Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2023 Ran by nickj (21-07-2023 16:09:06) Running from C:\Users\nickj\Downloads Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2021-12-11 08:36:58) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3323940460-2476448031-453550397-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3323940460-2476448031-453550397-503 - Limited - Disabled) defaultuser100000 (S-1-5-21-3323940460-2476448031-453550397-1008 - Limited - Enabled) Guest (S-1-5-21-3323940460-2476448031-453550397-501 - Limited - Disabled) nickj (S-1-5-21-3323940460-2476448031-453550397-1001 - Administrator - Enabled) => C:\Users\nickj WDAGUtilityAccount (S-1-5-21-3323940460-2476448031-453550397-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 21.06 (x64) (HKLM\...\7-Zip) (Version: 21.06 - Igor Pavlov) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.003.20244 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.15.24.2059 - Advanced Micro Devices, Inc.) AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.118 - Advanced Micro Devices, Inc.) Hidden AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 4.15.0.0 - Advanced Micro Devices, Inc.) Hidden AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 6.0.0.9 - Advanced Micro Devices, Inc.) Hidden AMD SBxxx SMBus Driver Alpha (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden AMD_Chipset_Drivers (HKLM-x32\...\{48783093-ed30-463f-9f90-d8c2cc338e32}) (Version: 2.15.24.2059 - Advanced Micro Devices, Inc.) Hidden Asterix & Obelix XXL: Romastered (HKLM-x32\...\Asterix & Obelix XXL: Romastered_is1) (Version: - ) Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden BitTorrent (HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\BitTorrent) (Version: 7.11.0.46831 - BitTorrent Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broforce (HKLM-x32\...\1470490225_is1) (Version: 2.0.0.2 - GOG.com) Connective Signing Plugins (HKLM-x32\...\{E77C1125-398A-4FF0-9F51-CBB5F7144E16}) (Version: 2.0.9 - Connective) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 11.0.0.1932 - Disc Soft Ltd) Discord (HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\Discord) (Version: 1.0.9006 - Discord Inc.) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.) Evil West (HKLM-x32\...\Evil West_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.199 - Google LLC) JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0.1 - AppWork GmbH) JoyToKey version 6.8 (HKLM-x32\...\{EBF21C82-423E-49FD-BCBD-88C08397CB44}_is1) (Version: 6.8 - JTK software) Kaspersky (HKLM-x32\...\{E396C2E3-5292-33E9-949C-349C23D784D8}) (Version: 21.13.5.506 - Kaspersky) Hidden Kaspersky (HKLM-x32\...\InstallWIX_{E396C2E3-5292-33E9-949C-349C23D784D8}) (Version: 21.13.5.506 - Kaspersky) Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Kena: Bridge of Spirits (HKLM-x32\...\Kena: Bridge of Spirits_is1) (Version: - ) KMSauto.net (HKLM-x32\...\{6A2B3E01-92B9-4E14-A6A4-59AD5F9479FF}) (Version: 1.0.0 - KMSauto.net) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LEGO Star Wars The Skywalker Saga (HKLM-x32\...\LEGO Star Wars The Skywalker Saga_is1) (Version: 0.0.0 - DODI-Repacks) Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version: - ) Little Nightmares II (HKLM-x32\...\Little Nightmares II_is1) (Version: - ) Malwarebytes version 4.5.32.271 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.32.271 - Malwarebytes) Microsoft .NET Host - 5.0.10 (x86) (HKLM-x32\...\{EEC610D2-6934-4567-A658-092A1429A21A}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.10 (x86) (HKLM-x32\...\{3B28977C-9163-48A5-A08C-C01327E18AE2}) (Version: 48.43.48869 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.10 (x86) (HKLM-x32\...\{29F55E7D-9FB8-4F1D-A233-1F5995CB0FF5}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.10 (x86) (HKLM-x32\...\{EBD44C5E-F1AF-4955-AEDF-F15D06384A9C}) (Version: 48.43.48869 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.10 (x86) (HKLM-x32\...\{17675144-2D5B-4BA3-AF21-A65F7D824149}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.10 (x86) (HKLM-x32\...