And here is the log of Addition.txt, I couldn't provide the logs because the website was not allowing me to post any more, it was saying that " You have reached the maximum number of new posts allowed to be created in a 24 hour period. " (I've also attached the error photo that the site was giving me, ok?) ...-____-... :'( (Please make sure to disable this option in my account {when the malware issue is being in progress} to avoid more delay of the progress..)








Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2021
Ran by Addy (17-08-2021 10:36:48)
Running from C:\Users\Addy\Desktop
Windows 10 Pro Version 21H1 19043.1165 (X64) (2021-05-25 12:01:16)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Addy (S-1-5-21-4201120289-4146785065-3772099571-1002 - Administrator - Enabled) => C:\Users\Addy
Administrator (S-1-5-21-4201120289-4146785065-3772099571-500 - Administrator - Enabled) => C:\Users\Administrator
afird (S-1-5-21-4201120289-4146785065-3772099571-1001 - Limited - Enabled)
DefaultAccount (S-1-5-21-4201120289-4146785065-3772099571-503 - Limited - Disabled)
Guest (S-1-5-21-4201120289-4146785065-3772099571-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4201120289-4146785065-3772099571-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Kaspersky Total Security (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Active Directory Authentication Library for SQL Server (HKLM\...\{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 - Microsoft Corporation) Hidden
Apowersoft Photo Viewer V1.1.9 (HKLM-x32\...\{AA88C325-55DB-463A-801E-ED6929D0260E}_is1) (Version: 1.1.9 - APOWERSOFT LIMITED)
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 21.6.2474 - Avast Software)
BlueJ (HKLM\...\{39F0200A-540D-43C5-A845-6D51BA794175}) (Version: 5.0.1 - BlueJ Team)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{F878746A-C5F7-420A-A672-4DFEF74ADC3A}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
icecap_collection_neutral (HKLM-x32\...\{1036893D-9917-4E70-B96C-8D72A2B224BC}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{289873DF-80D0-4D7D-8068-D25D342A26FA}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{D2B4539C-173B-4B8D-A021-E22E9566BC24}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{38CE202D-7880-4101-9739-83619300EC58}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{0307C98E-AE82-4A4F-A950-A72FBD805338}) (Version: 10.0.04403 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
IObit Uninstaller 10 (HKLM-x32\...\IObitUninstall) (Version: 10.6.0.4 - IObit)
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Java(TM) SE Development Kit 16.0.1 (64-bit) (HKLM\...\{75CDB88B-F917-5456-AB2D-5504DE7F43DE}) (Version: 16.0.1.0 - Oracle Corporation)
Lightspark (HKLM\...\Lightspark) (Version: 0.8.5-git - The Lightspark Developers)
Microsoft .NET Core SDK 3.1.411 (x64) (HKLM-x32\...\{d9facd1b-6861-4705-bf9d-fbb720c1b228}) (Version: 3.1.411.15760 - Microsoft Corporation)
Microsoft .NET SDK 5.0.301 (x64) from Visual Studio (HKLM\...\{869D316B-33AD-4466-974C-95820FF40F99}) (Version: 5.3.121.27113 - Microsoft Corporation)
Microsoft .NET SDK 5.0.302 (x64) (HKLM-x32\...\{5cb2152c-6073-4a34-99a0-cbf98ab1c0c6}) (Version: 5.3.221.31823 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.17 - Shared Framework (x86) (HKLM-x32\...\{7c2ec55d-b700-4b00-b0db-1211acdcfd72}) (Version: 3.1.17.21318 - Microsoft Corporation)
Microsoft ASP.NET Core 5.0.8 - Shared Framework (x86) (HKLM-x32\...\{b8d8202a-e260-4dfd-adfc-0070c0d47f54}) (Version: 5.0.8.21318 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.73 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{8D98AC2C-FC5C-440D-A2D3-6C9655F957D8}) (Version: 17.2.0.1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4201120289-4146785065-3772099571-500\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30038 (HKLM-x32\...\{7f336035-fa39-4d06-bd17-fbf472a381e8}) (Version: 14.29.30038.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30038 (HKLM-x32\...\{9120a466-433b-4dd9-a5e0-3092abd2cc1d}) (Version: 14.29.30038.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.10.2174.31177 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.17 (x86) (HKLM-x32\...\{1d2d2e19-bb77-464c-8c75-d33f0ba38aaa}) (Version: 3.1.17.30215 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.8 (x86) (HKLM-x32\...\{3ef73a2e-063c-4143-96d3-decce7fece14}) (Version: 5.0.8.30215 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.00 - Nmap Project)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Oracle VM VirtualBox 6.1.26 (HKLM\...\{71822DCA-AF02-40D5-9BB8-2C1F75356115}) (Version: 6.1.26 - Oracle Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.9 - Power Software Ltd)
Process Hacker (HKLM\...\ProcessHacker) (Version: 3.x - Process Hacker)
