Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2021 Ran by hotoo (03-07-2021 15:06:59) Running from C:\Users\hotoo\Desktop Windows 10 Home Version 21H1 19043.1081 (X64) (2021-07-03 02:34:23) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-289658593-2826232128-3048907409-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-289658593-2826232128-3048907409-503 - Limited - Disabled) defaultuser100000 (S-1-5-21-289658593-2826232128-3048907409-1006 - Limited - Enabled) Guest (S-1-5-21-289658593-2826232128-3048907409-501 - Limited - Disabled) hotoo (S-1-5-21-289658593-2826232128-3048907409-1001 - Administrator - Enabled) => C:\Users\hotoo WDAGUtilityAccount (S-1-5-21-289658593-2826232128-3048907409-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.59 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Mozilla Firefox 89.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 89.0.2 - Mozilla) Oracle VM VirtualBox 6.1.22 (HKLM\...\{573CC601-ED8D-450F-BE6F-A313DD77A4A0}) (Version: 6.1.22 - Oracle Corporation) Packages: ========= Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-02] (Microsoft Corporation) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0 [2021-07-03] (Spotify AB) [Startup Task] TranslucentTB -> C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj [2021-07-02] (Charles Milette) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-07-02 21:52 - 2021-07-02 21:52 - 000059392 _____ (by nICO (chick80@libero.it) - 2004. Modified by TranslucentTB devs) [File not signed] C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj\TranslucentTB\CPicker.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2021-06-22 00:28 - 2021-06-22 00:24 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-289658593-2826232128-3048907409-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hotoo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 10.0.0.138 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{22A7707C-3248-4563-B12A-1FB928118D85}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{371D2680-E67B-4C15-A896-C553036FFBD2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{182EE3A6-23AA-42FC-B360-EA4B924569E2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2CAD70D4-0DD4-4123-9143-85A043749E01}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5478D4B6-4F48-4E2A-BAD9-920895D3D274}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{28E86BF1-668E-4916-8917-C5FB5B23AA18}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{2777B8B7-001F-4D94-BC4E-FBDCA218A370}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AD5FE7B8-FC6B-47DA-96FB-9B0318688471}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AAB8A40F-9776-4B43-913B-D7CEF3767B79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B2F118E3-0264-40E5-82B1-C9FC268BE79C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{70231FD6-B836-4249-A7DB-3040733A4B00}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3D2C9AFD-889B-4F56-B7F6-5327E5B7FC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{89F8354E-F2FC-4EEB-B462-200D86465067}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{316319E9-D56D-444C-A4F3-8BE16E165829}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) ==================== Restore Points ========================= 03-07-2021 03:28:22 3jul 03-07-2021 13:52:52 Malwarebytes Anti-Rootkit Restore Point ==================== Faulty Device Manager Devices ============ Name: PCI Device Description: PCI Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: BCM20702A0 Description: BCM20702A0 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (07/03/2021 05:04:39 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for FUCK\HELZCOMPUTER$ via https://STM-KeyId-571f806b47cce79bfa35947ced88b8d1005ae09e.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps Method: GET(78ms) Stage: GetCACaps The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Error: (07/03/2021 04:45:33 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for FUCK\HELZCOMPUTER$ via https://STM-KeyId-571f806b47cce79bfa35947ced88b8d1005ae09e.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps Method: GET(78ms) Stage: GetCACaps The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Error: (07/03/2021 04:37:21 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for FUCK\HELZCOMPUTER$ via https://STM-KeyId-571f806b47cce79bfa35947ced88b8d1005ae09e.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps Method: GET(1812ms) Stage: GetCACaps The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Error: (07/03/2021 03:28:14 AM) (Source: SPP) (EventID: 16389) (User: ) Description: Writer Shadow Copy Optimization Writer experienced retryable error during shadow copy creation. Retrying... More info: . Error: (07/03/2021 03:21:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.19041.1, time stamp: 0x95286d96 Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x26452a2a Exception code: 0x8007000e Fault offset: 0x0012a6e2 Faulting process id: 0x19b0 Faulting application start time: 0x01d76f37e5a45734 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 7860e2be-e6d5-4980-9950-a969f0de6b4e Faulting package full name: Faulting package-relative application ID: Error: (07/03/2021 01:43:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A) Error: (07/03/2021 01:09:48 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program WinStore.App.exe version 12104.1001.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1094 Start Time: 01d76f466c1ef2b0 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowsstore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe Report Id: 19509656-00b6-47fc-8b27-c63befb45876 Faulting package full name: Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Navigation Error: (07/03/2021 01:56:07 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY) Description: SCEP Certificate enrollment for WORKGROUP\WIN-DF1G16I36EQ$ via https://STM-KeyId-571f806b47cce79bfa35947ced88b8d1005ae09e.microsoftaik.azure.net/templates/Aik/scep failed: SubmitDone Submit(Request): Bad Request {"Message":"Failed to parse SCEP request."} HTTP/1.1 400 Bad Request Date: Fri, 02 Jul 2021 10:56:19 GMT Content-Length: 43 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 45c52591-abce-4cc0-8e0d-8e3917f57601 Method: POST(9438ms) Stage: SubmitDone Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST) System errors: ============= Error: (07/03/2021 03:02:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0. Error: (07/03/2021 02:58:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0. Error: (07/03/2021 02:48:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0. Error: (07/03/2021 02:47:34 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (07/03/2021 02:45:47 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (07/03/2021 02:45:45 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (07/03/2021 02:45:43 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 2:25:49 PM on ‎3/‎07/‎2021 was unexpected. Error: (07/03/2021 02:27:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0. Windows Defender: ================ Date: 2021-07-02 23:40:17 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0 Name: Trojan:Win32/Vigorf.A Severity: Severe Category: Trojan Path: file:_C:\Users\hotoo\OneDrive\Documents\VlcpVideoV1.0.1\jg6_6asg.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\System32\svchost.exe Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0 Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4 Date: 2021-07-02 23:40:14 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0 Name: Trojan:Win32/Vigorf.A Severity: Severe Category: Trojan Path: file:_C:\Users\hotoo\OneDrive\Documents\VlcpVideoV1.0.1\jg6_6asg.exe; process:_pid:6500,ProcessStart:132697066144892195 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0 Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4 Date: 2021-07-02 23:39:00 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0 Name: Trojan:Win32/Vigorf.A Severity: Severe Category: Trojan Path: file:_C:\Users\hotoo\OneDrive\Documents\VlcpVideoV1.0.1\jg6_6asg.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\System32\svchost.exe Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0 Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4 Date: 2021-07-02 23:37:08 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0 Name: Trojan:Win32/Vigorf.A Severity: Severe Category: Trojan Path: file:_C:\Users\hotoo\OneDrive\Documents\VlcpVideoV1.0.1\jg6_6asg.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0 Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4 Date: 2021-07-02 21:07:50 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan  ==================== Memory info =========================== BIOS: LENOVO G8ET90WW (2.50 ) 12/26/2012 Motherboard: LENOVO 3369A62 Processor: Intel(R) Core(TM) i3-3227U CPU @ 1.90GHz Percentage of memory in use: 55% Total physical RAM: 5988.22 MB Available physical RAM: 2655.59 MB Total Virtual: 7652.22 MB Available Virtual: 4218.74 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:595.56 GB) (Free:561.07 GB) NTFS \\?\Volume{505ee7a1-ad29-49cb-9827-7da3c113f39d}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS \\?\Volume{ce443e91-658d-4cae-84ed-b1508e4251c2}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 596.2 GB) (Disk ID: 72129270) Partition: GPT. ==================== End of Addition.txt =======================