\{98CA5A6B-4ECC-4E6D-BF18-6B20CBB6E5F4}) (Version: 48.43.48869 - Microsoft Corporation) Hidden Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16529.20182 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.82 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.82 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.132.0625.0001 - Microsoft Corporation) Microsoft Support and Recovery Assistant (HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\1411bee0b739e9b9) (Version: 17.0.9467.6 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\Teams) (Version: 1.6.00.18681 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.10 (x86) (HKLM-x32\...\{ba8ab6bd-ad21-447e-b617-feee84353247}) (Version: 5.0.10.30418 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.10 (x86) (HKLM-x32\...\{DCE5198A-7449-4F9F-A630-C8363759D0FB}) (Version: 40.40.30418 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.10 (x86) (HKLM-x32\...\{0F3E4057-E2BB-4114-A646-F143DB5CE4C9}) (Version: 48.43.48870 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.10 (x86) (HKLM-x32\...\{9dd24b73-88e0-4f0f-882a-500e00d2bdef}) (Version: 6.0.10.31726 - Microsoft Corporation) Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC) MultiPack Visual C++ Installer V3.0 (HKLM-x32\...\{93E81C5A-55A6-4686-AA8E-532F506EA91A}_is1) (Version: 3.0 - BobSpwg) NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.59 - Nord Security) NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.10.4.0 - Nord Security) NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation) NVIDIA Graphics Driver 536.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.40 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation) NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.1215.121004 - Razer Inc.) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9175.1 - Realtek Semiconductor Corp.) RetroArch (HKLM-x32\...\RetroArch) (Version: 1.13.0.0 - Libretro) Shadow Warrior 3 (HKLM-x32\...\Shadow Warrior 3_is1) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.30767 - Microsoft Corporation) The Last of Us Part I (HKLM-x32\...\The Last of Us Part I_is1) (Version: - ) THX Spatial Audio (HKLM\...\{58CEA038-CE01-4C2F-9D82-34899B4F9EC9}) (Version: 1.0.3.52 - THX) Hidden THX Spatial Audio (HKLM-x32\...\{cd1f00e0-bfca-4a95-a8d7-acd306bd63ec}) (Version: 1.0.3.52 - THX) Trine 3: Artifacts of Power (HKLM-x32\...\1431599567_is1) (Version: 1.11(build_3102) - GOG.com) VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\ZoomUMX) (Version: 5.13.11 (13434) - Zoom Video Communications, Inc.) Packages: ========= AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m [2023-06-09] (Advanced Micro Devices Inc.) [Startup Task] AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-07] (Microsoft Corporation) LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.4.0_x64__w1wdnht996qgy [2023-06-24] (LinkedIn) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad] Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-06-08] (Microsoft Corporation) Monitorian -> C:\Program Files\WindowsApps\10186emoacht.Monitorian_4.4.3.0_neutral__0q7myvhtpbc7w [2023-07-19] (emoacht) [Startup Task] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-07-02] (NVIDIA Corp.) Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.616.100_x64__8wekyb3d8bbwe [2023-06-25] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2022-06-26] (Adobe Systems Incorporated) Real HEIC File Viewer -> C:\Program Files\WindowsApps\36059XiaoyaStudio.RealHEICFileViewer_2.0.11.0_neutral__ngh7ertwt50re [2023-04-04] (Xiaoya Lab) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2022-04-10] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-25] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0 [2023-07-21] (Spotify AB) [Startup Task] THX Spatial Audio Control -> C:\Program Files\WindowsApps\THXLtd.THXSpatialAudioControl_2022.1206.1.0_x64__zgheytcpjsgqw [2022-12-13] (THX Ltd.) WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2327.6.0_x64__cv1g1gvanyjgm [2023-07-17] (WhatsApp Inc.) [Startup Task] Xbox Accessories -> C:\Program Files\WindowsApps\Microsoft.XboxDevices_2209.2209.14005.0_x64__8wekyb3d8bbwe [2022-09-26] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3323940460-2476448031-453550397-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-3323940460-2476448031-453550397-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\nickj\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23125.