Python 3.10.0b1 Add to Path (64-bit) (HKLM\...\{5F5DAC57-6C9D-49A7-8E74-508EEF613437}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Core Interpreter (64-bit debug) (HKLM\...\{CF17AEE9-2A25-4E36-A7B5-08620E5B92CA}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Core Interpreter (64-bit symbols) (HKLM\...\{1E7EA21E-D242-4881-A7C4-91E3609C718F}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Core Interpreter (64-bit) (HKLM\...\{D50DD6DF-3E49-4AD0-88A7-4123BB73FA54}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Development Libraries (64-bit debug) (HKLM\...\{87DDEE4C-F2D3-4343-879F-4A1D8762DCD1}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Development Libraries (64-bit) (HKLM\...\{BA6BFE92-6389-4EBE-9EBD-B3CE21CA46BC}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Documentation (64-bit) (HKLM\...\{F45C9C1E-DA34-473F-BD67-FCCF73ABB520}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Executables (64-bit debug) (HKLM\...\{C50584A0-8649-4E38-8A58-6B034573F8BA}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Executables (64-bit symbols) (HKLM\...\{FF8CEF7F-5B00-47B9-BDDD-598530B40336}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Executables (64-bit) (HKLM\...\{EA3350C1-7191-445B-8F20-44C986BBCC8B}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 pip Bootstrap (64-bit) (HKLM\...\{0281D1B5-7513-4294-ACD4-F1B2C06690A7}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Standard Library (64-bit debug) (HKLM\...\{B33D32BD-FB30-4C3E-BE73-CB5BEAA164D6}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Standard Library (64-bit symbols) (HKLM\...\{6D545F9B-BE92-46E4-B651-F81A46153B3F}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Standard Library (64-bit) (HKLM\...\{CFDEAD91-8644-4FA7-AEEB-EABBB98377BD}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Tcl/Tk Support (64-bit debug) (HKLM\...\{B0354E28-55C2-4369-8B5C-A5E26F023E63}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Tcl/Tk Support (64-bit symbols) (HKLM\...\{56F92971-282A-4393-8F71-278BA0011034}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Tcl/Tk Support (64-bit) (HKLM\...\{52C910D9-9D20-4678-B5CE-A1FDBA31EA5C}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Test Suite (64-bit debug) (HKLM\...\{8D91D388-D45E-4AE2-9EE3-803C3AA3B1D1}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Test Suite (64-bit symbols) (HKLM\...\{2DF69361-F005-41C2-A9B0-748E2233E07A}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Test Suite (64-bit) (HKLM\...\{893852B6-0A3D-4654-A0EC-F2243B2A8F7F}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python 3.10.0b1 Utility Scripts (64-bit) (HKLM\...\{1F0AB9AC-5F28-4642-AEF0-90EA2E86189C}) (Version: 3.10.111.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D6389075-B367-4A12-9371-699F14CBC7AF}) (Version: 3.10.7427.0 - Python Software Foundation)
TypeScript SDK (HKLM-x32\...\{C34D7309-4E94-4B6A-ABE8-C1EE566E9C1F}) (Version: 4.2.4.0 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
vcpp_crt.redist.clickonce (HKLM-x32\...\{9BE18F4E-9100-4B29-9F08-61F21A2045DD}) (Version: 14.29.30038 - Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\...\5dde10f0) (Version: 16.10.31410.357 - Microsoft Corporation)
VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{E90279BA-36B4-4477-A1B7-C81B571172F2}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{6F7948F9-8EED-4FA5-A1D9-7DD512A2CA26}) (Version: 16.10.31206 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{F2362422-8A5F-473B-B793-E9592B1EA9FA}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{8B6AE4FB-1E51-4BB4-B52C-CAC8A0340310}) (Version: 16.10.31206 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{B0AA3BF6-3C13-4C9A-A043-4CEFBBE0A2D3}) (Version: 16.10.31206 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{E6B8D127-6C17-4E21-BA5C-B1D0C322BBA2}) (Version: 16.10.31320 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{9A9E968E-1C75-4B85-BCBF-D1E26D6F7A6B}) (Version: 16.10.31205 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{634F7BE2-E181-4544-946F-B8BA774B9059}) (Version: 16.10.31206 - Microsoft Corporation) Hidden
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-4201120289-4146785065-3772099571-1002\...\ZoomUMX) (Version: 5.7.5 (939) - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4201120289-4146785065-3772099571-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Addy\AppData\Local\Microsoft\OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4201120289-4146785065-3772099571-1002_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Addy\AppData\Local\Microsoft\OneDrive\21.099.0516.0003\Microsoft.Nucleus.exe" => No File
