Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-02-2023 Ran by nickj (04-02-2023 17:56:07) Running from C:\Users\nickj\Downloads\New ROADS Microsoft Windows 10 Home Version 22H2 19045.2486 (X64) (2021-12-11 08:36:58) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3323940460-2476448031-453550397-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3323940460-2476448031-453550397-503 - Limited - Disabled) Guest (S-1-5-21-3323940460-2476448031-453550397-501 - Limited - Disabled) nickj (S-1-5-21-3323940460-2476448031-453550397-1001 - Administrator - Enabled) => C:\Users\nickj WDAGUtilityAccount (S-1-5-21-3323940460-2476448031-453550397-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 21.06 (x64) (HKLM\...\7-Zip) (Version: 21.06 - Igor Pavlov) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20314 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.15.24.2059 - Advanced Micro Devices, Inc.) AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.118 - Advanced Micro Devices, Inc.) Hidden AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 4.15.0.0 - Advanced Micro Devices, Inc.) Hidden AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 6.0.0.9 - Advanced Micro Devices, Inc.) Hidden AMD SBxxx SMBus Driver Alpha (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden AMD_Chipset_Drivers (HKLM-x32\...\{48783093-ed30-463f-9f90-d8c2cc338e32}) (Version: 2.15.24.2059 - Advanced Micro Devices, Inc.) Hidden Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 109.0.19817.75 - AVAST Software) Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broforce (HKLM-x32\...\1470490225_is1) (Version: 2.0.0.2 - GOG.com) Crash Bandicoot 4 (HKLM-x32\...\Crash Bandicoot 4_is1) (Version: - ) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 11.0.0.1932 - Disc Soft Ltd) Discord (HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\Discord) (Version: 1.0.9006 - Discord Inc.) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.) Forza Horizon 5 (HKLM-x32\...\Forza Horizon 5_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC) High on Life (HKLM-x32\...\High on Life_is1) (Version: - ) JoyToKey version 6.8 (HKLM-x32\...\{EBF21C82-423E-49FD-BCBD-88C08397CB44}_is1) (Version: 6.8 - JTK software) Kaspersky (HKLM-x32\...\{0BB51252-A5F0-3D7C-AE3E-052278FEB384}) (Version: 21.8.5.452 - Kaspersky) Hidden Kaspersky (HKLM-x32\...\InstallWIX_{0BB51252-A5F0-3D7C-AE3E-052278FEB384}) (Version: 21.8.5.452 - Kaspersky) Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) KMSauto.net (HKLM-x32\...\{6A2B3E01-92B9-4E14-A6A4-59AD5F9479FF}) (Version: 1.0.0 - KMSauto.net) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Little Nightmares II (HKLM-x32\...\Little Nightmares II_is1) (Version: - ) Malwarebytes version 4.5.20.230 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.20.230 - Malwarebytes) Microsoft .NET Host - 5.0.10 (x86) (HKLM-x32\...\{EEC610D2-6934-4567-A658-092A1429A21A}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.10 (x86) (HKLM-x32\...\{29F55E7D-9FB8-4F1D-A233-1F5995CB0FF5}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.10 (x86) (HKLM-x32\...\{17675144-2D5B-4BA3-AF21-A65F7D824149}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.78 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.70 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{6BBE9278-659F-FA16-E4B8-C2D60DE0DCC7}) (Version: 10.1.22621.1863 - Microsoft Corporation) Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Volume - en-us) (Version: 16.0.10394.20022 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\OneDriveSetup.exe) (Version: 23.007.0109.0004 - Microsoft Corporation) Microsoft Support and Recovery Assistant (HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\1411bee0b739e9b9) (Version: 17.0.9467.6 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\Teams) (Version: 1.6.00.376 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31931 (HKLM-x32\...\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}) (Version: 14.34.31931.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30704 (HKLM\...\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}) (Version: 14.30.30704 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30704 (HKLM\...\{662A0088-6FCD-45DD-9EA7-68674058AED5}) (Version: 14.30.30704 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31931 (HKLM-x32\...\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}) (Version: 14.34.31931 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31931 (HKLM-x32\...\{AB1BDF73-7393-42CE-812D-9A90918814D5}) (Version: 14.34.31931 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.10 (x86) (HKLM-x32\...\{ba8ab6bd-ad21-447e-b617-feee84353247}) (Version: 5.0.10.30418 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.10 (x86) (HKLM-x32\...\{DCE5198A-7449-4F9F-A630-C8363759D0FB}) (Version: 40.40.30418 - Microsoft Corporation) Hidden Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC) MultiPack Visual C++ Installer V3.0 (HKLM-x32\...