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323940460-2476448031-453550397-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> TEFINCOM S.A.) CustomCLSID: HKU\S-1-5-21-3323940460-2476448031-453550397-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\nickj\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-12] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-12-19] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers2: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-12] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-12-19] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-07] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-12] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.132.0625.0001\FileSyncShell64.dll [2023-07-15] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2021-09-06] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_5ca0829c4e804b3f\nvshext.dll [2023-06-26] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-12] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-07] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2023-01-04 09:28 - 2022-02-21 09:23 - 000509064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrap.DLL 2023-01-04 09:28 - 2022-02-22 15:12 - 000137864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\EnsHelper.dll 2023-01-04 09:28 - 2022-02-21 09:23 - 000021672 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\fsclog.dll 2023-01-04 09:28 - 2022-02-21 09:23 - 000203912 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssh2.dll 2023-01-04 09:28 - 2022-02-22 15:12 - 000098440 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\register.dll 2023-01-04 09:28 - 2022-02-22 15:12 - 000461448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\wpnr.dll 2023-01-04 09:28 - 2022-02-21 09:23 - 000455816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\EaseUS\ENS\MSVCP140.dll 2023-01-04 09:28 - 2022-02-21 09:23 - 000081032 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\EaseUS\ENS\VCRUNTIME140.dll 2023-01-04 09:28 - 2022-02-21 09:23 - 000438408 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> The curl library, hxxps://curl.se/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcurl.dll 2023-01-04 09:28 - 2022-02-21 09:23 - 002533000 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcrypto-1_1.dll 2023-01-04 09:28 - 2022-02-21 09:23 - 000541320 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssl-1_1.dll 2021-12-12 07:00 - 2021-11-24 23:30 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2023-02-11 11:59 - 2023-02-11 11:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll 2023-02-11 11:59 - 2023-02-11 11:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll 2023-02-11 11:59 - 2023-02-11 11:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll 2023-02-11 11:59 - 2023-02-11 11:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\c2r64.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\nickj\Downloads\FRST64.exe:MBAM.Zone.Identifier [240] AlternateDataStreams: C:\Users\nickj\Downloads\qbittorrent_4.5.4_x64_setup.exe:MBAM.Zone.Identifier [345] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== SearchScopes: HKU\S-1-5-21-3323940460-2476448031-453550397-1001 -> DefaultScope {14ECC650-FB7D-4468-9C7B-EFDF1604F122} URL = SearchScopes: HKU\S-1-5-21-3323940460-2476448031-453550397-1001 -> {14ECC650-FB7D-4468-9C7B-EFDF1604F122} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-07-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-06] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\sharepoint.com -> hxxps://unitingcommunitiesorg-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 18:44 - 2023-01-09 16:37 - 000000147 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3323940460-2476448031-453550397-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Razer Fusion.jpg DNS Servers: 192.168.15.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. Network Binding: ============= Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled) Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AMD Crash Defender Service => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: EpicOnlineServices => 3 MSCONFIG\Services: FvSvc => 3 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: kpm_launch_service => 3 MSCONFIG\Services: KSDE5.3 => 2 MSCONFIG\Services: nordvpn-service => 2 MSCONFIG\Services: NvContainerLocalSystem => 2 MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2 MSCONFIG\Services: Razer Chroma SDK Server => 2 MSCONFIG\Services: Razer Chroma SDK Service => 2 MSCONFIG\Services: Razer Chroma Stream Server => 2 MSCONFIG\Services: Razer Game Manager Service => 2 MSCONFIG\Services: Razer Synapse Service => 2 MSCONFIG\Services: Rockstar Service => 3 MSCONFIG\Services: rsClientSvc => 2 MSCONFIG\Services: rsSyncSvc => 2 MSCONFIG\Services: RtkAudioUniversalService => 2 MSCONFIG\Services: RzActionSvc => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: VSSrv => 2 HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "BCSSync" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "NordVPN" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "Synapse3" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "bt" HKU\S-1-5-21-3323940460-2476448031-453550397-1001\...