CustomCLSID: HKU\S-1-5-21-4201120289-4146785065-3772099571-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Addy\AppData\Local\Microsoft\OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4201120289-4146785065-3772099571-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4201120289-4146785065-3772099571-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Addy\AppData\Local\Microsoft\OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4201120289-4146785065-3772099571-1002_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Addy\AppData\Local\Microsoft\OneDrive\21.099.0516.0003\Microsoft.Nucleus.exe" => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-08-04] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-08-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-08-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-03-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-08-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-03-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-08-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-03-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => c:\windows\system32\lvcod64.dll [175392 2021-05-31] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2021-05-31] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2020-01-31] (IObit Information Technology -> IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-07-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-07-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 14:44 - 2021-07-03 09:46 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;c:\program files\common files\oracle\java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;c:\program files\python310\scripts\;c:\program files\python310\;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\windows\system32\openssh\;c:\program files\nvidia corporation\nvidia nvdlisr;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-4201120289-4146785065-3772099571-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Addy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-4201120289-4146785065-3772099571-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-4201120289-4146785065-3772099571-1002\...\StartupApproved\Run: => "IDMan"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5EACE3A2-5415-4261-9216-AF6F9DFC17E6}] => (Allow) C:\Users\afird\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1D8671BE-4CD8-43E5-9DB1-AED9AA803288}] => (Allow) C:\Users\afird\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{EBF5E04C-5E58-4932-B464-CEAAA84E4168}] => (Allow) C:\Users\afird\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{1EE41DE8-6041-4EC0-A0B1-300416A17F2B}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Photo Viewer\Apowersoft Photo Viewer.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{6873E2C3-704D-4A1C-9A1A-DCA55DC180DC}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Photo Viewer\Apowersoft Photo Viewer.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [TCP Query User{11246563-FF25-4655-A187-CAAA1DFCFD1A}C:\users\addy\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\addy\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{CC7F3693-D61F-45E4-AF08-42A0FB493777}C:\users\addy\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\addy\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{34B91CCB-3869-461E-AACF-1F79F3F881E7}C:\users\addy\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\addy\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3FC346A6-9045-47F0-9C9C-681639DBB21B}C:\users\addy\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\addy\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [{AD793C42-C034-4836-95A4-D103AEA7FDDD}] => (Allow) C:\Users\Addy\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5144181A-8891-4338-B450-CA9E594663FB}] => (Allow) C:\Users\Addy\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{5374BA7A-3FDA-4E89-AEA2-AE61B2F9BDBD}] => (Allow) C:\Users\Addy\AppData\Roaming\Zoom\bin\airhost.exe => No File
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
Name: Microsoft Hyper-V Virtualization Infrastructure Driver
Description: Microsoft Hyper-V Virtualization Infrastructure Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Vid
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: HD Webcam C510
Description: HD Webcam C510
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: usbaudio
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: ========================
Application errors:
==================
Error: (08/16/2021 04:48:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.1151, time stamp: 0x2885d2b8
Faulting module name: tiptsf.dll, version: 10.0.19041.746, time stamp: 0xe3a65137
Exception code: 0xc0000005
Fault offset: 0x000000000000b0a6
Faulting process id: 0x220c
Faulting application start time: 0x01d7928e56bbb1fa
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
Report Id: 0404aaea-c9cc-472a-9c41-551ec2e81a1b
Faulting package full name:
Faulting package-relative application ID:
Error: (08/15/2021 08:17:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on \\?\Volume{1b738edc-0000-0000-0000-100000000000}\ because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (08/15/2021 08:12:44 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on \\?\Volume{1b738edc-0000-0000-0000-100000000000}\ because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (08/14/2021 11:54:41 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on \\?\Volume{1b738edc-0000-0000-0000-100000000000}\ because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (08/14/2021 11:14:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on \\?\Volume{1b738edc-0000-0000-0000-100000000000}\ because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (08/14/2021 08:37:24 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on \\?\Volume{1b738edc-0000-0000-0000-100000000000}\ because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (08/14/2021 07:41:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.19041.1110, time stamp: 0xe86d289e
