Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.01.2024 Ran by tehke (17-01-2024 05:16:56) Running from C:\Users\tehke\Desktop Microsoft Windows 11 Home Version 22H2 22621.3007 (X64) (2023-02-24 05:55:06) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3252700674-1244316876-1502611229-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3252700674-1244316876-1502611229-503 - Limited - Disabled) Guest (S-1-5-21-3252700674-1244316876-1502611229-501 - Limited - Disabled) tehke (S-1-5-21-3252700674-1244316876-1502611229-1001 - Administrator - Enabled) => C:\Users\tehke terry (S-1-5-21-3252700674-1244316876-1502611229-1004 - Administrator - Enabled) => C:\Users\terry Terryc (S-1-5-21-3252700674-1244316876-1502611229-1006 - Administrator - Enabled) => C:\Users\Terryc terry_w2lrri1 (S-1-5-21-3252700674-1244316876-1502611229-1005 - Administrator - Enabled) WDAGUtilityAccount (S-1-5-21-3252700674-1244316876-1502611229-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov) Adobe Photoshop (Beta) (HKLM\...\{KCF078A9-BA3F-458D-A4A0-3DBB7B169E6S}) (Version: 25.2.0 m.2357 - Adobe) Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated) AnyTrans (HKLM-x32\...\AnyTrans) (Version: 8.8.4.0 - iMobie Inc.) Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BeamNG.drive v0.23 (HKLM-x32\...\BeamNG.drive_is1) (Version: 0.23 - BeamNG) BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.13.0.1076 - now.gg, Inc.) BlueStacks Services (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\BlueStacksServices) (Version: 3.0.2 - now.gg, Inc.) BlueStacks X (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\BlueStacks X) (Version: 10.3.20.1003 - now.gg, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.) Cheat Engine 7.4 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine) Core Temp 1.18 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.18 - ALCPU) CPUID HWMonitor 1.45 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.45 - CPUID, Inc.) CrystalDiskInfo 9.2.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.2 - Crystal Dew World) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) Discord (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.) ELDEN RING (HKLM-x32\...\ELDEN RING_is1) (Version: - ) Epic Games Launcher (HKLM-x32\...\{FAC47927-1A6A-4C6E-AD7D-E9756794A4BC}) (Version: 1.3.23.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.3 - ) Final Fantasy VII Remake Intergrade (HKLM-x32\...\Final Fantasy VII Remake Intergrade_is1) (Version: - ) GetDataBack Pro version 5.57 (HKLM\...\GetDataBack Pro Install_is1) (Version: 5.57 - Runtime Software, LLC) Ghostwire Tokyo (HKLM-x32\...\Ghostwire Tokyo_is1) (Version: 0.0.0 - DODI-Repacks) Glorious Model O Software (HKLM-x32\...\{0969D386-B5B4-41BD-98E3-4A1A7D32CB97}_is1) (Version: 1.0.9 - Glorious PC Gaming Race LLC.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.217 - Google LLC) GSmartControl (HKLM\...\GSmartControl) (Version: 1.1.4 - Alexander Shaduri) HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HidHide (HKLM\...\{48DD38C8-443E-4474-A249-AB32389E08F6}) (Version: 1.2.128 - Nefarius Software Solutions e.U.) KelVPN 7.6-1 (HKLM\...\KelVPN) (Version: 7.6-1 - KelVPN) K-Lite Mega Codec Pack 17.9.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.9.4 - KLCP) LatencyMon 7.31 (HKLM\...\LatencyMon_is1) (Version: 7.31 - Resplendence Software Projects Sp.) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Legion Arena (HKLM-x32\...\Legion Arena_is1) (Version: 1.3.1.1 - Lenovo Group Ltd.) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.0.49.0 - Lenovo Group Ltd.) Malwarebytes version 4.6.7.301 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.7.301 - Malwarebytes) Microsoft .NET Host - 5.0.16 (x64) (HKLM\...\{DAA471F4-54A9-4820-A1C5-266B5153C144}) (Version: 40.64.31117 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.7 (x64) (HKLM\...\{8F51A211-71F1-4858-8198-8A5A66818D16}) (Version: 48.31.44002 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.16 (x64) (HKLM\...\{29CBA832-8D09-42D0-82F4-3583EE247A5E}) (Version: 40.64.31117 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.7 (x64) (HKLM\...\{E18A98D1-DF73-4E11-AC20-FD0190628270}) (Version: 48.31.44002 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.16 (x64) (HKLM\...\{16E242C4-24A9-4381-8023-0F246750CA47}) (Version: 40.64.31117 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.16 (x64) (HKLM-x32\...\{68696b91-f423-4e8e-a58f-631366d0f77a}) (Version: 5.0.16.31117 - Microsoft Corporation) Microsoft .NET Runtime - 6.0.7 (x64) (HKLM\...