5-21-3836129735-2377953987-2542582878-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 14:14 - 2019-12-07 14:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
2021-02-12 22:56 - 2021-02-12 22:56 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\dotnet\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
Network Binding:
=============
VPN - VPN Client: SoftEther Lightweight Network Protocol -> SeLow (enabled)
VPN - VPN Client: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Bluetooth Network Connection: SoftEther Lightweight Network Protocol -> SeLow (enabled)
Bluetooth Network Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: SoftEther Lightweight Network Protocol -> SeLow (enabled)
Wi-Fi 2: SoftEther Lightweight Network Protocol -> SeLow (enabled)
Wi-Fi 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: CAMService => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "ut"
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "NZXT.CAM"
HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "Web Companion"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:117.98 GB) (Free:40.69 GB) (34%)
==================== Faulty Device Manager Devices ============
Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (10/07/2021 04:51:07 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:20:07Z. Error Code: 0x80070002.
Error: (10/07/2021 04:49:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:44Z. Error Code: 0x80070002.
Error: (10/07/2021 04:49:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:14Z. Error Code: 0x80070002.
Error: (10/07/2021 04:48:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:44Z. Error Code: 0x80070002.
Error: (10/07/2021 04:48:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:14Z. Error Code: 0x80070002.
Error: (10/07/2021 04:47:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:44Z. Error Code: 0x80070002.
Error: (10/07/2021 04:47:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:14Z. Error Code: 0x80070002.
Error: (10/07/2021 04:46:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:44Z. Error Code: 0x80070002.
System errors:
=============
Error: (10/07/2021 04:40:05 AM) (Source: IntelHaxm) (EventID: 10) (User: )
Description: HAXM can't work on system with VT disabled
Error: (10/07/2021 04:39:06 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-L9D27TS)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s).
Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Windows Defender:
================
Date: 2021-10-07 01:33:53
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Glupteba!ml&threatid=2147748182&enterprise=0
Name: Trojan:Win32/Glupteba!ml
Severity: Severe
Category: Trojan
Path: file:_D:\CSGhost-v4.1_[unknowncheats.me]_.exe; file:_D:\Steam\CSGhost-v4.1_[unknowncheats.me]_.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Riot Vanguard\vgc.exe
Security intelligence Version: AV: 1.349.2068.0, AS: 1.349.2068.0, NIS: 1.349.2068.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-10-07 01:33:40
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Glupteba!ml&threatid=2147748182&enterprise=0
Name: Trojan:Win32/Glupteba!ml
Severity: Severe
Category: Trojan
Path: file:_D:\CSGhost-v4.1_[unknowncheats.me]_.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Riot Vanguard\vgc.exe
Security intelligence Version: AV: 1.349.2068.0, AS: 1.349.2068.0, NIS: 1.349.2068.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-10-06 21:31:55
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
Severity: High
Category: Tool
Path: file:_D:\KMSpico\scripts\UnInstall_Service.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\cmd.exe
Security intelligence Version: AV: 1.349.2055.0, AS: 1.349.2055.0, NIS: 1.349.2055.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-10-06 16:40:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-10-05 02:15:26
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.349.1919.0, AS: 1.349.1919.0, NIS: 1.349.1919.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-10-01 16:12:40
Description:
Microsoft Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: containerfile:_D:\KMSpico\KMSELDI.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk; file:_D:\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.dll]; file:_D:\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.exe]; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\RuntimeBroker.exe
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: AV: 1.349.1599.0, AS: 1.349.1599.0, NIS: 1.349.1599.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-10-01 16:12:40
Description:
Microsoft Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
Severity: High
Category: Tool
Path: containerfile:_D:\KMSpico\KMSELDI.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk; file:_D:\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x86.dll]; file:_D:\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x86.exe]; file:_D:\KMSpico\scripts\Install_Service.cmd; file:_D:\KMSpico\scripts\Install_Task.cmd; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\cmd.exe
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: AV: 1.349.1599.0, AS: 1.349.1599.0, NIS: 1.349.1599.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-09-22 21:15:15
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.349.1228.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18500.10
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
