Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2020 Ran by origi (21-11-2020 21:56:15) Running from C:\Users\origi\Desktop Windows 10 Pro Version 2009 19042.630 (X64) (2020-11-16 07:53:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1797817695-3140524087-3623043744-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1797817695-3140524087-3623043744-503 - Limited - Disabled) Guest (S-1-5-21-1797817695-3140524087-3623043744-501 - Limited - Disabled) origi (S-1-5-21-1797817695-3140524087-3623043744-1001 - Administrator - Enabled) => C:\Users\origi WDAGUtilityAccount (S-1-5-21-1797817695-3140524087-3623043744-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky Total Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8} FW: Kaspersky Total Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\uTorrent) (Version: 3.5.5.45449 - BitTorrent Inc.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20064 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe) AltServer (HKLM-x32\...\{6CC7EBC1-2C38-4717-B13D-CB0A478552EF}) (Version: 1.3.2 - Riley Testut) AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 1.9.2.0 - GIGABYTE Technology Co.,Inc.) AORUS LCD Panel Setting (HKLM-x32\...\{82026686-454E-4233-83E3-4045BC3FB31C}_is1) (Version: 1.0.3.1 - GIGABYTE Technology Co.,Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C788AE25-3D4E-4D18-811B-3219F778487E}) (Version: 13.5.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Assassin's Creed Valhalla (HKLM-x32\...\Uplay Install 13504) (Version: - Ubisoft) Audacity 2.4.1 (HKLM-x32\...\Audacity_is1) (Version: 2.4.1 - Audacity Team) Auto Clicker by Shocker (HKLM-x32\...\Auto Clicker by Shocker_is1) (Version: V3.0.1 - shockingsoft.com) AutoHotkey 1.1.32.00 (HKLM\...\AutoHotkey) (Version: 1.1.32.00 - Lexikos) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlestate Games Launcher 10.4.2.1226 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 10.4.2.1226 - Battlestate Games) Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.66.0 - Bethesda Softworks) BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.205.0.1006 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment) Cheat Engine 7.1 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden Deus Ex: Mankind Divided (HKLM-x32\...\1296690054_is1) (Version: 1.19 hotfix - GOG.com) Deus Ex: Mankind Divided™ DLC - Season Pass (HKLM-x32\...\1753119582_is1) (Version: 1.19 hotfix - GOG.com) DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Discord) (Version: 0.0.308 - Discord Inc.) Divinity: Original Sin 2 (HKLM-x32\...\1584823040_is1) (Version: 3.6.69.4648 - GOG.com) Dying Light: Ultimate Collection (HKLM-x32\...\Dying Light: Ultimate Collection_is1) (Version: - ) ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.3.0 - ENE TECHNOLOGY INC.) Hidden ENE_AIC_Marvell_HAL (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden ENE_AIC_Marvell_HAL (HKLM-x32\...\{887e18fb-6bc3-4cd4-b34e-32d9ff71bbae}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.0.9 - Ene Tech.) Hidden ENE_DRAM_RGB_AIO (HKLM-x32\...\{8bcd6161-a822-4c5a-9711-472cb32c7adf}) (Version: 1.0.0.9 - Ene Tech.) Hidden ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.6.0 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_M2_HAL (HKLM-x32\...\{d8516682-de60-4332-ad6f-49373754b677}) (Version: 1.0.6.0 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_SSS_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_SSS_HAL (HKLM-x32\...\{9eeadf99-713b-4ab5-9ccd-bf9c1c4d9daf}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.12.8.9819 - Battlestate Games) Fallout 4 GOTY (HKLM\...\Fallout 4 GOTY_is1) (Version: 1.10.82.0 - ) GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation) GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2060.1 - Rockstar Games) Hades (HKLM-x32\...\Hades_is1) (Version: - ) icecap_collection_neutral (HKLM-x32\...\{2A00DCB3-752F-446C-B3B3-1B6ADFBFF3E3}) (Version: 16.6.30014 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{BE5E54C4-6B68-4AE3-A7F4-45F0D29D48D3}) (Version: 16.6.30014 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{1E6E5904-E97F-41F7-B3DB-0C8CD3180E3C}) (Version: 16.6.30014 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{7FD392DF-51A1-4DC1-9C6F-BF7C58A576AC}) (Version: 16.6.30014 - Microsoft Corporation) Hidden iCloud (HKLM\...\{F0AD317D-AE18-45D0-BE5B-30074AFE6740}) (Version: 7.19.0.10 - Apple Inc.) iExplorer (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\2ee35ebaf226322a) (Version: 4.3.4.0 - Macroplant LLC) Installer (HKLM\...\{E9675998-9B12-4560-8E98-A6CCCDE0BE18}) (Version: 1.0.0 - Default Company Name) IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden iTunes (HKLM\...\{65A59264-DFCE-498D-A091-D124C6EFB6FF}) (Version: 12.10.8.5 - Apple Inc.) Java 8 Update 261 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180261F0}) (Version: 8.0.2610.12 - Oracle Corporation) Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Kaspersky Total Security (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden Kaspersky Total Security (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LazyClicker (HKLM-x32\...\{FB523953-2434-4FB2-A027-F42B395659F8}) (Version: 1.1.0.27 - LazyClicker) Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: - Logitech) LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.) Microsoft .NET Core SDK 3.1.302 (x64) from Visual Studio (HKLM\...\{539053B2-E414-46BC-B4CD-365E79AFEA79}) (Version: 3.1.302.015188 - Microsoft Corporation) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.41 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.99 - ) Microsoft OneDrive (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0006 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Teams) (Version: 1.3.00.13565 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.6.2037.624 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang) Mordhau (HKLM-x32\...\Mordhau_is1) (Version: - ) Mozilla Firefox 82.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 82.0.3 (x64 en-US)) (Version: 82.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla) No Man's Sky (HKLM-x32\...