\{93E81C5A-55A6-4686-AA8E-532F506EA91A}_is1) (Version: 3.0 - BobSpwg) NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.3.0.160 - Nord Security) NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.48.18.0 - Nord Security) NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation) NVIDIA Graphics Driver 528.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 528.24 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation) NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10394.20022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10394.20022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.10394.20022 - Microsoft Corporation) Hidden Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.1215.121004 - Razer Inc.) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9175.1 - Realtek Semiconductor Corp.) RetroArch (HKLM-x32\...\RetroArch) (Version: 1.13.0.0 - Libretro) THX Spatial Audio (HKLM\...\{58CEA038-CE01-4C2F-9D82-34899B4F9EC9}) (Version: 1.0.3.52 - THX) Hidden THX Spatial Audio (HKLM-x32\...\{cd1f00e0-bfca-4a95-a8d7-acd306bd63ec}) (Version: 1.0.3.52 - THX) Trine 3: Artifacts of Power (HKLM-x32\...\1431599567_is1) (Version: 1.11(build_3102) - GOG.com) UNCHARTEDâ„¢ Legacy of Thieves Collection (HKLM-x32\...\FLT_Uncharted_Legacy_of_Thieves_Collection) (Version: - ) VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN) WhatsApp (HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\WhatsApp) (Version: 2.2304.7 - WhatsApp) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\ZoomUMX) (Version: 5.13.3 (11494) - Zoom Video Communications, Inc.) Packages: ========= AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m [2022-04-09] (Advanced Micro Devices Inc.) [Startup Task] AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2022-12-09] (Microsoft Corporation) LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2022-11-10] (LinkedIn) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad] Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10114.505.0_x64__8wekyb3d8bbwe [2023-01-20] (Microsoft Corporation) Monitorian -> C:\Program Files\WindowsApps\10186emoacht.Monitorian_4.0.1.0_neutral__0q7myvhtpbc7w [2023-01-06] (emoacht) [Startup Task] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2023-02-04] (NVIDIA Corp.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2022-06-26] (Adobe Systems Incorporated) Real HEIC File Viewer -> C:\Program Files\WindowsApps\36059XiaoyaStudio.RealHEICFileViewer_2.0.10.0_neutral__ngh7ertwt50re [2023-01-28] (Xiaoya Lab) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2022-04-10] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-26] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0 [2023-02-04] (Spotify AB) [Startup Task] THX Spatial Audio Control -> C:\Program Files\WindowsApps\THXLtd.THXSpatialAudioControl_2022.1206.1.0_x64__zgheytcpjsgqw [2022-12-13] (THX Ltd.) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-04] (Microsoft Corporation) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x86__8wekyb3d8bbwe [2023-02-04] (Microsoft Corporation) Xbox Accessories -> C:\Program Files\WindowsApps\Microsoft.XboxDevices_2209.2209.14005.0_x64__8wekyb3d8bbwe [2022-09-26] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3323940460-2476448031-453550397-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\nickj\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22321.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-25] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [Kaspersky Anti-Virus 21.8] -> {2072673C-3290-48FF-8503-8F69FACA7B02} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.8\x64\shellex.dll [2022-12-05] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-12-19] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers2: [Kaspersky Anti-Virus 21.8] -> {2072673C-3290-48FF-8503-8F69FACA7B02} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.8\x64\shellex.dll [2022-12-05] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-12-19] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-01-04] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-25] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [Kaspersky Anti-Virus 21.8] -> {2072673C-3290-48FF-8503-8F69FACA7B02} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.8\x64\shellex.dll [2022-12-05] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2021-09-06] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_e040dfd3f9f5ce72\nvshext.dll [2023-01-18] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-25] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [Kaspersky Anti-Virus 21.8] -> {2072673C-3290-48FF-8503-8F69FACA7B02} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.8\x64\shellex.dll [2022-12-05] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-01-04] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-12-29 16:09 - 2021-12-29 16:09 - 000438784 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\amdlinkremoteserver.