==================== Memory info ===========================
BIOS: Insyde F.09 08/04/2014
Motherboard: Hewlett-Packard 2281
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 46%
Total physical RAM: 8122.15 MB
Available physical RAM: 4368.89 MB
Total Virtual: 11066.15 MB
Available Virtual: 7009.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.98 GB) (Free:40.69 GB) NTFS
Drive d: () (Fixed) (Total:119.89 GB) (Free:34.36 GB) NTFS
\\?\Volume{f16e01cc-5a78-4289-90b2-eba2cefa2e76}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{b19d9952-9ddd-427b-ae48-b5076ee56529}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
ATTACHED FILES
26.2KB
2 downloads
36.79KB
2 downloads
- FRST.txt
- Addition.txt
Hi, Everyone!I'm victim of some kind of Virus recently.I have same issue which is in the above thread. I followed steps which helped that guy to fix the issue but it did not worked for me. I can't even use my keyboard keys in start menu search bar.I'm attaching logs from FRST, which I scanned just now.Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2021Ran by Muzammil (administrator) on DESKTOP-L9D27TS (Hewlett-Packard HP Pavilion 15 Notebook PC) (07-10-2021 04:48:28)Running from D:\softwares\frsbLoaded Profiles: MuzammilPlatform: Windows 10 Home Version 21H1 19043.1237 (X64) Language: English (United States)Default browser: ChromeBoot Mode: Normal==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <15>(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe(KMSpico ByELDI LTD -> @ByELDI) C:\Program Files\KMSpico\KMSUPD.exe(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_ac9145dd41fecd4e\Display.NvContainer\NVDisplay.Container.exe <2>(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe(SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) D:\softwares\SoftEther VPN Client\vpnclient_x64.exe <2>==================== Registry (Whitelisted) ===================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8506112 2015-07-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)HKLM\...\Run: [SoftEther VPN Client UI Helper] => D:\softwares\SoftEther VPN Client\vpnclient_x64.exe [6018112 2021-09-28] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3180256 2021-08-31] (Riot Games, Inc. -> Riot Games, Inc.)HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-07-19] (Adobe Inc. -> )HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Run: [Discord] => C:\Users\Muzammil\AppData\Local\Discord\Update.exe [1512040 2021-03-18] (Discord Inc. -> GitHub)HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Run: [Steam] => D:\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Run: [NZXT.CAM] => C:\Program Files\NZXT CAM\NZXT CAM.exe [110721216 2021-06-02] (NZXT, Inc. -> NZXT, Inc.)HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Run: [ut] => "C:\Users\Muzammil\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZEDHKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimizeHKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\94.0.4606.71\Installer\chrmstp.exe [2021-10-06] (Google LLC -> Google LLC)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2021-09-28]ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> D:\softwares\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION==================== Scheduled Tasks (Whitelisted) ============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {2AD19B80-945B-4E7B-8D65-FEE3F6D5EDC0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {609CEFCB-4802-4C2A-8AAE-4D57AEC2C0CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {6D9B5029-E878-4EB0-A92B-5A203963C3DC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {86242AE4-77A5-4D03-B307-6F887AC85D48} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [817472 2017-11-17] (Intel® Trust Services -> Intel® Corporation)Task: {91C0E28E-7E65-4062-98F1-CEFDD50D7D9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {A43D2DB9-C6B5-4064-B776-4D7FACAAEA0D} - \Optimize Thumbnail Cache -> No File <==== ATTENTIONTask: {FA0CA2BD-C9C4-4205-AB3B-D681EA133EA0} - System32\Tasks\KMSpico Automatic Update Scheduler => C:\Program Files\KMSpico\KMSUPD.exe [89272 2021-02-11] (KMSpico ByELDI LTD -> @ByELDI)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/AutoConfigURL: [{5BA52DA9-A8A1-431D-9C78-C4DCB411B49E}] => hxxp://127.0.0.1:86/Tcpip\Parameters: [DhcpNameServer] 192.168.43.1Tcpip\..\Interfaces\{30f818e7-7ed2-453d-af02-e56935c744c3}: [DhcpNameServer] 192.168.1.1 0.0.0.0Tcpip\..\Interfaces\{35c94487-0ddc-47cc-a4f4-30ef87189775}: [DhcpNameServer] 192.168.43.1Tcpip\..\Interfaces\{7735d3a4-d923-46ef-8cba-b97c761362d6}: [DhcpNameServer] 192.168.0.1 0.0.0.0Tcpip\..\Interfaces\{aefed0e8-3f1f-4166-8585-5b2258855750}: [DhcpNameServer] 192.168.1.1 0.0.0.0Tcpip\..