\{882F32A5-8330-4366-844A-2F3B73C3F021}) (Version: 48.31.44002 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.133 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.133 - Microsoft Corporation) Microsoft Flight Simulator (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Microsoft Flight Simulator) (Version: - HOODLUM) Microsoft Office LTSC Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Volume - en-us) (Version: 16.0.14332.20624 - Microsoft Corporation) Microsoft Office Office 32-bit Components 2010 (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (HKLM\...\{90140000-002C-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (English) 2010 (HKLM\...\{90140000-0043-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0115-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Word 2010 (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (HKLM\...\{90140000-001B-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM\...\{90B8150E-08C5-4225-9F94-9BBB39D82601}) (Version: 40.64.31121 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM-x32\...\{c34fb08d-bd27-4d0b-a7bc-f7d5359f9518}) (Version: 5.0.16.31121 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.7 (x64) (HKLM\...\{30702F00-F514-4094-BA4A-A05B42FD1CAC}) (Version: 48.31.44003 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.7 (x64) (HKLM-x32\...\{a7dab025-ec7a-4e8a-add3-6d872f1d8aca}) (Version: 6.0.7.31422 - Microsoft Corporation) Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation) NBA 2K19 (HKLM-x32\...\NBA 2K19_is1) (Version: - ) NBA 2K22 (HKLM-x32\...\NBA 2K22_is1) (Version: - ) Neural Filters (HKLM\...\{70F9BD38-D373-4CC8-BF4A-414DE0D0C42F}) (Version: 1.15.0.100 - Adobe) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation) NVIDIA Graphics Driver 546.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.33 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation) NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20624 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20624 - Microsoft Corporation) Hidden Opera GX Stable 105.0.4970.76 (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Opera GX 105.0.4970.76) (Version: 105.0.4970.76 - Opera Software) Peace (HKLM\...\Peace) (Version: 1.6.6.0 - P.E. Verbeek) qBittorrent 4.4.2 (HKLM-x32\...\qBittorrent) (Version: 4.4.2 - The qBittorrent project) Raise Data Recovery (HKLM\...\rdr) (Version: 9.14 - LLC SysDev Laboratories) Razer Axon (HKLM\...\Razer Axon_is1) (Version: 1.2.2.0 - Razer Inc.) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 10.10.4.0 - Razer Inc.) Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.9.0109.011015 - Razer Inc.) Razer Virtual Ring Light (HKLM-x32\...\Razer Virtual Ring Light) (Version: 2.0.0.23 - Razer Inc.) Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.) Session 1.11.0 (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\f1339da8-b3f2-5116-b780-aafa611bc7f7) (Version: 1.11.0 - Oxen Labs) ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.7.0 - ShareX Team) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) StepMania 5 (HKLM-x32\...\StepMania 5) (Version: 5.0.12 - StepMania) Streamer Companion App (HKLM-x32\...\Streamer Companion App) (Version: 2.0.1.3 - Razer Inc.) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation) Telegram Desktop (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.14.6 - Telegram FZ-LLC) THX Spatial Audio (HKLM-x32\...\THX Spatial Audio) (Version: 2.0.1.12 - Razer Inc.) Tobii Experience Software For Windows (LenovoY760) (HKLM\...\{7F9E80DA-CBD7-49F5-A756-294D0FA745F4}) (Version: 4.110.0.13215 - Tobii AB) VALORANT (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc) ViGEm Bus Driver (HKLM\...\{9C581C76-2D68-40F8-AA6F-94D3C5215C05}) (Version: 1.21.442 - Nefarius Software Solutions e.U.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN) VPN Unlimited 9.0.0 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 9.0.0 - KeepSolid Inc.) Wale (HKLM\...\{2C88370E-794C-482F-B9D5-CB770E48ACF6}) (Version: 0.7.5.0 - Jongtae Park (catright)) WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.859 - McAfee, LLC) WeChat (HKLM-x32\...\WeChat) (Version: 3.9.6.33 - 腾讯科技(深圳)有限公司) WickrMe (HKLM\...\{B49C1616-0DE8-4178-92C3-BD45602C2B8D}) (Version: 5.102.9 - Wickr Inc.) Windows Driver Package - Razer Inc. (WinUSB) USB (05/04/2016 6.2.9200.16385) (HKLM\...\874D6B1A2BD2AE8FF3594AB704F2A4A3F8342FB5) (Version: 05/04/2016 6.2.9200.16385 - Razer Inc.) WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) X-Rite Color Assistant 2.12.0.0 (HKLM-x32\...