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000017920 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\libEGL.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 003567616 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\libGLESv2.dll 2021-12-29 16:09 - 2021-12-29 16:09 - 000258560 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\WirelessVR-windesktop64.dll 2021-12-12 08:00 - 2021-11-25 00:30 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 004396032 _____ (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\d3dcompiler_47.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qgif.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qicns.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000031232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qico.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qjpeg.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qsvg.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qtga.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qwbmp.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qwebp.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 001455104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\platforms\qwindows.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 001227776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\sqldrivers\qsqlite.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\styles\qwindowsvistastyle.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Core.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Gui.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000740352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Multimedia.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000123392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5MultimediaQuick.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 001110528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Network.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Positioning.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Qml.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QmlModels.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000054784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QmlWorkerScript.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 004255744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Quick.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000171520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QuickControls2.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 001128448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QuickTemplates2.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000206336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Sql.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000334336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Svg.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebChannel.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000396800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebEngine.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 102854656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebEngineCore.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 005611008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Widgets.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WinExtras.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Xml.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 002877440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5XmlPatterns.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000056832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtMultimedia\declarative_multimedia.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQml\qmlplugin.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick.2\qtquick2plugin.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000290816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Controls.2\qtquickcontrols2plugin.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000336896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Controls\qtquickcontrolsplugin.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000134144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Dialogs\dialogplugin.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000106496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Layouts\qquicklayoutsplugin.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Templates.2\qtquicktemplates2plugin.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Window.2\windowplugin.dll 2021-12-17 04:23 - 2021-12-17 04:24 - 000093184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngine\qtwebengineplugin.