\Interfaces\{d775b6fb-0371-4877-9ea5-0207334d0985}: [DhcpNameServer] 192.168.42.129ManualProxies: 0hxxp://127.0.0.1:86/HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTIONEdge:=======DownloadDir: C:\Users\Muzammil\DownloadsEdge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]Edge DefaultProfile: DefaultEdge Profile: C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-06]Edge Extension: (Outlook) - C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-04-14]Edge Extension: (Word) - C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-04-14]Edge Extension: (Excel) - C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-04-14]Edge Extension: (IDM Integration Module) - C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2021-09-18]Edge Extension: (PowerPoint) - C:\Users\Muzammil\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-04-14]Edge HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx FireFox:========FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)Chrome:=======CHR Profile: C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default [2021-10-07]CHR Notifications: Default -> hxxps://app.airtm.com; hxxps://meet.google.com; hxxps://www.facebook.com; hxxps://www.upwork.comCHR Extension: (Easy Auto Refresh) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2021-04-12]CHR Extension: (Slides) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-01]CHR Extension: (Docs) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-01]CHR Extension: (Google Drive) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-19]CHR Extension: (YouTube) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-01]CHR Extension: (Sheets) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-01]CHR Extension: (Google Docs Offline) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-26]CHR Extension: (Grammarly for Chrome) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-10-01]CHR Extension: (Copy Link Text) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\loeniidbmeohdlmipbpkfmiogbcncibh [2021-02-18]CHR Extension: (Chrome Web Store Payments) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]CHR Extension: (Instant Data Scraper) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaokhiedipichpaobibbnahnkdoiiah [2021-01-29]CHR Extension: (Gmail) - C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]CHR Profile: C:\Users\Muzammil\AppData\Local\Google\Chrome\User Data\System Profile [2021-10-06]==================== Services (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S4 CAMService; C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe [538304 2021-06-02] (NZXT, Inc. -> )R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)R2 SEVPNCLIENT; D:\softwares\SoftEther VPN Client\vpnclient_x64.exe [6018112 2021-09-28] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12849960 2021-03-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10202040 2021-08-31] (Riot Games, Inc. -> Riot Games, Inc.)S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_ac9145dd41fecd4e\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_ac9145dd41fecd4e\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem===================== Drivers (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S3 ANVSOFT_WaveExtensible; C:\Windows\system32\drivers\ammvrtaudio.sys [38048 2019-12-24] (深圳市安韦尔软件技术有限公司 -> )S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)R3 Neo_VPN; C:\Windows\System32\drivers\Neo6_x64_VPN.sys [37824 2020-11-24] (SoftEther Corporation -> SoftEther Corporation)R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [83728 2020-08-25] (Insecure.Com LLC -> Insecure.Com LLC.)R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [50624 2021-09-28] (SoftEther Corporation -> SoftEther Corporation)S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8234240 2021-08-30] (Riot Games, Inc. -> Riot Games, Inc.)S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48520 2021-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [434424 2021-10-06] (Microsoft Windows -> Microsoft Corporation)R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-06] (Microsoft Windows -> Microsoft Corporation)R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-12] (HP Inc. -> HP)S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X]U4 npcap_wifi; no ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One month (created) (Whitelisted) =========(If an entry is included in the fixlist, the file/folder will be moved.)2021-10-07 04:28 - 2021-10-07 04:48 - 000000000 ____D C:\FRST2021-10-06 17:31 - 2021-10-06 17:31 - 000000605 _____ C:\Users\Muzammil\Desktop\Riot Client.lnk2021-10-06 17:24 - 2021-10-06 17:25 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA2021-10-06 17:24 - 2021-10-06 17:25 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore2021-10-06 17:23 - 2021-10-06 17:23 - 000003794 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification2021-10-02 15:49 - 2021-10-02 16:31 - 000000000 ____D C:\Users\Muzammil\Desktop\Daves Python2021-10-01 16:09 - 2021-10-01 16:11 - 000003366 _____ C:\Windows\system32\Tasks\KMSpico Automatic Update Scheduler2021-09-28 19:53 - 2021-09-28 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client2021-09-28 19:33 - 2021-06-29 05:43 - 000159864 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus2.sys2021-09-28 13:30 - 2021-09-28 13:30 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi2021-09-28 13:30 - 2021-09-28 13:30 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll2021-09-28 13:30 - 2021-09-28 13:30 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2021-09-28 13:30 - 2021-09-28 13:30 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2021-09-28 13:30 - 2021-09-28 13:30 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx2021-09-28 13:30 - 2021-09-28 13:30 - 000011355 _____ C:\Windows\system32\DrtmAuthTxt.wim2021-09-28 13:29 - 2021-09-28 13:29 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll2021-09-28 13:29 - 2021-09-28 13:29 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll2021-09-28 13:29 - 2021-09-28 13:29 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll2021-09-28 13:29 - 2021-09-28 13:29 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi2021-09-28 