\{6DCFB107-4604-4AA8-BEA6-CC80BCF0B3E4}_is1) (Version: 2.12.0.0 - X-Rite, Inc) Packages: ========= Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.900.374.0_x64__8wekyb3d8bbwe [2024-01-14] (Microsoft Corporation) Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2023.11.13.0_neutral__6rarf9sa4v8jt [2024-01-16] (Disney) Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_2.20301.388.0_x64__rz1tebttyb220 [2023-11-13] (Dolby Laboratories) Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2312.17.0_x64__k1h2ywk1493x8 [2023-12-22] (LENOVO INC.) Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-15] (Microsoft Corp.) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21027.539.0_x64__8wekyb3d8bbwe [2023-10-31] (Microsoft Corporation) Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-23] (Microsoft Corporation) Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-17] (Microsoft Corporation) Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-01-14] (Microsoft Corporation) Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.22.0_x64__w2gh52qy24etm [2023-10-20] (A-Volute) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2024-01-16] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.40.286.0_x64__dt26b99r8h8gj [2023-06-23] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2024-01-17] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0 [2023-12-10] (Spotify AB) [Startup Task] Tobii Experience -> C:\Program Files\WindowsApps\TobiiAB.TobiiEyeTrackingPortal_1.53.13804.0_x64__j9ea20k37yd2w [2024-01-17] (Tobii AB) [Startup Task] TradingView -> C:\Program Files\WindowsApps\TradingView.Desktop_2.3.3.4215_x64__n534cwy3pjxzj [2023-05-04] (TradingView, Inc.) [Startup Task] WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.3.0_x64__cv1g1gvanyjgm [2024-01-17] (WhatsApp Inc.) [Startup Task] Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-01-14] (Microsoft Corporation) WinRAR -> D:\Program Files\WinRAR [2023-02-24] (win.rar GmbH) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\tehke\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23061.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\tehke\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Downloads\MB\mbshlext.dll [2023-03-01] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-10] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvltig.inf_amd64_9a2c79b60d6607c6\nvshext.dll [2023-12-07] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Downloads\MB\mbshlext.dll [2023-03-01] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\system32\huffyuv.dll [55296 2005-01-21] () [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\SysWOW64\huffyuv.dll [39936 2004-05-18] (Disappearing Inc.) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-25] (hxxp://www.mp3dev.org/) [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\tehke\Desktop\rtc7788 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ==================== Loaded Modules (Whitelisted) ============= 2023-03-01 22:55 - 2023-02-27 12:39 - 001393152 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.Runtime.dll 2024-01-16 22:16 - 2024-01-16 22:16 - 002319872 _____ () [File not signed] \\?\C:\Users\tehke\AppData\Local\Temp\c87c06eb-1365-4f17-94c6-80a8ef091caa.tmp.node 2022-05-22 10:57 - 2022-05-22 10:57 - 000613376 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll 2016-07-30 13:42 - 2016-07-30 13:42 - 002772692 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll 2017-04-02 09:01 - 2017-04-02 09:01 - 001748992 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll 2023-09-05 03:14 - 2023-10-18 22:28 - 002862080 _____ () [File not signed] C:\Users\tehke\AppData\Local\Programs\bluestacks-services\ffmpeg.dll 2023-09-05 03:14 - 2023-10-18 22:28 - 000479232 _____ () [File not signed] C:\Users\tehke\AppData\Local\Programs\bluestacks-services\libegl.dll 2023-09-05 03:14 - 2023-10-18 22:28 - 007513600 _____ () [File not signed] C:\Users\tehke\AppData\Local\Programs\bluestacks-services\libglesv2.dll 2023-09-05 03:14 - 2023-10-18 22:28 - 005209088 _____ () [File not signed] C:\Users\tehke\AppData\Local\Programs\bluestacks-services\vk_swiftshader.dll 2023-09-05 03:14 - 2023-10-18 22:28 - 000920576 _____ () [File not signed] C:\Users\tehke\AppData\Local\Programs\bluestacks-services\vulkan-1.dll 2023-10-05 02:37 - 2022-08-07 21:02 - 000019968 _____ () [File not signed] G:\DS4Windows\SharpOSC.dll 2023-10-05 02:37 - 2022-01-17 02:30 - 000090624 _____ (Bernhard Millauer,Uwe