\StartupApproved\Run: => "EpicGamesLauncher" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{0FFC2D55-1606-41E2-B31F-97CAAC023487}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1BF103C1-04C2-4DDB-BA68-E318AACCF5BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{EBFF77C4-FBAD-4DD2-93CB-A8B24AF62974}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{41892017-AC31-477E-98AC-ADACCE0B6ADB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9DDE6688-5324-4ECB-8FFA-FF917D300516}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{FC95D576-B47E-4979-90E4-2406B2B56A32}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [TCP Query User{FEEB2D5F-DC2C-4609-B06B-356E7F980498}C:\program files\crash bandicoot 4\lava\binaries\win64\lava-win64-shipping.exe] => (Block) C:\program files\crash bandicoot 4\lava\binaries\win64\lava-win64-shipping.exe => No File FirewallRules: [UDP Query User{3287EF43-A6A0-45C9-83D8-AD2928A1647D}C:\program files\crash bandicoot 4\lava\binaries\win64\lava-win64-shipping.exe] => (Block) C:\program files\crash bandicoot 4\lava\binaries\win64\lava-win64-shipping.exe => No File FirewallRules: [{32C99B49-C381-4FEB-818C-2216E8A2359D}] => (Allow) C:\Users\nickj\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{4F3D9122-863B-4991-B869-B83798353BFC}] => (Allow) C:\Users\nickj\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{332299A3-386E-4284-A033-E3F299AD91EE}] => (Allow) C:\Users\nickj\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{1EF5DBA9-ED44-460A-84BE-F3BED80E0360}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{E63ADCD0-40DA-4633-81B4-0E3E3F4DA4F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{7235FE94-6043-4C07-BF8A-29930DA55CBB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{11853F4E-2763-4270-9C52-119C67924A06}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0EB615EE-C0BC-4F8E-9AF2-2CA6F807935C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{CF50D6E2-E860-45BA-AF3C-F8E852873240}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{DBD1798F-80E4-4F59-94D3-45464D452234}C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{84148FDC-B30B-443E-9431-6EAEFF1CEDA5}C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{01F2317A-7377-40AF-97A7-44ECA6D85E10}C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{941146D9-F551-45E4-B51A-E94774DA9D4B}C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\nickj\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{E136FCA9-C052-45F3-B85B-E8D9E0712C57}C:\gog games\broforce\broforce_beta.exe] => (Allow) C:\gog games\broforce\broforce_beta.exe () [File not signed] FirewallRules: [UDP Query User{B51C1778-7696-4B9E-B0B1-E7858B83EB6C}C:\gog games\broforce\broforce_beta.exe] => (Allow) C:\gog games\broforce\broforce_beta.exe () [File not signed] FirewallRules: [TCP Query User{8076FD9E-B2EF-401B-ADAF-1D6039B7B9BF}C:\games\forza horizon 5\forzahorizon5.exe] => (Block) C:\games\forza horizon 5\forzahorizon5.exe => No File FirewallRules: [UDP Query User{E7A843F2-FA24-4182-9D3D-EC6F420A8E85}C:\games\forza horizon 5\forzahorizon5.exe] => (Block) C:\games\forza horizon 5\forzahorizon5.exe => No File FirewallRules: [TCP Query User{4B4B6A38-938A-4625-A48C-E8C32AA3974F}C:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe] => (Block) C:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe => No File FirewallRules: [UDP Query User{86A0F6DB-BCDD-4D89-AC4C-6638E4799974}C:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe] => (Block) C:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe => No File FirewallRules: [TCP Query User{3C7D3838-3373-4FB8-9F87-86DEE799BE57}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{770335EC-CC26-40A4-A1E3-CA0E00F0D5A2}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{F93F4C0F-C380-494D-B9A8-B16F75C99454}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{85C15D0C-B962-4F46-A697-BE6CE0ED7529}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{04190364-BA01-4627-9A0F-DB287FE3B6AB}C:\games\uncharted