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-01-22] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2023-01-23] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-01-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2023-01-23] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-23] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-23] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-23] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-23] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-23] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-23] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-23] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-23] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\sharepoint.com -> hxxps://unitingcommunitiesorg-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 19:44 - 2023-01-09 17:37 - 000000147 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3323940460-2476448031-453550397-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Razer Fusion.jpg DNS Servers: 192.168.43.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled) Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AMD Crash Defender Service => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: avast => 2 MSCONFIG\Services: avastm => 3 MSCONFIG\Services: AvastSecureBrowserElevationService => 3 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: EpicOnlineServices => 3 MSCONFIG\Services: FvSvc => 3 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: kpm_launch_service => 3 MSCONFIG\Services: KSDE5.3 => 2 MSCONFIG\Services: nordvpn-service => 2 MSCONFIG\Services: NvContainerLocalSystem => 2 MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2 MSCONFIG\Services: Razer Chroma SDK Server => 2 MSCONFIG\Services: Razer Chroma SDK Service => 2 MSCONFIG\Services: Razer Chroma Stream Server => 2 MSCONFIG\Services: Razer Game Manager Service => 2 MSCONFIG\Services: Razer Synapse Service => 2 MSCONFIG\Services: Rockstar Service => 3 MSCONFIG\Services: rsClientSvc => 2 MSCONFIG\Services: rsSyncSvc => 2 MSCONFIG\Services: RtkAudioUniversalService => 2 MSCONFIG\Services: RzActionSvc => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: VSSrv => 2 HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "BCSSync" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "NordVPN" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "Synapse3" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_CFAAD7198488C610079C0286AEB9E63F" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "bt" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "EpicGamesLauncher" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{DBF89E4D-5E2E-4CB2-BC0F-BF501E2D8992}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File FirewallRules: [{F9C2C500-CB5F-4D23-8432-225B6A5E9F3B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File FirewallRules: [{056E43EA-7BD5-4DC8-8F36-1A7788C37BBF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{0CF71CCB-E97D-4A7C-BD1A-7435C0E55FA7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{0FFC2D55-1606-41E2-B31F-97CAAC023487}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1BF103C1-04C2-4DDB-BA68-E318AACCF5BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{EBFF77C4-FBAD-4DD2-93CB-A8B24AF62974}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{41892017-AC31-477E-98AC-ADACCE0B6ADB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9DDE6688-5324-4ECB-8FFA-FF917D300516}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{FC95D576-B47E-4979-90E4-2406B2B56A32}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{5D678C6E-C7BE-4214-BE5F-9FE0D09F552E}] => (Allow) C:\Users\nickj\AppData\Roaming\BitTorrent\BitTorrent.exe => No File FirewallRules: [{0D577D49-F25A-40D4-86F7-A8AA8F4026FD}] => (Allow) C:\Users\nickj\AppData\Roaming\BitTorrent\BitTorrent.exe => No File FirewallRules: [{848B3AC0-16B1-4FBD-96EC-4C38F57EA878}] => (Block) %ProgramFiles%\gow\GodOfWar\GoW.exe => No File FirewallRules: [TCP Query User{FEEB2D5F-DC2C-4609-B06B-356E7F980498}C:\program files\crash bandicoot 4\lava\binaries\win64\lava-win64-shipping.exe] => (Block) C:\program files\crash bandicoot 4\lava\binaries\win64\lava-win64-shipping.exe (Activision Publishing Inc -> Activision Publishing) [File not signed] FirewallRules: [UDP Query User{3287EF43-A6A0-45C9-83D8-AD2928A1647D}C:\program files\crash bandicoot 4\lava\binaries\win64\lava-win64-shipping.exe] => (Block) C:\program files\crash bandicoot 4\lava\binaries\win64\lava-win64-shipping.exe (Activision Publishing Inc -> Activision Publishing) [File not signed] FirewallRules: [{38393313-8E0B-40F9-B525-85955735BE0E}] => (Block) %ProgramFiles% (x86)\Far Cry 5\bin\FarCry5.exe => No File FirewallRules: [TCP Query User{3F03B0EC-9C96-4228-8E99-AE0D6092B500}C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe] => (Block) C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe => No File FirewallRules: [UDP Query User{21DDAA7A-54EC-41FA-AB30-E5FD94AB63E8}C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe] => (Block) C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe => No File FirewallRules: [TCP Query User{8750AC54-5970-40C7-91D8-D1C374CDBCA4}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File