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x75c
Faulting application start time: 0x01d79116562b914c
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: b9109660-7457-45b5-96f1-de9db28916de
Faulting package full name:
Faulting package-relative application ID:
Error: (08/14/2021 07:41:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.19041.1110, time stamp: 0xe86d289e
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x1264
Faulting application start time: 0x01d7911654dcaa5d
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 17f85963-0daf-40fa-9e46-b51bdb749eca
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (08/17/2021 10:38:12 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (08/17/2021 10:36:48 AM) (Source: DCOM) (EventID: 10005) (User: ADDY-BABU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/17/2021 10:36:37 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}
Error: (08/17/2021 10:35:38 AM) (Source: DCOM) (EventID: 10005) (User: ADDY-BABU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/17/2021 10:35:04 AM) (Source: DCOM) (EventID: 10005) (User: ADDY-BABU)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (08/17/2021 10:35:04 AM) (Source: DCOM) (EventID: 10005) (User: ADDY-BABU)
Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (08/17/2021 10:35:04 AM) (Source: DCOM) (EventID: 10005) (User: ADDY-BABU)
Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (08/17/2021 10:35:04 AM) (Source: DCOM) (EventID: 10005) (User: ADDY-BABU)
Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Windows Defender:
================
Date: 2021-06-24 18:24:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-06-24 18:12:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-06-23 20:16:35
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...linkid=37020&name=Backdoor:MSIL/Bladabindi!rfn&threatid=2147692010&enterprise=0
Name: Backdoor:MSIL/Bladabindi!rfn
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\Addy\AppData\Local\Temp\Rar$DRa4704.42112\NjRat 0.7D Danger Edition 2018\NjRat 0.7D Danger Edition-cleaned-cleaned.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.341.1231.0, AS: 1.341.1231.0, NIS: 1.341.1231.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-22 19:44:32
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...wlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: containerfile:_C:\Program Files (x86)\IObit\Driver Booster\8.4.0\Loader-IDB.exe; file:_C:\Program Files (x86)\IObit\Driver Booster\8.4.0\Loader-IDB.exe; file:_C:\Program Files (x86)\IObit\Driver Booster\8.4.0\Loader-IDB.exe->(UPX)->(VFS

atch.exe)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.341.1224.0, AS: 1.341.1224.0, NIS: 1.341.1224.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-30 15:35:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1586.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80070643
Error description: Fatal error during installation.
Date: 2021-06-30 15:35:13
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.108.0
Previous security intelligence Version: 1.341.1586.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-30 15:35:13
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.108.0
Previous security intelligence Version: 1.341.1586.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-30 15:35:13
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-27 10:50:51
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1532.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
CodeIntegrity:
===============
Date: 2021-08-17 10:34:29
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2021-08-16 23:02:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Avast Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-08-16 22:42:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F3 09/23/2016
Motherboard: Gigabyte Technology Co., Ltd. H61MS
Processor: Intel(R) Pentium(R) CPU G2010 @ 2.80GHz
Percentage of memory in use: 50%
Total physical RAM: 3991.55 MB
Available physical RAM: 1967.5 MB
Total Virtual: 12183.55 MB
Available Virtual: 10403.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.26 GB) (Free:27.02 GB) NTFS
Drive e: () (Fixed) (Total:175.78 GB) (Free:100.26 GB) NTFS
Drive f: () (Fixed) (Total:192.23 GB) (Free:71.69 GB) NTFS
\\?\Volume{1b738edc-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 1B738EDC)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=175.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=192.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================