13:29 - 2021-09-28 13:29 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi2021-09-28 13:29 - 2021-09-28 13:29 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll2021-09-28 13:29 - 2021-09-28 13:29 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE2021-09-28 13:29 - 2021-09-28 13:29 - 000426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv2021-09-28 13:29 - 2021-09-28 13:29 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe2021-09-28 13:29 - 2021-09-28 13:29 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx2021-09-28 13:29 - 2021-09-28 13:29 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys2021-09-28 13:28 - 2021-09-28 13:28 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv2021-09-28 13:28 - 2021-09-28 13:28 - 000272384 _____ C:\Windows\system32\TpmTool.exe2021-09-28 13:28 - 2021-09-28 13:28 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe2021-09-28 13:17 - 2021-09-28 13:17 - 000000000 ___HD C:\$WinREAgent2021-09-26 05:53 - 2021-09-26 06:27 - 000000000 ____D C:\Users\Muzammil\Desktop\test2021-09-26 05:46 - 2021-09-26 05:46 - 000001390 _____ C:\Users\Muzammil\Desktop\test2.py==================== One month (modified) ==================(If an entry is included in the fixlist, the file/folder will be moved.)2021-10-07 04:44 - 2020-10-01 04:32 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI2021-10-07 04:44 - 2019-12-07 14:13 - 000000000 ____D C:\Windows\INF2021-10-07 04:42 - 2021-07-30 18:55 - 000000001 _____ C:\Windows\vgkbootstatus.dat2021-10-07 04:42 - 2020-10-01 09:57 - 000000000 ____D C:\Program Files (x86)\Google2021-10-07 04:42 - 2019-12-07 14:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2021-10-07 04:40 - 2021-08-20 19:51 - 000000000 ____D C:\ProgramData\NVIDIA2021-10-07 04:40 - 2020-10-01 23:41 - 000000000 __SHD C:\Users\Muzammil\IntelGraphicsProfiles2021-10-07 04:40 - 2020-10-01 23:32 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat2021-10-07 04:40 - 2020-10-01 04:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT2021-10-07 04:39 - 2020-10-01 04:25 - 000008192 ___SH C:\DumpStack.log.tmp2021-10-07 04:39 - 2019-12-07 14:03 - 000524288 _____ C:\Windows\system32\config\BBI2021-10-07 01:31 - 2021-07-30 02:17 - 000000000 ____D C:\ProgramData\Riot Games2021-10-07 01:29 - 2020-10-01 04:25 - 000000000 ____D C:\Windows\system32\SleepStudy2021-10-06 21:54 - 2019-12-07 14:03 - 000000000 ____D C:\Windows\CbsTemp2021-10-06 21:28 - 2020-10-01 12:26 - 000000000 ____D C:\Users\Muzammil\AppData\Local\ElevatedDiagnostics2021-10-06 17:32 - 2021-04-14 19:24 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk2021-10-06 17:32 - 2021-04-14 19:24 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk2021-10-06 17:32 - 2019-12-07 14:14 - 000000000 ___HD C:\Program Files\WindowsApps2021-10-06 17:32 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\AppReadiness2021-10-06 17:31 - 2021-07-30 02:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games2021-10-06 17:25 - 2020-10-01 04:26 - 000000000 ____D C:\Windows\system32\Drivers\wd2021-10-06 01:14 - 2020-10-01 09:59 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2021-10-06 01:14 - 2020-10-01 09:59 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk2021-10-05 23:05 - 2020-10-01 04:32 - 000000000 ____D C:\Users\Muzammil\AppData\Local\Packages2021-10-05 20:32 - 2021-02-16 01:34 - 000004440 _____ C:\Users\Muzammil\Desktop\Upwork.txt2021-10-01 16:19 - 2020-12-18 01:42 - 000000000 ____D C:\Users\Muzammil\AppData\Local\CrashDumps2021-10-01 16:18 - 2021-04-02 21:15 - 000000000 ____D C:\ProgramData\q2w6s3x7v6w6s3x7v62021-10-01 16:11 - 2020-10-02 00:25 - 000000000 ____D C:\Program Files\KMSpico2021-10-01 16:09 - 2021-07-19 11:42 - 000000000 ____D C:\Windows\system32\Tasks\Apple2021-10-01 16:09 - 2021-04-12 15:23 - 000000000 ____D C:\Windows\system32\Tasks\Agent Activation Runtime2021-09-28 22:55 - 2020-10-01 04:31 - 000000000 ____D C:\Users\Muzammil2021-09-28 21:05 - 2020-10-01 04:25 - 000436968 _____ C:\Windows\system32\FNTCACHE.DAT2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\SysWOW64\oobe2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\SysWOW64\Dism2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\SystemResources2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\WinMetadata2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\oobe2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\migwiz2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\Dism2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\DDFs2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\system32\appraiser2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\ShellComponents2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\Provisioning2021-09-28 21:04 - 2019-12-07 14:14 - 000000000 ____D C:\Windows\bcastdvr2021-09-28 21:04 - 2019-12-07 14:03 - 000000000 ____D C:\Windows\servicing2021-09-28 19:53 - 2020-12-29 01:33 - 000001012 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk2021-09-28 19:53 - 2020-12-29 01:33 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk2021-09-28 19:52 - 2020-11-24 00:57 - 000050624 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys2021-09-28 12:55 - 2021-02-11 19:23 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools2021-09-28 12:55 - 2020-10-01 23:48 - 000000000 ____D C:\Windows\system32\MRT2021-09-28 11:12 - 2020-10-01 23:48 - 135637312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe2021-09-25 22:47 - 2020-10-01 04:31 - 000002392 _____ C:\Users\Muzammil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2021-09-20 23:08 - 2020-11-24 00:57 - 000050624 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys.old12021-09-20 00:25 - 2020-10-02 00:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office2021-09-12 12:40 - 2021-07-30 02:25 - 000000000 ____D C:\Program Files\Riot Vanguard==================== SigCheck ============================(There is no automatic fix for files that do not pass verification.)