FirewallRules: [UDP Query User{3D495BF5-D56F-4137-B9A5-25074073BE8E}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File FirewallRules: [{32C99B49-C381-4FEB-818C-2216E8A2359D}] => (Allow) C:\Users\nickj\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{4F3D9122-863B-4991-B869-B83798353BFC}] => (Allow) C:\Users\nickj\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{332299A3-386E-4284-A033-E3F299AD91EE}] => (Allow) C:\Users\nickj\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{1EF5DBA9-ED44-460A-84BE-F3BED80E0360}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{E63ADCD0-40DA-4633-81B4-0E3E3F4DA4F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{7235FE94-6043-4C07-BF8A-29930DA55CBB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{11853F4E-2763-4270-9C52-119C67924A06}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0EB615EE-C0BC-4F8E-9AF2-2CA6F807935C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{CF50D6E2-E860-45BA-AF3C-F8E852873240}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{4ACA7A5B-FBDF-442E-856C-97236FF7AF17}C:\program files (x86)\apowersoft\apowermirror\apowermirror.exe] => (Allow) C:\program files (x86)\apowersoft\apowermirror\apowermirror.exe => No File FirewallRules: [UDP Query User{970298B5-35D5-403C-9FF3-8C0D445ED7CF}C:\program files (x86)\apowersoft\apowermirror\apowermirror.exe] => (Allow) C:\program files (x86)\apowersoft\apowermirror\apowermirror.exe => No File FirewallRules: [TCP Query User{08C8725B-BF24-43B5-B266-7320F065034B}C:\users\nickj\downloads\[ftuapps.com] - droid transfer v1.53 multilingual portable\p-153dt\droid transfer 1.53\app\droid transfer\droid transfer.exe] => (Allow) C:\users\nickj\downloads\[ftuapps.com] - droid transfer v1.53 multilingual portable\p-153dt\droid transfer 1.53\app\droid transfer\droid transfer.exe => No File FirewallRules: [UDP Query User{F238933A-8059-41DC-8C15-91B3BFDC9C65}C:\users\nickj\downloads\[ftuapps.com] - droid transfer v1.53 multilingual portable\p-153dt\droid transfer 1.53\app\droid transfer\droid transfer.exe] => (Allow) C:\users\nickj\downloads\[ftuapps.com] - droid transfer v1.53 multilingual portable\p-153dt\droid transfer 1.53\app\droid transfer\droid transfer.exe => No File FirewallRules: [TCP Query User{1451F2E7-1CBA-40F9-9870-54BD73694828}C:\games\it takes two\nuts\binaries\win64\ittakestwo.exe] => (Allow) C:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File FirewallRules: [UDP Query User{2502D889-D3AF-437D-B746-B7511D2864CF}C:\games\it takes two\nuts\binaries\win64\ittakestwo.exe] => (Allow) C:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File FirewallRules: [TCP Query User{5A7C1749-FC94-4840-8440-F4D6380CAA7E}C:\program files (x86)\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [UDP Query User{D3104209-499E-4F94-B798-DBF4B6BB0A24}C:\program files (x86)\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [TCP Query User{F5DF4DC5-EEEF-4A2B-994A-537F0135A5D4}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe => No File FirewallRules: [UDP Query User{08C87DED-257B-46DF-938C-04CF7D4FE0EB}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe => No File FirewallRules: [TCP Query User{DBD1798F-80E4-4F59-94D3-45464D452234}C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{84148FDC-B30B-443E-9431-6EAEFF1CEDA5}C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{6D5F2368-66C7-46DB-A598-E952BCAC15A3}C:\program files (x86)\dodi-repacks\far cry 6\bin\farcry6.exe] => (Block) C:\program files (x86)\dodi-repacks\far cry 6\bin\farcry6.exe => No File FirewallRules: [UDP Query User{5181235C-DB72-4864-9877-D55030040B10}C:\program files (x86)\dodi-repacks\far cry 6\bin\farcry6.exe] => (Block) C:\program files (x86)\dodi-repacks\far cry 6\bin\farcry6.exe => No File FirewallRules: [TCP Query User{A4D4CBEC-461B-4435-B66D-99917ECEC1D8}C:\program files (x86)\dodi-repacks\far cry 6\bin\farcry6.exe] => (Block) C:\program files (x86)\dodi-repacks\far cry 6\bin\farcry6.exe => No File FirewallRules: [UDP Query User{D3D379FA-0F55-48DD-8C8C-6F7742C48E4B}C:\program files (x86)\dodi-repacks\far cry 6\bin\farcry6.exe] => (Block) C:\program files (x86)\dodi-repacks\far cry 6\bin\farcry6.exe => No File FirewallRules: [TCP Query User{B7B83CF0-C418-4E0C-A93F-A433886588B0}C:\program files (x86)\unravel two\unraveltwo.exe] => (Block) C:\program files (x86)\unravel two\unraveltwo.exe => No File FirewallRules: [UDP Query User{5A84C7DE-5B37-48F6-8077-C15A7A251CF1}C:\program files (x86)\unravel two\unraveltwo.exe] => (Block) C:\program files (x86)\unravel two\unraveltwo.exe => No File FirewallRules: [TCP Query User{566AF2CD-9325-4AD2-BFE4-0B80B4C5BB5E}C:\users\nickj\desktop\wiiu\wii u usb helper 0.6.1.616\usbhelperlauncher.exe] => (Allow) C:\users\nickj\desktop\wiiu\wii u usb helper 0.6.1.616\usbhelperlauncher.exe => No File FirewallRules: [UDP Query User{293A1E09-F950-4D50-A1D8-3AFA75F330D0}C:\users\nickj\desktop\wiiu\wii u usb helper 