Mayer, Konrad Mattheis) [File not signed] G:\DS4Windows\WPFLocalizeExtension.dll 2023-10-05 02:37 - 2022-11-05 10:44 - 000125952 _____ (Bevan Arps(original); whistyun) [File not signed] G:\DS4Windows\MdXaml.dll 2023-10-05 02:37 - 2020-01-28 22:08 - 000013824 _____ (bloomtom) [File not signed] G:\DS4Windows\HttpProgress.dll 2023-10-05 02:37 - 2022-04-05 06:57 - 001199104 _____ (DotNetProjects) [File not signed] G:\DS4Windows\DotNetProjects.Wpf.Extended.Toolkit.dll 2023-10-05 02:37 - 2022-02-10 18:07 - 000336896 _____ (GitHub Community) [File not signed] G:\DS4Windows\Microsoft.Win32.TaskScheduler.dll 2023-10-05 02:37 - 2022-11-08 11:46 - 000339456 _____ (havendv -> Lakritzator and Philipp Sumi) [File not signed] G:\DS4Windows\H.NotifyIcon.dll 2023-10-05 02:37 - 2022-11-08 11:47 - 000109568 _____ (havendv -> Lakritzator and Philipp Sumi) [File not signed] G:\DS4Windows\H.NotifyIcon.Wpf.dll 2023-10-05 02:37 - 2022-09-08 01:16 - 000017920 _____ (Michael Denny, Contributors (see GitHub repo)) [File not signed] G:\DS4Windows\WpfScreenHelper.dll 2023-02-23 22:16 - 2023-02-23 22:16 - 000174592 _____ (Nefarius Software Solutions e.U.) [File not signed] C:\Users\tehke\AppData\Local\Temp\Costura\B4046D3CFAA9590D376E0436D537BF26\64\vigemclient.dll 2023-10-05 02:37 - 2023-09-23 13:46 - 000212992 _____ (Nefarius Software Solutions e.U.) [File not signed] G:\DS4Windows\Nefarius.ViGEm.Client.dll 2023-10-05 02:37 - 2022-12-29 18:01 - 000837120 _____ (NLog) [File not signed] G:\DS4Windows\NLog.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 004087808 _____ (Ryochan7) [File not signed] G:\DS4Windows\DS4Windows.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000011776 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\ar\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000011776 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\cs\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000019968 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\de\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000035328 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\el\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000010752 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\es\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000022528 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\fi\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000024576 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\fr\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000011264 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\he\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000010752 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\hu-HU\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000021504 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\it\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000019968 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\ja\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000010752 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\nl\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000010752 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\pl\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000011264 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\pt\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000010752 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\pt-BR\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000791040 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\ru\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000016896 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\se\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000011264 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\uk-UA\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000023552 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\vi\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000020480 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\zh-Hans\DS4Windows.resources.dll 2023-10-05 02:37 - 2023-09-30 14:00 - 000016896 _____ (Ryochan7) [File not signed] G:\DS4Windows\Lang\zh-Hant\DS4Windows.resources.dll 2022-04-07 22:35 - 2021-07-22 12:11 - 000076288 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] D:\Program Files (x86)\VPN Unlimited\cares.dll 2022-04-07 22:35 - 2023-07-04 08:25 - 000498688 _____ (The curl library, hxxps://curl.se/) [File not signed] D:\Program Files (x86)\VPN Unlimited\libcurl.dll 2023-10-18 18:20 - 2023-07-19 