\No Man's Sky_is1) (Version: - ) Node.js (HKLM\...\{97FD2F60-C3CD-417D-A5F6-C538B37054CC}) (Version: 12.16.3 - Node.js Foundation) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.6 - Notepad++ Team) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation) NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation) NVIDIA Graphics Driver 457.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.30 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.04 - Patriot Memory) Hidden Patriot Viper M2 SSD RGB (HKLM-x32\...\{ebb7013c-0b03-497c-bed1-1e48e806a593}) (Version: 1.00.04 - Patriot Memory) PlanetSide 2 (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment) Plex Media Server (HKLM-x32\...\{203FDA60-7969-4EB3-BD69-4D1752B3C6F9}) (Version: 1.18.2438 - Plex, Inc.) Hidden Plex Media Server (HKLM-x32\...\{440398c3-62c1-4e0e-b558-5ca3f78e1d94}) (Version: 1.18.7.2438 - Plex, Inc.) Python 2.7.18 (64-bit) (HKLM\...\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}) (Version: 2.7.18150 - Python Software Foundation) Python 3.8.5 (32-bit) (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\{44a59e57-34e2-4d86-93ba-a2588bfac760}) (Version: 3.8.5150.0 - Python Software Foundation) Python 3.8.5 Add to Path (32-bit) (HKLM-x32\...\{2D01141A-8022-4100-B256-02EFB0F1830B}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden Python 3.8.5 Core Interpreter (32-bit) (HKLM-x32\...\{31F7FCA7-1F15-48FD-BFB9-91FE58FC2F07}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden Python 3.8.5 Development Libraries (32-bit) (HKLM-x32\...\{657AEF25-7BC3-4E93-A08C-ECD14E8A74AE}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden Python 3.8.5 Documentation (32-bit) (HKLM-x32\...\{F7A293EB-21B8-45DE-85A5-8ADEB68B9EFB}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden Python 3.8.5 Executables (32-bit) (HKLM-x32\...\{F6156224-C882-453A-9046-EFCD31982E68}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden Python 3.8.5 pip Bootstrap (32-bit) (HKLM-x32\...\{71C0D67F-EF42-4C5C-A2AE-04FD8B38AB1C}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden Python 3.8.5 Standard Library (32-bit) (HKLM-x32\...\{4D147A72-5C01-47B2-8789-1D1969F6AC32}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden Python 3.8.5 Tcl/Tk Support (32-bit) (HKLM-x32\...\{653FBD26-2D1A-48C1-AAB1-0AB6F2A3749B}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden Python 3.8.5 Test Suite (32-bit) (HKLM-x32\...\{DE45C740-8250-4A49-8B81-FE347C70E6BA}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden Python 3.8.5 Utility Scripts (32-bit) (HKLM-x32\...\{9450D936-1E4F-44EF-A0D4-92C471229B98}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{CEEAEA02-2472-4BF6-8994-52D6783F5575}) (Version: 3.8.7140.0 - Python Software Foundation) Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.5.1030.101917 - Razer Inc.) Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1311.23 - Rockstar Games) RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.20.1105.1 - GIGABYTE) Risk of Rain 2 (HKLM-x32\...\Risk of Rain 2_is1) (Version: - ) RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.29.283 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.0 - Rockstar Games) Sekiro: Shadows Die Twice (HKLM-x32\...\Sekiro: Shadows Die Twice_is1) (Version: - ) Sniper: Ghost Warrior Contracts (HKLM-x32\...\Sniper: Ghost Warrior Contracts_is1) (Version: - ) Spotify (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Spotify) (Version: 1.1.46.916.g416cacf1 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stopping Plex (HKLM-x32\...\{B5747469-E9CA-4F7C-A964-0A32DF449B24}) (Version: 1.18.2438 - Plex, Inc.) Hidden superhot: mind control delete (HKLM-x32\...\superhot: mind control delete_is1) (Version: - ) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.4461 - Microsoft Corporation) Terraria Tweaker 2 (HKLM-x32\...\TiberiumFusion Terraria Tweaker 2) (Version: "2.3.1405.0" - TiberiumFusion) Terraria Tweaker 2 for Terraria 1.3.5.3 (HKLM-x32\...\TiberiumFusion Terraria Tweaker 2 for Terraria 1.3.5.3) (Version: "2.2.1353.0" - TiberiumFusion) The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com) thriXXX 3DKink-500.001 (HKLM-x32\...\3DKink-500.001) (Version: - thriXXX Software GmbH) Twitch (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 103.2 - Ubisoft) UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unity (HKLM-x32\...\Unity) (Version: 2019.4.6f1 - Unity Technologies ApS) Unity Hub 2.3.2 (HKLM\...\{Unity Technologies - Hub}) (Version: 2.3.2 - Unity Technologies Inc.) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) UWPHok (HKLM-x32\...\UWPHook 2.5.1) (Version: 2.5.1 - Briano) UWPHook (HKLM-x32\...\{52B9D66E-8B17-4E82-94EE-9664614B67A2}) (Version: 2.5.1 - Briano) Hidden VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) vcpp_crt.redist.clickonce (HKLM-x32\...\{B2AC4CE4-2533-4485-B3B5-2F645C2DD325}) (Version: 14.26.28808 - Microsoft Corporation) Hidden Visual Studio Community 2019 (HKLM-x32\...\2a34e2d9) (Version: 16.6.30320.27 - Microsoft Corporation) Visual Studio Team Explorer 2017 (HKLM-x32\...\b0a2d319) (Version: 15.9.28307.1216 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN) Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.3.4 - Black Tree Gaming Ltd.) VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{2CCEC45B-1462-4FFD-8214-90E3C25000F7}) (Version: 16.6.30014 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{7A991159-9069-471D-B85F-89B1E4E66822}) (Version: 16.6.30014 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{16E73A5A-339C-4177-A0BD-04278C06625C}) (Version: 16.6.30014 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{C8E7C1FC-925C-4163-BAB3-769E6C7961D2}) (Version: 16.6.30014 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{DA7AB063-D1A3-4D5A-8221-598ACF4574B4}) (Version: 16.6.30014 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{0A54CADD-CBA1-4BC9-A134-6C9F91F41B9A}) (Version: 16.5.29521 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_vswebprotocolselectormsi (HKLM-x32\...\{5F2E2347-2042-4340-BBDD-262BB1791EC7}) (Version: 16.6.30014 - Microsoft Corporation) Hidden VSCodium (HKLM\...