0.6.1.616\usbhelperlauncher.exe] => (Allow) C:\users\nickj\desktop\wiiu\wii u usb helper 0.6.1.616\usbhelperlauncher.exe => No File FirewallRules: [TCP Query User{C57544C3-7CB6-4154-B090-9DDE3BF9A891}C:\users\nickj\desktop\wiiu\wii u usb helper 0.6.1.616\wiiu_usb_helper_.exe] => (Allow) C:\users\nickj\desktop\wiiu\wii u usb helper 0.6.1.616\wiiu_usb_helper_.exe => No File FirewallRules: [UDP Query User{8862CC36-40B3-470E-A507-86045B8EC550}C:\users\nickj\desktop\wiiu\wii u usb helper 0.6.1.616\wiiu_usb_helper_.exe] => (Allow) C:\users\nickj\desktop\wiiu\wii u usb helper 0.6.1.616\wiiu_usb_helper_.exe => No File FirewallRules: [TCP Query User{4880DEA2-1302-4582-8144-9702AB09A5F2}C:\users\nickj\appdata\roaming\bittorrent\updates\bittorrent.exe] => (Allow) C:\users\nickj\appdata\roaming\bittorrent\updates\bittorrent.exe => No File FirewallRules: [UDP Query User{08CAB9E0-B04B-4496-B6EB-4D379EDC2E2F}C:\users\nickj\appdata\roaming\bittorrent\updates\bittorrent.exe] => (Allow) C:\users\nickj\appdata\roaming\bittorrent\updates\bittorrent.exe => No File FirewallRules: [{74CD0F72-A25D-4A9D-8237-08A8AB94BF12}] => (Allow) C:\Users\nickj\AppData\Local\Temp\bittorrent\bittorrent.exe => No File FirewallRules: [{0AA0D0E4-A275-410F-AB7C-A4D84E7D85C0}] => (Allow) C:\Users\nickj\AppData\Local\Temp\bittorrent\bittorrent.exe => No File FirewallRules: [TCP Query User{01F2317A-7377-40AF-97A7-44ECA6D85E10}C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{941146D9-F551-45E4-B51A-E94774DA9D4B}C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{E136FCA9-C052-45F3-B85B-E8D9E0712C57}C:\gog games\broforce\broforce_beta.exe] => (Allow) C:\gog games\broforce\broforce_beta.exe () [File not signed] FirewallRules: [UDP Query User{B51C1778-7696-4B9E-B0B1-E7858B83EB6C}C:\gog games\broforce\broforce_beta.exe] => (Allow) C:\gog games\broforce\broforce_beta.exe () [File not signed] FirewallRules: [TCP Query User{E43159A7-B5B8-44B6-A6D7-B2B4A71524F9}C:\users\nickj\appdata\roaming\bittorrent\updates\bittorrent.exe] => (Block) C:\users\nickj\appdata\roaming\bittorrent\updates\bittorrent.exe => No File FirewallRules: [UDP Query User{7A57A13F-23CF-4546-97D5-A2B923BBDF71}C:\users\nickj\appdata\roaming\bittorrent\updates\bittorrent.exe] => (Block) C:\users\nickj\appdata\roaming\bittorrent\updates\bittorrent.exe => No File FirewallRules: [TCP Query User{D2D0010F-8358-4612-A0D2-9C44B6208DBE}C:\program files (x86)\dodi-repacks\need for speed heat\needforspeedheat.exe] => (Block) C:\program files (x86)\dodi-repacks\need for speed heat\needforspeedheat.exe => No File FirewallRules: [UDP Query User{A0801ACB-01EE-403E-AF70-BC5D0CA97711}C:\program files (x86)\dodi-repacks\need for speed heat\needforspeedheat.exe] => (Block) C:\program files (x86)\dodi-repacks\need for speed heat\needforspeedheat.exe => No File FirewallRules: [{0D010570-9266-4955-8A40-928AF9947E63}] => (Allow) C:\Games\Red Dead Redemption 2\RDR2.exe => No File FirewallRules: [{D5BAB7D5-8BD2-4736-B302-D3BD22B42C6A}] => (Allow) C:\Games\Red Dead Redemption 2\RDR2.exe => No File FirewallRules: [{D7F83256-202B-4E45-BAB3-8CCFCC6CDE3D}] => (Allow) C:\Games\Red Dead Redemption 2\RDR2.exe => No File FirewallRules: [{C1D6C825-D27F-4BC3-94AD-5A27076189C3}] => (Allow) C:\Games\Red Dead Redemption 2\RDR2.exe => No File FirewallRules: [TCP Query User{3F067102-C865-40AC-A862-B6D5E347BD24}C:\games\borderlands 2 - remastered\binaries\win32\borderlands2.exe] => (Block) C:\games\borderlands 2 - remastered\binaries\win32\borderlands2.exe => No File FirewallRules: [UDP Query User{59487FE8-166D-4A63-B9DB-0B34EDB16652}C:\games\borderlands 2 - remastered\binaries\win32\borderlands2.exe] => (Block) C:\games\borderlands 2 - remastered\binaries\win32\borderlands2.exe => No File FirewallRules: [{BB20E000-0E8D-4051-9A01-81D471817A54}] => (Block) %SystemDrive%\Games\Borderlands 2 - Remastered\Binaries\Win32\Borderlands2.exe => No File FirewallRules: [{0B988F5D-FEF1-4ECD-8FAE-C59934349631}] => (Block) %SystemDrive%\Games\Borderlands 2 - Remastered\Binaries\Win32\Launcher.exe => No File FirewallRules: [{472C34FA-862E-47F8-9DAE-D01C81742F61}] => (Block) C:\Program Files (x86)\Borderlands 2 Remastered\Binaries\Win32 => No File FirewallRules: [{B66A7AD7-7059-4144-90F7-C382D2F34374}] => (Block) %ProgramFiles% (x86)\Borderlands 2 Remastered\Binaries\Win32\Borderlands2.exe => No File FirewallRules: [TCP Query User{CBAFF51C-07A5-4079-8210-4ECA52D0061C}C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Block) C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe => No File FirewallRules: [UDP Query User{A05D9D09-BE6D-4626-A5B9-CA97C7D5C4A3}C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Block) C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe => No File FirewallRules: [TCP Query User{8076FD9E-B2EF-401B-ADAF-1D6039B7B9BF}C:\games\forza horizon 5\forzahorizon5.exe] => (Block) C:\games\forza horizon 5\forzahorizon5.exe () [File not signed] FirewallRules: [UDP Query User{E7A843F2-FA24-4182-9D3D-EC6F420A8E85}C:\games\forza