08:19 - 005149696 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] D:\Program Files (x86)\VPN Unlimited\libcrypto-3-x64.dll 2023-10-18 18:20 - 2023-07-19 08:19 - 000777728 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] D:\Program Files (x86)\VPN Unlimited\libssl-3-x64.dll 2022-04-07 22:35 - 2023-08-12 20:35 - 006066176 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files (x86)\VPN Unlimited\Qt5Core.dll 2023-10-05 02:37 - 2022-01-17 02:12 - 000036864 _____ (Uwe Mayer,Konrad Mattheis,Bernhard Millauer) [File not signed] G:\DS4Windows\XAMLMarkupExtensions.dll 2023-10-05 02:37 - 2022-11-05 10:44 - 000008704 _____ (whistyun) [File not signed] G:\DS4Windows\MdXaml.Plugins.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3306] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3306] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-19] (McAfee, LLC -> McAfee, LLC) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-19] (McAfee, LLC -> McAfee, LLC) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed] Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-06] (Lenovo -> Microsoft Corporation) Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-06] (Lenovo -> Microsoft Corporation) Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-06] (Lenovo -> Microsoft Corporation) ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\;C:\Users\terry\AppData\Local\Microsoft\WindowsApps;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tehke\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\1070956.jpg HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\terry\Downloads\th.jfif HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "CORSAIR iCUE 4 Software" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "Riot Vanguard" HKLM\...\StartupApproved\Run: => "RZTHXHelper" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKLM\...\StartupApproved\Run32: => "AirBackupHelper" HKLM\...\StartupApproved\Run32: => "RazerCortex" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_5336C2924B55FD107B3D46AF0B1AC178" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "Synapse3" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "CCXProcess" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "LenovoVantageToolbar" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "Opera GX Stable" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "AirBackupHelper" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "AnyTransToolHelper" HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "AirBackupHelper" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "AnyTransToolHelper" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "LenovoVantageToolbar" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "RzAppEngine" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "Synapse3" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "RazerAxon" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{02BF276A-A2B4-472A-A1B9-045136E3548D}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.) FirewallRules: [TCP Query User{3279C445-3008-4325-8EB4-1790CD109A12}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.) FirewallRules: [{1FFE03ED-1DA7-4538-826D-A46A56FA0480}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{813A5889-4353-4820-B4A0-DC91B3C01A5A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{201609B0-1BDD-4744-9FB0-53FC62154D95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DBF99A41-C40A-4297-BE29-AC005E20D0A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [UDP Query User{3461D076-3186-40A0-919C-159EA3A77B5D}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.) FirewallRules: [TCP Query User{7B7D956B-DAB0-4DB5-B406-962CACACC163}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.) FirewallRules: [{8ADE8427-B91F-4415-B1AF-910FE044734F}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{796EE9EB-2F72-481A-82CA-B1C330F5B8CF}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [UDP Query User{DF07C02D-411D-46F6-A64F-20000D982D6D}D:\program files\videolan\vlc\vlc.exe] => (Allow) D:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{E2EEC09E-4D60-4FC1-83A6-9835633838D5}D:\program files\videolan\vlc\vlc.exe] => (Allow) D:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{4C548F2E-FD68-4203-8FC6-293A763F8752}D:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) D:\program files\epic games\fallguys\fallguys_client_game.exe () [File not signed] FirewallRules: [TCP Query User{A9EDF648-C636-4527-ACB6-73B312DC5235}D:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) D:\program