\{D77B7E06-80BA-4137-BCF4-654B95CCEBC5}_is1) (Version: 1.47.2 - Microsoft Corporation) Watch Dogs Legion (HKLM-x32\...\Uplay Install 3353) (Version: - Ubisoft) WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version: - Ubisoft) WeMod (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\WeMod) (Version: 6.3.11 - WeMod) WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.) Packages: ========= Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.45.4.0_x86__kgqvnymyfvs32 [2020-10-24] (king.com) Clustertruck -> C:\Program Files\WindowsApps\tinyBuildGames.3289435C1E20_1.0.3.0_x86__3sz1pp2ynv2xe [2020-01-04] (tinyBuild Games) Death's Gambit -> C:\Program Files\WindowsApps\CartoonInteractiveGroupIn.DeathsGambit_1.0.0.0_x64__6c1aaymwt3dwm [2020-02-18] (Cartoon Interactive Group Inc.) Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.48.4.0_x86__kgqvnymyfvs32 [2020-11-07] (king.com) FTL: Faster Than Light -> C:\Program Files\WindowsApps\Mutable\SubsetGames.FTLFasterThanLight_1.6.13.0_x86__gvagsjwfgyhyc [2020-01-10] (Subset Games) Golf With Your Friends -> C:\Program Files\WindowsApps\Team17DigitalLimited.GolfWithYourFriendsWin10_1.0.12.0_x64__j5x4vj4y67jhc [2020-10-29] (Team17 Digital Limited) Halo: The Master Chief Collection -> C:\Program Files\WindowsApps\Mutable\Microsoft.Chelan_1.1955.0.0_x64__8wekyb3d8bbwe [2020-11-21] (Microsoft Studios) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Studios) [MS Ad] My Friend Pedro Win10 -> C:\Program Files\WindowsApps\DevolverDigital.MyFriendPedroWin10_1.0.6.0_x64__6kzv4j18v0c96 [2020-05-06] (Devolver Digital) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-25] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2020-04-14] (Realtek Semiconductor Corp) The Master Chief Collection: Halo 2 -> C:\Program Files\WindowsApps\Microsoft.MCCHalo2_1.1448.0.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) The Master Chief Collection: Halo 3 -> C:\Program Files\WindowsApps\Microsoft.MCCHalo3_1.12.0.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) The Master Chief Collection: Halo 3: ODST -> C:\Program Files\WindowsApps\Microsoft.MCCHalo3ODST_1.12.0.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) The Master Chief Collection: Halo CE -> C:\Program Files\WindowsApps\Microsoft.HaloCombatEvolved_1.1367.0.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) The Master Chief Collection: REACH -> C:\Program Files\WindowsApps\Microsoft.TheMasterChiefCollectionREACH_1.1.0.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) Totally Accurate Battle Simulator (Game Preview) -> C:\Program Files\WindowsApps\LandfallGames.TotallyAccurateBattleSimulator_1.0.24.0_x64__r2vq7k2y0v9ct [2020-09-01] (Landfall Games) UNDERTALE -> C:\Program Files\WindowsApps\8-4Ltd.Undertale-Windows10_1.1.0.0_x86__c74r4999cqbdr [2020-01-04] (8-4, Ltd.) West of Loathing -> C:\Program Files\WindowsApps\Asymmetric.WestofLoathing_1.1111.1111.0_x64__y20smdktffva2 [2020-04-30] (Asymmetric Publications, LLC) Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-04-24] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\origi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\origi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-04-22] (Notepad++ -> ) ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll -> No File ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-05-07] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Program Files\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Program Files\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\nvshext.dll [2020-11-08] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Program Files\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Program Files\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-29] () [File not signed] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-29] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\origi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --force-dark-mode ==================== Loaded Modules (Whitelisted) ============= 2020-11-18 18:30 - 2019-08-05 13:26 - 000025088 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\BSL430.dll 2020-11-18 18:30 - 2019-08-05 13:26 - 000225792 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvFireware.dll 2019-08-05 19:50 - 2019-08-05 19:50 - 000009216 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\Phison.dll 2020-11-18 18:30 - 2019-08-05 13:27 - 002010112 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GbtCpuLib.dll 2020-11-18 18:30 - 2019-08-05 13:27 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\yccV2.dll 2019-04-15 16:24 - 2019-04-15 16:24 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\yccV2.DLL 2020-11-18 18:30 - 2019-12-09 17:27 - 000289792 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GVBIOSLib.dll 2020-11-18 18:30 - 2019-08-05 13:26 - 000628736 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvComW.dll 2020-11-18 18:30 - 2019-08-05 13:26 - 000013312 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvCrypt.dll 2020-11-18 18:30 - 2020-10-23 11:27 - 000474624 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GVDisplay.dll 2020-11-18 18:30 - 2019-08-05 13:26 - 000240640 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvIllumLib.dll 2020-11-18 18:30 - 2019-08-05 13:26 - 000218112 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvOrderLib.dll 2020-11-18 18:32 - 2020-09-14 09:07 - 000472576 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel Setting\GVDisplay.dll 2020-07-08 10:49 - 2020-07-08 10:49 - 000474624 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GVDisplay.dll 2020-11-05 14:16 - 2020-11-05 14:16 - 000268800 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvIllumLib.dll 2020-11-05 07:49 - 2020-11-05 07:49 - 002057728 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACDDR_Lib.dll 2020-11-05 07:49 - 2020-11-05 07:49 - 002057728 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACPCIeSSD_Lib.dll 2020-11-05 07:49 - 2020-11-05 07:49 - 002057728 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACSSD_Lib.dll 2019-12-18 23:14 - 2019-02-22 03:00 - 000078336 _____ (Igor Pavlov) [File not signed] E:\Program Files\7-Zip\7-zip.dll 2020-11-18 18:30 - 2019-08-05 13:27 - 001079808 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\MFC80U.DLL 2018-08-30 16:26 - 2018-08-30 16:26 - 000053760 _____ (MS) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\MsIo32_Galax.dll 2020-11-18 18:30 - 2019-08-27 13:22 - 000224256 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvAutoUpdate.dll 2017-10-05 15:26 - 2017-10-05 15:26 - 002247168 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\CRtive.dll 2018-12-08 08:22 - 2018-12-08 08:22 - 002059264 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GHidApi.dll 2020-11-05 15:15 - 2020-11-05 15:15 - 000492544 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvLedLib.dll 2020-10-22 15:05 - 2020-10-22 15:05 - 002107392 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\SMBCtrl.