horizon 5\forzahorizon5.exe] => (Block) C:\games\forza horizon 5\forzahorizon5.exe () [File not signed] FirewallRules: [TCP Query User{4B4B6A38-938A-4625-A48C-E8C32AA3974F}C:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe] => (Block) C:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe (Squanch Games, Inc.) [File not signed] FirewallRules: [UDP Query User{86A0F6DB-BCDD-4D89-AC4C-6638E4799974}C:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe] => (Block) C:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe (Squanch Games, Inc.) [File not signed] FirewallRules: [TCP Query User{3C7D3838-3373-4FB8-9F87-86DEE799BE57}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{770335EC-CC26-40A4-A1E3-CA0E00F0D5A2}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{2FA0CC69-1D84-4AB7-8336-3AFD7AA98374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe => No File FirewallRules: [{608BEEAB-B4A8-4102-8319-75370B96BBC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe => No File FirewallRules: [{94A6F613-766C-4154-B1CE-7524804209B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe => No File FirewallRules: [{D0ADDE23-D3EA-477C-B1C7-05A4E4C011DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe => No File FirewallRules: [{E1F3243E-5567-4CEB-9083-42A2853DB421}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F93F4C0F-C380-494D-B9A8-B16F75C99454}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C09B7751-2B1B-47D1-B17E-90541FBC88C7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{85C15D0C-B962-4F46-A697-BE6CE0ED7529}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{AB45E4E9-4E5E-4A18-96A1-C2447CE00108}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{EE7B796D-5AA9-4BA8-9550-309FA07ECBA8}C:\games\uncharted - legacy of thieves collection\tll.exe] => (Block) C:\games\uncharted - legacy of thieves collection\tll.exe => No File FirewallRules: [UDP Query User{A950DF59-F840-4FC7-9B2D-5CEF3D0F0BF4}C:\games\uncharted - legacy of thieves collection\tll.exe] => (Block) C:\games\uncharted - legacy of thieves collection\tll.exe => No File FirewallRules: [{9634035F-517A-48AF-8390-56522389C413}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{312A8486-38CB-4552-B254-B21A28D0BA27}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{0F7675AE-0A47-4B02-A4F2-F9490147F783}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{6EA841FC-6107-4209-AE84-2705B66208B6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{537F304B-4629-4FF7-820B-5E2C389A1201}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2692CC5D-7988-457E-951B-0DA8FE847C9C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{35E49925-D431-41D1-A723-FDCDC6871275}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.70\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CCDE42D3-21B2-4FC3-8400-4BDF0A41AA01}] => (Block) %SystemDrive%\Games\UNCHARTED - Legacy of Thieves Collection\Launcher.exe => No File FirewallRules: [TCP Query User{04190364-BA01-4627-9A0F-DB287FE3B6AB}C:\games\uncharted legacy of thieves collection\u4.exe] => (Block) C:\games\uncharted legacy of thieves collection\u4.exe () [File not signed] FirewallRules: [UDP Query User{78EBC815-FF6F-4CE9-A610-D0DF26C4DC03}C:\games\uncharted legacy of thieves collection\u4.exe] => (Block) C:\games\uncharted legacy of thieves collection\u4.exe () [File not signed] FirewallRules: [TCP Query User{62B8AFE6-F87B-411D-BFEE-F7860EB71BC4}C:\games\uncharted legacy of thieves collection\tll.exe] => (Block) C:\games\uncharted legacy of thieves collection\tll.exe () [File not signed] FirewallRules: [UDP Query User{BBB87BF5-80A2-4BDB-8C60-8680125625F5}C:\games\uncharted legacy of thieves collection\tll.exe] => (Block) C:\games\uncharted legacy of thieves collection\tll.exe () [File not signed] FirewallRules: [{0C82D4E5-D3E9-43EE-8551-B9A4EB472985}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{62536242-3E8F-4E36-A537-0CD021E024AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{CADC1E58-5260-4476-82FC-87173855A50E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{19E017DF-520B-4828-9050-553378B7ACC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{B845280A-40FF-4D3E-8C39-7F8D27DA7DB8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4C5FCE8C-E4DF-473D-BC86-898D86A615F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{56DA8152-F973-4ECF-9902-264F47885C8B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{6990A561-CDBE-47C5-BBC9-8F38ABBF96A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D3577B6E-7A88-4130-8962-8BA8E122353E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5CCEB037-F3AC-401B-8703-46F6E34E8F21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{BED662A7-2FC0-4A2D-9FB1-092395E68FCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{27570EA8-BE7B-4C43-8B51-D0082244A58D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) ==================== Restore Points ========================= 27-01-2023 20:42:09 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (02/04/2023 03:04:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x4178 Faulting application start time: 0x01d9385202c7aa5d Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 13bbd07b-62a5-4dae-812b-8b286079589d Faulting package full name: Faulting package-relative application ID: Error: (02/04/2023 02:37:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ensserver.exe, version: 0.0.0.0, time stamp: 0x61e67596 Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x82dc99a2 Exception code: 0xc0000409 Fault offset: 0x0009eddb Faulting process id: 0x914 Faulting application start time: 0x01d9384acbcb3b6f Faulting application path: C:\Program Files (x86)\EaseUS\ENS\ensserver.