files\epic games\fallguys\fallguys_client_game.exe () [File not signed] FirewallRules: [UDP Query User{3370FAAD-4BE6-43F6-829B-0319816A03C2}C:\users\tehke\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\tehke\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [TCP Query User{8C6C4E34-C687-4748-9AB7-A326FBACB2C3}C:\users\tehke\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\tehke\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [{CEF0907C-E653-45FF-9A7C-F89E8E7EACDF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{624CF589-180A-43C9-B739-EB0C0B9662D2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1F2EC377-D610-423C-8A3B-973BC2D4E4E8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FA6F9461-B445-4597-A0E6-0F4DD671E277}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{416BE1BC-DE4C-4986-ADEB-8C1D74E9E006}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{236B3DCD-C294-4D82-9BCD-77F2CA833AE0}] => (Allow) D:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe (2K Sports) [File not signed] FirewallRules: [{F5E41059-B84D-4F44-A9BF-68E829B4AB31}] => (Allow) D:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe (2K Sports) [File not signed] FirewallRules: [{053F9DDC-B876-47C8-9140-8B44270FD3AB}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [{EF09ABE3-EF47-483C-AADF-95CC8F2A5C1F}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [{C67C87BF-74BC-47ED-A5CE-84C1702A5D6B}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{FF6BC194-8D39-4399-B239-2F8900AC24BC}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{97C13D7B-B8BB-4284-9E33-B31644C942D3}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{42EB94E4-B8BD-487D-A206-EB0E8FCC74E6}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{D2F034E9-518F-4399-BA0B-DBFAB97D6BFA}] => (Allow) C:\Program Files\Razer\RzAppEngine\rzappengine.exe (Razer USA Ltd. -> Razer Inc.) FirewallRules: [TCP Query User{3EF70458-7853-4778-957B-971A239CD69E}D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.) FirewallRules: [UDP Query User{C57AF867-3C79-4791-9486-B0E91AF495C5}D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.) FirewallRules: [{60EECC99-BD04-47C2-8B6C-B68B34A4EA9C}] => (Allow) C:\Program Files\Tencent\WeChat\WeChat.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{5F74870A-5761-4B7A-97BD-071DD0D291AA}] => (Allow) D:\BlueStacks\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.) FirewallRules: [{1ADF556A-F147-4C41-9C48-81D9AC960A87}] => (Allow) D:\BlueStacks\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME) FirewallRules: [{6F873598-011D-40FD-96B1-6DADE091832F}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems) FirewallRules: [{C613D8F6-32F2-4704-9FCC-5FF5BF80B89F}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.) FirewallRules: [{8BA872A2-8F7B-41AF-82A4-2D058556192D}] => (Allow) D:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe (Keepsolid Inc. -> KeepSolid Inc.) FirewallRules: [{E804A512-E56C-458A-A05E-7C35064EA3BA}] => (Allow) D:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe (Keepsolid Inc. -> KeepSolid Inc.) FirewallRules: [{1755FE4F-17AE-40DE-8382-0BAD76924D25}] => (Allow) D:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed] FirewallRules: [{153ADD9C-373E-40B1-A396-C77FE67F9F70}] => (Allow) D:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed] FirewallRules: [TCP Query User{272ECFCC-1162-4CE2-8D23-C9E2959516F8}D:\games\stepmania 5\program\stepmania.exe] => (Allow) D:\games\stepmania 5\program\stepmania.exe (StepMania Team hxxp://www.stepmania.com/) [File not signed] FirewallRules: [UDP Query User{6411800B-B934-45EA-9AEE-C0C68596FC2C}D:\games\stepmania 5\program\stepmania.exe] => (Allow) D:\games\stepmania 5\program\stepmania.exe (StepMania Team hxxp://www.stepmania.com/) [File not signed] FirewallRules: [{456558FA-2316-4DFD-8395-58AC65B6CD0D}] => (Allow) G:\Games\Steam\steamapps\common\Undisputed\Undisputed.exe () [File not signed] FirewallRules: [{B640A35D-83A9-493E-A12A-AA660ADF280D}] => (Allow) G:\Games\Steam\steamapps\common\Undisputed\Undisputed.exe () [File not signed] FirewallRules: [TCP Query User{A855FABB-F41E-47EF-9A9E-2C547C249745}G:\games\nba 2k22\nba2k22.exe] => (Block) G:\games\nba 2k22\nba2k22.exe () [File not signed] FirewallRules: [UDP Query User{BA565023-7C4D-4A60-8418-F3BFDB4700D4}G:\games\nba 2k22\nba2k22.exe] => (Block) G:\games\nba 2k22\nba2k22.exe () [File not signed] FirewallRules: [{EAE55344-66CF-4B05-BE77-6973BDE47248}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{F2AA54A7-ACC2-424E-B0A9-E722FDE7E7B3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{0391B5E1-073F-468C-9DF3-26810A25804D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{EE7D6EFE-EE8B-46FE-BD06-98ED69B5A468}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{BD6009CC-B628-40E8-B06D-963D2990B297}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{2D081143-DE50-406C-BA4F-4191B8514BF1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{A62F37B7-F138-47A0-8D9A-8E786C802184}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{430D341C-F5D6-4D25-B53D-3DA65F792E14}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{EB8CEFE6-8A1C-4366-AA4E-188CDE67866A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{EBB90BC7-2DDF-44E2-88A9-BC0E48815CDB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{7963ADA5-739B-4EB3-A3F7-2157C1DF8F73}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23335.205.2559.726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2E6C50F5-D048-421F-9997-AE751DE6380D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23335.205.2559.726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B986D46F-E1D6-42E0-9568-D9052B2D50CA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{9B63D647-F8F7-40E0-8826-446F43B7D25B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.133\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FBEFFDEC-2786-40C1-8CB7-6109ADD5714C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{9DB1D90A-FFD1-408A-B366-3BCE55B9C020}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{326A7AAC-268F-4D92-B723-8A90EA7453B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2EA9571F-45C4-4624-9B74-5B7486780D98}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A4B66A9F-EA63-433D-81B4-950B4242860D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B5B96116-0A05-46C7-9517-F9B0E9ECBFB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) ==================== Restore Points ========================= 17-01-2024 00:02:51 Windows Update ==================== Faulty Device Manager Devices ============ Name: DAEMON Tools Lite Virtual SCSI Bus Description: DAEMON Tools Lite Virtual SCSI Bus Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318} Manufacturer: Disc Soft Ltd Service: dtlitescsibus Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ======================== Application errors: ================== Error: (01/17/2024 12:46:23 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY) Description: Faulting application name: DiscSoftBusService.exe, version: 0.0.0.0, time stamp: 0x5582c02a Faulting module name: ntdll.dll, version: 10.0.22621.2506, time stamp: 0xbced4b82 Exception code: 0xc0000005 Fault offset: 0x000000000001e209 Faulting process id: 0x0x4b50 Faulting application start time: 0x0x1da490cc8007fbd Faulting application path: G:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 3f321da4-c28d-4ecd-9a6f-bd864088a4b5 Faulting package full name: Faulting package-relative application ID: Error: (01/16/2024 10:51:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 23 6.4.5.7.5.8.4.E.4.5.E.9.1.5.F.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR LAPTOP-D982FIHM.local. Error: (01/16/2024 10:51:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.229:5353 25 6.4.5.7.5.8.4.E.4.5.E.9.1.5.F.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR LAPTOP-D982FIHM-2.local. Error: (01/16/2024 10:51:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 23 F.1.C.8.F.B.B.5.1.0.A.2.2.B.8.C.6.7.E.7.D.5.1.D.0.0.D.3.4.0.6.2.ip6.arpa. PTR LAPTOP-D982FIHM.local. Error: (01/16/2024 10:51:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.229:5353 25 F.1.C.8.F.B.B.5.1.0.A.2.2.B.8.C.6.7.E.7.D.5.1.D.0.0.D.3.4.0.6.2.ip6.arpa. PTR LAPTOP-D982FIHM-2.local. Error: (01/16/2024 10:51:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 23 B.F.0.6.9.8.8.1.D.9.8.A.E.0.B.E.6.7.E.7.D.5.1.D.0.0.D.3.4.0.6.2.ip6.arpa. PTR LAPTOP-D982FIHM.local. Error: (01/16/2024 10:51:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.229:5353 25 B.F.0.6.9.8.8.1.D.9.8.A.E.0.B.E.6.7.E.7.D.5.1.D.0.0.D.3.4.0.6.2.ip6.arpa. PTR LAPTOP-D982FIHM-2.local. Error: (01/16/2024 10:51:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 23 229.0.168.192.in-addr.arpa. PTR LAPTOP-D982FIHM.local. System errors: ============= Error: (01/17/2024 01:01:15 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume G:. The exact nature of the corruption is unknown. The file system structures need to be scanned online. Error: (01/17/2024 