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D122519-A9FCDBB39EF&form=CONMHP&conlogo=CT3335799 SearchScopes: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D122519-N0700A9FCDBB39EF&form=CONBDF&conlogo=CT3335799&q={searchTerms} SearchScopes: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D122519-N0700A9FCDBB39EF&form=CONBDF&conlogo=CT3335799&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-09-13] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-13] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\ssv.dll [2020-09-16] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-09-16] (Oracle America, Inc. -> Oracle Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\download.microsoft.com -> hxxp://download.microsoft.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\microsoft.com -> hxxp://ntservicepack.microsoft.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\sharepoint.com -> hxxps://mqoutlook-files.sharepoint.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\update.microsoft.com -> hxxp://update.microsoft.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\update.microsoft.com -> hxxps://update.microsoft.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\windows.com -> hxxp://wustat.windows.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\windowsupdate.com -> hxxp://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\windowsupdate.com -> hxxps://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\ws.microsoft.com -> hxxp://ws.microsoft.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\ws.microsoft.com -> hxxps://ws.microsoft.com IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\wustat.windows.com -> hxxp://wustat.windows.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-19 15:49 - 2020-11-04 14:27 - 000001832 _____ C:\WINDOWS\system32\drivers\etc\hosts 109.94.209.70 fitgirlrepacks.co # Fake FitGirl site 109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site 109.94.209.70 fitgirl-repack.com # Fake FitGirl site 109.94.209.70 fitgirl-repacks.website # Fake FitGirl site 109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site 109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site 109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site 109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site 109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site 109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site 109.94.209.70 fitgirl-repack.net # Fake FitGirl site 109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site 109.94.209.70 fitgirlpack.site # Fake FitGirl site 109.94.209.70 www.fitgirlpack.site # Fake FitGirl site ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\nodejs\;C:\Program Files\VSCodium\bin;C:\Program Files\dotnet\ HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\Control Panel\Desktop\\Wallpaper -> E:\Pictures\Wallpapers\RGB Circles.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "utweb" HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "GogGalaxy" HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "Plex Media Server" HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "Synapse3" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{F10D8E68-791F-40DA-B562-571EC41B5850}E:\games\risk of rain 2\risk of rain 2.exe] => (Allow) E:\games\risk of rain 2\risk of rain 2.exe () [File not signed] FirewallRules: [TCP Query User{940071B3-1041-4A24-9CD6-36A0502F8418}E:\games\risk of rain 2\risk of rain 2.exe] => (Allow) E:\games\risk of rain 2\risk of rain 2.exe () [File not signed] FirewallRules: [{44B75A98-6FC8-40C6-9EBF-C16D01755B28}] => (Allow) E:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games) FirewallRules: [{A933E254-B7CE-4C1A-888A-C3E35222C782}] => (Allow) E:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games) FirewallRules: [UDP Query User{B6446B56-F82C-4ABC-BB1F-637DEC2B7F89}E:\games\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe] => (Allow) E:\games\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe (CI Games S.A.) [File not signed] FirewallRules: [TCP Query User{6D2A8BAA-6BB1-4876-9122-F48193FF86BF}E:\games\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe] => (Allow) E:\games\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe (CI Games S.A.) [File not signed] FirewallRules: [UDP Query User{C4763C34-DCA4-4E02-B3D0-A49C58951873}E:\games\dying light - ultimate collection\dyinglightgame.exe] => (Allow) E:\games\dying light - ultimate collection\dyinglightgame.exe (Techland) [File not signed] FirewallRules: [TCP Query User{19752260-5051-43C3-B0BA-962487E1C33F}E:\games\dying light - ultimate collection\dyinglightgame.exe] => (Allow) E:\games\dying light - ultimate collection\dyinglightgame.exe (Techland) [File not signed] FirewallRules: [{08A7615C-013D-445F-8E0E-E7BD1ED90D6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{027D44AF-D56D-4483-963E-AC5795B19E62}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7A193A34-7EFE-4DFA-A067-4E753DB615F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7187FD66-B038-40AA-9455-58B0BDE2B267}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [UDP Query User{54D767F1-03F2-4457-948B-AF0FB9A293E0}E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe] => (Allow) E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation) FirewallRules: [TCP Query User{95179F55-D539-4CCD-A60D-E65966490B8D}E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe] => (Allow) E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation) FirewallRules: [UDP Query User{F0FD4D93-F6DE-411F-86C9-C69D2BCB6794}E:\program files\call of duty black ops cold war beta\blackopscoldwar.exe] => (Allow) E:\program files\call of duty black ops cold war beta\blackopscoldwar.exe => No File FirewallRules: [TCP Query User{A3134F08-16BE-4B7D-89F4-48A33035CF54}E:\program files\call of duty black ops cold war beta\blackopscoldwar.exe] => (Allow) E:\program files\call of duty black ops cold war beta\blackopscoldwar.exe => No File FirewallRules: [UDP Query User{D7ED7EBC-65F4-44DE-9E4B-129A75F9D25B}E:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe] => (Allow) E:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{60E24A6F-4970-4D38-A294-E392C7E62792}E:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe] => (Allow) E:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [UDP Query User{325DCF6B-91C0-4783-A4CE-8E1F092F642D}E:\program files\epic games\killingfloor2\binaries\win64\kfgame.exe] => (Allow) E:\program files\epic games\killingfloor2\binaries\win64\kfgame.exe => No File FirewallRules: [TCP Query User{78C9547E-474E-4F31-A8E0-D8386AA715C4}E:\program files\epic games\killingfloor2\binaries\win64\kfgame.exe] => (Allow) E:\program files\epic games\killingfloor2\binaries\win64\kfgame.exe => No File FirewallRules: [{F44F34B3-9256-463E-A5EF-AD01CA3B2D4D}] => (Allow) E:\SteamLibrary\steamapps\common\D.R.O.N.E. The Game\D.R.O.N.E. Launcher.exe (Five Studios Interactive SL -> Five Studios Interactive) FirewallRules: [{CB509D4A-F2C1-400A-822A-F96E6F84A3AB}] => (Allow) E:\SteamLibrary\steamapps\common\D.R.O.N.E. The Game\D.R.O.N.E. Launcher.exe (Five Studios Interactive SL -> Five Studios Interactive) FirewallRules: [UDP Query User{A2390B05-03FD-4FF0-9D91-AD3EC97BD96D}C:\users\origi\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\origi\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe FirewallRules: [TCP Query User{6B3FA829-0710-45F7-A03A-3FD37AEAF171}C:\users\origi\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\origi\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe FirewallRules: [{864D0893-5D28-4E25-97DF-788A8F24600D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{43EC5C06-C5C2-437A-B078-B86D69973A3F}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [UDP Query User{C36AEA6D-181B-4149-AEF0-24A28DF74D3C}E:\emutarkov 12.7.8445\server\server.exe] => (Allow) E:\emutarkov 12.7.8445\server\server.exe (Node.js) [File not signed] FirewallRules: [TCP Query User{F318B14C-86A2-4A84-9CE2-BCA4DB71EC71}E:\emutarkov 12.7.8445\server\server.exe] => (Allow) E:\emutarkov 12.7.8445\server\server.exe (Node.js) [File not signed] FirewallRules: [{B13B0A28-5CD1-4D3E-960A-FABE2F743E12}] => (Allow) E:\SteamLibrary\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed] FirewallRules: [{BAD16577-D190-4412-98F0-FEFA6098F3EE}] => (Allow) E:\SteamLibrary\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed] FirewallRules: [{34020297-0BDC-4BC0-BFD5-3687EAA12AE5}] => (Block) E:\Program Files\Unity\Hub\Editor\2019.4.6f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{87219C25-F2EC-40E1-97FC-5D4D41F4338F}] => (Allow) E:\Program Files\Unity\Hub\Editor\2019.4.6f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [UDP Query User{33DFD611-4C4E-4B7C-B1DA-622AFE290435}E:\program files\unity hub\unity hub.exe] => (Allow) E:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.) FirewallRules: [TCP Query User{8D1BB9DB-4E7F-4D46-A3D6-FDDD22AF366C}E:\program files\unity hub\unity hub.exe] => (Allow) E:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.) FirewallRules: [{F7861289-6A85-4C72-BDBA-083871DE2E4A}] => (Allow) E:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.) FirewallRules: [UDP Query User{45A508BD-343A-4D9E-945F-70CC137AC76C}C:\program files\vscodium\vscodium.exe] => (Allow) C:\program files\vscodium\vscodium.exe (Microsoft Corporation) [File not signed] FirewallRules: [TCP Query User{BB29CB11-64CD-4DF4-B66E-A95E49B1CFDB}C:\program files\vscodium\vscodium.exe] => (Allow) C:\program files\vscodium\vscodium.exe (Microsoft Corporation) [File not signed] FirewallRules: [{FD2C0B71-4D0F-4808-8575-3745905AD28B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [UDP Query User{42B6660B-5ED1-4BDF-ACE0-BCE07F03781E}C:\program files (x86)\altserver\altserver.exe] => (Allow) C:\program files (x86)\altserver\altserver.exe (AltStore LLC) [File not signed] FirewallRules: [TCP Query User{2E6F1D60-AAEB-48C7-A51E-38370BF4EF6D}C:\program files (x86)\altserver\altserver.exe] => (Allow) C:\program files (x86)\altserver\altserver.exe (AltStore LLC) [File not signed] FirewallRules: [{306AADBD-AAB4-48E8-B6BE-1D07B1664146}] => (Allow) E:\SteamLibrary\steamapps\common\Portal 2\portal2.exe () [File not signed] FirewallRules: [{14214BC4-7917-4BE6-8A67-A2CFBA885D72}] => (Allow) E:\SteamLibrary\steamapps\common\Portal 2\portal2.exe () [File not signed] FirewallRules: [{0AA59250-7B8C-4F0B-B5D8-E7ED64852855}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{7894A19D-2B41-4099-9E03-82B6D3308E9D}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{25104F42-C5A8-4AE5-9A08-42298714AADB}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\bin_plus\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment) FirewallRules: [{99B4E8E8-1893-45F4-B5B0-AAD3BF112D6F}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\bin_plus\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment) FirewallRules: [{D74360E7-C50A-46DF-AD5E-2C9688CF483A}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment) FirewallRules: [{CCB71434-5169-4097-BA00-7690F3C94336}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment) FirewallRules: [{902D3AF8-D32A-49DF-BAE8-1CE4254B49EA}] => (Allow) E:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File FirewallRules: [{FD22DB00-BAB7-421D-A3E1-FE4A6BE12D4B}] => (Allow) E:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File FirewallRules: [{59509B66-C71C-40E8-B222-A05CF7ADA902}] => (Allow) E:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe (Konami Digital Entertainment) [File not signed] FirewallRules: [{917C14FA-FDFF-4937-BCAE-39FB92079AAC}] => (Allow) E:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe (Konami Digital Entertainment) [File not signed] FirewallRules: [{CEABD935-8832-494B-A277-AD723C16E8F8}] => (Allow) E:\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House) FirewallRules: [{B0039ED2-34D8-4DFB-B8EB-41154C09EB05}] => (Allow) E:\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House) FirewallRules: [{7415C043-6DD1-4770-A6C8-153E8015635A}] => (Allow) E:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed] FirewallRules: [{34EFECF9-D2DC-414B-A068-4E4C11EB15A0}] => (Allow) E:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed] FirewallRules: [{9D3CB140-B85C-431D-851D-33EBBB64EC4B}] => (Allow) E:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed] FirewallRules: [{F7A51524-6680-4817-93B3-4FB20321B983}] => (Allow) E:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed] FirewallRules: [{3C65C792-A8A6-4101-8CBF-FAD144FE474C}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe () [File not signed] FirewallRules: [{76D91F81-F31B-43C4-9177-0E98E20133F9}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe () [File not signed] FirewallRules: [{231FB57E-6AF9-4F2C-8C54-DF7F8F2A6C50}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForest.exe () [File not signed] FirewallRules: [{501753C0-C5BD-4D9D-839B-268FE5CB0B86}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForest.exe () [File not signed] FirewallRules: [{14C03299-DCF1-4508-9CD7-1930CFE6A274}] => (Allow) E:\SteamLibrary\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed] FirewallRules: [{D2E7ADDF-1589-4FD8-B3FC-B3D85A9B6F5A}] => (Allow) E:\SteamLibrary\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed] FirewallRules: [UDP Query User{8258957B-DCB5-458C-A270-134327AF3811}E:\program files\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) E:\program files\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe () [File not signed] FirewallRules: [TCP Query User{12EB542A-9BFF-47E6-87D3-6F1FF5E34FC6}E:\program files\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) E:\program files\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe () [File not signed] FirewallRules: [UDP Query User{C3C791EF-22BA-4F59-BC25-51D0DB5E0278}E:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) E:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe => No File FirewallRules: [TCP Query User{6CB92D7C-7DC3-4EF9-8A37-9CF84197A520}E:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) E:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe => No File FirewallRules: [{4DF7FE8E-0264-44E6-996A-3EA5A94F8F1E}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [UDP Query User{3EB1A1BC-42C9-44A0-89E2-F9549E72F139}E:\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steamlibrary\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed] FirewallRules: [TCP Query User{FFD736D3-BF75-404F-824A-E87DD328C3C6}E:\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steamlibrary\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed] FirewallRules: [{479AD954-D64B-46EF-B046-3A916A2EC95F}] => (Allow) E:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [{8B221CFE-47F8-4418-8A2E-7C501FB79A01}] => (Allow) E:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [UDP Query User{2BF9EA75-998A-4D25-8EED-266FBB0A448E}E:\program files\epic games\gtav\gta5.exe] => (Allow) E:\program files\epic games\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{75B083B5-47D8-4A9F-918B-8CF993A4005E}E:\program files\epic games\gtav\gta5.exe] => (Allow) E:\program files\epic games\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{FE0709B9-6DEE-484F-95D1-8F53EEEB9016}E:\program files\rockstar games\red dead redemption 2\rdr2.exe] => (Allow) E:\program files\rockstar games\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{80301D8A-7F60-4685-836F-B3CA6609C81A}E:\program files\rockstar games\red dead redemption 2\rdr2.exe] => (Allow) E:\program files\rockstar games\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{5A6BBD9F-E23D-49EF-8003-E642669DC7E8}E:\program files\epic games\breakpointdemo\grb.exe] => (Allow) E:\program files\epic games\breakpointdemo\grb.exe => No File FirewallRules: [TCP Query User{666556D2-4339-4484-ADBA-D27818139021}E:\program files\epic games\breakpointdemo\grb.exe] => (Allow) E:\program files\epic games\breakpointdemo\grb.exe => No File FirewallRules: [{F5195C8B-3C8F-4A3E-8A2C-09EAA4D02842}] => (Allow) E:\Program Files\Epic Games\BreakpointDemo\GRB_BE.exe => No File FirewallRules: [{AA3F5F3A-F171-441A-BBE7-4FE7B3C3C54D}] => (Allow) E:\Program Files\Epic Games\BreakpointDemo\GRB_BE.exe => No File FirewallRules: [{9AB356E3-1C49-45D0-92D7-21143CECE733}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{CF43DDDA-4442-4233-92D0-7B28CA43BE7F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D32F1D5B-BD93-4F80-84D4-A6F24F3169AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A112E236-9BD0-4F0E-8E86-3BD9995DA22A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{DB41F1CC-4157-4B2E-A46B-7773491713E3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8FC6E254-4932-44EE-8D54-F26D58C8CDB8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FE17E754-D40D-4F7B-B445-04F317D4BA55}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{238925C4-1354-4AA1-865D-9620EE84EE56}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{56B0067E-EA09-4D6F-83E3-866094057A59}C:\users\origi\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\origi\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{B4288E7E-F78B-45DB-9477-1BCF095B4053}C:\users\origi\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\origi\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{FB7BE848-FDE0-4D65-854D-A34E5904B18B}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{2E58401E-54F3-4071-9DD0-8A3A3B1F7D5B}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{55F4F4E4-6DE8-4FF7-B391-C1E19A1E0988}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{625B937E-C165-4A10-ABEC-6739A4F19C76}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{EC3D6E3F-D22B-45FF-86FD-73A42E37BC01}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{FCE58226-D93B-44EF-B104-E9B412434148}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [TCP