legacy of thieves collection\u4.exe] => (Block) C:\games\uncharted legacy of thieves collection\u4.exe => No File FirewallRules: [UDP Query User{78EBC815-FF6F-4CE9-A610-D0DF26C4DC03}C:\games\uncharted legacy of thieves collection\u4.exe] => (Block) C:\games\uncharted legacy of thieves collection\u4.exe => No File FirewallRules: [TCP Query User{62B8AFE6-F87B-411D-BFEE-F7860EB71BC4}C:\games\uncharted legacy of thieves collection\tll.exe] => (Block) C:\games\uncharted legacy of thieves collection\tll.exe => No File FirewallRules: [UDP Query User{BBB87BF5-80A2-4BDB-8C60-8680125625F5}C:\games\uncharted legacy of thieves collection\tll.exe] => (Block) C:\games\uncharted legacy of thieves collection\tll.exe => No File FirewallRules: [{0C82D4E5-D3E9-43EE-8551-B9A4EB472985}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{62536242-3E8F-4E36-A537-0CD021E024AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{CADC1E58-5260-4476-82FC-87173855A50E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{19E017DF-520B-4828-9050-553378B7ACC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{DAD69663-5FA3-4383-97A8-DB6E2245BB22}] => (Allow) C:\Users\nickj\AppData\Local\Temp\bittorrent\bittorrent.exe => No File FirewallRules: [{56E8915E-022F-4CA8-AD75-73020FBAAC2F}] => (Allow) C:\Users\nickj\AppData\Local\Temp\bittorrent\bittorrent.exe => No File FirewallRules: [TCP Query User{99471572-42C8-490B-8054-D35AFB32B455}C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe] => (Block) C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe => No File FirewallRules: [UDP Query User{00770ABA-2F8D-4F37-B9DB-EA87E6587563}C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe] => (Block) C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe => No File FirewallRules: [TCP Query User{337EEB91-4751-4516-AD9A-81DC53015B97}C:\program files (x86)\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Block) C:\program files (x86)\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File FirewallRules: [UDP Query User{962F4A5E-8BA6-474A-980B-E42E542CE970}C:\program files (x86)\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Block) C:\program files (x86)\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File FirewallRules: [TCP Query User{3764C577-0754-456B-AF55-9A16C80AD207}C:\games\uncharted legacy of thieves collection\u4.exe] => (Block) C:\games\uncharted legacy of thieves collection\u4.exe => No File FirewallRules: [UDP Query User{7D7B4A52-2F62-4809-A7D0-3F0D40A17226}C:\games\uncharted legacy of thieves collection\u4.exe] => (Block) C:\games\uncharted legacy of thieves collection\u4.exe => No File FirewallRules: [TCP Query User{0A8FEF57-5531-4274-A7C2-EAFA218ACCAD}C:\program files (x86)\resident evil village\re8.exe] => (Block) C:\program files (x86)\resident evil village\re8.exe => No File FirewallRules: [UDP Query User{80AB1596-23F8-4620-97D6-22B564E844B7}C:\program files (x86)\resident evil village\re8.exe] => (Block) C:\program files (x86)\resident evil village\re8.exe => No File FirewallRules: [{5D0FDFBF-0322-4CD1-B1CC-FC3F0E17FD07}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{CE7D3FAB-1A94-420B-A83E-75E5D5545278}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{AFEB39A1-1B45-4CD1-9568-536E3A4ADE81}C:\program files (x86)\dodi-repacks\gears of war\binaries\wargame-g4wlive.exe] => (Allow) C:\program files (x86)\dodi-repacks\gears of war\binaries\wargame-g4wlive.exe => No File FirewallRules: [UDP Query User{E65BFA3D-EC0D-491D-B6F9-A156EB5325E7}C:\program files (x86)\dodi-repacks\gears of war\binaries\wargame-g4wlive.exe] => (Allow) C:\program files (x86)\dodi-repacks\gears of war\binaries\wargame-g4wlive.exe => No File FirewallRules: [TCP Query User{56FD0082-4D99-4E2B-BFE8-3E91719D7E44}C:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe] => (Allow) C:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe => No File FirewallRules: [UDP Query User{C569A908-A55F-465D-8D1B-887CBC41ABF3}C:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe] => (Allow) C:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe => No File FirewallRules: [{05E8E406-1518-411C-9301-5811937EEBFD}] => (Block) C:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe => No File FirewallRules: [{C31903D8-C842-4C48-B987-65CA4433823F}] => (Block) C:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe => No File FirewallRules: [{58C18287-3478-4671-BA28-27A304A8BE16}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2B84854E-D21C-415F-B674-242C8DC5BA90}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9CC5A2DF-B97D-4CE3-9009-C2F81568BF58}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{11C80F62-9C2D-4C85-AABE-D87AFB5BDB12}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{2A826AA6-F7FE-41D2-8694-13E5FA903AFC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{54DD189E-7520-4549-B6A8-CA7155C34905}C:\program files (x86)\dodi-repacks\just cause 4\justcause4.exe] => (Block) C:\program files (x86)\dodi-repacks\just cause 4\justcause4.exe => No File FirewallRules: [UDP Query User{F7A80BFE-D9E4-4F5A-89FD-42DBBE02C43D}C:\program files (x86)\dodi-repacks\just cause 4\justcause4.exe] => (Block) C:\program files (x86)\dodi-repacks\just cause 4\justcause4.exe => No File FirewallRules: [{996F95A2-FCF0-4DFF-A7BD-FEC970E9E176}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{6319FC72-8EAB-48B8-B874-D5852B5FAC38}C:\users\nickj\downloads\games\resident.evil.5.v10.04.2023\resident.evil.5.v10.04.2023\resident evil 5\re5dx9.exe] => (Block) C:\users\nickj\downloads\games\resident.evil.5.v10.04.2023\resident.evil.5.v10.04.2023\resident evil 5\re5dx9.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.) FirewallRules: [UDP Query User{827F9B06-77D4-4AAF-B3D0-A74944B87807}C:\users\nickj\downloads\games\resident.evil.5.v10.04.2023\resident.evil.5.v10.04.2023\resident evil 5\re5dx9.exe] => (Block) C:\users\nickj\downloads\games\resident.evil.5.v10.04.2023\resident.evil.5.v10.04.2023\resident evil 5\re5dx9.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.) FirewallRules: [{AA42FC5B-6D53-404D-ADED-EAD3F31260AD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.82\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{697249FC-B472-48F8-88D3-77FAF1CC0868}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{4AA850C1-6FE0-475F-8656-F77AE999369A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{C8057A62-1EB4-44A3-86A7-D101BCABF808}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D70D7604-F3FD-495B-8282-8D0EFDD23F7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7A7D2759-0BBC-4C3C-9EF7-AE57A757F64E}] => (Allow) C:\Users\nickj\AppData\Roaming\BitTorrent\BitTorrent.exe (Rainberry Inc -> BitTorrent Inc.) FirewallRules: [{3E073277-461B-4B33-9B0F-51BB5168A5F4}] => (Allow) C:\Users\nickj\AppData\Roaming\BitTorrent\BitTorrent.exe (Rainberry Inc -> BitTorrent Inc.) FirewallRules: [{74A28E80-AFAD-4E03-80A9-85DBE329B266}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{CE4A1876-AD2E-4231-8723-E17A0AF2468A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{162F74B2-6455-4D3B-B3A0-63AA8CF861DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{93276701-3F83-4E16-9B56-005281197CBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{34665571-736A-4057-AADC-3E1C73BFD4FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{CB6FFFA0-3B03-49CB-905F-B9672B37E90E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{92280FD3-4C8A-4419-8ED7-E4DE5BFA17A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{FB321565-895C-4A15-97D2-7EB75482A88E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{4B43F4D7-1053-4633-88EE-4C2ED0F5B4F8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E70FC223-96D7-4D80-AB73-A63051233F0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) ==================== Restore Points ========================= 17-07-2023 22:29:05 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (07/21/2023 03:59:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x45bc Faulting application start time: 0x01d9bb9ca7528f02 Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 0ba47bc8-dd7b-41e2-9712-e92a52ca450c Faulting package full name: Faulting package-relative application ID: Error: (07/21/2023 03:59:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0xa58 Faulting application start time: 0x01d9bb9ca1f1fbbf Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 30ae9f93-3fc4-44b1-ad2b-808579f76dfe Faulting package full name: Faulting package-relative application ID: Error: (07/21/2023 03:58:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x47a8 Faulting application start time: 0x01d9bb9c9ce6c930 Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: f624fc33-07b3-4cd9-8e64-a0214e6e86a5 Faulting package full name: Faulting package-relative application ID: Error: (07/21/2023 03:58:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x2d58 Faulting application start time: 0x01d9bb9c9961ab5b Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 62537fa5-d538-4023-8ece-84e6791b104b Faulting package full name: Faulting package-relative application ID: Error: (07/21/2023 03:58:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x4568 Faulting application start time: 0x01d9bb9c961649c1 Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 3444ec28-668d-4cf0-a737-55eb6ddca6f9 Faulting package full name: Faulting package-relative application ID: Error: (07/21/2023 03:58:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x4288 Faulting application start time: 0x01d9bb9c93514c7a Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 7a315a25-d17e-4b71-81de-9103bb79cdf6 Faulting package full name: Faulting package-relative application ID: Error: (07/21/2023 03:58:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVIDIA Share.exe, version: 73.3683.1933.5, time stamp: 0x63d40b20 Faulting module name: libcef.dll, version: 73.0.0.0, time stamp: 0x5c8499d0 Exception code: 0x80000003 Fault offset: 0x0000000001eb3d23 Faulting process id: 0x2f34 Faulting application start time: 0x01d9bb9c90fb911c Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll Report Id: 5cdc140f-136f-44da-89b4-d9e92e6b6f2f Faulting package full name: Faulting package-relative application ID: Error: (07/21/2023 03:58:25 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-4LBAS2EC$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Fri, 21 Jul 2023 06:28:24 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 8e9d5b21-7e08-49d5-82ff-027f4b73580e Method: GET(422ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) System errors: ============= Error: (07/21/2023 03:53:31 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-4LBAS2EC) Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!App.AppX447jn8wbjb1qsw3jxkndb19cwgsrtrkk.mca did not register with DCOM within the required timeout. Error: (07/21/2023 02:40:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS. Error: (07/21/2023 08:46:22 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-4LBAS2EC) Description: The server microsoft.windowscommunicationsapps_16005.14326.21502.0_x64__8wekyb3d8bbwe!microsoft.windowslive.mail.AppXnkkdvsgjva9ekjq4yw99zb8vy45jkyrc.mca did not register with DCOM within the required timeout. Error: (07/21/2023 08:46:22 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-4LBAS2EC) Description: The server microsoft.windowscommunicationsapps_16005.14326.21502.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout. Error: (07/21/2023 08:46:21 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-4LBAS2EC) Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (07/21/2023 08:46:21 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-4LBAS2EC) Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (07/21/2023 08:46:21 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-4LBAS2EC) Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout. Error: (07/21/2023 08:46:21 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-4LBAS2EC) Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout. CodeIntegrity: =============== Date: 2023-07-21 16:08:45 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2023-07-21 16:07:20 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Razer 1.06 06/07/2021 Motherboard: Razer PI411 Processor: AMD Ryzen 9 5900HX with Radeon Graphics Percentage of memory in use: 46% Total physical RAM: 15774.59 MB Available physical RAM: 8517.38 MB Total Virtual: 34206.59 MB Available Virtual: 23805 MB ==================== Drives ================================ Drive c: (Blade 14) (Fixed) (Total:936.18 GB) (Free:148.28 GB) (Model: SAMSUNG MZVLB1T0HBLR-00A00) NTFS \\?\Volume{c9582083-d709-4784-a493-76601a8a3eae}\ (Recovery) (Fixed) (Total:16.6 GB) (Free:1.04 GB) NTFS \\?\Volume{29da1acf-28dc-4ef3-bc37-7ed37b8312ce}\ (Winre) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS \\?\Volume{17950854-e6c6-405d-8d19-844fd580d7ab}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 953.9 GB) (Disk ID: 5A1AB5B8) Partition: GPT. ==================== End of Addition.txt =======================