==================== End of FRST.txt ========================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2021Ran by Muzammil (07-10-2021 04:49:55)Running from D:\softwares\frsbWindows 10 Home Version 21H1 19043.1237 (X64) (2020-09-30 23:28:16)Boot Mode: Normal============================================================================== Accounts: =============================(If an entry is included in the fixlist, it will be removed.)Administrator (S-1-5-21-3836129735-2377953987-2542582878-500 - Administrator - Disabled)DefaultAccount (S-1-5-21-3836129735-2377953987-2542582878-503 - Limited - Disabled)Guest (S-1-5-21-3836129735-2377953987-2542582878-501 - Limited - Disabled)Muzammil (S-1-5-21-3836129735-2377953987-2542582878-1001 - Administrator - Enabled) => C:\Users\MuzammilWDAGUtilityAccount (S-1-5-21-3836129735-2377953987-2542582878-504 - Limited - Disabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_7) (Version: 17.7 - Adobe Inc.)Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_2) (Version: 22.2.0.183 - Adobe Inc.)Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_9) (Version: 14.9 - Adobe Inc.)Android Studio (HKLM\...\Android Studio) (Version: 4.1 - Google LLC)Apowersoft Online Launcher version 1.8.1 (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.1 - APOWERSOFT LIMITED)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Automatic Mouse and Keyboard 5.2.9.2 (HKLM-x32\...\{BFD646B6-E892-4B00-B6E2-71545D92BAEA}_is1) (Version: - Robot-Soft.com, Inc.)ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) HiddenCore Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) HiddenDiscord (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Discord) (Version: 1.0.9001 - Discord Inc.)Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) HiddenExcel (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.71 - Google LLC)Grammarly (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\GrammarlyForWindows) (Version: 1.5.68 - Grammarly)icecap_collection_neutral (HKLM-x32\...\{7C703135-98AC-4EB9-86C0-0C3169C99649}) (Version: 16.8.30509 - Microsoft Corporation) Hiddenicecap_collection_x64 (HKLM\...\{7C914878-C64B-4CA6-8E41-91308877A586}) (Version: 16.8.30509 - Microsoft Corporation) Hiddenicecap_collectionresources (HKLM-x32\...\{CDD0EC5B-EBEE-4822-B994-78AD30D90874}) (Version: 16.8.30607 - Microsoft Corporation) Hiddenicecap_collectionresourcesx64 (HKLM-x32\...\{8A64881A-8735-4C75-91BE-BCE0A45BCDB0}) (Version: 16.8.30530 - Microsoft Corporation) HiddenIDM Patch 6.33 build 3 (HKLM-x32\...\IDM Patch 6.33 build 3) (Version: build 3 - Crackingpatching.com Team)Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1065 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) HiddenIntel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) HiddenIntel® Hardware Accelerated Execution Manager (HKLM\...\{7563302D-BD6B-4153-BA7D-3E3432E7C22D}) (Version: 7.5.6 - Intel Corporation)IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) HiddenKMS (HKLM-x32\...\{27D67EB5-ABE3-4084-A34B-6A3D198B4659}) (Version: 1.2.4 - KMSKEY)MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Ltd.)Microsoft .NET SDK 5.0.100 (x64) (HKLM-x32\...\{c0d1830b-4a91-46dc-981e-ebf607e87cfc}) (Version: 5.1.20.52605 - Microsoft Corporation)Microsoft .NET SDK 5.0.101 (x64) from Visual Studio (HKLM\...\{D623A466-38A7-4E39-9D69-7B07951D3406}) (Version: 5.1.120.60105 - Microsoft Corporation)Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.38 - Microsoft Corporation)Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\OneDriveSetup.exe) (Version: 21.170.0822.0002 - Microsoft Corporation)Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.8.3074.1022 - Microsoft Corporation)Npcap (HKLM-x32\...\NpcapInst) (Version: 0.9997 - Nmap Project)NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)NVIDIA Graphics Driver 471.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.68 - NVIDIA Corporation)NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)NZXT CAM 4.25.0 (HKLM\...\ac0666ae-ee66-5310-ac01-9d6348133b2d) (Version: 4.25.0 - NZXT, Inc.)Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) HiddenOutlook (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)PowerPoint (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)PyCharm Community Edition 2020.2.2 (HKLM-x32\...\PyCharm Community Edition 2020.2.2) (Version: 202.7319.64 - JetBrains s.r.o.)Python 3.8.6 (32-bit) (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\{8aab1ce3-aa99-4e1d-bc4f-6d3aad0a0284}) (Version: 3.8.6150.0 - Python Software Foundation)Python 3.8.6 Add to Path (32-bit) (HKLM-x32\...\{ECA9C4A7-B247-43D5-8596-622B13DFAC91}) (Version: 3.8.6150.0 - Python Software Foundation) HiddenPython 3.8.6 Core Interpreter (32-bit) (HKLM-x32\...\{1DE69ED8-D5CF-4F1F-8285-0D666D51183A}) (Version: 3.8.6150.0 - Python Software Foundation) HiddenPython 3.8.6 Development Libraries (32-bit) (HKLM-x32\...