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report Id: 5e561378-422e-4f6c-9c06-58afb2d6ae18 Faulting package full name: Faulting package-relative application ID: Error: (02/04/2023 02:13:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0xe28 Faulting application start time: 0x01d9384ae9af3269 Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 29b4ed6f-5df2-4528-ac4f-4761ac96842e Faulting package full name: Faulting package-relative application ID: Error: (02/04/2023 02:13:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x191c Faulting application start time: 0x01d9384ae3f5a93e Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 01fed8d5-5696-49cf-ad3f-e5eb6400c84a Faulting package full name: Faulting package-relative application ID: Error: (02/04/2023 02:13:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x39cc Faulting application start time: 0x01d9384ade66cefe Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: c64ee19c-433c-4502-b89e-e448b76dcec5 Faulting package full name: Faulting package-relative application ID: Error: (02/04/2023 02:13:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x3084 Faulting application start time: 0x01d9384ad9d6172d Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 2c51e22e-df26-4bb1-87b6-ce0cb283ef8a Faulting package full name: Faulting package-relative application ID: Error: (02/04/2023 02:13:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x2e28 Faulting application start time: 0x01d9384ad6841704 Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 37ec2692-fd2d-4391-ae45-e87d2d5fef14 Faulting package full name: Faulting package-relative application ID: Error: (02/04/2023 02:13:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x343c Faulting application start time: 0x01d9384ad47023af Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 8e5de6ec-571c-41be-a505-af329421fe26 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (02/04/2023 02:37:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The EaseUS UPDATE SERVICE service terminated unexpectedly. It has done this 1 time(s). Error: (02/04/2023 11:36:02 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-4LBAS2EC) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (02/04/2023 11:35:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. Error: (02/04/2023 11:35:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The NVIDIA LocalSystem Container service terminated with the following error: A generic command executable returned a result that indicates failure. Error: (01/28/2023 10:11:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The EaseUS UPDATE SERVICE service terminated unexpectedly. It has done this 1 time(s). Error: (01/28/2023 08:09:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The EaseUS UPDATE SERVICE service terminated unexpectedly. It has done this 1 time(s). Error: (01/27/2023 09:31:40 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY) Description: Failed to start language pack setup wizard. Please restart the system and try running the wizard again. Error: (01/27/2023 09:31:40 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY) Description: CBS Client initialization failed. Last error: 0x8007045b CodeIntegrity: =============== Date: 2023-02-04 17:55:03 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky 21.8\avp.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Razer 1.06 06/07/2021 Motherboard: Razer PI411 Processor: AMD Ryzen 9 5900HX with Radeon Graphics Percentage of memory in use: 38% Total physical RAM: 15774.59 MB Available physical RAM: 9652.67 MB Total Virtual: 22008.11 MB Available Virtual: 11939.03 MB ==================== Drives ================================ Drive c: (Blade 14) (Fixed) (Total:936.18 GB) (Free:102.6 GB) (Model: SAMSUNG MZVLB1T0HBLR-00A00) NTFS \\?\Volume{c9582083-d709-4784-a493-76601a8a3eae}\ (Recovery) (Fixed) (Total:16.6 GB) (Free:1.03 GB) NTFS \\?\Volume{29da1acf-28dc-4ef3-bc37-7ed37b8312ce}\ (Winre) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS \\?\Volume{17950854-e6c6-405d-8d19-844fd580d7ab}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 953.9 GB) (Disk ID: 5A1AB5B8) Partition: GPT. ==================== End of Addition.txt =======================