Query User{B3D20E8A-DAC4-4319-9B5C-13D59B6BC4D8}C:\users\origi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\origi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{FEE9CE96-58F4-4030-88CB-5B5EE3B47F3A}C:\users\origi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\origi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{03684179-A6B7-408B-A2B0-41545EC96826}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.) FirewallRules: [UDP Query User{655C2BD9-62B4-4B6D-BD3A-72C4AEC22A73}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.) FirewallRules: [TCP Query User{BE68303A-CA83-45AF-AA41-E58A9D8245F3}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [UDP Query User{32E8EDC4-0755-42CB-8BD0-1A4EB166C618}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [TCP Query User{410561EF-AB33-4577-B74F-B67E1FC6DF4F}E:\program files\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\program files\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision) FirewallRules: [UDP Query User{B2E877D3-5FF6-4FCA-BB52-BC96F1D944F6}E:\program files\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\program files\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision) FirewallRules: [TCP Query User{16B1414A-FE63-4C3A-B9C7-5587D7AC39D2}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{68E21DC7-8280-4F29-80E2-E6BB9677AFC1}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{79D1F9F0-DBCB-4B21-8FA6-69D2F2F2E332}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{08C2D746-BDCB-45BF-80E3-DDCDDD0EE60C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{420E550E-47C4-4454-A99A-8EE7BBCA1EDA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{8079971B-C0B8-4E0A-9744-6D2A1973AF10}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\New folder\Watch Dogs Legion\bin\WatchDogsLegion.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{BCDE392E-AEFB-43AC-AC45-EBCA7CBD289E}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\New folder\Watch Dogs Legion\bin\WatchDogsLegion.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{15887DF6-8639-4AAB-A645-BC33B1BACC1D}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\Assassin's Creed Valhalla\ACValhalla_Plus.exe (UBISOFT ENTERTAINMENT INC. -> ) FirewallRules: [{465FB64B-5046-4360-9AEE-EF848A8994D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{32EAD7C7-073D-4808-8491-BB3BC3B0B971}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{FA6EA858-6A11-4455-8ABF-32AD4BA524C7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{BBD423BF-4015-4ACF-9104-6B0F247AE9E1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) ==================== Restore Points ========================= 17-11-2020 01:58:01 Windows Modules Installer 18-11-2020 18:30:32 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 19-11-2020 20:41:08 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 19-11-2020 20:41:31 Installed DirectX ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (11/21/2020 09:51:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679 Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d Exception code: 0xc0000409 Fault offset: 0x000000000007287e Faulting process id: 0x1e10 Faulting application start time: 0x01d6bff442ccc353 Faulting application path: C:\WINDOWS\explorer.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: ef25551b-5223-470e-a975-f7c8cc761ef0 Faulting package full name: Faulting package-relative application ID: Error: (11/21/2020 09:51:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679 Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d Exception code: 0xc0000409 Fault offset: 0x000000000007287e Faulting process id: 0x117c Faulting application start time: 0x01d6bff442867868 Faulting application path: C:\WINDOWS\explorer.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: ba0e1d9a-62d1-4213-9f49-fab1b4b56b9d Faulting package full name: Faulting package-relative application ID: Error: (11/21/2020 09:51:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679 Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d Exception code: 0xc0000409 Fault offset: 0x000000000007287e Faulting process id: 0x1d78 Faulting application start time: 0x01d6bff4423f787a Faulting application path: C:\WINDOWS\explorer.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: f51d7947-906b-4681-b445-c9c13e43bd24 Faulting package full name: Faulting package-relative application ID: Error: (11/21/2020 09:51:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679 Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d Exception code: 0xc0000409 Fault offset: 0x000000000007287e Faulting process id: 0x9d0 Faulting application start time: 0x01d6bff441f9f6a6 Faulting application path: C:\WINDOWS\explorer.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: f8eaea60-f8fb-4e26-9eca-249015355390 Faulting package full name: Faulting package-relative application ID: Error: (11/21/2020 09:51:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679 Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d Exception code: 0xc0000409 Fault offset: 0x000000000007287e Faulting process id: 0x26b4 Faulting application start time: 0x01d6bff441b4d97c Faulting application path: C:\WINDOWS\explorer.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: ad20c75d-e78d-45d2-a37b-3c3b63d2fa75 Faulting package full name: Faulting package-relative application ID: Error: (11/21/2020 09:51:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679 Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d Exception code: 0xc0000409 Fault offset: 0x000000000007287e Faulting process id: 0x850 Faulting application start time: 0x01d6bff4416fdcd4 Faulting application path: C:\WINDOWS\explorer.