\{DBB71382-9F82-4A85-8419-DBB8D42DAFFE}) (Version: 3.8.6150.0 - Python Software Foundation) HiddenPython 3.8.6 Documentation (32-bit) (HKLM-x32\...\{03B01321-EE9C-4266-BCA3-EC2B4790D79F}) (Version: 3.8.6150.0 - Python Software Foundation) HiddenPython 3.8.6 Executables (32-bit) (HKLM-x32\...\{B1C5BBFC-69A5-49B7-A613-A69277B5788F}) (Version: 3.8.6150.0 - Python Software Foundation) HiddenPython 3.8.6 pip Bootstrap (32-bit) (HKLM-x32\...\{A008A19F-258D-4B50-8BB8-043A4A611376}) (Version: 3.8.6150.0 - Python Software Foundation) HiddenPython 3.8.6 Standard Library (32-bit) (HKLM-x32\...\{F9A958E5-FB7D-443C-9E13-74E691793CDA}) (Version: 3.8.6150.0 - Python Software Foundation) HiddenPython 3.8.6 Tcl/Tk Support (32-bit) (HKLM-x32\...\{3EADBBD8-68E1-4A6D-BF70-8B73CFFEBF09}) (Version: 3.8.6150.0 - Python Software Foundation) HiddenPython 3.8.6 Test Suite (32-bit) (HKLM-x32\...\{288B3426-B8B4-45EB-B0FF-C8E864545462}) (Version: 3.8.6150.0 - Python Software Foundation) HiddenPython 3.8.6 Utility Scripts (32-bit) (HKLM-x32\...\{023939DF-F5BD-42A1-9388-F1FC607129E4}) (Version: 3.8.6150.0 - Python Software Foundation) HiddenPython Launcher (HKLM-x32\...\{3B82A91D-DB48-4160-94D2-0B8C6D2B1710}) (Version: 3.8.7205.0 - Python Software Foundation)QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)Riot Repair Tool 1.1.3 (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\980795d3-660d-5bf1-af59-4286bb5d9647) (Version: 1.1.3 - Riot Games Inc.)Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.38.9760 - SoftEther VPN Project)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.16.8 - TeamViewer)Telegram Desktop version 2.9.2 (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.9.2 - Telegram FZ-LLC)Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)VALORANT (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)vcpp_crt.redist.clickonce (HKLM-x32\...\{10D9FDCA-0D16-4C80-91DD-EDDA62A0F29D}) (Version: 14.28.29334 - Microsoft Corporation) HiddenVisual Studio Community 2019 (HKLM-x32\...\993f0216) (Version: 16.8.30804.86 - Microsoft Corporation)VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) HiddenVS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hiddenvs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_clickoncebootstrappermsi (HKLM-x32\...\{78696386-A4B6-4F69-B558-2667CD3A579D}) (Version: 16.8.30530 - Microsoft Corporation) Hiddenvs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_communitymsi (HKLM-x32\...\{DEB11EB7-B61A-4883-8CB0-99013A4873AB}) (Version: 16.8.30608 - Microsoft Corporation) Hiddenvs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_filehandler_amd64 (HKLM-x32\...\{E9439DB7-BF01-4820-8CB1-80957150AB86}) (Version: 16.8.30530 - Microsoft Corporation) Hiddenvs_filehandler_x86 (HKLM-x32\...\{8990F1B6-F880-4E73-A2D9-7A611F4C38A1}) (Version: 16.8.30530 - Microsoft Corporation) Hiddenvs_FileTracker_Singleton (HKLM-x32\...\{3C4B2ED3-2296-4203-A420-AC042BE8484D}) (Version: 16.8.30509 - Microsoft Corporation) Hiddenvs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hiddenvs_minshellmsi (HKLM-x32\...\{08AF5DA9-F3BD-4B59-8D99-C47CC4D53CAD}) (Version: 16.8.30530 - Microsoft Corporation) Hiddenvs_minshellmsires (HKLM-x32\...\{DE982ACB-A44E-44A5-BEA5-F0816490312C}) (Version: 16.8.30530 - Microsoft Corporation) Hiddenvs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{E1FD1D9D-0611-4DE5-826F-37FAC17706AC}) (Version: 16.8.30615 - Microsoft Corporation) Hiddenvs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hiddenvs_vswebprotocolselectormsi (HKLM-x32\...\{BEEB2E56-91DB-4AFB-AC88-8E98B18DD889}) (Version: 16.8.30509 - Microsoft Corporation) HiddenWinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)Wireshark 3.2.7 64-bit (HKLM-x32\...\Wireshark) (Version: 3.2.7 - The Wireshark developer community, hxxps://www.wireshark.org)Word (HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)Packages:=========Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-08] (Microsoft Studios) [MS Ad]NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-20] (NVIDIA Corp.)Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-06-29] (Microsoft Corporation)==================== Custom CLSID (Whitelisted): ==============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-3836129735-2377953987-2542582878-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-19] (Adobe Inc. -> )ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-19] (Adobe Inc. -> )ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-19] (Adobe Inc. -> )ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-19] (Adobe Inc. -> )ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No FileContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_ac9145dd41fecd4e\nvshext.dll [2021-08-06] (Nvidia Corporation -> NVIDIA Corporation)ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-19] (Adobe Inc. -> )ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)==================== Codecs (Whitelisted) ======================================== Shortcuts & WMI ========================(The entries could be listed to be restored or removed.)ShortcutWithArgument: C:\Users\Muzammil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdmShortcutWithArgument: C:\Users\Muzammil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpbShortcutWithArgument: C:\Users\Muzammil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehfShortcutWithArgument: C:\Users\Muzammil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi==================== Loaded Modules (Whitelisted) =============2021-09-01 22:31 - 2021-09-28 19:52 - 005964800 _____ (University of Tsukuba) [File not signed] D:\softwares\SoftEther VPN Client\VpnGatePlugin_x64.dll==================== Alternate Data Streams (Whitelisted) ============================ Safe Mode (Whitelisted) ====================================== Association (Whitelisted) ===================================== Internet Explorer (Whitelisted) ==========HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2021-07-19 05:35:32&iid=271c2675-8e59-4061-8888-c2807f97cf73&bName=SearchScopes: HKU\S-1-5-21-3836129735-2377953987-2542582878-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-28] (Microsoft Corporation -> Microsoft Corporation)(If an entry is included in the fixlist, it will be removed from the registry.)IE trusted site: HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\localhost -> localhostIE trusted site: HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\webcompanion.com -> hxxp://webcompanion.com==================== Hosts content: =========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2019-12-07 14:14 - 2019-12-07 14:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts2021-02-12 22:56 - 2021-02-12 22:56 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics==================== Other Areas ===========================(Currently there is no automatic fix for this section.)HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\dotnet\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\CommonHKU\S-1-5-21-3836129735-2377953987-2542582878-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpgDNS Servers: 192.168.43.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)Windows Firewall is enabled.Network Binding:=============VPN - VPN Client: SoftEther Lightweight Network Protocol -> SeLow (enabled)VPN - VPN Client: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)Bluetooth Network Connection: SoftEther Lightweight Network Protocol -> SeLow (enabled)Bluetooth Network Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)Ethernet: SoftEther Lightweight Network Protocol -> SeLow (enabled)Wi-Fi 2: SoftEther Lightweight Network Protocol -> SeLow (enabled)Wi-Fi 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)==================== MSCONFIG/TASK MANAGER disabled items ==(If an entry is included in the fixlist, it will be removed.)MSCONFIG\Services: CAMService => 2MSCONFIG\Services: GoogleChromeElevationService => 3MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: Steam Client Service => 3MSCONFIG\Services: SynTPEnhService => 2MSCONFIG\Services: TeamViewer => 2HKLM\...\StartupApproved\Run: => "SecurityHealth"HKLM\...\StartupApproved\Run: => "MouseDriver"HKLM\...\StartupApproved\Run32: => "APSDaemon"HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "OneDrive"HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "Discord"HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "Steam"HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "ut"HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "uTorrent"HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "IDMan"HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "NZXT.CAM"HKU\S-1-5-21-3836129735-2377953987-2542582878-1001\...\StartupApproved\Run: => "Web Companion"==================== FirewallRules (Whitelisted) ================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Restore Points =========================ATTENTION: System Restore is disabled (Total:117.98 GB) (Free:40.69 GB) (34%)==================== Faulty Device Manager Devices ============Name: High precision event timerDescription: High precision event timerClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: ========================Application errors:==================Error: (10/07/2021 04:51:07 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:20:07Z. Error Code: 0x80070002.Error: (10/07/2021 04:49:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:44Z. Error Code: 0x80070002.Error: (10/07/2021 04:49:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:14Z. Error Code: 0x80070002.Error: (10/07/2021 04:48:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:44Z. Error Code: 0x80070002.Error: (10/07/2021 04:48:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:14Z. Error Code: 0x80070002.Error: (10/07/2021 04:47:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:44Z. Error Code: 0x80070002.Error: (10/07/2021 04:47:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:14Z. Error Code: 0x80070002.Error: (10/07/2021 04:46:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2021-10-31T11:19:44Z. Error Code: 0x80070002.System errors:=============Error: (10/07/2021 04:40:05 AM) (Source: IntelHaxm) (EventID: 10) (User: )Description: HAXM can't work on system with VT disabledError: (10/07/2021 04:39:06 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-L9D27TS)Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s).Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The SoftEther VPN Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.Error: (10/07/2021 04:38:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.Windows Defender:================Date: 2021-10-07 01:33:53Description:Microsoft Defender Antivirus has detected malware or other potentially unwanted software.For more information please see the following:Name: Trojan:Win32/Glupteba!mlSeverity: SevereCategory: TrojanPath: file:_D:\CSGhost-v4.1_[unknowncheats.me]_.exe; file:_D:\Steam\CSGhost-v4.1_[unknowncheats.me]_.exeDetection Origin: Local machineDetection Type: FastPathDetection Source: Real-Time ProtectionProcess Name: C:\Program Files\Riot Vanguard\vgc.exeSecurity intelligence Version: AV: 1.349.2068.0, AS: 1.349.2068.0, NIS: 1.349.2068.0Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10Date: 2021-10-07 01:33:40Description:Microsoft Defender Antivirus has detected malware or other potentially unwanted software.For more information please see the following:Name: Trojan:Win32/Glupteba!mlSeverity: SevereCategory: TrojanPath: file:_D:\CSGhost-v4.1_[unknowncheats.me]_.exeDetection Origin: Local machineDetection Type: FastPathDetection Source: Real-Time ProtectionProcess Name: C:\Program Files\Riot Vanguard\vgc.exeSecurity intelligence Version: AV: 1.349.2068.0, AS: 1.349.2068.0, NIS: 1.349.2068.0Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10Date: 2021-10-06 21:31:55Description:Microsoft Defender Antivirus has detected malware or other potentially unwanted software.For more information please see the following:Name: HackTool:Win32/AutoKMSSeverity: HighCategory: ToolPath: file:_D:\KMSpico\scripts\UnInstall_Service.cmdDetection Origin: Local machineDetection Type: ConcreteDetection Source: Real-Time ProtectionProcess Name: C:\Windows\System32\cmd.exeSecurity intelligence Version: AV: 1.349.2055.0, AS: 1.349.2055.0, NIS: 1.349.2055.0Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10Date: 2021-10-06 16:40:06Description:Microsoft Defender Antivirus scan has been stopped before completion.Scan Type: AntimalwareScan Parameters: Quick ScanDate: 2021-10-05 02:15:26Description:Microsoft Defender Antivirus has detected malware or other potentially unwanted software.For more information please see the following:Name: HackTool:Win64/AutoKMSSeverity: HighCategory: ToolPath: file:_C:\Windows\SECOH-QAD.dllDetection Origin: Local machineDetection Type: ConcreteDetection Source: SystemProcess Name: UnknownSecurity intelligence Version: AV: 1.349.1919.0, AS: 1.349.1919.0, NIS: 1.349.1919.0Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10Date: 2021-10-01 16:12:40Description:Microsoft Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.For more information please see the following:Name: HackTool:Win64/AutoKMSSeverity: HighCategory: ToolPath: containerfile:_D:\KMSpico\KMSELDI.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk; file:_D:\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.dll]; file:_D:\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x64.exe]; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnkDetection Origin: Local machineDetection Type: ConcreteDetection Source: Real-Time ProtectionProcess Name: C:\Windows\System32\RuntimeBroker.exeAction: QuarantineAction Status: No additional actions requiredError Code: 0x80070003Error description: The system cannot find the path specified.Security intelligence Version: AV: 1.349.1599.0, AS: 1.349.1599.0, NIS: 1.349.1599.0Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10Date: 2021-10-01 16:12:40Description:Microsoft Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.For more information please see the following:Name: HackTool:Win32/AutoKMSSeverity: HighCategory: ToolPath: containerfile:_D:\KMSpico\KMSELDI.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk; file:_D:\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x86.dll]; file:_D:\KMSpico\KMSELDI.exe->[MSILRES:KMSELDI.SECOH-QAD.x86.exe]; file:_D:\KMSpico\scripts\Install_Service.cmd; file:_D:\KMSpico\scripts\Install_Task.cmd; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnkDetection Origin: Local machineDetection Type: ConcreteDetection Source: Real-Time ProtectionProcess Name: C:\Windows\System32\cmd.exeAction: QuarantineAction Status: No additional actions requiredError Code: 0x80070003Error description: The system cannot find the path specified.Security intelligence Version: AV: 1.349.1599.0, AS: 1.349.1599.0, NIS: 1.349.1599.0Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10Date: 2021-09-22 21:15:15Description:Microsoft Defender Antivirus has encountered an error trying to update security intelligence.New security intelligence Version:Previous security intelligence Version: 1.349.1228.0Update Source: Microsoft Update ServerSecurity intelligence Type: AntiVirusUpdate Type: FullCurrent Engine Version:Previous Engine Version: 1.1.18500.10Error code: 0x80240438Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.==================== Memory info ===========================BIOS: Insyde F.09 08/04/2014Motherboard: Hewlett-Packard 2281Processor: Intel® Core™ i5-4210U CPU @ 1.70GHzPercentage of memory in use: 46%Total physical RAM: 8122.15 MBAvailable physical RAM: 4368.89 MBTotal Virtual: 11066.15 MBAvailable Virtual: 7009.34 MB==================== Drives ================================Drive c: () (Fixed) (Total:117.98 GB) (Free:40.69 GB) NTFSDrive d: () (Fixed) (Total:119.89 GB) (Free:34.36 GB) NTFS\\?\Volume{f16e01cc-5a78-4289-90b2-eba2cefa2e76}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS\\?\Volume{b19d9952-9ddd-427b-ae48-b5076ee56529}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32==================== MBR & Partition Table ==============================================================================Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)Partition: GPT.==================== End of Addition.txt =======================
Edited by Oh My!, 06 October 2021 - 07:09 PM.