12:46:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Disc Soft Lite Bus Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/16/2024 11:45:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (01/16/2024 10:55:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (01/16/2024 10:55:23 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\tehke\AppData\Local\Temp\ehdrv.sys Error: (01/16/2024 10:55:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (01/16/2024 10:55:22 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\tehke\AppData\Local\Temp\ehdrv.sys Error: (01/16/2024 10:55:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Windows Defender: ================ Date: 2024-01-17 00:05:56 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!pz&threatid=2147890609&enterprise=0 Name: HackTool:Win32/AutoKMS!pz Severity: High Category: Tool Path: file:_D:\torrents\Microsoft Office 2021 Pro Plus (365 ) + Patch\Microsoft Office 2021 Pro Plus [16.0.14332.20110] [x64].exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\tehke\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Security intelligence Version: AV: 1.403.2262.0, AS: 1.403.2262.0, NIS: 1.403.2262.0 Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2 Date: 2024-01-16 23:57:30 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:AndroidOS/Multiverze&threatid=303288&enterprise=0 Name: Program:AndroidOS/Multiverze Severity: High Category: Settings Modifier Path: file:_D:\$RECYCLE.BIN\S-1-5-21-3252700674-1244316876-1502611229-1001\$RQXDU2V.zip Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\tehke\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Security intelligence Version: AV: 1.403.2262.0, AS: 1.403.2262.0, NIS: 1.403.2262.0 Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2 Date: 2024-01-16 23:26:19 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:O97M/Phish.RA!MTB&threatid=2147768333&enterprise=0 Name: Trojan:O97M/Phish.RA!MTB Severity: Severe Category: Trojan Path: file:_C:\Users\tehke\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\3\Attachments\Doc-ID#796924[810].docx Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\tehke\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Security intelligence Version: AV: 1.403.2262.0, AS: 1.403.2262.0, NIS: 1.403.2262.0 Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2 Date: 2024-01-16 23:25:52 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0 Name: Trojan:Win32/Vigorf.A Severity: Severe Category: Trojan Path: file:_C:\Users\tehke\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\17\Attachments\ticket-66160[1459].pdf Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\tehke\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Security intelligence Version: AV: 1.403.2262.0, AS: 1.403.2262.0, NIS: 1.403.2262.0 Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2  CodeIntegrity: =============== Date: 2024-01-16 22:55:23 Description: Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Users\tehke\AppData\Local\Temp\ehdrv.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x1. Status 0xC00000BB. ==================== Memory info =========================== BIOS: LENOVO GKCN60WW 03/07/2023 Motherboard: LENOVO LNVNB161216 Processor: AMD Ryzen 9 5900HX with Radeon Graphics Percentage of memory in use: 50% Total physical RAM: 32620.06 MB Available physical RAM: 16223.63 MB Total Virtual: 62316.06 MB Available Virtual: 37846.62 MB ==================== Drives ================================ Drive c: (Windows-SSD) (Fixed) (Total:952.62 GB) (Free:692.46 GB) (Model: SKHynix_HFS001TDE9X084N) NTFS Drive d: (Data) (Fixed) (Total:953.85 GB) (Free:695.84 GB) (Model: SKHynix_HFS001TDE9X084N) NTFS Drive g: (One Touch) (Fixed) (Total:4657.33 GB) (Free:2923.43 GB) (Model: Seagate One Touch HDD SCSI Disk Device) NTFS \\?\Volume{0af6318f-5335-4cce-bcf1-c37154c74faa}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.23 GB) NTFS \\?\Volume{fe006d31-1f1e-4cea-b168-9297dd4deeac}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 \\?\Volume{3aee5421-0265-4415-be95-b778f81f5be9}\ (EFI) (Fixed) (Total:0.19 GB) (Free:0.19 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 953.9 GB) (Disk ID: 43FF248E) Partition: GPT. ========================================================== Disk: 1 (Size: 953.9 GB) (Disk ID: 1B25E18B) Partition: GPT. ========================================================== Disk: 2 (Size: 4657.5 GB) (Disk ID: A9F36CD3) Partition: GPT. ==================== End of Addition.txt =======================