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: 9e55fbb2-7f35-42fd-bf58-1307b5980bcc Faulting package full name: Faulting package-relative application ID: Error: (11/21/2020 09:51:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679 Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d Exception code: 0xc0000409 Fault offset: 0x000000000007287e Faulting process id: 0xdf8 Faulting application start time: 0x01d6bff4412c3c44 Faulting application path: C:\WINDOWS\explorer.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: f74575ab-7aea-4035-80c7-09e05d1d01b2 Faulting package full name: Faulting package-relative application ID: Error: (11/21/2020 09:51:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679 Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d Exception code: 0xc0000409 Fault offset: 0x000000000007287e Faulting process id: 0x1acc Faulting application start time: 0x01d6bff440e5b830 Faulting application path: C:\WINDOWS\explorer.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: e57cfc05-ef32-4690-9334-656351e43980 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (11/21/2020 09:48:36 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-Q4STC4U) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (11/21/2020 09:41:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (11/21/2020 09:41:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The LGHUB Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (11/21/2020 09:41:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (11/21/2020 09:41:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (11/21/2020 09:41:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Razer Synapse Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/21/2020 09:41:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Gaming Services service terminated unexpectedly. It has done this 1 time(s). Error: (11/21/2020 09:41:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Gaming Services service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2020-11-21 20:23:49.8320000Z Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan ID: {8777F9DE-9CF1-4C6E-80AD-E0712C46AC31} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-11-21 13:59:55.0600000Z Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan ID: {CF605607-240D-4485-87A6-C2A840505669} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-11-19 23:22:45.7120000Z Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan ID: {6802214D-4CC9-4B0E-B75A-FE09F6B2C7D4} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-11-18 00:06:40.8360000Z Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan ID: {EAB2C1B0-0BB4-4C52-87C4-54F1F95461E5} Scan Type: Antimalware Scan Parameters: Quick Scan CodeIntegrity: =================================== Date: 2020-11-21 21:51:11.6380000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. Date: 2020-11-21 21:49:08.2520000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. Date: 2020-11-21 21:49:08.1260000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. Date: 2020-11-21 15:41:52.3300000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. Date: 2020-11-21 15:39:49.2540000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. Date: 2020-11-21 15:39:49.1320000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. Date: 2020-11-21 13:46:41.5680000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. Date: 2020-11-21 13:46:39.0320000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. F8 05/24/2019 Motherboard: Gigabyte Technology Co., Ltd. Z390 UD Processor: Intel(R) Core(TM) i7-9700KF CPU @ 3.60GHz Percentage of memory in use: 32% Total physical RAM: 16315.74 MB Available physical RAM: 11014.62 MB Total Virtual: 32699.74 MB Available Virtual: 25751.54 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:476.31 GB) (Free:146.08 GB) NTFS Drive e: (General Data) (Fixed) (Total:1863 GB) (Free:116.66 GB) NTFS \\?\Volume{b980258e-7d1d-4849-9afc-62f134671dbe}\ () (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS \\?\Volume{6f91f53b-c14a-3a64-b8d5-75033d930404}\ () (Fixed) (Total:134.04 GB) (Free:0 GB) NTFS \\?\Volume{9a8732ff-18d5-0322-1c0f-0df7da13f473}\ () (Fixed) (Total:0.38 GB) (Free:0 GB) NTFS \\?\Volume{a0c79aa4-df4d-c91a-9b4d-d792d91b3c8f}\ () (Fixed) (Total:0.12 GB) (Free:0 GB) NTFS \\?\Volume{5b1288a7-6dfa-3ed5-2a67-433444f12d55}\ () (Fixed) (Total:0.23 GB) (Free:0 GB) NTFS \\?\Volume{80d34bf8-f98b-51da-b17a-8eba6eddd503}\ () (Fixed) (Total:0.66 GB) (Free:0 GB) NTFS \\?\Volume{0b93ca05-ce54-9fb7-26ea-9bfb7aa697a4}\ () (Fixed) (Total:3.6 GB) (Free:0 GB) NTFS \\?\Volume{3db56128-1cef-3089-2d29-5603c1d1e215}\ () (Fixed) (Total:3.01 GB) (Free:0 GB) NTFS \\?\Volume{fef99fd2-93ea-80ca-9155-61e105c116a9}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS \\?\Volume{6c13b06c-a0dc-e5f8-ab8a-7be7b50dd034}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS \\?\Volume{39facdf8-c027-8a74-e579-ac7250cc7dc1}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS \\?\Volume{e930a4ec-d1bd-3b79-11a2-3df525ee525a}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS \\?\Volume{a7537661-921f-ed59-a758-f2ff8a6db369}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS \\?\Volume{eaca5632-2c1b-ac1d-f709-31a4953839c1}\ () (Fixed) (Total:3.45 GB) (Free:0 GB) NTFS \\?\Volume{68f7e57c-6419-88e0-5f5a-c90c1a5bf2f9}\ () (Fixed) (Total:0.39 GB) (Free:0 GB) NTFS \\?\Volume{0fa0f211-8bd9-4599-9a11-04caf0476453}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== Attempted reading MBR returned 0 bytes. Could not read MBR for disk 2. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 3. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 4. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 5. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 6. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 7. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 8. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 9. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 10. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 11. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 12. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 13. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 14. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 15. ==================== End of Addition.txt =======================